Commit graph

453 commits

Author SHA1 Message Date
Treehugger Robot
d6f6d0e6e3 Merge "[Trusty][Coverage] Update counter to let Trusty know coverage dump has been read" into main 2024-05-07 19:45:05 +00:00
Snehal
b47c9b065f [Trusty][Coverage] Update counter to let Trusty know coverage dump has been read
Bug: 339194547

Change-Id: I075742200998e837e59ba9c24e4dca8b5d4d1199
2024-05-07 15:07:35 +00:00
Snehal
030dd05027 [Coverage] Fix coverage bug in which extra garbage is being written
Bug: 296356127

Change-Id: I2e4128af461b297bbe170c015dc52899089e9b8b
2024-04-30 14:32:07 +00:00
Donnie Pollitz
4f75b6699c storageproxyd: Fix x86 builds
Background:
* printf format specifiers and size_t literal were invalid.

Bug: 324989972
Test: Builds
Change-Id: I408cfe0d41fb6850d5dcfe9963bb88be48f4a0c6
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
2024-04-22 22:42:54 +02:00
Donnie Pollitz
63ef65c138 Merge "storageproxyd: Add arguments for storage mapping and max file" into main 2024-04-22 18:20:44 +00:00
David Drysdale
8005cfa7e4 Warn that reboot might be needed after setting IDs
Test: compile
Change-Id: Iac93f6a60df7e1a9f89183deabb37e0efc16df91
2024-04-17 16:27:49 +01:00
Donnie Pollitz
636234bebf storageproxyd: Add arguments for storage mapping and max file
Background:
* -f = Allows mapping files in the format `-f file:backing_file`.  This
  can be used for mapping secure storage files like `0` and `persist/0`
  to block devices.  Storageproxyd will handle creating the appropriate
  symlinks in the root datapath
* -m = Allows specifying the the max size constraint for file backed storages.
  The constraint is chosen by giving a file, this allows for passing a
  block device for which a max file size can be queried.  File based
  storages will be constrained to that size as well.

Bug: 324989972
Test: File sizes are restricted as specified, and mappings are created
Change-Id: I8ff550afafbd372288daa9e27c4db3451948b25d
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
2024-04-15 16:26:34 +00:00
Raphaël Hérouart
20c3933ed4 Merge "lib/trusty: tipc-test should not print results to error stream" into main 2024-04-08 11:07:23 +00:00
Raphael Herouart
b238b90a79 lib/trusty: tipc-test should not print results to error stream
tipc-test results cannot be parsed in the CI because they output to
error stream

Bug: 314130383
Test: /data/nativetest64/vendor/tipc-test/tipc-test -t echo -r 1 -B 100
Change-Id: I2d6506fd69af06338041035526ca759884719c7b
2024-04-08 09:13:46 +00:00
Raphaël Hérouart
ef2e67eec1 Merge "lib/trusty: tipc-test suite name is incorrect in JSON output" into main 2024-04-05 14:56:22 +00:00
Raphael Herouart
4f3a4cbc5e lib/trusty: tipc-test suite name is incorrect in JSON output
tipc-test suite should be tipc not crypto

Bug: 314130383
Test: /data/nativetest64/vendor/tipc-test/tipc-test -t echo -r 1 -B 100
Change-Id: Icc0921a032f8b784f4797f43b6180136777f422f
2024-04-05 11:50:42 +00:00
Charisee
0f42bd4a83 Update needed for Rust v1.77.0
error: field `0` is never read
  --> system/core/trusty/keymint/src/keymint_hal_main.rs:40:24
   |
40 | struct HalServiceError(String);
   |        --------------- ^^^^^^
   |        |
   |        field in this struct
   |
   = note: `HalServiceError` has derived impls for the traits `Clone` and `Debug`, but these are intentionally ignored during dead code analysis
   = note: `-D dead-code` implied by `-D warnings`
   = help: to override `-D warnings` add `#[allow(dead_code)]`
help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field
   |
40 | struct HalServiceError(());
   |                        ~~


Bug: http://b/330185853
Test: ./test_compiler.py --prebuilt-path dist/rust-dev.tar.xz  --target aosp_cf_x86_64_phone --image

Change-Id: I79fb9019ba00900508aead414de80edd51f3fa2e
2024-04-02 04:53:01 +00:00
Arve Hjønnevåg
294ba38082 trusty: rpmb_dev: Use socket from init and update init script
Stop creating a socket on a persistent filesystem and use a socket
created by init in /dev/socket/ instead.

