Merge "Move restorecon of /data earlier in boot sequence."
diff --git a/gatekeeperd/Android.bp b/gatekeeperd/Android.bp
index 2d9a820..27a6452 100644
--- a/gatekeeperd/Android.bp
+++ b/gatekeeperd/Android.bp
@@ -28,7 +28,6 @@
shared_libs: [
"libbinder",
- "libbinder_ndk",
"libgatekeeper",
"libgsi",
"liblog",
@@ -41,8 +40,6 @@
"libhidlbase",
"android.hardware.gatekeeper@1.0",
"libgatekeeper_aidl",
- "android.hardware.security.keymint-unstable-ndk_platform",
- "android.security.authorization-ndk_platform",
],
static_libs: ["libscrypt_static"],
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index ced7573..b982dbc 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -19,44 +19,42 @@
#include <android/service/gatekeeper/BnGateKeeperService.h>
#include <gatekeeper/GateKeeperResponse.h>
-#include <endian.h>
#include <errno.h>
#include <fcntl.h>
+#include <inttypes.h>
+#include <stdint.h>
#include <unistd.h>
#include <memory>
+#include <android/security/keystore/IKeystoreService.h>
#include <android-base/logging.h>
#include <android-base/properties.h>
-#include <android/binder_manager.h>
-#include <android/security/keystore/IKeystoreService.h>
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
#include <binder/PermissionCache.h>
-#include <gatekeeper/password_handle.h> // for password_handle_t
+#include <gatekeeper/password_handle.h> // for password_handle_t
+#include <hardware/gatekeeper.h>
#include <hardware/hw_auth_token.h>
+#include <keystore/keystore.h> // For error code
#include <keystore/keystore_return_types.h>
#include <libgsi/libgsi.h>
#include <log/log.h>
+#include <utils/Log.h>
#include <utils/String16.h>
-#include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>
-#include <aidl/android/security/authorization/IKeystoreAuthorization.h>
-#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
#include <hidl/HidlSupport.h>
+#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
using android::sp;
-using android::hardware::Return;
-using android::hardware::gatekeeper::V1_0::GatekeeperResponse;
-using android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
using android::hardware::gatekeeper::V1_0::IGatekeeper;
+using android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
+using android::hardware::gatekeeper::V1_0::GatekeeperResponse;
+using android::hardware::Return;
using ::android::binder::Status;
using ::android::service::gatekeeper::BnGateKeeperService;
using GKResponse = ::android::service::gatekeeper::GateKeeperResponse;
using GKResponseCode = ::android::service::gatekeeper::ResponseCode;
-using ::aidl::android::hardware::security::keymint::HardwareAuthenticatorType;
-using ::aidl::android::hardware::security::keymint::HardwareAuthToken;
-using ::aidl::android::security::authorization::IKeystoreAuthorization;
namespace android {
@@ -64,7 +62,7 @@
static const String16 DUMP_PERMISSION("android.permission.DUMP");
class GateKeeperProxy : public BnGateKeeperService {
- public:
+public:
GateKeeperProxy() {
clear_state_if_needed_done = false;
hw_device = IGatekeeper::getService();
@@ -75,7 +73,8 @@
}
}
- virtual ~GateKeeperProxy() {}
+ virtual ~GateKeeperProxy() {
+ }
void store_sid(uint32_t userId, uint64_t sid) {
char filename[21];
@@ -97,7 +96,7 @@
if (mark_cold_boot() && !is_running_gsi) {
ALOGI("cold boot: clearing state");
if (hw_device) {
- hw_device->deleteAllUsers([](const GatekeeperResponse&) {});
+ hw_device->deleteAllUsers([](const GatekeeperResponse &){});
}
}
@@ -105,7 +104,7 @@
}
bool mark_cold_boot() {
- const char* filename = ".coldboot";
+ const char *filename = ".coldboot";
if (access(filename, F_OK) == -1) {
int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
if (fd < 0) {
@@ -300,34 +299,7 @@
if (gkResponse->response_code() == GKResponseCode::OK) {
if (gkResponse->payload().size() != 0) {
- // try to connect to IKeystoreAuthorization AIDL service first.
