Send earlyBootEnded notice to all Keymasters
Vold incorrectly sends the earlyBootEnded signal only to the Keymaster instance used for device encryption, but all of them need it. Bug: 152932559 Test: VtsHalKeymasterV4_1TargetTest Merged-In: Id8f01a1dc7d2398395f369c3ea74656a82888829 Change-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829
This commit is contained in:
parent
479588c68e
commit
28eddbd2ef
3 changed files with 19 additions and 17 deletions
|
@ -229,13 +229,19 @@ bool Keymaster::isSecure() {
|
||||||
}
|
}
|
||||||
|
|
||||||
void Keymaster::earlyBootEnded() {
|
void Keymaster::earlyBootEnded() {
|
||||||
auto error = mDevice->earlyBootEnded();
|
auto devices = KmDevice::enumerateAvailableDevices();
|
||||||
if (!error.isOk()) {
|
for (auto& dev : devices) {
|
||||||
LOG(ERROR) << "earlyBootEnded failed: " << error.description();
|
auto error = dev->earlyBootEnded();
|
||||||
}
|
if (!error.isOk()) {
|
||||||
km::V4_1_ErrorCode km_error = error;
|
LOG(ERROR) << "earlyBootEnded call failed: " << error.description() << " for "
|
||||||
if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
|
<< dev->halVersion().keymasterName;
|
||||||
LOG(ERROR) << "Error reporting early boot ending to keymaster: " << int32_t(km_error);
|
}
|
||||||
|
km::V4_1_ErrorCode km_error = error;
|
||||||
|
if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
|
||||||
|
LOG(ERROR) << "Error reporting early boot ending to keymaster: "
|
||||||
|
<< static_cast<int32_t>(km_error) << " for "
|
||||||
|
<< dev->halVersion().keymasterName;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -128,9 +128,9 @@ class Keymaster {
|
||||||
km::AuthorizationSet* outParams);
|
km::AuthorizationSet* outParams);
|
||||||
bool isSecure();
|
bool isSecure();
|
||||||
|
|
||||||
// Tell Keymaster that early boot has ended and early boot-only keys can no longer be created or
|
// Tell all Keymaster instances that early boot has ended and early boot-only keys can no longer
|
||||||
// used.
|
// be created or used.
|
||||||
void earlyBootEnded();
|
static void earlyBootEnded();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
std::unique_ptr<KmDevice> mDevice;
|
std::unique_ptr<KmDevice> mDevice;
|
||||||
|
|
|
@ -87,13 +87,9 @@ const KeyGeneration makeGen(const CryptoOptions& options) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
|
static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
|
||||||
// We're about to mount data not verified by verified boot. Tell Keymaster that early boot has
|
// We're about to mount data not verified by verified boot. Tell Keymaster instances that early
|
||||||
// ended.
|
// boot has ended.
|
||||||
//
|
::android::vold::Keymaster::earlyBootEnded();
|
||||||
// TODO(paulcrowley): Make a Keymaster singleton or something, so we don't have to repeatedly
|
|
||||||
// open and initialize the service.
|
|
||||||
::android::vold::Keymaster keymaster;
|
|
||||||
keymaster.earlyBootEnded();
|
|
||||||
|
|
||||||
// fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
|
// fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
|
||||||
// partitions in the fsck domain.
|
// partitions in the fsck domain.
|
||||||
|
|
Loading…
Reference in a new issue