Many init script changes to make rpmb_dev.rc usable on cuttlefish.

Test: Build and run aosp_cf_x86_64_phone_trusty_vm-trunk_staging-userdebug
Bug: 309007107
Change-Id: Idc830211b3298d25bbb310dcb7489dd89fe5afc6
2024-03-19 20:02:34 +00:00
Snehal
dfd84433dd [Metrics] Add helper data structures to parse metrics messages
Bug: 323508669

Change-Id: Ic4716dd47168481b6aa780f55d9db1208623b61d
2024-03-06 17:27:57 +00:00
David Drysdale
f28e284141 Drop TODO for flag enablement
Flag control for enabling Secretkeeper is done in the device-specific
makefiles, triggering whether they set SECRETKEEPER_ENABLED:=true

Test: none, comment change
Change-Id: I399d1840519864687aca6c53697317d449eed325
2024-02-21 13:50:12 +00:00
Snehal
f425428c2d Sync tipc.h with one from trusty
Bug: 325069766

Test: Android boot and crasher test

Change-Id: I36244cfb698a81be79c204eb019e1a59b90d2e6c
2024-02-13 18:10:00 +00:00
Jeff Vander Stoep
56aedd5551 Replace use of deprecated logging functions
This is needed to upgrade the android_logger crate from 0.12.0
to 0.13.3.

with_max_level provides the same functionality as with_min_level.
The renaming is admittedly confusing, but the new name is accurate
and it makes sense that they deprecated and then removed the
previously poorly named with_min_level.

See crate documentation [1] and code [2].

[1]: https://docs.rs/android_logger/0.12.0/android_logger/struct.Config.html#method.with_min_level
[2]: https://docs.rs/android_logger/0.12.0/src/android_logger/lib.rs.html#227

Bug: 322718401
Test: build and run CF with the change.
Test: m aosp_cf_x86_64_phone
Change-Id: Ib4fbd486267d30e74e886139846950b066848d43
2024-02-06 12:32:36 +01:00
David Drysdale
073133811e Secretkeeper: require SECRETKEEPER_ENABLED=true
Make the makefile safer by requiring a specific value for the
environment variable that turns on Secretkeeper

Bug: 306364873
Test: TreeHugger
Change-Id: Ic5bb5e7411a19941f58ec8c973104c1e53f3834f
2024-01-30 16:49:13 +00:00
David Drysdale
b077fcce13 Merge "Secretkeeper HAL: support large messages" into main 2024-01-29 14:09:42 +00:00
David Drysdale
81190566f9 Merge "Revert "rpc_binder: Change trusty_tipc_fuzzer to support multiple connections and messages"" into main 2024-01-26 10:15:47 +00:00
Ryan Prichard
49be29ed5b Merge "trusty: clear fuzzer's extra counters directly" into main 2024-01-26 05:13:52 +00:00
David Drysdale
7171c676c0 Secretkeeper HAL: support large messages
The TIPC channel between HAL service and TA has a max message size of
around 4K. Cope with larger messages by using fragmentation and
reassembly for all messages.

Test: VtsSecretkeeperTargetTest
Change-Id: I18cc9a9f6e6b90ab66bc3bcf1972e1a5c5112c89
2024-01-23 10:24:01 +00:00
David Drysdale
9c88c9d351 Merge "Secretkeeper: add Trusty fuzzers" into main 2024-01-18 08:42:27 +00:00
David Drysdale
8867607642 Merge "Initial Secretkeeper HAL service for Trusty" into main 2024-01-18 07:34:16 +00:00
Raphael Herouart
3ae52c45ce tipc-test: Allow tipc tests to be run as benchmarks
Adding one command line parameter -B to allow tipc test to be run as benchmarks.

Bug: 314130383
Test: /data/nativetest64/vendor/tipc-test/tipc-test -t echo -r 1 -B 100
Change-Id: I5cdd643ce6e9e289033180cff433e45f77206729
2024-01-17 16:51:33 +00:00
David Drysdale
b1105589b7 Revert "rpc_binder: Change trusty_tipc_fuzzer to support multiple connections and messages"
This reverts commit 589c8d1e44.