- ::ndk::SpAIBinder authzBinder(
- AServiceManager_getService("android.security.authorization"));
- auto authzService = IKeystoreAuthorization::fromBinder(authzBinder);
- if (authzService) {
- if (gkResponse->payload().size() != sizeof(hw_auth_token_t)) {
- LOG(ERROR) << "Incorrect size of AuthToken payload.";
- return GK_ERROR;
- }
-
- const hw_auth_token_t* hwAuthToken =
- reinterpret_cast<const hw_auth_token_t*>(gkResponse->payload().data());
- HardwareAuthToken authToken;
-
- authToken.timestamp.milliSeconds = betoh64(hwAuthToken->timestamp);
- authToken.challenge = hwAuthToken->challenge;
- authToken.authenticatorId = hwAuthToken->authenticator_id;
- authToken.authenticatorType = static_cast<HardwareAuthenticatorType>(
- betoh32(hwAuthToken->authenticator_type));
- authToken.mac.assign(&hwAuthToken->hmac[0], &hwAuthToken->hmac[32]);
- auto result = authzService->addAuthToken(authToken);
- if (!result.isOk()) {
- LOG(ERROR) << "Failure in sending AuthToken to AuthorizationService.";
- return GK_ERROR;
- }
- }
sp<IServiceManager> sm = defaultServiceManager();
-
sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
sp<security::keystore::IKeystoreService> service =
interface_cast<security::keystore::IKeystoreService>(binder);
@@ -338,12 +310,9 @@
if (!binder_result.isOk() ||
!keystore::KeyStoreServiceReturnCode(result).isOk()) {
LOG(ERROR) << "Failure sending auth token to KeyStore: " << result;
- return GK_ERROR;
}
} else {
- LOG(ERROR) << "Cannot deliver auth token. Unable to communicate with "
- "Keystore.";
- return GK_ERROR;
+ LOG(ERROR) << "Cannot deliver auth token. Unable to communicate with Keystore.";
}
}
@@ -397,23 +366,23 @@
}
if (hw_device == NULL) {
- const char* result = "Device not available";
+ const char *result = "Device not available";
write(fd, result, strlen(result) + 1);
} else {
- const char* result = "OK";
+ const char *result = "OK";
write(fd, result, strlen(result) + 1);
}
return OK;
}
- private:
+private:
sp<IGatekeeper> hw_device;
bool clear_state_if_needed_done;
bool is_running_gsi;
};
-} // namespace android
+}// namespace android
int main(int argc, char* argv[]) {
ALOGI("Starting gatekeeperd...");
diff --git a/libprocessgroup/cgroup_map.cpp b/libprocessgroup/cgroup_map.cpp
index b82b0ab..5ca0967 100644
--- a/libprocessgroup/cgroup_map.cpp
+++ b/libprocessgroup/cgroup_map.cpp
@@ -71,7 +71,7 @@
if (!HasValue()) return false;
if (state_ == UNKNOWN) {
- if (ACgroupController_getFlags != nullptr) {
+ if (__builtin_available(android 30, *)) {
uint32_t flags = ACgroupController_getFlags(controller_);
state_ = (flags & CGROUPRC_CONTROLLER_FLAG_MOUNTED) != 0 ? USABLE : MISSING;
} else {
@@ -172,7 +172,7 @@
auto controller_count = ACgroupFile_getControllerCount();
for (uint32_t i = 0; i < controller_count; ++i) {
const ACgroupController* controller = ACgroupFile_getController(i);
- if (ACgroupController_getFlags != nullptr) {
+ if (__builtin_available(android 30, *)) {
LOG(INFO) << "\t" << ACgroupController_getName(controller) << " ver "
<< ACgroupController_getVersion(controller) << " path "
<< ACgroupController_getPath(controller) << " flags "
diff --git a/libprocessgroup/cgrouprc/include/android/cgrouprc.h b/libprocessgroup/cgrouprc/include/android/cgrouprc.h
index 7e74432..9a79954 100644
--- a/libprocessgroup/cgrouprc/include/android/cgrouprc.h
+++ b/libprocessgroup/cgrouprc/include/android/cgrouprc.h
@@ -28,8 +28,6 @@
struct ACgroupController;
typedef struct ACgroupController ACgroupController;
-#if __ANDROID_API__ >= __ANDROID_API_Q__
-
// ACgroupFile
/**
@@ -71,8 +69,6 @@
#define CGROUPRC_CONTROLLER_FLAG_MOUNTED 0x1
#define CGROUPRC_CONTROLLER_FLAG_NEEDS_ACTIVATION 0x2
-#if __ANDROID_API__ >= __ANDROID_API_R__
-
/**
* Returns the flags bitmask of the given controller.
* If the given controller is null, return 0.
@@ -80,8 +76,6 @@
__attribute__((warn_unused_result, weak)) uint32_t ACgroupController_getFlags(
const ACgroupController*) __INTRODUCED_IN(30);
-#endif
-
/**
* Returns the name of the given controller.
* If the given controller is null, return nullptr.
@@ -97,5 +91,3 @@
__INTRODUCED_IN(29);
__END_DECLS
-
-#endif
diff --git a/libsync/include/ndk/sync.h b/libsync/include/ndk/sync.h
index 2a59e35..38ccb68 100644
--- a/libsync/include/ndk/sync.h
+++ b/libsync/include/ndk/sync.h
@@ -33,8 +33,6 @@
__BEGIN_DECLS
-#if __ANDROID_API__ >= 26
-
/* Fences indicate the status of an asynchronous task. They are initially
* in unsignaled state (0), and make a one-time transition to either signaled
* (1) or error (< 0) state. A sync file is a collection of one or more fences;
@@ -101,8 +99,6 @@
*/
void sync_file_info_free(struct sync_file_info* info) __INTRODUCED_IN(26);
-#endif /* __ANDROID_API__ >= 26 */
-
__END_DECLS
#endif /* ANDROID_SYNC_H */