commit deece9d422dd0650c43be67daadf532dd3ae3dd5
author Dimitry Ivanov <dimitry@google.com> Wed Sep 12 17:49:36 2018 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Sep 12 17:49:36 2018 +0000
tree 8cc60a310225069b30e153901cb391c8bcb67e08
parent 529e7d3e29805a5ea70d506c95d431c8fa6a0034
parent fdbbc3e217018728f4683968be6f410c310e005a

Merge "Add error_msg argument to CloseNativeLibrary"

init/Android.bp

diff --git a/init/Android.bp b/init/Android.bp
index a2c49d0..c793971 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -68,6 +68,7 @@
     ],
     shared_libs: [
         "libbase",
+        "libbinder",
         "libbootloader_message",
         "libcutils",
         "libdl",
@@ -78,6 +79,7 @@
         "liblog",
         "liblogwrap",
         "libselinux",
+        "libutils",
     ],
 }
 
@@ -127,6 +129,13 @@
         type: "lite",
         export_proto_headers: true,
     },
+
+    target: {
+        recovery: {
+            cflags: ["-DRECOVERY"],
+            exclude_shared_libs: ["libbinder", "libutils"],
+        },
+    },
 }
 
 cc_binary {
@@ -143,6 +152,12 @@
     ],
     srcs: ["main.cpp"],
     symlinks: ["ueventd"],
+    target: {
+        recovery: {
+            cflags: ["-DRECOVERY"],
+            exclude_shared_libs: ["libbinder", "libutils"],
+        },
+    },
 }
 
 // Tests

init/init.cpp

diff --git a/init/init.cpp b/init/init.cpp
index 16564f4..3ab0a52 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -41,6 +41,10 @@
 #include <keyutils.h>
 #include <libavb/libavb.h>
 
+#ifndef RECOVERY
+#include <binder/ProcessState.h>
+#endif
+
 #include "action_parser.h"
 #include "epoll.h"
 #include "first_stage_mount.h"
@@ -413,6 +417,22 @@
     return Success();
 }
 
+static Result<Success> InitBinder(const BuiltinArguments& args) {
+    // init's use of binder is very limited. init cannot:
+    //   - have any binder threads
+    //   - receive incoming binder calls
+    //   - pass local binder services to remote processes
+    //   - use death recipients
+    // The main supported usecases are:
+    //   - notifying other daemons (oneway calls only)
+    //   - retrieving data that is necessary to boot
+    // Also, binder can't be used by recovery.
+#ifndef RECOVERY
+    android::ProcessState::self()->setThreadPoolMaxThreadCount(0);
+#endif
+    return Success();
+}
+
 // Set the UDC controller for the ConfigFS USB Gadgets.
 // Read the UDC controller in use from "/sys/class/udc".
 // In case of multiple UDC controllers select the first one.
@@ -673,6 +693,9 @@
     // wasn't ready immediately after wait_for_coldboot_done
     am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");
 
+    // Initialize binder before bringing up other system services
+    am.QueueBuiltinAction(InitBinder, "InitBinder");
+
     // Don't mount filesystems or start core system services in charger mode.
     std::string bootmode = GetProperty("ro.bootmode", "");
     if (bootmode == "charger") {

trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h

diff --git a/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h b/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
index 5a80795..a483c0d 100644
--- a/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
+++ b/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
@@ -80,6 +80,8 @@
                              const keymaster_blob_t* input, const keymaster_blob_t* signature,
                              keymaster_key_param_set_t* out_params, keymaster_blob_t* output);
     keymaster_error_t abort(keymaster_operation_handle_t operation_handle);
+    keymaster_error_t delete_key(const keymaster_key_blob_t* key);
+    keymaster_error_t delete_all_keys();
 
   private:
     keymaster_error_t Send(uint32_t command, const Serializable& request,

trusty/keymaster/legacy/trusty_keymaster_device.cpp

diff --git a/trusty/keymaster/legacy/trusty_keymaster_device.cpp b/trusty/keymaster/legacy/trusty_keymaster_device.cpp
index afdf43b..88c3e7b 100644
--- a/trusty/keymaster/legacy/trusty_keymaster_device.cpp
+++ b/trusty/keymaster/legacy/trusty_keymaster_device.cpp
@@ -70,8 +70,8 @@
     device_.export_key = export_key;
     device_.attest_key = attest_key;
     device_.upgrade_key = upgrade_key;
-    device_.delete_key = nullptr;
-    device_.delete_all_keys = nullptr;
+    device_.delete_key = delete_key;
+    device_.delete_all_keys = delete_all_keys;
     device_.begin = begin;
     device_.update = update;
     device_.finish = finish;
@@ -606,6 +606,34 @@
     return trusty_keymaster_send(KM_ABORT_OPERATION, request, &response);
 }
 
+keymaster_error_t TrustyKeymasterDevice::delete_key(const keymaster_key_blob_t* key) {
+    ALOGD("Device received delete_key");
+
+    if (error_ != KM_ERROR_OK) {
+        return error_;
+    }
+
+    if (!key || !key->key_material)
+        return KM_ERROR_UNEXPECTED_NULL_POINTER;
+
+    DeleteKeyRequest request(message_version_);
+    request.SetKeyMaterial(*key);
+    DeleteKeyResponse response(message_version_);
+    return trusty_keymaster_send(KM_DELETE_KEY, request, &response);
+}
+
+keymaster_error_t TrustyKeymasterDevice::delete_all_keys() {
+    ALOGD("Device received delete_all_key");
+
+    if (error_ != KM_ERROR_OK) {
+        return error_;
+    }
+
+    DeleteAllKeysRequest request(message_version_);
+    DeleteAllKeysResponse response(message_version_);
+    return trusty_keymaster_send(KM_DELETE_ALL_KEYS, request, &response);
+}
+
 hw_device_t* TrustyKeymasterDevice::hw_device() {
     return &device_.common;
 }
@@ -719,4 +747,15 @@
     return convert_device(dev)->abort(operation_handle);
 }
 
+/* static */
+keymaster_error_t TrustyKeymasterDevice::delete_key(const keymaster2_device_t* dev,
+                                               const keymaster_key_blob_t* key) {
+   return convert_device(dev)->delete_key(key);
+}
+
+/* static */
+keymaster_error_t TrustyKeymasterDevice::delete_all_keys(const keymaster2_device_t* dev) {
+   return convert_device(dev)->delete_all_keys();
+}
+
 }  // namespace keymaster