Call earlyBootEnded from vdc.

This allows us to determine the place where early boot ends from init.
It also allows fixing a bug where early boot wasn't ended previously on
devices without metadata encryption.

Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: I78775672a7d3c140e007235a10fb1d1bc816fcee
This commit is contained in:
Martijn Coenen 2020-11-12 10:59:13 +01:00
parent d5de2f22b7
commit eed957f6a4
5 changed files with 14 additions and 4 deletions

View file

@ -79,10 +79,6 @@ const KeyGeneration makeGen(const CryptoOptions& options) {
} }
static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) { static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
// We're about to mount data not verified by verified boot. Tell Keymaster instances that early
// boot has ended.
::android::vold::Keymaster::earlyBootEnded();
// fs_mgr_do_mount runs fsck. Use setexeccon to run trusted // fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
// partitions in the fsck domain. // partitions in the fsck domain.
if (setexeccon(android::vold::sFsckContext)) { if (setexeccon(android::vold::sFsckContext)) {

View file

@ -33,6 +33,7 @@
#include "Checkpoint.h" #include "Checkpoint.h"
#include "FsCrypt.h" #include "FsCrypt.h"
#include "IdleMaint.h" #include "IdleMaint.h"
#include "Keymaster.h"
#include "MetadataCrypt.h" #include "MetadataCrypt.h"
#include "MoveStorage.h" #include "MoveStorage.h"
#include "Process.h" #include "Process.h"
@ -879,6 +880,14 @@ binder::Status VoldNativeService::resetCheckpoint() {
return Ok(); return Ok();
} }
binder::Status VoldNativeService::earlyBootEnded() {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
Keymaster::earlyBootEnded();
return Ok();
}
binder::Status VoldNativeService::incFsEnabled(bool* _aidl_return) { binder::Status VoldNativeService::incFsEnabled(bool* _aidl_return) {
ENFORCE_SYSTEM_OR_ROOT; ENFORCE_SYSTEM_OR_ROOT;

View file

@ -150,6 +150,8 @@ class VoldNativeService : public BinderService<VoldNativeService>, public os::Bn
binder::Status supportsFileCheckpoint(bool* _aidl_return); binder::Status supportsFileCheckpoint(bool* _aidl_return);
binder::Status resetCheckpoint(); binder::Status resetCheckpoint();
binder::Status earlyBootEnded();
binder::Status incFsEnabled(bool* _aidl_return) override; binder::Status incFsEnabled(bool* _aidl_return) override;
binder::Status mountIncFs( binder::Status mountIncFs(
const std::string& backingPath, const std::string& targetDir, int32_t flags, const std::string& backingPath, const std::string& targetDir, int32_t flags,

View file

@ -126,6 +126,7 @@ interface IVold {
boolean supportsFileCheckpoint(); boolean supportsFileCheckpoint();
void resetCheckpoint(); void resetCheckpoint();
void earlyBootEnded();
@utf8InCpp String createStubVolume(@utf8InCpp String sourcePath, @utf8InCpp String createStubVolume(@utf8InCpp String sourcePath,
@utf8InCpp String mountPath, @utf8InCpp String fsType, @utf8InCpp String mountPath, @utf8InCpp String fsType,
@utf8InCpp String fsUuid, @utf8InCpp String fsLabel, int flags); @utf8InCpp String fsUuid, @utf8InCpp String fsLabel, int flags);

View file

@ -152,6 +152,8 @@ int main(int argc, char** argv) {
checkStatus(args, vold->abortChanges(args[2], retry != 0)); checkStatus(args, vold->abortChanges(args[2], retry != 0));
} else if (args[0] == "checkpoint" && args[1] == "resetCheckpoint") { } else if (args[0] == "checkpoint" && args[1] == "resetCheckpoint") {
checkStatus(args, vold->resetCheckpoint()); checkStatus(args, vold->resetCheckpoint());
} else if (args[0] == "keymaster" && args[1] == "early-boot-ended") {
checkStatus(args, vold->earlyBootEnded());
} else { } else {
LOG(ERROR) << "Raw commands are no longer supported"; LOG(ERROR) << "Raw commands are no longer supported";
exit(EINVAL); exit(EINVAL);