matching the naming convention for a system service property
Bug: 309007107
Test: launch_cvd --noresume --console=true \
--extra_kernel_cmdline='androidboot.selinux=permissive' \
--secure_hals=guest_keymint_trusty_insecure
Change-Id: I7c31f36dcac49d60469de44ce75c9b46a333786e
If the ro.hardware.trusty_ipc_dev.gatekeeper (respectively .keymint) property is set, pass it as the device name to the gatekeeper (respectively keymint) HALs.
Test: "setprop ro.hardware.trusty_ipc_dev VSOCK:2048:1" and restart HALs
Change-Id: I0947e532ac70ce1821cec49897f21ca10e1af03e
The new binary sets non-secure RoT for keymint. The non-secure
version will be used on cuttlefish.
Bug: 355194622
Test: CF is gets booted with KeyMint TA in VM
Change-Id: Iff202c6d4bb70dabeb866b4f3fbc18c006bb219e
Building rpmb_dev as a host tool in soong makes it easy to package for
acloud, rather than building it in the Trusty build system and uploading
that to the remote instance.
Test: m
Bug: 354771029
Change-Id: I3b7f623238957ae3b25524d424025fd08f805657
Add support for connecting to a vsock port that multiplexes trusty
services. The first vsock packet contains the tipc port name. To enable
this mode, pass "VSOCK:<cid>:<port>" as the device name string (where
<cid> and <port> is replaced with the cid and port numbers you want to
connect to).
Test: manual - ran storageproxyd and storage test with new option
Bug: 298705967
Change-Id: I9b75244ca38b7eb69ed7fc19b27aa309d0f7ed13
Background:
* -f = Allows mapping files in the format `-f file:backing_file`. This
can be used for mapping secure storage files like `0` and `persist/0`
to block devices. Storageproxyd will handle creating the appropriate
symlinks in the root datapath
* -m = Allows specifying the the max size constraint for file backed storages.
The constraint is chosen by giving a file, this allows for passing a
block device for which a max file size can be queried. File based
storages will be constrained to that size as well.
Bug: 324989972
Test: File sizes are restricted as specified, and mappings are created
Change-Id: I8ff550afafbd372288daa9e27c4db3451948b25d
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
tipc-test results cannot be parsed in the CI because they output to
error stream
Bug: 314130383
Test: /data/nativetest64/vendor/tipc-test/tipc-test -t echo -r 1 -B 100
Change-Id: I2d6506fd69af06338041035526ca759884719c7b
tipc-test suite should be tipc not crypto
Bug: 314130383
Test: /data/nativetest64/vendor/tipc-test/tipc-test -t echo -r 1 -B 100
Change-Id: Icc0921a032f8b784f4797f43b6180136777f422f
error: field `0` is never read
--> system/core/trusty/keymint/src/keymint_hal_main.rs:40:24
|
40 | struct HalServiceError(String);
| --------------- ^^^^^^
| |
| field in this struct
|
= note: `HalServiceError` has derived impls for the traits `Clone` and `Debug`, but these are intentionally ignored during dead code analysis
= note: `-D dead-code` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(dead_code)]`
help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field
|
40 | struct HalServiceError(());
| ~~
Bug: http://b/330185853
Test: ./test_compiler.py --prebuilt-path dist/rust-dev.tar.xz --target aosp_cf_x86_64_phone --image
Change-Id: I79fb9019ba00900508aead414de80edd51f3fa2e
Stop creating a socket on a persistent filesystem and use a socket
created by init in /dev/socket/ instead.
Many init script changes to make rpmb_dev.rc usable on cuttlefish.
Test: Build and run aosp_cf_x86_64_phone_trusty_vm-trunk_staging-userdebug
Bug: 309007107
Change-Id: Idc830211b3298d25bbb310dcb7489dd89fe5afc6
Flag control for enabling Secretkeeper is done in the device-specific
makefiles, triggering whether they set SECRETKEEPER_ENABLED:=true
Test: none, comment change
Change-Id: I399d1840519864687aca6c53697317d449eed325
This is needed to upgrade the android_logger crate from 0.12.0
to 0.13.3.
with_max_level provides the same functionality as with_min_level.
The renaming is admittedly confusing, but the new name is accurate
and it makes sense that they deprecated and then removed the
previously poorly named with_min_level.
See crate documentation [1] and code [2].
[1]: https://docs.rs/android_logger/0.12.0/android_logger/struct.Config.html#method.with_min_level
[2]: https://docs.rs/android_logger/0.12.0/src/android_logger/lib.rs.html#227
Bug: 322718401
Test: build and run CF with the change.
Test: m aosp_cf_x86_64_phone
Change-Id: Ib4fbd486267d30e74e886139846950b066848d43
Make the makefile safer by requiring a specific value for the
environment variable that turns on Secretkeeper
Bug: 306364873
Test: TreeHugger
Change-Id: Ic5bb5e7411a19941f58ec8c973104c1e53f3834f
The TIPC channel between HAL service and TA has a max message size of
around 4K. Cope with larger messages by using fragmentation and
reassembly for all messages.
Test: VtsSecretkeeperTargetTest
Change-Id: I18cc9a9f6e6b90ab66bc3bcf1972e1a5c5112c89
Adding one command line parameter -B to allow tipc test to be run as benchmarks.
Bug: 314130383
Test: /data/nativetest64/vendor/tipc-test/tipc-test -t echo -r 1 -B 100
Change-Id: I5cdd643ce6e9e289033180cff433e45f77206729
This reverts commit 589c8d1e44.
Reason for revert: fuzzer crashes immediately on line 99 as vector is empty
Change-Id: I5e56a94671a43cd131c250d98f7cfae3c96f34ab
The FuzzerDefs.h APIs are internal to the fuzzer and aren't available
when the fuzzer is built with a custom private libc++, so remove the
ExtraCountersBegin/ExtraCountersEnd assertions and inline the array
clearing.
Bug: 175635923
Bug: 303175229
Bug: 315079422
Test: m libtrusty_fuzz_utils trusty_gatekeeper_fuzzer
Change-Id: I1ca9d9867026ff6f8e494ac6026fb1314caab7d1
Disabled by default; enable with `export SECRETKEEPER_ENABLED=y` before
building.
Also needs the Secretkeeper TA to be present in Trusty; if the TA is
absent, the HAL service will (repeatedly) fail to connect.
Test: build, VtsSecretkeeperTargetTest
Bug: 306364873
Change-Id: I529013395d0e3afbff4a24b663088adce2a23805
Replace assert with check and log message. Also log more about the request if DMA heap allocation fails.
Bug: 315283243
Test: boot to home
Test: touch x && trusty_apploader x
Change-Id: Ic075809fd2a6b09d9c4e8dff986709c4deae8fb7
This suggested change is automatically generated based on group
memberships and affiliations.
If this change is unnecessary or in error, vote CR -1 and the bot
will abandon it. Vote CR +1/2 to approve this change.
See the owner's recent activity for context:
https://android-review.googlesource.com/q/marcone@google.com
To report an issue, file a bug in the Infra>Codereview component.
Change-Id: Ia8f5d261cbfc7328c7dffa0bdf92a5732ba3eee8
