From eed957f6a411acafd7f60b514874930e4d674ae6 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Thu, 12 Nov 2020 10:59:13 +0100
Subject: [PATCH] Call earlyBootEnded from vdc.

This allows us to determine the place where early boot ends from init.
It also allows fixing a bug where early boot wasn't ended previously on
devices without metadata encryption.

Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: I78775672a7d3c140e007235a10fb1d1bc816fcee
---
 MetadataCrypt.cpp            | 4 ----
 VoldNativeService.cpp        | 9 +++++++++
 VoldNativeService.h          | 2 ++
 binder/android/os/IVold.aidl | 1 +
 vdc.cpp                      | 2 ++
 5 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index fdee21f..cf7c5f7 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -79,10 +79,6 @@ const KeyGeneration makeGen(const CryptoOptions& options) {
 }
 
 static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
-    // We're about to mount data not verified by verified boot.  Tell Keymaster instances that early
-    // boot has ended.
-    ::android::vold::Keymaster::earlyBootEnded();
-
     // fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
     // partitions in the fsck domain.
     if (setexeccon(android::vold::sFsckContext)) {
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 3fb4e65..674a721 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -33,6 +33,7 @@
 #include "Checkpoint.h"
 #include "FsCrypt.h"
 #include "IdleMaint.h"
+#include "Keymaster.h"
 #include "MetadataCrypt.h"
 #include "MoveStorage.h"
 #include "Process.h"
@@ -879,6 +880,14 @@ binder::Status VoldNativeService::resetCheckpoint() {
     return Ok();
 }
 
+binder::Status VoldNativeService::earlyBootEnded() {
+    ENFORCE_SYSTEM_OR_ROOT;
+    ACQUIRE_LOCK;
+
+    Keymaster::earlyBootEnded();
+    return Ok();
+}
+
 binder::Status VoldNativeService::incFsEnabled(bool* _aidl_return) {
     ENFORCE_SYSTEM_OR_ROOT;
 
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 9914879..390e9fc 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -150,6 +150,8 @@ class VoldNativeService : public BinderService<VoldNativeService>, public os::Bn
     binder::Status supportsFileCheckpoint(bool* _aidl_return);
     binder::Status resetCheckpoint();
 
+    binder::Status earlyBootEnded();
+
     binder::Status incFsEnabled(bool* _aidl_return) override;
     binder::Status mountIncFs(
             const std::string& backingPath, const std::string& targetDir, int32_t flags,
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index 1d6225f..bb284b8 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -126,6 +126,7 @@ interface IVold {
     boolean supportsFileCheckpoint();
     void resetCheckpoint();
 
+    void earlyBootEnded();
     @utf8InCpp String createStubVolume(@utf8InCpp String sourcePath,
             @utf8InCpp String mountPath, @utf8InCpp String fsType,
             @utf8InCpp String fsUuid, @utf8InCpp String fsLabel, int flags);
diff --git a/vdc.cpp b/vdc.cpp
index 11562e7..b6bb5ed 100644
--- a/vdc.cpp
+++ b/vdc.cpp
@@ -152,6 +152,8 @@ int main(int argc, char** argv) {
         checkStatus(args, vold->abortChanges(args[2], retry != 0));
     } else if (args[0] == "checkpoint" && args[1] == "resetCheckpoint") {
         checkStatus(args, vold->resetCheckpoint());
+    } else if (args[0] == "keymaster" && args[1] == "early-boot-ended") {
+        checkStatus(args, vold->earlyBootEnded());
     } else {
         LOG(ERROR) << "Raw commands are no longer supported";
         exit(EINVAL);