diff options
75 files changed, 801 insertions, 1262 deletions
diff --git a/TEST_MAPPING b/TEST_MAPPING index dc284635d..345e46e16 100644 --- a/TEST_MAPPING +++ b/TEST_MAPPING @@ -31,6 +31,15 @@ }, { "name": "CtsScopedStorageDeviceOnlyTest" + }, + { + "name": "CtsScopedStorageBypassDatabaseOperationsTest" + }, + { + "name": "CtsScopedStorageGeneralTest" + }, + { + "name": "CtsScopedStorageRedactUriTest" } ], "auto-presubmit": [ diff --git a/apex/com.google.cf.wifi/Android.bp b/apex/com.google.cf.wifi/Android.bp index 6d63886de..cd6d7a64d 100644 --- a/apex/com.google.cf.wifi/Android.bp +++ b/apex/com.google.cf.wifi/Android.bp @@ -42,7 +42,7 @@ apex { soc_specific: true, binaries: [ "rename_netiface", - "wpa_supplicant_cf", + "//external/wpa_supplicant_8/wpa_supplicant/wpa_supplicant:wpa_supplicant", "setup_wifi", "//device/generic/goldfish:mac80211_create_radios", "hostapd_cf", diff --git a/apex/com.google.cf.wifi/com.google.cf.wifi.rc b/apex/com.google.cf.wifi/com.google.cf.wifi.rc index 1465d13f4..c0fff55a3 100644 --- a/apex/com.google.cf.wifi/com.google.cf.wifi.rc +++ b/apex/com.google.cf.wifi/com.google.cf.wifi.rc @@ -15,7 +15,7 @@ service init_wifi_sh /apex/com.android.wifi.hal/bin/init.wifi oneshot disabled # Started on post-fs-data -service wpa_supplicant /apex/com.android.wifi.hal/bin/hw/wpa_supplicant_cf \ +service wpa_supplicant /apex/com.android.wifi.hal/bin/hw/wpa_supplicant \ -O/data/vendor/wifi/wpa/sockets -puse_p2p_group_interface=1p2p_device=1 \ -m/apex/com.android.wifi.hal/etc/wifi/p2p_supplicant.conf \ -g@android:wpa_wlan0 -dd diff --git a/apex/com.google.cf.wifi/file_contexts b/apex/com.google.cf.wifi/file_contexts index 8c9bf899b..bb96251e2 100644 --- a/apex/com.google.cf.wifi/file_contexts +++ b/apex/com.google.cf.wifi/file_contexts @@ -2,7 +2,7 @@ /bin/rename_netiface u:object_r:rename_netiface_exec:s0 /bin/setup_wifi u:object_r:setup_wifi_exec:s0 /bin/init\.wifi u:object_r:init_wifi_sh_exec:s0 -/bin/hw/wpa_supplicant_cf u:object_r:hal_wifi_supplicant_default_exec:s0 +/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0 /bin/hw/hostapd_cf u:object_r:hal_wifi_hostapd_default_exec:s0 /bin/mac80211_create_radios u:object_r:mac80211_create_radios_exec:s0 /etc/permissions(/.*)? u:object_r:vendor_configs_file:s0 diff --git a/build/cvd-host-package.go b/build/cvd-host-package.go index cf66c0e99..596ce41d0 100644 --- a/build/cvd-host-package.go +++ b/build/cvd-host-package.go @@ -68,6 +68,13 @@ func (c *cvdHostPackage) DepsMutator(ctx android.BottomUpMutatorContext) { } } + for _, dep := range strings.Split( + ctx.Config().VendorConfig("cvd").String("binary"), " ") { + if ctx.OtherModuleExists(dep) { + ctx.AddVariationDependencies(ctx.Target().Variations(), cvdHostPackageDependencyTag, dep) + } + } + // If cvd_custom_action_config is set, include custom action servers in the // host package as specified by cvd_custom_action_servers. customActionConfig := ctx.Config().VendorConfig("cvd").String("custom_action_config") diff --git a/guest/hals/camera/Android.bp b/guest/hals/camera/Android.bp index ce4c46c1e..c6c87329f 100644 --- a/guest/hals/camera/Android.bp +++ b/guest/hals/camera/Android.bp @@ -77,6 +77,7 @@ cc_library_shared { "libhidlbase", "liblog", "libutils", + "libui", "libvsock_utils", "libcuttlefish_fs", "libjsoncpp", diff --git a/guest/hals/camera/cached_stream_buffer.cpp b/guest/hals/camera/cached_stream_buffer.cpp index ff692c7dc..7e99581aa 100644 --- a/guest/hals/camera/cached_stream_buffer.cpp +++ b/guest/hals/camera/cached_stream_buffer.cpp @@ -96,8 +96,23 @@ YCbCrLayout CachedStreamBuffer::acquireAsYUV(int32_t width, int32_t height, acquire_fence_ = -1; } } - IMapper::Rect region{0, 0, width, height}; - return g_importer.lockYCbCr(buffer_, GRALLOC_USAGE_SW_WRITE_OFTEN, region); + android::Rect region{0, 0, width, height}; + android_ycbcr result = + g_importer.lockYCbCr(buffer_, GRALLOC_USAGE_SW_WRITE_OFTEN, region); + if (result.ystride > UINT32_MAX || result.cstride > UINT32_MAX || + result.chroma_step > UINT32_MAX) { + ALOGE( + "%s: lockYCbCr failed. Unexpected values! ystride: %zu cstride: %zu " + "chroma_step: %zu", + __FUNCTION__, result.ystride, result.cstride, result.chroma_step); + return {}; + } + return {.y = result.y, + .cb = result.cb, + .cr = result.cr, + .yStride = static_cast<uint32_t>(result.ystride), + .cStride = static_cast<uint32_t>(result.cstride), + .chromaStep = static_cast<uint32_t>(result.chroma_step)}; } void* CachedStreamBuffer::acquireAsBlob(int32_t