Reason for revert: fuzzer crashes immediately on line 99 as vector is empty

Change-Id: I5e56a94671a43cd131c250d98f7cfae3c96f34ab
2024-01-12 16:21:11 +00:00
David Drysdale
36dfed9476 Secretkeeper: add Trusty fuzzers
Bug: 306364873
Test: initial short run of fuzzers on device, with aosp/2737933 reverted
Change-Id: I00ac6ab2678697d69a71aa3615c580c210772f20
2024-01-12 15:53:11 +00:00
Ryan Prichard
42a3f876ad trusty: clear fuzzer's extra counters directly
The FuzzerDefs.h APIs are internal to the fuzzer and aren't available
when the fuzzer is built with a custom private libc++, so remove the
ExtraCountersBegin/ExtraCountersEnd assertions and inline the array
clearing.

Bug: 175635923
Bug: 303175229
Bug: 315079422
Test: m libtrusty_fuzz_utils trusty_gatekeeper_fuzzer
Change-Id: I1ca9d9867026ff6f8e494ac6026fb1314caab7d1
2024-01-11 12:33:15 -08:00
David Drysdale
8e1c267cdf Initial Secretkeeper HAL service for Trusty
Disabled by default; enable with `export SECRETKEEPER_ENABLED=y` before
building.

Also needs the Secretkeeper TA to be present in Trusty; if the TA is
absent, the HAL service will (repeatedly) fail to connect.

Test: build, VtsSecretkeeperTargetTest
Bug: 306364873
Change-Id: I529013395d0e3afbff4a24b663088adce2a23805
2024-01-11 09:45:20 +00:00
Mike McTernan
5647c0b738 trusty: storageproxyd: fix logging of freed path pointer
Bug: 316859216
Test: build.py
Change-Id: I09557d43cda13e21175ba6fceeb806ec1f9115e1
2023-12-18 11:03:36 +00:00
Mike McTernan
b22e5bcf60 trusty: apploader: fail specifically if app package is 0 bytes
Replace assert with check and log message.  Also log more about the request if DMA heap allocation fails.

Bug: 315283243
Test: boot to home
Test: touch x && trusty_apploader x
Change-Id: Ic075809fd2a6b09d9c4e8dff986709c4deae8fb7
2023-12-07 12:16:09 +00:00
Owner Cleanup Bot
3d37da29e7 Remove marcone@google.com from trusty/OWNERS
This suggested change is automatically generated based on group
memberships and affiliations.
If this change is unnecessary or in error, vote CR -1 and the bot
will abandon it. Vote CR +1/2 to approve this change.

See the owner's recent activity for context:
https://android-review.googlesource.com/q/marcone@google.com

To report an issue, file a bug in the Infra>Codereview component.

Change-Id: Ia8f5d261cbfc7328c7dffa0bdf92a5732ba3eee8
2023-11-30 16:37:53 +00:00
David Drysdale
9d6d134e44 Merge "Add tipc fuzzer for KeyMint/Rust" into main 2023-10-19 08:31:09 +00:00
Kalesh Singh
d469fdcd93 Merge "trusty: Remove explicit page-alignment of mmap and dmabuf allocations" into main 2023-10-12 22:19:26 +00:00
Treehugger Robot
58e7eda0b0 Merge "libtrusty: Remove PAGE_SIZE usage" into main 2023-10-12 21:32:33 +00:00
Treehugger Robot
8eda323bc2 Merge "trusty: tipc_fuzzer: Remove use of PAGE_SIZE" into main 2023-10-12 21:11:25 +00:00
Kalesh Singh
623d140cc0 trusty: Remove explicit page-alignment of mmap and dmabuf allocations
bionic hard codes the PAGE_SIZE macro as 4096. This is going away as
Android begins to support larger page sizes.

trusty uses PAGE_SIZE to round up the allocation size of the DMA
buffers and mmap sizes. This is not explicitly needed since the kernel
will always give you a page-aligned and page-sized multiple allocation
when allocating a dmabuf or mmap-ing.

Remove this PAGE_SIZE usage from TrustyApp, app_fuzzer, coverage,
line-coverage, modulewrapper.

Bug: 294914413
Test: Boot test on 16k device
Change-Id: Iad922e0a152cb80db2e59e696d7556602fd17d67
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
2023-10-12 13:50:31 -07:00
Kalesh Singh
efeb096c40 libtrusty: Remove PAGE_SIZE usage
bionic provides PAGE_SIZE macro which happens to also match the
4096 chunk size in the tips_test.

PAGE_SIZE is being removed as no other libc provides this and
Android is moving towards being page-size-agnostic.

Use 4096 chunk size for tipc-tests; fix incorrect size in
munmap cleanup; and add failure log for send-fd test.

