Send earlyBootEnded notice to all Keymasters

Vold incorrectly sends the earlyBootEnded signal only to the Keymaster
instance used for device encryption, but all of them need it.

Bug: 152932559
Test: VtsHalKeymasterV4_1TargetTest
Change-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829
This commit is contained in:
Shawn Willden 2020-04-01 10:02:16 -06:00
parent 131365a3e5
commit 50397a72f1
3 changed files with 19 additions and 17 deletions

View file

@ -229,13 +229,19 @@ bool Keymaster::isSecure() {
} }
void Keymaster::earlyBootEnded() { void Keymaster::earlyBootEnded() {
auto error = mDevice->earlyBootEnded(); auto devices = KmDevice::enumerateAvailableDevices();
if (!error.isOk()) { for (auto& dev : devices) {
LOG(ERROR) << "earlyBootEnded failed: " << error.description(); auto error = dev->earlyBootEnded();
} if (!error.isOk()) {
km::V4_1_ErrorCode km_error = error; LOG(ERROR) << "earlyBootEnded call failed: " << error.description() << " for "
if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) { << dev->halVersion().keymasterName;
LOG(ERROR) << "Error reporting early boot ending to keymaster: " << int32_t(km_error); }
km::V4_1_ErrorCode km_error = error;
if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
LOG(ERROR) << "Error reporting early boot ending to keymaster: "
<< static_cast<int32_t>(km_error) << " for "
<< dev->halVersion().keymasterName;
}
} }
} }

View file

@ -128,9 +128,9 @@ class Keymaster {
km::AuthorizationSet* outParams); km::AuthorizationSet* outParams);
bool isSecure(); bool isSecure();
// Tell Keymaster that early boot has ended and early boot-only keys can no longer be created or // Tell all Keymaster instances that early boot has ended and early boot-only keys can no longer
// used. // be created or used.
void earlyBootEnded(); static void earlyBootEnded();
private: private:
sp<KmDevice> mDevice; sp<KmDevice> mDevice;

View file

@ -87,13 +87,9 @@ const KeyGeneration makeGen(const CryptoOptions& options) {
} }
static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) { static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
// We're about to mount data not verified by verified boot. Tell Keymaster that early boot has // We're about to mount data not verified by verified boot. Tell Keymaster instances that early
// ended. // boot has ended.
// ::android::vold::Keymaster::earlyBootEnded();
// TODO(paulcrowley): Make a Keymaster singleton or something, so we don't have to repeatedly
// open and initialize the service.
::android::vold::Keymaster keymaster;
keymaster.earlyBootEnded();
// fs_mgr_do_mount runs fsck. Use setexeccon to run trusted // fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
// partitions in the fsck domain. // partitions in the fsck domain.