diff options
| -rw-r--r-- | adb/transport.cpp | 4 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr.c | 13 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_fstab.c | 32 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_priv.h | 1 | ||||
| -rw-r--r-- | fs_mgr/include/fs_mgr.h | 1 | ||||
| -rw-r--r-- | gatekeeperd/tests/gatekeeper_test.cpp | 3 | ||||
| -rw-r--r-- | healthd/BatteryMonitor.cpp | 2 | ||||
| -rw-r--r-- | include/private/android_filesystem_config.h | 2 | ||||
| -rw-r--r-- | include/system/radio.h | 5 | ||||
| -rw-r--r-- | include/system/window.h | 14 | ||||
| -rw-r--r-- | libnetutils/dhcptool.c | 7 | ||||
| -rw-r--r-- | libnetutils/ifc_utils.c | 9 | ||||
| -rw-r--r-- | libutils/Android.mk | 7 | ||||
| -rw-r--r-- | libutils/SharedBuffer.cpp | 2 | ||||
| -rw-r--r-- | libutils/SharedBufferTest.cpp | 6 | ||||
| -rw-r--r-- | libutils/tests/String8_test.cpp | 5 | ||||
| -rw-r--r-- | lmkd/lmkd.c | 31 | ||||
| -rw-r--r-- | rootdir/init.rc | 7 | ||||
| -rw-r--r-- | trusty/gatekeeper/Android.mk | 50 | ||||
| -rw-r--r-- | trusty/gatekeeper/gatekeeper_ipc.h | 40 | ||||
| -rw-r--r-- | trusty/gatekeeper/module.cpp | 57 | ||||
| -rw-r--r-- | trusty/gatekeeper/trusty_gatekeeper.cpp | 230 | ||||
| -rw-r--r-- | trusty/gatekeeper/trusty_gatekeeper.h | 126 | ||||
| -rw-r--r-- | trusty/gatekeeper/trusty_gatekeeper_ipc.c | 91 | ||||
| -rw-r--r-- | trusty/gatekeeper/trusty_gatekeeper_ipc.h | 24 |
25 files changed, 706 insertions, 63 deletions
diff --git a/adb/transport.cpp b/adb/transport.cpp index 2f18f2011..8b0cb38fe 100644 --- a/adb/transport.cpp +++ b/adb/transport.cpp @@ -785,9 +785,7 @@ const FeatureSet& supported_features() { // Local static allocation to avoid global non-POD variables. static const FeatureSet* features = new FeatureSet{ kFeatureShell2, - // Internal master has 'cmd'. AOSP master doesn't. - // kFeatureCmd - + kFeatureCmd // Increment ADB_SERVER_VERSION whenever the feature list changes to // make sure that the adb client and server features stay in sync // (http://b/24370690). diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c index c47a58591..3fda34ffb 100644 --- a/fs_mgr/fs_mgr.c +++ b/fs_mgr/fs_mgr.c @@ -442,8 +442,15 @@ out: // Check to see if a mountable volume has encryption requirements static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec) { + /* Check for existence of convert_fbe breadcrumb file */ + char convert_fbe_name[PATH_MAX]; + snprintf(convert_fbe_name, sizeof(convert_fbe_name), + "%s/convert_fbe", rec->mount_point); + bool convert_fbe = (access(convert_fbe_name, F_OK) == 0); + /* If this is block encryptable, need to trigger encryption */ if ( (rec->fs_mgr_flags & MF_FORCECRYPT) + || ((rec->fs_mgr_flags & MF_FORCEFDEORFBE) && !convert_fbe) || (device_is_force_encrypted() && fs_mgr_is_encryptable(rec))) { if (umount(rec->mount_point) == 0) { return FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION; @@ -455,7 +462,8 @@ static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec) } // Deal with file level encryption - if (rec->fs_mgr_flags & MF_FILEENCRYPTION) { + if ( (rec->fs_mgr_flags & MF_FILEENCRYPTION) + || ((rec->fs_mgr_flags & MF_FORCEFDEORFBE) && convert_fbe)) { // Default or not yet initialized encryption requires no more work here if (!e4crypt_non_default_key(rec->mount_point)) { INFO("%s is default file encrypted\n", rec->mount_point); @@ -881,7 +889,8 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) { continue; } - if (!(fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT))) { + if (!(fstab->recs[i].fs_mgr_flags + & (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE))) { continue; } diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c index 125ee0bbc..c8c624d8f 100644 --- a/fs_mgr/fs_mgr_fstab.c +++ b/fs_mgr/fs_mgr_fstab.c @@ -22,8 +22,6 @@ #include <sys/mount.h> #include <unistd.h> -#include <cutils/properties.h> - #include "fs_mgr_priv.h" struct fs_mgr_flag_values { @@ -66,6 +64,7 @@ static struct flag_list fs_mgr_flags[] = { { "encryptable=",MF_CRYPT }, { "forceencrypt=",MF_FORCECRYPT }, { "fileencryption",MF_FILEENCRYPTION }, + { "forcefdeorfbe=",MF_FORCEFDEORFBE }, { "nonremovable",MF_NONREMOVABLE }, { "voldmanaged=",MF_VOLDMANAGED}, { "length=", MF_LENGTH }, @@ -142,6 +141,11 @@ static int parse_flags(char *flags, struct flag_list *fl, * location of the keys. Get it and return it. */ flag_vals->key_loc = strdup(strchr(p, '=') + 1); + } else if ((fl[i].flag == MF_FORCEFDEORFBE) && flag_vals) { + /* The forcefdeorfbe flag is followed by an = and the + * location of the keys. Get it and return it. + */ + flag_vals->key_loc = strdup(strchr(p, '=') + 1); } else if ((fl[i].flag == MF_LENGTH) && flag_vals) { /* The length flag is followed by an = and the * size of