Snap for 11973804 from 4a3d4c1a08
to 24Q3-release
Change-Id: I575d9846c12f3fe72dba5993c6a72eed40cc7d78
This commit is contained in:
commit
c6a9ae93b4
5 changed files with 44 additions and 39 deletions
|
@ -146,15 +146,18 @@ void GnssMeasurementInterface::stop() {
|
||||||
mIsActive = false;
|
mIsActive = false;
|
||||||
mGnss->setGnssMeasurementEnabled(false);
|
mGnss->setGnssMeasurementEnabled(false);
|
||||||
mThreadBlocker.notify();
|
mThreadBlocker.notify();
|
||||||
for (auto iter = mThreads.begin(); iter != mThreads.end(); ++iter) {
|
for (auto iter = mThreads.begin(); iter != mThreads.end();) {
|
||||||
if (iter->joinable()) {
|
if (iter->joinable()) {
|
||||||
mFutures.push_back(std::async(std::launch::async, [this, iter] {
|
// Store the thread object by value
|
||||||
iter->join();
|
std::thread threadToMove = std::move(*iter);
|
||||||
mThreads.erase(iter);
|
|
||||||
}));
|
mFutures.push_back(std::async(std::launch::async,
|
||||||
} else {
|
[threadToMove = std::move(threadToMove)]() mutable {
|
||||||
mThreads.erase(iter);
|
ALOGD("joining thread");
|
||||||
|
threadToMove.join();
|
||||||
|
}));
|
||||||
}
|
}
|
||||||
|
iter = mThreads.erase(iter);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -90,15 +90,18 @@ void GnssNavigationMessageInterface::stop() {
|
||||||
ALOGD("stop");
|
ALOGD("stop");
|
||||||
mIsActive = false;
|
mIsActive = false;
|
||||||
mThreadBlocker.notify();
|
mThreadBlocker.notify();
|
||||||
for (auto iter = mThreads.begin(); iter != mThreads.end(); ++iter) {
|
for (auto iter = mThreads.begin(); iter != mThreads.end();) {
|
||||||
if (iter->joinable()) {
|
if (iter->joinable()) {
|
||||||
mFutures.push_back(std::async(std::launch::async, [this, iter] {
|
// Store the thread object by value
|
||||||
iter->join();
|
std::thread threadToMove = std::move(*iter);
|
||||||
mThreads.erase(iter);
|
|
||||||
}));
|
mFutures.push_back(std::async(std::launch::async,
|
||||||
} else {
|
[threadToMove = std::move(threadToMove)]() mutable {
|
||||||
mThreads.erase(iter);
|
ALOGD("joining thread");
|
||||||
|
threadToMove.join();
|
||||||
|
}));
|
||||||
}
|
}
|
||||||
|
iter = mThreads.erase(iter);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
# Bug Component: 185877106
|
# Bug Component: 185877106
|
||||||
|
|
||||||
michaelwr@google.com
|
file:platform/frameworks/base:/services/core/java/com/android/server/display/OWNERS
|
||||||
santoscordon@google.com
|
|
||||||
philipjunker@google.com
|
|
|
@ -25,7 +25,7 @@ use authgraph_core::traits::Sha256;
|
||||||
use clap::{Args, Parser, Subcommand};
|
use clap::{Args, Parser, Subcommand};
|
||||||
use coset::CborSerializable;
|
use coset::CborSerializable;
|
||||||
use dice_policy_builder::{
|
use dice_policy_builder::{
|
||||||
policy_for_dice_chain, CertIndex, ConstraintSpec, ConstraintType, MissingAction,
|
policy_for_dice_chain, ConstraintSpec, ConstraintType, MissingAction, TargetEntry,
|
||||||
WILDCARD_FULL_ARRAY,
|
WILDCARD_FULL_ARRAY,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -131,33 +131,35 @@ impl SkClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Construct a sealing policy on the DICE chain with constraints:
|
/// Construct a sealing policy on the DICE chain with constraints:
|
||||||
/// 1. `ExactMatch` on `AUTHORITY_HASH` (non-optional).
|
/// 1. `ExactMatch` on `AUTHORITY_HASH` (non-optional) on all nodes.
|
||||||
/// 2. `ExactMatch` on `MODE` (non-optional).
|
/// 2. `ExactMatch` on `MODE` (non-optional) on all nodes.
|
||||||
/// 3. `GreaterOrEqual` on `SECURITY_VERSION` (optional).
|
/// 3. `GreaterOrEqual` on `SECURITY_VERSION` (optional) on all nodes.
