diff options
author | Xin Li <delphij@google.com> | 2017-11-14 12:12:57 -0800 |
---|---|---|
committer | Xin Li <delphij@google.com> | 2017-11-14 13:19:45 -0800 |
commit | 23e27db576d06761363365494327baf062468a66 (patch) | |
tree | cc76a40025c2189fc70dd6edd4a0eba251fd7b44 /trusty | |
parent | ea41bcf7a3a9095feb39cc6bd37d865c2eec3c36 (diff) | |
parent | a63ccea6abc7ea02e2d98e41c80793ca97237bd3 (diff) | |
download | system_core-23e27db576d06761363365494327baf062468a66.tar.gz system_core-23e27db576d06761363365494327baf062468a66.tar.bz2 system_core-23e27db576d06761363365494327baf062468a66.zip |
Merge commit 'a63ccea6abc7ea02e2d98e41c80793ca97237bd3' from
oc-mr1-dev-plus-aosp into stage-aosp-master
Change-Id: Ia33311cd1fd26dfaea59a69317b306fb91203c40
Merged-In: I03d06b10807e8a313c9654c2e1db36bfb59e3f99
Diffstat (limited to 'trusty')
-rw-r--r-- | trusty/Android.bp | 1 | ||||
-rw-r--r-- | trusty/gatekeeper/Android.bp | 2 | ||||
-rw-r--r-- | trusty/keymaster/Android.bp | 3 | ||||
-rw-r--r-- | trusty/libtrusty/Android.bp | 1 | ||||
-rw-r--r-- | trusty/libtrusty/tipc-test/Android.bp | 6 | ||||
-rw-r--r-- | trusty/nvram/Android.bp | 61 | ||||
-rw-r--r-- | trusty/nvram/module.c | 39 | ||||
-rw-r--r-- | trusty/nvram/nvram_wipe.cpp | 66 | ||||
-rw-r--r-- | trusty/nvram/trusty_nvram_device.cpp | 34 | ||||
-rw-r--r-- | trusty/nvram/trusty_nvram_implementation.cpp | 113 | ||||
-rw-r--r-- | trusty/nvram/trusty_nvram_implementation.h | 59 | ||||
-rw-r--r-- | trusty/storage/interface/Android.bp | 1 | ||||
-rw-r--r-- | trusty/storage/lib/Android.bp | 5 | ||||
-rw-r--r-- | trusty/storage/proxy/Android.bp | 2 | ||||
-rw-r--r-- | trusty/storage/proxy/proxy.c | 2 | ||||
-rw-r--r-- | trusty/storage/tests/Android.bp | 3 |
16 files changed, 21 insertions, 377 deletions
diff --git a/trusty/Android.bp b/trusty/Android.bp index 386fbe623..2fb2e194b 100644 --- a/trusty/Android.bp +++ b/trusty/Android.bp @@ -2,6 +2,5 @@ subdirs = [ "gatekeeper", "keymaster", "libtrusty", - "nvram", "storage/*", ] diff --git a/trusty/gatekeeper/Android.bp b/trusty/gatekeeper/Android.bp index a9566a17e..65b271a79 100644 --- a/trusty/gatekeeper/Android.bp +++ b/trusty/gatekeeper/Android.bp @@ -22,6 +22,7 @@ cc_library_shared { name: "gatekeeper.trusty", + vendor: true, relative_install_path: "hw", @@ -43,4 +44,5 @@ cc_library_shared { "libcutils", "libtrusty", ], + header_libs: ["libhardware_headers"], } diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp index 773568499..322a63d28 100644 --- a/trusty/keymaster/Android.bp +++ b/trusty/keymaster/Android.bp @@ -25,6 +25,7 @@ // and ECDSA keys. cc_binary { name: "trusty_keymaster_tipc", + vendor: true, srcs: [ "trusty_keymaster_device.cpp", "trusty_keymaster_ipc.cpp", @@ -46,6 +47,7 @@ cc_binary { // keystore.trusty is the HAL used by keystore on Trusty devices. cc_library_shared { name: "keystore.trusty", + vendor: true, relative_install_path: "hw", srcs: [ "module.cpp", @@ -66,4 +68,5 @@ cc_library_shared { "liblog", "libcutils", ], + header_libs: ["libhardware_headers"], } diff --git a/trusty/libtrusty/Android.bp b/trusty/libtrusty/Android.bp index 1a8db2f90..c48deed1c 100644 --- a/trusty/libtrusty/Android.bp +++ b/trusty/libtrusty/Android.bp @@ -18,6 +18,7 @@ subdirs = [ cc_library { name: "libtrusty", + vendor: true, srcs: ["trusty.c"], export_include_dirs: ["include"], diff --git a/trusty/libtrusty/tipc-test/Android.bp b/trusty/libtrusty/tipc-test/Android.bp index 6ec8c23f7..1e8467f0f 100644 --- a/trusty/libtrusty/tipc-test/Android.bp +++ b/trusty/libtrusty/tipc-test/Android.bp @@ -14,12 +14,14 @@ cc_test { name: "tipc-test", - static_executable: true, + vendor: true, srcs: ["tipc_test.c"], static_libs: [ - "libc", "libtrusty", + ], + shared_libs: [ + "libc", "liblog", ], gtest: false, diff --git a/trusty/nvram/Android.bp b/trusty/nvram/Android.bp deleted file mode 100644 index 15e6c3e5e..000000000 --- a/trusty/nvram/Android.bp +++ /dev/null @@ -1,61 +0,0 @@ -// -// Copyright (C) 2016 The Android Open-Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -// nvram.trusty is the Trusty NVRAM HAL module. -cc_library_shared { - name: "nvram.trusty", - relative_install_path: "hw", - srcs: [ - "module.c", - "trusty_nvram_device.cpp", - "trusty_nvram_implementation.cpp", - ], - - cflags: [ - "-Wall", - "-Werror", - "-Wextra", - "-fvisibility=hidden", - ], - static_libs: ["libnvram-hal"], - shared_libs: [ - "libtrusty", - "libnvram-messages", - "liblog", - ], -} - -// nvram-wipe is a helper tool for clearing NVRAM state. -cc_binary { - name: "nvram-wipe", - srcs: [ - "nvram_wipe.cpp", - "trusty_nvram_implementation.cpp", - ], - - cflags: [ - "-Wall", - "-Werror", - "-Wextra", - "-fvisibility=hidden", - ], - static_libs: ["libnvram-hal"], - shared_libs: [ - "libtrusty", - "libnvram-messages", - "liblog", - ], -} diff --git a/trusty/nvram/module.c b/trusty/nvram/module.c deleted file mode 100644 index a2e64d372..000000000 --- a/trusty/nvram/module.c +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <hardware/nvram.h> - -// This function is defined in trusty_nvram_device.cpp. -int trusty_nvram_open(const hw_module_t* module, - const char* device_id, - hw_device_t** device_ptr); - -static struct hw_module_methods_t nvram_module_methods = { - .open = trusty_nvram_open, -}; - -struct nvram_module HAL_MODULE_INFO_SYM - __attribute__((visibility("default"))) = { - .common = {.tag = HARDWARE_MODULE_TAG, - .module_api_version = NVRAM_MODULE_API_VERSION_0_1, - .hal_api_version = HARDWARE_HAL_API_VERSION, - .id = NVRAM_HARDWARE_MODULE_ID, - .name = "Trusty NVRAM HAL", - .author = "The Android Open Source Project", - .methods = &nvram_module_methods, - .dso = 0, - .reserved = {}}, -}; diff --git a/trusty/nvram/nvram_wipe.cpp b/trusty/nvram/nvram_wipe.cpp deleted file mode 100644 index d0f4faded..000000000 --- a/trusty/nvram/nvram_wipe.cpp +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <nvram/messages/nvram_messages.h> - -#include "trusty_nvram_implementation.h" - -void usage(const char* program_name) { - fprintf(stderr, "Usage: %s [status|disable|wipe]\n", program_name); - exit(-1); -} - -int main(int argc, char* argv[]) { - if (argc < 2) { - usage(argv[0]); - } - - nvram::TrustyNvramImplementation nvram_proxy; - nvram::Request request; - nvram::Response response; - - if (!strcmp(argv[1], "status")) { - request.payload.Activate<nvram::COMMAND_GET_INFO>(); - nvram_proxy.Execute(request, &response); - const nvram::GetInfoResponse* get_info_response = - response.payload.get<nvram::COMMAND_GET_INFO>(); - if (response.result == NV_RESULT_SUCCESS) { - int status = get_info_response && get_info_response->wipe_disabled; - printf("Wiping disabled: %d\n", status); - return status; - } - } else if (!strcmp(argv[1], "disable")) { - request.payload.Activate<nvram::COMMAND_DISABLE_WIPE>(); - nvram_proxy.Execute(request, &response); - } else if (!strcmp(argv[1], "wipe")) { - request.payload.Activate<nvram::COMMAND_WIPE_STORAGE>(); - nvram_proxy.Execute(request, &response); - } else { - usage(argv[0]); - } - - if (response.result != NV_RESULT_SUCCESS) { - fprintf(stderr, "Command