Snap for 11973804 from 4a3d4c1a08 to 24Q3-release

Change-Id: I575d9846c12f3fe72dba5993c6a72eed40cc7d78
This commit is contained in:
Android Build Coastguard Worker 2024-06-15 01:19:48 +00:00
commit c6a9ae93b4
5 changed files with 44 additions and 39 deletions

View file

@ -146,15 +146,18 @@ void GnssMeasurementInterface::stop() {
mIsActive = false; mIsActive = false;
mGnss->setGnssMeasurementEnabled(false); mGnss->setGnssMeasurementEnabled(false);
mThreadBlocker.notify(); mThreadBlocker.notify();
for (auto iter = mThreads.begin(); iter != mThreads.end(); ++iter) { for (auto iter = mThreads.begin(); iter != mThreads.end();) {
if (iter->joinable()) { if (iter->joinable()) {
mFutures.push_back(std::async(std::launch::async, [this, iter] { // Store the thread object by value
iter->join(); std::thread threadToMove = std::move(*iter);
mThreads.erase(iter);
})); mFutures.push_back(std::async(std::launch::async,
} else { [threadToMove = std::move(threadToMove)]() mutable {
mThreads.erase(iter); ALOGD("joining thread");
threadToMove.join();
}));
} }
iter = mThreads.erase(iter);
} }
} }

View file

@ -90,15 +90,18 @@ void GnssNavigationMessageInterface::stop() {
ALOGD("stop"); ALOGD("stop");
mIsActive = false; mIsActive = false;
mThreadBlocker.notify(); mThreadBlocker.notify();
for (auto iter = mThreads.begin(); iter != mThreads.end(); ++iter) { for (auto iter = mThreads.begin(); iter != mThreads.end();) {
if (iter->joinable()) { if (iter->joinable()) {
mFutures.push_back(std::async(std::launch::async, [this, iter] { // Store the thread object by value
iter->join(); std::thread threadToMove = std::move(*iter);
mThreads.erase(iter);
})); mFutures.push_back(std::async(std::launch::async,
} else { [threadToMove = std::move(threadToMove)]() mutable {
mThreads.erase(iter); ALOGD("joining thread");
threadToMove.join();
}));
} }
iter = mThreads.erase(iter);
} }
} }

View file

@ -1,5 +1,3 @@
# Bug Component: 185877106 # Bug Component: 185877106
michaelwr@google.com file:platform/frameworks/base:/services/core/java/com/android/server/display/OWNERS
santoscordon@google.com
philipjunker@google.com

View file

@ -25,7 +25,7 @@ use authgraph_core::traits::Sha256;
use clap::{Args, Parser, Subcommand}; use clap::{Args, Parser, Subcommand};
use coset::CborSerializable; use coset::CborSerializable;
use dice_policy_builder::{ use dice_policy_builder::{
policy_for_dice_chain, CertIndex, ConstraintSpec, ConstraintType, MissingAction, policy_for_dice_chain, ConstraintSpec, ConstraintType, MissingAction, TargetEntry,
WILDCARD_FULL_ARRAY, WILDCARD_FULL_ARRAY,
}; };
@ -131,33 +131,35 @@ impl SkClient {
} }
/// Construct a sealing policy on the DICE chain with constraints: /// Construct a sealing policy on the DICE chain with constraints:
/// 1. `ExactMatch` on `AUTHORITY_HASH` (non-optional). /// 1. `ExactMatch` on `AUTHORITY_HASH` (non-optional) on all nodes.
/// 2. `ExactMatch` on `MODE` (non-optional). /// 2. `ExactMatch` on `MODE` (non-optional) on all nodes.
/// 3. `GreaterOrEqual` on `SECURITY_VERSION` (optional). /// 3. `GreaterOrEqual` on `SECURITY_VERSION` (optional) on all nodes.
/// 4. The DiceChainEntry corresponding to "AVB" contains SubcomponentDescriptor, for each of those:
/// a) GreaterOrEqual on SECURITY_VERSION (Required)
// b) ExactMatch on AUTHORITY_HASH (Required).
fn sealing_policy(&self) -> Result<Vec<u8>> { fn sealing_policy(&self) -> Result<Vec<u8>> {
let dice = let dice =
self.dice_artifacts.explicit_key_dice_chain().context("extract explicit DICE chain")?; self.dice_artifacts.explicit_key_dice_chain().context("extract explicit DICE chain")?;
let constraint_spec = [ let constraint_spec = vec![
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::ExactMatch, ConstraintType::ExactMatch,
vec![AUTHORITY_HASH], vec![AUTHORITY_HASH],
MissingAction::Fail, MissingAction::Fail,
CertIndex::All, TargetEntry::All,
), ),
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::ExactMatch, ConstraintType::ExactMatch,
vec![MODE], vec![MODE],
MissingAction::Fail, MissingAction::Fail,
CertIndex::All, TargetEntry::All,
), ),
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::GreaterOrEqual, ConstraintType::GreaterOrEqual,
vec![CONFIG_DESC, SECURITY_VERSION], vec![CONFIG_DESC, SECURITY_VERSION],
MissingAction::Ignore, MissingAction::Ignore,
CertIndex::All, TargetEntry::All,
), ),
// Constraints on sub components in the second last DiceChainEntry
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::GreaterOrEqual, ConstraintType::GreaterOrEqual,
vec![ vec![
@ -167,7 +169,7 @@ impl SkClient {
SUBCOMPONENT_SECURITY_VERSION, SUBCOMPONENT_SECURITY_VERSION,
], ],
MissingAction::Fail, MissingAction::Fail,
CertIndex::FromEnd(1), TargetEntry::ByName("AVB".to_string()),
), ),
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::ExactMatch, ConstraintType::ExactMatch,
@ -178,10 +180,10 @@ impl SkClient {
SUBCOMPONENT_AUTHORITY_HASH, SUBCOMPONENT_AUTHORITY_HASH,
], ],
MissingAction::Fail, MissingAction::Fail,
CertIndex::FromEnd(1), TargetEntry::ByName("AVB".to_string()),
), ),
]; ];
policy_for_dice_chain(dice, &constraint_spec) policy_for_dice_chain(dice, constraint_spec)
.unwrap() .unwrap()
.to_vec() .to_vec()
.context("serialize DICE policy") .context("serialize DICE policy")