|
||||||
|
/// 4. The DiceChainEntry corresponding to "AVB" contains SubcomponentDescriptor, for each of those:
|
||||||
|
/// a) GreaterOrEqual on SECURITY_VERSION (Required)
|
||||||
|
// b) ExactMatch on AUTHORITY_HASH (Required).
|
||||||
fn sealing_policy(&self) -> Result<Vec<u8>> {
|
fn sealing_policy(&self) -> Result<Vec<u8>> {
|
||||||
let dice =
|
let dice =
|
||||||
self.dice_artifacts.explicit_key_dice_chain().context("extract explicit DICE chain")?;
|
self.dice_artifacts.explicit_key_dice_chain().context("extract explicit DICE chain")?;
|
||||||
|
|
||||||
let constraint_spec = [
|
let constraint_spec = vec![
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::ExactMatch,
|
ConstraintType::ExactMatch,
|
||||||
vec![AUTHORITY_HASH],
|
vec![AUTHORITY_HASH],
|
||||||
MissingAction::Fail,
|
MissingAction::Fail,
|
||||||
CertIndex::All,
|
TargetEntry::All,
|
||||||
),
|
),
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::ExactMatch,
|
ConstraintType::ExactMatch,
|
||||||
vec![MODE],
|
vec![MODE],
|
||||||
MissingAction::Fail,
|
MissingAction::Fail,
|
||||||
CertIndex::All,
|
TargetEntry::All,
|
||||||
),
|
),
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::GreaterOrEqual,
|
ConstraintType::GreaterOrEqual,
|
||||||
vec![CONFIG_DESC, SECURITY_VERSION],
|
vec![CONFIG_DESC, SECURITY_VERSION],
|
||||||
MissingAction::Ignore,
|
MissingAction::Ignore,
|
||||||
CertIndex::All,
|
TargetEntry::All,
|
||||||
),
|
),
|
||||||
// Constraints on sub components in the second last DiceChainEntry
|
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::GreaterOrEqual,
|
ConstraintType::GreaterOrEqual,
|
||||||
vec![
|
vec![
|
||||||
|
@ -167,7 +169,7 @@ impl SkClient {
|
||||||
SUBCOMPONENT_SECURITY_VERSION,
|
SUBCOMPONENT_SECURITY_VERSION,
|
||||||
],
|
],
|
||||||
MissingAction::Fail,
|
MissingAction::Fail,
|
||||||
CertIndex::FromEnd(1),
|
TargetEntry::ByName("AVB".to_string()),
|
||||||
),
|
),
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::ExactMatch,
|
ConstraintType::ExactMatch,
|
||||||
|
@ -178,10 +180,10 @@ impl SkClient {
|
||||||
SUBCOMPONENT_AUTHORITY_HASH,
|
SUBCOMPONENT_AUTHORITY_HASH,
|
||||||
],
|
],
|
||||||
MissingAction::Fail,
|
MissingAction::Fail,
|
||||||
CertIndex::FromEnd(1),
|
TargetEntry::ByName("AVB".to_string()),
|
||||||
),
|
),
|
||||||
];
|
];
|
||||||
policy_for_dice_chain(dice, &constraint_spec)
|
policy_for_dice_chain(dice, constraint_spec)
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.to_vec()
|
.to_vec()
|
||||||
.context("serialize DICE policy")
|
.context("serialize DICE policy")
|
||||||
|
|
|
@ -20,7 +20,7 @@ use authgraph_vts_test as ag_vts;
|
||||||
use authgraph_boringssl as boring;
|
use authgraph_boringssl as boring;
|
||||||
use authgraph_core::key;
|
use authgraph_core::key;
|
||||||
use coset::{CborOrdering, CborSerializable, CoseEncrypt0, CoseKey};
|
use coset::{CborOrdering, CborSerializable, CoseEncrypt0, CoseKey};
|
||||||
use dice_policy_builder::{CertIndex, ConstraintSpec, ConstraintType, MissingAction, WILDCARD_FULL_ARRAY, policy_for_dice_chain};
|
use dice_policy_builder::{TargetEntry, ConstraintSpec, ConstraintType, MissingAction, WILDCARD_FULL_ARRAY, policy_for_dice_chain};
|
||||||
use rdroidtest::{ignore_if, rdroidtest};
|
use rdroidtest::{ignore_if, rdroidtest};
|
||||||
use secretkeeper_client::dice::OwnedDiceArtifactsWithExplicitKey;
|
use secretkeeper_client::dice::OwnedDiceArtifactsWithExplicitKey;
|
||||||
use secretkeeper_client::{SkSession, Error as SkClientError};
|
use secretkeeper_client::{SkSession, Error as SkClientError};
|
||||||
|
@ -312,30 +312,29 @@ fn assert_result_matches(res: Result<Secret, Error>, want: SecretkeeperError) {
|
||||||
/// 1. ExactMatch on AUTHORITY_HASH (non-optional).