the partition. Get it and return it. @@ -332,23 +336,6 @@ struct fstab *fs_mgr_read_fstab(const char *fstab_path) fstab->recs[cnt].partnum = flag_vals.partnum; fstab->recs[cnt].swap_prio = flag_vals.swap_prio; fstab->recs[cnt].zram_size = flag_vals.zram_size; - - /* If an A/B partition, modify block device to be the real block device */ - if (fstab->recs[cnt].fs_mgr_flags & MF_SLOTSELECT) { - char propbuf[PROPERTY_VALUE_MAX]; - char *tmp; - - /* use the kernel parameter if set */ - property_get("ro.boot.slot_suffix", propbuf, ""); - - if (asprintf(&tmp, "%s%s", fstab->recs[cnt].blk_device, propbuf) > 0) { - free(fstab->recs[cnt].blk_device); - fstab->recs[cnt].blk_device = tmp; - } else { - ERROR("Error updating block device name\n"); - goto err; - } - } cnt++; } /* If an A/B partition, modify block device to be the real block device */ @@ -483,7 +470,7 @@ int fs_mgr_is_verified(const struct fstab_rec *fstab) int fs_mgr_is_encryptable(const struct fstab_rec *fstab) { - return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT); + return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE); } int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab) @@ -491,6 +478,11 @@ int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab) return fstab->fs_mgr_flags & MF_FILEENCRYPTION; } +int fs_mgr_is_convertible_to_fbe(const struct fstab_rec *fstab) +{ + return fstab->fs_mgr_flags & MF_FORCEFDEORFBE; +} + int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_NOEMULATEDSD; diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h index ba0e097b0..181b6cdf5 100644 --- a/fs_mgr/fs_mgr_priv.h +++ b/fs_mgr/fs_mgr_priv.h @@ -82,6 +82,7 @@ __BEGIN_DECLS #define MF_FILEENCRYPTION 0x2000 #define MF_FORMATTABLE 0x4000 #define MF_SLOTSELECT 0x8000 +#define MF_FORCEFDEORFBE 0x10000 #define DM_BUF_SIZE 4096 diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index 27fccf72e..eb0a7fc93 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h @@ -102,6 +102,7 @@ int fs_mgr_is_nonremovable(const struct fstab_rec *fstab); int fs_mgr_is_verified(const struct fstab_rec *fstab); int fs_mgr_is_encryptable(const struct fstab_rec *fstab); int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab); +int fs_mgr_is_convertible_to_fbe(const struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab); int fs_mgr_is_notrim(struct fstab_rec *fstab); int fs_mgr_is_formattable(struct fstab_rec *fstab); diff --git a/gatekeeperd/tests/gatekeeper_test.cpp b/gatekeeperd/tests/gatekeeper_test.cpp index c504f9228..47a8bfa9d 100644 --- a/gatekeeperd/tests/gatekeeper_test.cpp +++ b/gatekeeperd/tests/gatekeeper_test.cpp @@ -18,9 +18,8 @@ #include <iostream> #include <gtest/gtest.h> -#include <UniquePtr.h> - #include <hardware/hw_auth_token.h> +#include <UniquePtr.h> #include "../SoftGateKeeper.h" diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp index 0085a078f..3e618c0b1 100644 --- a/healthd/BatteryMonitor.cpp +++ b/healthd/BatteryMonitor.cpp @@ -631,7 +631,7 @@ void BatteryMonitor::init(struct healthd_config *hc) { KLOG_WARNING(LOG_TAG, "BatteryTemperaturePath not found\n"); if (mHealthdConfig->batteryTechnologyPath.isEmpty()) KLOG_WARNING(LOG_TAG, "BatteryTechnologyPath not found\n"); - if (mHealthdConfig->batteryCurrentNowPath.isEmpty()) + if (mHealthdConfig->batteryCurrentNowPath.isEmpty()) KLOG_WARNING(LOG_TAG, "BatteryCurrentNowPath not found\n"); if (mHealthdConfig->batteryFullChargePath.isEmpty()) KLOG_WARNING(LOG_TAG, "BatteryFullChargePath not found\n"); diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h index e2133e905..a1d253989 100644 --- a/include/private/android_filesystem_config.h +++ b/include/private/android_filesystem_config.h @@ -81,6 +81,7 @@ #define AID_SHARED_RELRO 1037 /* creator of shared GNU RELRO files */ #define AID_DBUS 1038 /* dbus-daemon IPC broker process */ #define AID_TLSDATE 1039 /* tlsdate unprivileged user */ +#define AID_MEDIA_EX 1040 /* mediaextractor process */ #define AID_SHELL 2000 /* adb and debug shell user */ #define AID_CACHE 2001 /* cache access */ @@ -179,6 +180,7 @@ static const struct android_id_info android_ids[] = { { "shared_relro", AID_SHARED_RELRO, }, { "dbus", AID_DBUS, }, { "tlsdate", AID_TLSDATE, }, + { "mediaex", AID_MEDIA_EX, }, { "shell", AID_SHELL, }, { "cache", AID_CACHE, }, diff --git a/include/system/radio.h b/include/system/radio.h index a08852604..9e291c83d 100644 --- a/include/system/radio.h +++ b/include/system/radio.h @@ -94,6 +94,7 @@ typedef struct radio_hal_fm_band_config { radio_rds_t rds; /* RDS variants supported */ bool ta; /* Traffic Announcement supported */ bool af; /* Alternate Frequency supported */ + bool ea; /* Emergency announcements supported */ } radio_hal_fm_band_config_t; /* Additional attributes