execution failure: %u\n", response.result); - return -1; - } - - return 0; -} - diff --git a/trusty/nvram/trusty_nvram_device.cpp b/trusty/nvram/trusty_nvram_device.cpp deleted file mode 100644 index 82a122870..000000000 --- a/trusty/nvram/trusty_nvram_device.cpp +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <errno.h> - -#include <nvram/hal/nvram_device_adapter.h> - -#include "trusty_nvram_implementation.h" - -extern "C" int trusty_nvram_open(const hw_module_t* module, - const char* device_id, - hw_device_t** device_ptr) { - if (strcmp(NVRAM_HARDWARE_DEVICE_ID, device_id) != 0) { - return -EINVAL; - } - - nvram::NvramDeviceAdapter* adapter = new nvram::NvramDeviceAdapter( - module, new nvram::TrustyNvramImplementation); - *device_ptr = adapter->as_device(); - return 0; -} diff --git a/trusty/nvram/trusty_nvram_implementation.cpp b/trusty/nvram/trusty_nvram_implementation.cpp deleted file mode 100644 index 9215c8502..000000000 --- a/trusty/nvram/trusty_nvram_implementation.cpp +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define LOG_TAG "TrustyNVRAM" - -#include "trusty_nvram_implementation.h" - -#include <errno.h> -#include <string.h> -#include <unistd.h> - -#include <hardware/nvram.h> -#include <log/log.h> -#include <trusty/tipc.h> - -#include <nvram/messages/blob.h> - -namespace nvram { -namespace { - -// Character device to open for Trusty IPC connections. -const char kTrustyDeviceName[] = "/dev/trusty-ipc-dev0"; - -// App identifier of the NVRAM app. -const char kTrustyNvramAppId[] = "com.android.trusty.nvram"; - -} // namespace - -TrustyNvramImplementation::~TrustyNvramImplementation() { - if (tipc_nvram_fd_ != -1) { - tipc_close(tipc_nvram_fd_); - tipc_nvram_fd_ = -1; - } -} - -void TrustyNvramImplementation::Execute(const nvram::Request& request, - nvram::Response* response) { - if (!SendRequest(request, response)) { - response->result = NV_RESULT_INTERNAL_ERROR; - } -} - -bool TrustyNvramImplementation::Connect() { - if (tipc_nvram_fd_ != -1) { - return true; - } - - int rc = tipc_connect(kTrustyDeviceName, kTrustyNvramAppId); - if (rc < 0) { - ALOGE("Failed to connect to Trusty NVRAM app: %s\n", strerror(-rc)); - return false; - } - - tipc_nvram_fd_ = rc; - return true; -} - -bool TrustyNvramImplementation::SendRequest(const nvram::Request& request, - nvram::Response* response) { - if (!Connect()) { - return false; - } - - nvram::Blob request_buffer; - if (!nvram::Encode(request, &request_buffer)) { - ALOGE("Failed to encode NVRAM request.\n"); - return false; - } - - ssize_t rc = - write(tipc_nvram_fd_, request_buffer.data(), request_buffer.size()); - if (rc < 0) { - ALOGE("Failed to send NVRAM request: %s\n", strerror(-rc)); - return false; - } - if (static_cast<size_t>(rc) != request_buffer.size()) { - ALOGE("Failed to send full request buffer: %zd\n", rc); - return false; - } - - rc = read(tipc_nvram_fd_, response_buffer_, sizeof(response_buffer_)); - if (rc < 0) { - ALOGE("Failed to read NVRAM response: %s\n", strerror(-rc)); - return false; - } - - if (static_cast<size_t>(rc) >= sizeof(response_buffer_)) { - ALOGE("NVRAM response exceeds response buffer size.\n"); - return false; - } - - if (!nvram::Decode(response_buffer_, static_cast<size_t>(rc), response)) { - ALOGE("Failed to decode NVRAM response.\n"); - return false; - } - - return true; -} - -} // namespace nvram diff --git a/trusty/nvram/trusty_nvram_implementation.h b/trusty/nvram/trusty_nvram_implementation.h deleted file mode 100644 index 60758f7fb..000000000 --- a/trusty/nvram/trusty_nvram_implementation.