|
/// 1. ExactMatch on AUTHORITY_HASH (non-optional).
|
||||||
/// 2. ExactMatch on MODE (non-optional).
|
/// 2. ExactMatch on MODE (non-optional).
|
||||||
/// 3. GreaterOrEqual on SECURITY_VERSION (optional).
|
/// 3. GreaterOrEqual on SECURITY_VERSION (optional).
|
||||||
/// 4. The second last DiceChainEntry contain SubcomponentDescriptor, for each of those:
|
/// 4. The DiceChainEntry corresponding to "AVB" contains SubcomponentDescriptor, for each of those:
|
||||||
/// a) GreaterOrEqual on SECURITY_VERSION (Required)
|
/// a) GreaterOrEqual on SECURITY_VERSION (Required)
|
||||||
// b) ExactMatch on AUTHORITY_HASH (Required).
|
// b) ExactMatch on AUTHORITY_HASH (Required).
|
||||||
fn sealing_policy(dice: &[u8]) -> Vec<u8> {
|
fn sealing_policy(dice: &[u8]) -> Vec<u8> {
|
||||||
let constraint_spec = [
|
let constraint_spec = vec![
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::ExactMatch,
|
ConstraintType::ExactMatch,
|
||||||
vec![AUTHORITY_HASH],
|
vec![AUTHORITY_HASH],
|
||||||
MissingAction::Fail,
|
MissingAction::Fail,
|
||||||
CertIndex::All,
|
TargetEntry::All,
|
||||||
),
|
),
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::ExactMatch,
|
ConstraintType::ExactMatch,
|
||||||
vec![MODE],
|
vec![MODE],
|
||||||
MissingAction::Fail,
|
MissingAction::Fail,
|
||||||
CertIndex::All,
|
TargetEntry::All,
|
||||||
),
|
),
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::GreaterOrEqual,
|
ConstraintType::GreaterOrEqual,
|
||||||
vec![CONFIG_DESC, SECURITY_VERSION],
|
vec![CONFIG_DESC, SECURITY_VERSION],
|
||||||
MissingAction::Ignore,
|
MissingAction::Ignore,
|
||||||
CertIndex::All,
|
TargetEntry::All,
|
||||||
),
|
),
|
||||||
// Constraints on sub components in the second last DiceChainEntry
|
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::GreaterOrEqual,
|
ConstraintType::GreaterOrEqual,
|
||||||
vec![
|
vec![
|
||||||
|
@ -345,7 +344,7 @@ fn sealing_policy(dice: &[u8]) -> Vec<u8> {
|
||||||
SUBCOMPONENT_SECURITY_VERSION,
|
SUBCOMPONENT_SECURITY_VERSION,
|
||||||
],
|
],
|
||||||
MissingAction::Fail,
|
MissingAction::Fail,
|
||||||
CertIndex::FromEnd(1),
|
TargetEntry::ByName("AVB".to_string()),
|
||||||
),
|
),
|
||||||
ConstraintSpec::new(
|
ConstraintSpec::new(
|
||||||
ConstraintType::ExactMatch,
|
ConstraintType::ExactMatch,
|
||||||
|
@ -356,11 +355,11 @@ fn sealing_policy(dice: &[u8]) -> Vec<u8> {
|
||||||
SUBCOMPONENT_AUTHORITY_HASH,
|
SUBCOMPONENT_AUTHORITY_HASH,
|
||||||
],
|
],
|
||||||
MissingAction::Fail,
|
MissingAction::Fail,
|
||||||
CertIndex::FromEnd(1),
|
TargetEntry::ByName("AVB".to_string()),
|
||||||
),
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
policy_for_dice_chain(dice, &constraint_spec).unwrap().to_vec().unwrap()
|
policy_for_dice_chain(dice, constraint_spec).unwrap().to_vec().unwrap()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Perform AuthGraph key exchange, returning the session keys and session ID.
|
/// Perform AuthGraph key exchange, returning the session keys and session ID.
|
||||||
|
|
Loading…
Reference in a new issue