Test: tipc-test -t "send-fd"
Bug: 294914413
Change-Id: I7e5ec6480fff6bc1b4e8eed57eadf081cf82a72f
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
2023-10-12 13:35:29 -07:00
Kalesh Singh
bbc4bc54f2 keymaster: Remove usage of PAGE_SIZE
bionic provides PAGE_SIZE macro which happens to also match the
size keymaster send buffer (4096) and half the size of the recv
buffer.

PAGE_SIZE is being removed as no other libc provides this and
Android is moving towards being page-size-agnostic.

Use a 4096 constant instead.

Test: Boot 16k device
Bug: 294914413
Change-Id:  I2dc10b48811e24d25ba08cfe4ffb514e94d42a8f
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
2023-10-12 20:03:08 +00:00
Kalesh Singh
5a2b8794fc trusty: tipc_fuzzer: Remove use of PAGE_SIZE
tipc_fuzzer writes random data of length 'size' and then
attempts to read back data up to 'TIPC_MAX_MSG_SIZE' in length.

Since 'size' is unrestricted we can always write more than the
subsequent read; and in effect the fuzzer only checks that we
can read something.

Remove the read buffer's dependency on PAGE_SIZE.

Bug: 294914413
Test: mma
Change-Id: I909b49fda4e6ebf49f69b3c09ac29ff8629215ef
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
2023-10-12 20:02:34 +00:00
Treehugger Robot
c2671853ae Merge "rpc_binder: Change trusty_tipc_fuzzer to support multiple connections and messages" into main 2023-10-10 22:13:42 +00:00
Yurii Shutkin
f75464d65e acvp: handle flush commond in modulewrapper as stated in BoringSSL.
Change-Id: Ife655f0764851cf2d9677abd507daec3f531031e
Bug: 287626912
Test: ACVP test
2023-10-09 15:37:29 +02:00
Elliott Hughes
716ff7b55a s/master/main/
Test: treehugger
Change-Id: Iabb23436d92686b934f2f2609217714b64ae75de
2023-10-04 23:31:09 +00:00
Snehal
6a12d23eab Remove ambgiuity in format specifier
Bug: 302163991

Test: m trusty-coverage-controller

Change-Id: I26318eeb4a6770bd01d3c677ca3cf5c76ce33fa0
2023-09-27 12:29:07 +00:00
Khyber Sen
589c8d1e44 rpc_binder: Change trusty_tipc_fuzzer to support multiple connections and messages
This changes `trusty_tipc_fuzzer` to be more like the existing binder rpc_fuzzer,
which opens and closes multiple connections and sends multiple messages in a single fuzz input.

The max number of connections is controlled by the define `TRUSTY_APP_MAX_CONNECTIONS`,
which defaults to `1`, thus keeping the existing behavior for now.

In the next CL, I'll add more fuzzers with `-DTRUSTY_APP_MAX_CONNECTIONS=10` instead.

Test: Build and run in trusty emulator
Change-Id: I9692e4d0295052a8da2204f63be9e52939e70ac3
2023-09-25 23:18:33 +00:00
Ryan Prichard
532a608f58 Merge changes I7790dde8,I065907a5,Id2e82024 into main
* changes:
  Add missing <assert.h> include
  Add missing <functional> and <vector> includes
  snapuserd_test: don't discard result of std::async
2023-09-22 19:42:45 +00:00
Ryan Prichard
87c90e7b65 Add missing <assert.h> include
Bug: 175635923
Test: m MODULES-IN-system-core-trusty
Change-Id: I7790dde8eba948cf95cb14dd2b436c3f6f88765a
2023-09-21 19:44:47 -07:00
Dan Shi
43c87b3291 Remove unnecessary keyword setting
These 2 tests can run on aosp cf.

Bug: 300519349
Test: atest presubmit check
Change-Id: I8ee41c2abe464be2c2ee4537de5edf86308183aa
2023-09-20 13:26:18 -07:00
Dan Shi
19224ed589 Merge "Move CF only tests to CF test mapping suite" into main 2023-09-20 20:20:35 +00:00
Dan Shi
a95ed0aeac Move CF only tests to CF test mapping suite
This change doesn't modify presubmit coverage, the tests will still
run in the lab as test mapping suite, just on a different ATP test
config that dedicated to tests can only run on CF (not aosp_cf), on
git_main branch.

Bug: 300519349
Test: atest presubmit check
Change-Id: Ib179c034dc58f8d8a763d374af0d103baf51343b
2023-09-20 18:27:43 +00:00