Send earlyBootEnded notice to all Keymasters

Vold incorrectly sends the earlyBootEnded signal only to the Keymaster instance used for device encryption, but all of them need it. Bug: 152932559 Test: VtsHalKeymasterV4_1TargetTest Change-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829
2020-04-01 10:02:16 -06:00 · 2020-04-01 10:02:16 -06:00 · 50397a72f1
commit 50397a72f1
parent 131365a3e5
3 changed files with 19 additions and 17 deletions
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@ -229,13 +229,19 @@ bool Keymaster::isSecure() {
 }

 void Keymaster::earlyBootEnded() {
-    auto error = mDevice->earlyBootEnded();
-    if (!error.isOk()) {
-        LOG(ERROR) << "earlyBootEnded failed: " << error.description();
-    }
-    km::V4_1_ErrorCode km_error = error;
-    if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
-        LOG(ERROR) << "Error reporting early boot ending to keymaster: " << int32_t(km_error);
+    auto devices = KmDevice::enumerateAvailableDevices();
+    for (auto& dev : devices) {
+        auto error = dev->earlyBootEnded();
+        if (!error.isOk()) {
+            LOG(ERROR) << "earlyBootEnded call failed: " << error.description() << " for "
+                       << dev->halVersion().keymasterName;
+        }
+        km::V4_1_ErrorCode km_error = error;
+        if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
+            LOG(ERROR) << "Error reporting early boot ending to keymaster: "
+                       << static_cast<int32_t>(km_error) << " for "
+                       << dev->halVersion().keymasterName;
+        }
    }
 }

--- a/Keymaster.h
+++ b/Keymaster.h
@ -128,9 +128,9 @@ class Keymaster {
                             km::AuthorizationSet* outParams);
    bool isSecure();

-    // Tell Keymaster that early boot has ended and early boot-only keys can no longer be created or
-    // used.
-    void earlyBootEnded();
+    // Tell all Keymaster instances that early boot has ended and early boot-only keys can no longer
+    // be created or used.
+    static void earlyBootEnded();

  private:
    sp<KmDevice> mDevice;
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@ -87,13 +87,9 @@ const KeyGeneration makeGen(const CryptoOptions& options) {
 }

 static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
-    // We're about to mount data not verified by verified boot.  Tell Keymaster that early boot has
-    // ended.
-    //
-    // TODO(paulcrowley): Make a Keymaster singleton or something, so we don't have to repeatedly
-    // open and initialize the service.
-    ::android::vold::Keymaster keymaster;
-    keymaster.earlyBootEnded();
+    // We're about to mount data not verified by verified boot.  Tell Keymaster instances that early
+    // boot has ended.
+    ::android::vold::Keymaster::earlyBootEnded();

    // fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
    // partitions in the fsck domain.