for an AM band configuration */ @@ -184,6 +185,7 @@ enum { RADIO_EVENT_METADATA = 4, /* New meta data received */ RADIO_EVENT_TA = 5, /* Traffic announcement start or stop */ RADIO_EVENT_AF_SWITCH = 6, /* Switch to Alternate Frequency */ + RADIO_EVENT_EA = 7, /* Emergency announcement start or stop */ // begin framework only events RADIO_EVENT_CONTROL = 100, /* loss/gain of tuner control */ RADIO_EVENT_SERVER_DIED = 101, /* radio service died */ @@ -195,7 +197,8 @@ typedef struct radio_hal_event { radio_event_type_t type; /* event type */ int status; /* used by RADIO_EVENT_CONFIG, RADIO_EVENT_TUNED */ union { - bool on; /* RADIO_EVENT_ANTENNA, RADIO_EVENT_TA */ + /* RADIO_EVENT_ANTENNA, RADIO_EVENT_TA, RADIO_EVENT_EA */ + bool on; radio_hal_band_config_t config; /* RADIO_EVENT_CONFIG */ radio_program_info_t info; /* RADIO_EVENT_TUNED, RADIO_EVENT_AF_SWITCH */ radio_metadata_t *metadata; /* RADIO_EVENT_METADATA */ diff --git a/include/system/window.h b/include/system/window.h index 508ce00ba..9f6e9514a 100644 --- a/include/system/window.h +++ b/include/system/window.h @@ -25,6 +25,7 @@ #include <sys/cdefs.h> #include <system/graphics.h> #include <unistd.h> +#include <stdbool.h> #ifndef __UNUSED #define __UNUSED __attribute__((__unused__)) @@ -311,6 +312,7 @@ enum { NATIVE_WINDOW_SET_SIDEBAND_STREAM = 18, NATIVE_WINDOW_SET_BUFFERS_DATASPACE = 19, NATIVE_WINDOW_SET_SURFACE_DAMAGE = 20, /* private */ + NATIVE_WINDOW_SET_SINGLE_BUFFER_MODE = 21, }; /* parameter for NATIVE_WINDOW_[API_][DIS]CONNECT */ @@ -949,6 +951,18 @@ static inline int native_window_set_surface_damage( rects, numRects); } +/* + * native_window_set_single_buffer_mode(..., bool singleBufferMode) + * Enable/disable single buffer mode + */ +static inline int native_window_set_single_buffer_mode( + struct ANativeWindow* window, + bool singleBufferMode) +{ + return window->perform(window, NATIVE_WINDOW_SET_SINGLE_BUFFER_MODE, + singleBufferMode); +} + __END_DECLS #endif /* SYSTEM_CORE_INCLUDE_ANDROID_WINDOW_H */ diff --git a/libnetutils/dhcptool.c b/libnetutils/dhcptool.c index 352ac5e57..a2d3869b4 100644 --- a/libnetutils/dhcptool.c +++ b/libnetutils/dhcptool.c @@ -14,6 +14,7 @@ * limitations under the License. */ +#include <err.h> #include <errno.h> #include <error.h> #include <stdbool.h> @@ -29,12 +30,14 @@ int main(int argc, char* argv[]) { char* interface = argv[1]; if (ifc_init()) { - error(EXIT_FAILURE, errno, "dhcptool %s: ifc_init failed", interface); + err(errno, "dhcptool %s: ifc_init failed", interface); + ifc_close(); + return EXIT_FAILURE; } int rc = do_dhcp(interface); if (rc) { - error(0, errno, "dhcptool %s: do_dhcp failed", interface); + err(errno, "dhcptool %s: do_dhcp failed", interface); } ifc_close(); diff --git a/libnetutils/ifc_utils.c b/libnetutils/ifc_utils.c index 956ed30c3..aa18bc1f9 100644 --- a/libnetutils/ifc_utils.c +++ b/libnetutils/ifc_utils.c @@ -19,6 +19,7 @@ #include <unistd.h> #include <string.h> #include <errno.h> +#include <pthread.h> #include <sys/socket.h> #include <sys/select.h> @@ -57,6 +58,8 @@ static int ifc_ctl_sock = -1; static int ifc_ctl_sock6 = -1; +static pthread_mutex_t ifc_sock_mutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; +static pthread_mutex_t ifc_sock6_mutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; void printerr(char *fmt, ...); #define DBG 0 @@ -122,6 +125,8 @@ int string_to_ip(const char *string, struct sockaddr_storage *ss) { int ifc_init(void) { int ret; + + pthread_mutex_lock(&ifc_sock_mutex); if (ifc_ctl_sock == -1) { ifc_ctl_sock = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (ifc_ctl_sock < 0) { @@ -136,6 +141,7 @@ int ifc_init(void) int ifc_init6(void) { + pthread_mutex_lock(&ifc_sock6_mutex); if (ifc_ctl_sock6 == -1) { ifc_ctl_sock6 = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (ifc_ctl_sock6 < 0) { @@ -152,6 +158,7 @@ void ifc_close(void) (void)close(ifc_ctl_sock); ifc_ctl_sock = -1; } + pthread_mutex_unlock(&ifc_sock_mutex); } void ifc_close6(void) @@ -160,6 +167,7 @@ void ifc_close6(void) (void)close(ifc_ctl_sock6); ifc_ctl_sock6 = -1; } + pthread_mutex_unlock(&ifc_sock6_mutex); } static void ifc_init_ifr(const char *name, struct ifreq *ifr) @@ -534,6 +542,7 @@ int ifc_act_on_ipv4_route(int action, const char *ifname, struct in_addr dst, in ifc_init(); if (ifc_ctl_sock < 0) { + ifc_close(); return -errno; } diff --git a/libutils/Android.mk b/libutils/Android.mk index 631b5a3b4..8c4fd15b6 100644 --- a/libutils/Android.mk +++ b/libutils/Android.mk @@ -106,19 +106,16 @@ LOCAL_CLANG := true LOCAL_SANITIZE := integer include $(BUILD_SHARED_LIBRARY) -# Include subdirectory makefiles -# ============================================================ - include $(CLEAR_VARS) LOCAL_MODULE := SharedBufferTest -LOCAL_STATIC_LIBRARIES := libutils libcutils +LOCAL_STATIC_LIBRARIES := libutils LOCAL_SHARED_LIBRARIES := liblog LOCAL_SRC_FILES := SharedBufferTest.cpp include $(BUILD_NATIVE_TEST) include $(CLEAR_VARS) LOCAL_MODULE := SharedBufferTest -LOCAL_STATIC_LIBRARIES := libutils libcutils +LOCAL_STATIC_LIBRARIES := libutils LOCAL_SHARED_LIBRARIES := liblog LOCAL_SRC_FILES := SharedBufferTest.cpp include $(BUILD_HOST_NATIVE_TEST) diff --git a/libutils/SharedBuffer.cpp b/libutils/SharedBuffer.cpp index c7dd1ab34..34d75eebc 100644 --- a/libutils/SharedBuffer.cpp +++ b/libutils/SharedBuffer.cpp @@ -14,8 +14,6 @@ * limitations under the License. */ -#define __STDC_LIMIT_MACROS -#include <stdint.h> #include <stdlib.h> #include <string.h> diff --git a/libutils/SharedBufferTest.cpp b/libutils/SharedBufferTest.cpp index a0484ffb5..33a4e0c90 100644 --- a/libutils/SharedBufferTest.cpp +++ b/libutils/SharedBufferTest.cpp @@ -31,10 +31,10 @@ TEST(SharedBufferTest, TestAlloc) { // Check that null is returned, as we are asking for the whole address space. android::SharedBuffer* buf = android::SharedBuffer::alloc(SIZE_MAX - sizeof(android::SharedBuffer) - 1); - ASSERT_TRUE(NULL == buf); + ASSERT_EQ(nullptr, buf); buf = android::SharedBuffer::alloc(0); - ASSERT_FALSE(NULL == buf); + ASSERT_NE(nullptr, buf); ASSERT_EQ(0U, buf->size()); buf->release(); } @@ -49,7 +49,7 @@ TEST(SharedBufferTest, TestEditResize) { // Make sure we don't die here. // Check that null is returned, as we are asking for the whole address space. buf = buf->editResize(SIZE_MAX - sizeof(android::SharedBuffer) - 1); - ASSERT_TRUE(NULL == buf); + ASSERT_EQ(nullptr, buf); buf = android::SharedBuffer::alloc(10); buf = buf->editResize(0); diff --git a/libutils/tests/String8_test.cpp b/libutils/tests/String8_test.cpp index c42c68dce..01e64f60a 100644 --- a/libutils/tests/String8_test.cpp +++ b/libutils/tests/String8_test.cpp @@ -72,4 +72,9 @@ TEST_F(String8Test, OperatorPlusEquals) { EXPECT_STREQ(src3, " Verify me."); } +TEST_F(String8Test, SetToSizeMaxReturnsNoMemory) { + const char *in = "some string"; + EXPECT_EQ(NO_MEMORY, String8("").setTo(in, SIZE_MAX)); +} + } diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c index 7bbc81119..cb9598e75 100644 --- a/lmkd/lmkd.c +++ b/lmkd/lmkd.c @@ -77,12 +77,7 @@ static int ctrl_dfd_reopened; /* did we reopen ctrl conn on this loop? */ static int epollfd; static int maxevents; -#define OOM_DISABLE (-17) -/* inclusive */ -#define OOM_ADJUST_MIN (-16) -#define OOM_ADJUST_MAX 15 - -/* kernel OOM score values */ +/* OOM score values used by both kernel and framework */ #define OOM_SCORE_ADJ_MIN (-1000) #define OOM_SCORE_ADJ_MAX 1000 @@ -114,8 +109,8 @@ struct proc { static struct proc *pidhash[PIDHASH_SZ]; #define pid_hashfn(x) ((((x) >> 8) ^ (x)) & (PIDHASH_SZ - 1)) -#define ADJTOSLOT(adj) (adj + -OOM_ADJUST_MIN) -static struct adjslot_list procadjslot_list[ADJTOSLOT(OOM_ADJUST_MAX) + 1]; +#define ADJTOSLOT(adj) (adj + -OOM_SCORE_ADJ_MIN) +static struct adjslot_list procadjslot_list[ADJTOSLOT(OOM_SCORE_ADJ_MAX) + 1]; /* * Wait 1-2 seconds for the death report of a killed process prior to @@ -148,14 +143,6 @@ static ssize_t read_all(int fd, char *buf, size_t max_len) return ret; } -static int lowmem_oom_adj_to_oom_score_adj(int oom_adj) -{ - if (oom_adj == OOM_ADJUST_MAX) - return OOM_SCORE_ADJ_MAX; - else - return (oom_adj * OOM_SCORE_ADJ_MAX) / -OOM_DISABLE; -} - static struct proc *pid_lookup(int pid) { struct proc *procp; @@ -254,13 +241,13 @@ static void cmd_procprio(int pid, int uid, int oomadj) { char path[80]; char val[20]; - if (oomadj < OOM_DISABLE || oomadj > OOM_ADJUST_MAX) { + if (oomadj < OOM_SCORE_ADJ_MIN || oomadj > OOM_SCORE_ADJ_MAX) { ALOGE("Invalid PROCPRIO oomadj argument %d", oomadj); return; } snprintf(path, sizeof(path), "/proc/%d/oom_score_adj", pid); - snprintf(val, sizeof(val), "%d", lowmem_oom_adj_to_oom_score_adj(oomadj)); + snprintf(val, sizeof(val), "%d", oomadj); writefilestring(path, val); if (use_inkernel_interface) @@ -607,7 +594,7 @@ static int kill_one_process(struct proc *procp, int other_free, int other_file, static int find_and_kill_process(int other_free, int other_file, bool first) { int i; - int min_score_adj = OOM_ADJUST_MAX + 1; + int min_score_adj = OOM_SCORE_ADJ_MAX + 1; int minfree = 0; int killed_size = 0; @@ -619,10 +606,10 @@ static int find_and_kill_process(int other_free, int other_file, bool first) } } - if (min_score_adj == OOM_ADJUST_MAX + 1) + if (min_score_adj == OOM_SCORE_ADJ_MAX + 1) return 0; - for (i = OOM_ADJUST_MAX; i >= min_score_adj; i--) { + for (i = OOM_SCORE_ADJ_MAX; i >= min_score_adj; i--) { struct proc *procp; retry: @@ -783,7 +770,7 @@ static int init(void) { ALOGE("Kernel does not support memory