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_ -#define TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_ - -#include <stdint.h> - -#include <nvram/hal/nvram_device_adapter.h> -#include <nvram/messages/nvram_messages.h> - -namespace nvram { - -// |TrustyNvramImplementation| proxies requests to the Trusty NVRAM app. It -// serializes the request objects, sends it to the Trusty app and finally reads -// back the result and decodes it. -class TrustyNvramImplementation : public nvram::NvramImplementation { - public: - ~TrustyNvramImplementation() override; - - void Execute(const nvram::Request& request, - nvram::Response* response) override; - - private: - // Connects the IPC channel to the Trusty app if it is not already open. - // Returns true if the channel is open, false on errors. - bool Connect(); - - // Dispatches a command to the trust app. Returns true if successful (note - // that the response may still indicate an error on the Trusty side), false if - // there are any I/O or encoding/decoding errors. - bool SendRequest(const nvram::Request& request, - nvram::Response* response); - - // The file descriptor for the IPC connection to the Trusty app. - int tipc_nvram_fd_ = -1; - - // Response buffer. This puts a hard size limit on the responses from the - // Trusty app. 4096 matches the maximum IPC message size currently supported - // by Trusty. - uint8_t response_buffer_[4096]; -}; - -} // namespace nvram - -#endif // TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_ diff --git a/trusty/storage/interface/Android.bp b/trusty/storage/interface/Android.bp index a551c37aa..18b4a5f90 100644 --- a/trusty/storage/interface/Android.bp +++ b/trusty/storage/interface/Android.bp @@ -16,5 +16,6 @@ cc_library_static { name: "libtrustystorageinterface", + vendor: true, export_include_dirs: ["include"], } diff --git a/trusty/storage/lib/Android.bp b/trusty/storage/lib/Android.bp index 5eb3f0778..4e41674bd 100644 --- a/trusty/storage/lib/Android.bp +++ b/trusty/storage/lib/Android.bp @@ -16,16 +16,19 @@ cc_library_static { name: "libtrustystorage", + vendor: true, srcs: ["storage.c"], export_include_dirs: ["include"], static_libs: [ - "liblog", "libtrusty", "libtrustystorageinterface", ], + shared_libs: [ + "liblog", + ], cflags: [ "-fvisibility=hidden", diff --git a/trusty/storage/proxy/Android.bp b/trusty/storage/proxy/Android.bp index eb34df014..da8542d5a 100644 --- a/trusty/storage/proxy/Android.bp +++ b/trusty/storage/proxy/Android.bp @@ -16,6 +16,7 @@ cc_binary { name: "storageproxyd", + vendor: true, srcs: [ "ipc.c", @@ -25,6 +26,7 @@ cc_binary { ], shared_libs: ["liblog"], + header_libs: ["libcutils_headers"], static_libs: [ "libtrustystorageinterface", diff --git a/trusty/storage/proxy/proxy.c b/trusty/storage/proxy/proxy.c index 27e58917f..41263e5df 100644 --- a/trusty/storage/proxy/proxy.c +++ b/trusty/storage/proxy/proxy.c @@ -24,7 +24,7 @@ #include <sys/stat.h> #include <unistd.h> -#include <private/android_filesystem_config.h> +#include <cutils/android_filesystem_config.h> #include "ipc.h" #include "log.h" diff --git a/trusty/storage/tests/Android.bp b/trusty/storage/tests/Android.bp index 1e4fced8f..536c3ca7a 100644 --- a/trusty/storage/tests/Android.bp +++ b/trusty/storage/tests/Android.bp @@ -16,6 +16,7 @@ cc_test { name: "secure-storage-unit-test", + vendor: true, cflags: [ "-g", @@ -28,6 +29,8 @@ cc_test { "libtrustystorageinterface", "libtrustystorage", "libtrusty", + ], + shared_libs: [ "liblog", ], |