View file

@ -20,7 +20,7 @@ use authgraph_vts_test as ag_vts;
use authgraph_boringssl as boring; use authgraph_boringssl as boring;
use authgraph_core::key; use authgraph_core::key;
use coset::{CborOrdering, CborSerializable, CoseEncrypt0, CoseKey}; use coset::{CborOrdering, CborSerializable, CoseEncrypt0, CoseKey};
use dice_policy_builder::{CertIndex, ConstraintSpec, ConstraintType, MissingAction, WILDCARD_FULL_ARRAY, policy_for_dice_chain}; use dice_policy_builder::{TargetEntry, ConstraintSpec, ConstraintType, MissingAction, WILDCARD_FULL_ARRAY, policy_for_dice_chain};
use rdroidtest::{ignore_if, rdroidtest}; use rdroidtest::{ignore_if, rdroidtest};
use secretkeeper_client::dice::OwnedDiceArtifactsWithExplicitKey; use secretkeeper_client::dice::OwnedDiceArtifactsWithExplicitKey;
use secretkeeper_client::{SkSession, Error as SkClientError}; use secretkeeper_client::{SkSession, Error as SkClientError};
@ -312,30 +312,29 @@ fn assert_result_matches(res: Result<Secret, Error>, want: SecretkeeperError) {
/// 1. ExactMatch on AUTHORITY_HASH (non-optional). /// 1. ExactMatch on AUTHORITY_HASH (non-optional).
/// 2. ExactMatch on MODE (non-optional). /// 2. ExactMatch on MODE (non-optional).
/// 3. GreaterOrEqual on SECURITY_VERSION (optional). /// 3. GreaterOrEqual on SECURITY_VERSION (optional).
/// 4. The second last DiceChainEntry contain SubcomponentDescriptor, for each of those: /// 4. The DiceChainEntry corresponding to "AVB" contains SubcomponentDescriptor, for each of those:
/// a) GreaterOrEqual on SECURITY_VERSION (Required) /// a) GreaterOrEqual on SECURITY_VERSION (Required)
// b) ExactMatch on AUTHORITY_HASH (Required). // b) ExactMatch on AUTHORITY_HASH (Required).
fn sealing_policy(dice: &[u8]) -> Vec<u8> { fn sealing_policy(dice: &[u8]) -> Vec<u8> {
let constraint_spec = [ let constraint_spec = vec![
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::ExactMatch, ConstraintType::ExactMatch,
vec![AUTHORITY_HASH], vec![AUTHORITY_HASH],
MissingAction::Fail, MissingAction::Fail,
CertIndex::All, TargetEntry::All,
), ),
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::ExactMatch, ConstraintType::ExactMatch,
vec![MODE], vec![MODE],
MissingAction::Fail, MissingAction::Fail,
CertIndex::All, TargetEntry::All,
), ),
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::GreaterOrEqual, ConstraintType::GreaterOrEqual,
vec![CONFIG_DESC, SECURITY_VERSION], vec![CONFIG_DESC, SECURITY_VERSION],
MissingAction::Ignore, MissingAction::Ignore,
CertIndex::All, TargetEntry::All,
), ),
// Constraints on sub components in the second last DiceChainEntry
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::GreaterOrEqual, ConstraintType::GreaterOrEqual,
vec![ vec![
@ -345,7 +344,7 @@ fn sealing_policy(dice: &[u8]) -> Vec<u8> {
SUBCOMPONENT_SECURITY_VERSION, SUBCOMPONENT_SECURITY_VERSION,
], ],
MissingAction::Fail, MissingAction::Fail,
CertIndex::FromEnd(1), TargetEntry::ByName("AVB".to_string()),
), ),
ConstraintSpec::new( ConstraintSpec::new(
ConstraintType::ExactMatch, ConstraintType::ExactMatch,
@ -356,11 +355,11 @@ fn sealing_policy(dice: &[u8]) -> Vec<u8> {
SUBCOMPONENT_AUTHORITY_HASH, SUBCOMPONENT_AUTHORITY_HASH,
], ],
MissingAction::Fail, MissingAction::Fail,
CertIndex::FromEnd(1), TargetEntry::ByName("AVB".to_string()),
), ),
]; ];
policy_for_dice_chain(dice, &constraint_spec).unwrap().to_vec().unwrap() policy_for_dice_chain(dice, constraint_spec).unwrap().to_vec().unwrap()
} }
/// Perform AuthGraph key exchange, returning the session keys and session ID. /// Perform AuthGraph key exchange, returning the session keys and session ID.