pressure events or in-kernel low memory killer"); } - for (i = 0; i <= ADJTOSLOT(OOM_ADJUST_MAX); i++) { + for (i = 0; i <= ADJTOSLOT(OOM_SCORE_ADJ_MAX); i++) { procadjslot_list[i].next = &procadjslot_list[i]; procadjslot_list[i].prev = &procadjslot_list[i]; } diff --git a/rootdir/init.rc b/rootdir/init.rc index ee04ec93b..3901f69a8 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -306,6 +306,7 @@ on post-fs-data # Emulated internal storage area mkdir /data/media 0770 media_rw media_rw + # Start bootcharting as soon as possible after the data partition is # mounted to collect more data. mkdir /data/bootchart 0755 shell shell @@ -342,6 +343,7 @@ on post-fs-data chmod 0660 /data/misc/wifi/wpa_supplicant.conf mkdir /data/local 0751 root root mkdir /data/misc/media 0700 media media + mkdir /data/misc/vold 0700 root root mkdir /data/misc/boottrace 0771 system shell mkdir /data/misc/update_engine 0700 root root mkdir /data/misc/trace 0700 root root @@ -389,9 +391,14 @@ on post-fs-data mkdir /data/backup 0700 system system mkdir /data/media 0770 media_rw media_rw mkdir /data/ss 0700 system system + mkdir /data/system 0775 system system mkdir /data/system/heapdump 0700 system system + mkdir /data/system_ce 0770 system system + mkdir /data/user 0711 system system + mkdir /data/user_de 0711 system system + mkdir /data/user_de/0 0771 system system setusercryptopolicies /data/user diff --git a/trusty/gatekeeper/Android.mk b/trusty/gatekeeper/Android.mk new file mode 100644 index 000000000..13e9a09a1 --- /dev/null +++ b/trusty/gatekeeper/Android.mk @@ -0,0 +1,50 @@ +# +# Copyright (C) 2015 The Android Open-Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# WARNING: Everything listed here will be built on ALL platforms, +# including x86, the emulator, and the SDK. Modules must be uniquely +# named (liblights.panda), and must build everywhere, or limit themselves +# to only building on ARM if they include assembly. Individual makefiles +# are responsible for having their own logic, for fine-grained control. + +LOCAL_PATH:= $(call my-dir) + +include $(CLEAR_VARS) + +LOCAL_MODULE := gatekeeper.trusty + +LOCAL_MODULE_RELATIVE_PATH := hw + +LOCAL_SRC_FILES := \ + module.cpp \ + trusty_gatekeeper_ipc.c \ + trusty_gatekeeper.cpp + +LOCAL_CLFAGS = -fvisibility=hidden -Wall -Werror + +LOCAL_SHARED_LIBRARIES := \ + libgatekeeper \ + liblog \ + libcutils \ + libtrusty + +LOCAL_MODULE_TAGS := optional + +# Symlink gatekeeper.trusty.so -> gatekeeper.<device>.so so libhardware can find it. +LOCAL_POST_INSTALL_CMD = \ + $(hide) ln -sf $(notdir $(LOCAL_INSTALLED_MODULE)) $(dir $(LOCAL_INSTALLED_MODULE))gatekeeper.$(TARGET_DEVICE).so + +include $(BUILD_SHARED_LIBRARY) diff --git a/trusty/gatekeeper/gatekeeper_ipc.h b/trusty/gatekeeper/gatekeeper_ipc.h new file mode 100644 index 000000000..b05dcd848 --- /dev/null +++ b/trusty/gatekeeper/gatekeeper_ipc.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#define GATEKEEPER_PORT "com.android.trusty.gatekeeper" +#define GATEKEEPER_MAX_BUFFER_LENGTH 1024 + +enum gatekeeper_command { + GK_REQ_SHIFT = 1, + GK_RESP_BIT = 1, + + GK_ENROLL = (0 << GK_REQ_SHIFT), + GK_VERIFY = (1 << GK_REQ_SHIFT), +}; + +/** + * gatekeeper_message - Serial header for communicating with GK server + * @cmd: the command, one of ENROLL, VERIFY. Payload must be a serialized + * buffer of the corresponding request object. + * @payload: start of the serialized command specific payload + */ +struct gatekeeper_message { + uint32_t cmd; + uint8_t payload[0]; +}; + diff --git a/trusty/gatekeeper/module.cpp b/trusty/gatekeeper/module.cpp new file mode 100644 index 000000000..0ee3c2f28 --- /dev/null +++ b/trusty/gatekeeper/module.cpp @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <hardware/hardware.h> + +#include <string.h> +#include <errno.h> +#include <stdlib.h> + +#include "trusty_gatekeeper.h" + +using gatekeeper::TrustyGateKeeperDevice; + +static int trusty_gatekeeper_open(const hw_module_t *module, const char *name, + hw_device_t **device) { + + if (strcmp(name, HARDWARE_GATEKEEPER) != 0) { + return -EINVAL; + } + + TrustyGateKeeperDevice *gatekeeper = new TrustyGateKeeperDevice(module); + if (gatekeeper == NULL) return -ENOMEM; + *device = gatekeeper->hw_device(); + + return 0; +} + +static struct hw_module_methods_t gatekeeper_module_methods = { + .open = trusty_gatekeeper_open, +}; + +struct gatekeeper_module HAL_MODULE_INFO_SYM __attribute__((visibility("default"))) = { + .common = { + .tag = HARDWARE_MODULE_TAG, + .module_api_version = GATEKEEPER_MODULE_API_VERSION_0_1, + .hal_api_version = HARDWARE_HAL_API_VERSION, + .id = GATEKEEPER_HARDWARE_MODULE_ID, + .name = "Trusty GateKeeper HAL", + .author = "The Android Open Source Project", + .methods = &gatekeeper_module_methods, + .dso = 0, + .reserved = {} + }, +}; diff --git a/trusty/gatekeeper/trusty_gatekeeper.cpp b/trusty/gatekeeper/trusty_gatekeeper.cpp new file mode 100644 index 000000000..d24f44f2e --- /dev/null +++ b/trusty/gatekeeper/trusty_gatekeeper.cpp @@ -0,0 +1,230 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <errno.h> +#include <stdio.h> +#include <assert.h> +#include <type_traits> + +#include "trusty_gatekeeper.h" +#include "trusty_gatekeeper_ipc.h" +#include "gatekeeper_ipc.h" + +#define LOG_TAG "TrustyGateKeeper" +#include <cutils/log.h> + +namespace gatekeeper { + +const uint32_t SEND_BUF_SIZE = 8192; +const uint32_t RECV_BUF_SIZE = 8192; + +TrustyGateKeeperDevice::TrustyGateKeeperDevice(const hw_module_t *module) { +#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__) + static_assert(std::is_standard_layout<TrustyGateKeeperDevice>::value, + "TrustyGateKeeperDevice must be standard layout"); + static_assert(offsetof(TrustyGateKeeperDevice, device_) == 0, + "device_ must be the first member of TrustyGateKeeperDevice"); + static_assert(offsetof(TrustyGateKeeperDevice, device_.common) == 0, + "common must be the first member of gatekeeper_device"); +#else + assert(reinterpret_cast<gatekeeper_device_t *>(this) == &device_); + assert(reinterpret_cast<hw_device_t *>(this) == &(device_.common)); +#endif + + memset(&device_, 0, sizeof(device_)); + device_.common.tag = HARDWARE_DEVICE_TAG; + device_.common.version = 1; + device_.common.module = const_cast<hw_module_t *>(module); + device_.common.close = close_device; + + device_.enroll = enroll; + device_.verify = verify; + device_.delete_user = nullptr; + device_.delete_all_users = nullptr; + + int rc = trusty_gatekeeper_connect(); + if (rc < 0) { + ALOGE("Error initializing trusty session: %d", rc); + } + + error_ = rc; + +} + +hw_device_t* TrustyGateKeeperDevice::hw_device() { + return &device_.common; +} + +int TrustyGateKeeperDevice::close_device(hw_device_t* dev) { + delete reinterpret_cast<TrustyGateKeeperDevice *>(dev); + return 0; +} + +TrustyGateKeeperDevice::~TrustyGateKeeperDevice() { + trusty_gatekeeper_disconnect(); +} + +int TrustyGateKeeperDevice::Enroll(uint32_t uid, const uint8_t *current_password_handle, + uint32_t current_password_handle_length, const uint8_t *current_password, + uint32_t current_password_length, const uint8_t *desired_password, + uint32_t desired_password_length, uint8_t **enrolled_password_handle, + uint32_t *enrolled_password_handle_length) { + + if (error_ != 0) { + return error_; + } + + SizedBuffer desired_password_buffer(desired_password_length); + memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length); + + SizedBuffer current_password_handle_buffer(current_password_handle_length); + if (current_password_handle) { + memcpy(current_password_handle_buffer.buffer.get(), current_password_handle, + current_password_handle_length); + } + + SizedBuffer current_password_buffer(current_password_length); + if (current_password) { + memcpy(current_password_buffer.buffer.get(), current_password, current_password_length); + } + + EnrollRequest request(uid, ¤t_password_handle_buffer, &desired_password_buffer, + ¤t_password_buffer); + EnrollResponse response; + + gatekeeper_error_t error = Send(request, &response); + + if (error == ERROR_RETRY) { + return response.retry_timeout; + } else if (error != ERROR_NONE) { + return -EINVAL; + } + + *enrolled_password_handle = response.enrolled_password_handle.buffer.release(); + *enrolled_password_handle_length = response.enrolled_password_handle.length; + + + return 0; +} + +int TrustyGateKeeperDevice::Verify(uint32_t uid, uint64_t challenge, + const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, + const uint8_t *provided_password, uint32_t provided_password_length, + uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) { + if (error_ != 0) { + return error_; + } + + SizedBuffer password_handle_buffer(enrolled_password_handle_length); + memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle, + enrolled_password_handle_length); + SizedBuffer provided_password_buffer(provided_password_length); + memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length); + + VerifyRequest request(uid, challenge, &password_handle_buffer, &provided_password_buffer); + VerifyResponse response; + + gatekeeper_error_t error = Send(request, &response); + + if (error == ERROR_RETRY) { + return response.retry_timeout; + } else if (error != ERROR_NONE) { + return -EINVAL; + } + + if (auth_token != NULL && auth_token_length != NULL) { + *auth_token = response.auth_token.buffer.release(); + *auth_token_length = response.auth_token.length; + } + + if (request_reenroll != NULL) { + *request_reenroll = response.request_reenroll; + } + + return 0; +} + +gatekeeper_error_t TrustyGateKeeperDevice::Send(uint32_t command, const GateKeeperMessage& request, + GateKeeperMessage *response) { + uint32_t request_size = request.GetSerializedSize(); + if (request_size > SEND_BUF_SIZE) + return ERROR_INVALID; + uint8_t send_buf[SEND_BUF_SIZE]; + request.Serialize(send_buf, send_buf + request_size); + + // Send it + uint8_t recv_buf[RECV_BUF_SIZE]; + uint32_t response_size = RECV_BUF_SIZE; + int rc = trusty_gatekeeper_call(command, send_buf, request_size, recv_buf, &response_size); + if (rc < 0) { + ALOGE("error (%d) calling gatekeeper TA", rc); + return ERROR_INVALID; + } + + const gatekeeper_message *msg = reinterpret_cast<gatekeeper_message *>(recv_buf); + const uint8_t *payload = msg->payload; + + return response->Deserialize(payload, payload + response_size); +} + +static inline TrustyGateKeeperDevice *convert_device(const gatekeeper_device *dev) { + return reinterpret_cast<TrustyGateKeeperDevice *>(const_cast<gatekeeper_device *>(dev)); +} + +/* static */ +int TrustyGateKeeperDevice::enroll(const struct gatekeeper_device *dev, uint32_t uid, + const uint8_t *current_password_handle, uint32_t current_password_handle_length, + const uint8_t *current_password, uint32_t current_password_length, + const uint8_t *desired_password, uint32_t desired_password_length, + uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) { + + if (dev == NULL || + enrolled_password_handle == NULL || enrolled_password_handle_length == NULL || + desired_password == NULL || desired_password_length == 0) + return -EINVAL; + + // Current password and current password handle go together + if (current_password_handle == NULL || current_password_handle_length == 0 || + current_password == NULL || current_password_length == 0) { + current_password_handle = NULL; + current_password_handle_length = 0; + current_password = NULL; + current_password_length = 0; + } + + return convert_device(dev)->Enroll(uid, current_password_handle, current_password_handle_length, + current_password, current_password_length, desired_password, desired_password_length, + enrolled_password_handle, enrolled_password_handle_length); + +} + +/* static */ +int TrustyGateKeeperDevice::verify(const struct gatekeeper_device *dev, uint32_t uid, + uint64_t challenge, const uint8_t *enrolled_password_handle, + uint32_t enrolled_password_handle_length, const uint8_t *provided_password, + uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, + bool *request_reenroll) { + + if (dev == NULL || enrolled_password_handle == NULL || + provided_password == NULL) { + return -EINVAL; + } + + return convert_device(dev)->Verify(uid, challenge, enrolled_password_handle, + enrolled_password_handle_length, provided_password, provided_password_length, + auth_token, auth_token_length, request_reenroll); +} +}; diff --git a/trusty/gatekeeper/trusty_gatekeeper.h b/trusty/gatekeeper/trusty_gatekeeper.h new file mode 100644 index 000000000..82108dc04 --- /dev/null +++ b/trusty/gatekeeper/trusty_gatekeeper.h @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TRUSTY_GATEKEEPER_H +#define TRUSTY_GATEKEEPER_H + +#include <hardware/gatekeeper.h> +#include <gatekeeper/gatekeeper_messages.h> + +#include "gatekeeper_ipc.h" + +namespace gatekeeper { + +class TrustyGateKeeperDevice { + public: + + TrustyGateKeeperDevice(const hw_module_t* module); + ~TrustyGateKeeperDevice(); + + hw_device_t* hw_device(); + + /** + * Enrolls password_payload, which should be derived from a user selected pin or password, + * with the authentication factor private key used only for enrolling authentication + * factor data. + * + * Returns: 0 on success or an error code less than 0 on error. + * On error, enrolled_password will not be allocated. + */ + int Enroll(uint32_t uid, const uint8_t *current_password_handle, + uint32_t current_password_handle_length, const uint8_t *current_password, + uint32_t current_password_length, const uint8_t *desired_password, + uint32_t desired_password_length, uint8_t **enrolled_password_handle, + uint32_t *enrolled_password_handle_length); + + /** + * Verifies provided_password matches expected_password after enrolling + * with the authentication factor private key. + * + * Implementations of this module may retain the result of this call + * to attest to the recency of authentication. + * + * On success, writes the address of a verification token to verification_token, + * + * Returns: 0 on success or an error code less than 0 on error + * On error, verification token will not be allocated + */ + int Verify(uint32_t uid, uint64_t challenge, const uint8_t *enrolled_password_handle, + uint32_t enrolled_password_handle_length, const uint8_t *provided_password, + uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, + bool *request_reenroll); + + private: + + gatekeeper_error_t Send(uint32_t command, const GateKeeperMessage& request, + GateKeeperMessage* response); + + gatekeeper_error_t Send(const EnrollRequest& request, EnrollResponse *response) { + return Send(GK_ENROLL, request, response); + } + + gatekeeper_error_t Send(const VerifyRequest& request, VerifyResponse *response) { + return Send(GK_VERIFY, request, response); + } + + // Static methods interfacing the HAL API with the TrustyGateKeeper device + + /** + * Enrolls desired_password, which should be derived from a user selected pin or password, + * with the authentication factor private key used only for enrolling authentication + * factor data. + * + * If there was already a password enrolled, it should be provided in + * current_password_handle, along with the current password in current_password + * that should validate against current_password_handle. + * + * Returns: 0 on success or an error code less than 0 on error. + * On error, enrolled_password_handle will not be allocated. + */ + static int enroll(const struct gatekeeper_device *dev, uint32_t uid, + const uint8_t *current_password_handle, uint32_t current_password_handle_length, + const uint8_t *current_password, uint32_t current_password_length, + const uint8_t *desired_password, uint32_t desired_password_length, + uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length); + + /** + * Verifies provided_password matches enrolled_password_handle. + * + * Implementations of this module may retain the result of this call + * to attest to the recency of authentication. + * + * On success, writes the address of a verification token to auth_token, + * usable to attest password verification to other trusted services. Clients + * may pass NULL for this value. + * + * Returns: 0 on success or an error code less than 0 on error + * On error, verification token will not be allocated + */ + static int verify(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge, + const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, + const uint8_t *provided_password, uint32_t provided_password_length, + uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll); + + static int close_device(hw_device_t* dev); + + gatekeeper_device device_; + int error_; + +}; +} + +#endif + diff --git a/trusty/gatekeeper/trusty_gatekeeper_ipc.c b/trusty/gatekeeper/trusty_gatekeeper_ipc.c new file mode 100644 index 000000000..a1c319e5a --- /dev/null +++ b/trusty/gatekeeper/trusty_gatekeeper_ipc.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <errno.h> +#include <stdlib.h> +#include <string.h> + +#define LOG_TAG "TrustyGateKeeper" +#include <cutils/log.h> +#include <trusty/tipc.h> + +#include "trusty_gatekeeper_ipc.h" +#include "gatekeeper_ipc.h" + +#define TRUSTY_DEVICE_NAME "/dev/trusty-ipc-dev0" + +static int handle_ = 0; + +int trusty_gatekeeper_connect() { + int rc = tipc_connect(TRUSTY_DEVICE_NAME, GATEKEEPER_PORT); + if (rc < 0) { + return rc; + } + + handle_ = rc; + return 0; +} + +int trusty_gatekeeper_call(uint32_t cmd, void *in, uint32_t in_size, uint8_t *out, + uint32_t *out_size) { + if (handle_ == 0) { + ALOGE("not connected\n"); + return -EINVAL; + } + + size_t msg_size = in_size + sizeof(struct gatekeeper_message); + struct gatekeeper_message *msg = malloc(msg_size); + msg->cmd = cmd; + memcpy(msg->payload, in, in_size); + + ssize_t rc = write(handle_, msg, msg_size); + free(msg); + + if (rc < 0) { + ALOGE("failed to send cmd (%d) to %s: %s\n", cmd, + GATEKEEPER_PORT, strerror(errno)); + return -errno; + } + + rc = read(handle_, out, *out_size); + if (rc < 0) { + ALOGE("failed to retrieve response for cmd (%d) to %s: %s\n", + cmd, GATEKEEPER_PORT, strerror(errno)); + return -errno; + } + + if ((size_t) rc < sizeof(struct gatekeeper_message)) { + ALOGE("invalid response size (%d)\n", (int) rc); + return -EINVAL; + } + + msg = (struct gatekeeper_message *) out; + + if ((cmd | GK_RESP_BIT) != msg->cmd) { + ALOGE("invalid command (%d)\n", msg->cmd); + return -EINVAL; + } + + *out_size = ((size_t) rc) - sizeof(struct gatekeeper_message); + return rc; +} + +void trusty_gatekeeper_disconnect() { + if (handle_ != 0) { + tipc_close(handle_); + } +} + diff --git a/trusty/gatekeeper/trusty_gatekeeper_ipc.h b/trusty/gatekeeper/trusty_gatekeeper_ipc.h new file mode 100644 index 000000000..f8de7f873 --- /dev/null +++ b/trusty/gatekeeper/trusty_gatekeeper_ipc.h @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +__BEGIN_DECLS + +int trusty_gatekeeper_connect(); +int trusty_gatekeeper_call(uint32_t cmd, void *in, uint32_t in_size, uint8_t *out, + uint32_t *out_size); +void trusty_gatekeeper_disconnect(); + +__END_DECLS |