size, int timeout_ms) { diff --git a/guest/hals/camera/cached_stream_buffer.h b/guest/hals/camera/cached_stream_buffer.h index 09a404738..19d738d2b 100644 --- a/guest/hals/camera/cached_stream_buffer.h +++ b/guest/hals/camera/cached_stream_buffer.h @@ -15,12 +15,16 @@ */ #pragma once #include <android/hardware/camera/device/3.4/ICameraDeviceSession.h> +#include <android/hardware/graphics/mapper/2.0/IMapper.h> +#include <android/hardware/graphics/mapper/3.0/IMapper.h> +#include <android/hardware/graphics/mapper/4.0/IMapper.h> #include "HandleImporter.h" namespace android::hardware::camera::device::V3_4::implementation { using ::android::hardware::camera::common::V1_0::helper::HandleImporter; using ::android::hardware::camera::device::V3_2::StreamBuffer; +using ::android::hardware::graphics::mapper::V2_0::YCbCrLayout; // Small wrapper for allocating/freeing native handles class ReleaseFence { diff --git a/guest/hals/keymint/rust/Android.bp b/guest/hals/keymint/rust/Android.bp index 780d10ca5..524aeb8be 100644 --- a/guest/hals/keymint/rust/Android.bp +++ b/guest/hals/keymint/rust/Android.bp @@ -28,6 +28,7 @@ rust_binary { "libhex", "libkmr_wire", "libkmr_hal", + "libkmr_hal_nonsecure", "liblibc", "liblog_rust", ], diff --git a/guest/hals/keymint/rust/src/keymint_hal_main.rs b/guest/hals/keymint/rust/src/keymint_hal_main.rs index 5441c6e48..958a2da52 100644 --- a/guest/hals/keymint/rust/src/keymint_hal_main.rs +++ b/guest/hals/keymint/rust/src/keymint_hal_main.rs @@ -15,7 +15,7 @@ //! This crate implements the KeyMint HAL service in Rust, communicating with a Rust //! trusted application (TA) running on the Cuttlefish host. -use kmr_hal::env::get_property; +use kmr_hal_nonsecure::{attestation_id_info, get_boot_info}; use log::{debug, error, info}; use std::ops::DerefMut; use std::os::unix::io::FromRawFd; @@ -174,77 +174,3 @@ fn inner_main() -> Result<(), HalServiceError> { info!("KeyMint HAL service is terminating."); Ok(()) } - -/// Populate attestation ID information based on properties (where available). -fn attestation_id_info() -> kmr_wire::AttestationIdInfo { - let prop = |name| { - get_property(name).unwrap_or_else(|_| format!("{} unavailable", name)).as_bytes().to_vec() - }; - kmr_wire::AttestationIdInfo { - brand: prop("ro.product.brand"), - device: prop("ro.product.device"), - product: prop("ro.product.name"), - serial: prop("ro.serialno"), - manufacturer: prop("ro.product.manufacturer"), - model: prop("ro.product.model"), - // Currently modem_simulator always returns one fixed value. See `handleGetIMEI` in - // device/google/cuttlefish/host/commands/modem_simulator/misc_service.cpp for more details. - // TODO(b/263188546): Use device-specific IMEI values when available. - imei: b"867400022047199".to_vec(), - imei2: b"867400022047199".to_vec(), - meid: vec![], - } -} - -/// Get boot information based on system properties. -fn get_boot_info() -> kmr_wire::SetBootInfoRequest { - // No access to a verified boot key. - let verified_boot_key = vec![0; 32]; - let vbmeta_digest = get_property("ro.boot.vbmeta.digest").unwrap_or_else(|_| "00".repeat(32)); - let verified_boot_hash = hex::decode(&vbmeta_digest).unwrap_or_else(|_e| { - error!("failed to parse hex data in '{}'", vbmeta_digest); - vec![0; 32] - }); - let device_boot_locked = match get_property("ro.boot.vbmeta.device_state") - .unwrap_or_else(|_| "no-prop".to_string()) - .as_str() - { - "locked" => true, - "unlocked" => false, - v => { - error!("Unknown device_state '{}', treating as unlocked", v); - false - } - }; - let verified_boot_state = match get_property("ro.boot.verifiedbootstate") - .unwrap_or_else(|_| "no-prop".to_string()) - .as_str() - { - "green" => 0, // Verified - "yellow" => 1, // SelfSigned - "orange" => 2, // Unverified, - "red" => 3, // Failed, - v => { - error!("Unknown boot state '{}', treating as Unverified", v); - 2 - } - }; - - // Attempt to get the boot patchlevel from a system property. This requires an SELinux - // permission, so fall back to re-using the OS patchlevel if this can't be done. - let boot_patchlevel_prop = get_property("ro.vendor.boot_security_patch").unwrap_or_else(|e| { - error!("Failed to retrieve boot patchlevel: {:?}", e); - get_property(kmr_hal::env::OS_PATCHLEVEL_PROPERTY) - .unwrap_or_else(|_| "1970-09-19".to_string()) - }); - let boot_patchlevel = - kmr_hal::env::extract_patchlevel(&boot_patchlevel_prop).unwrap_or(19700919); - - kmr_wire::SetBootInfoRequest { - verified_boot_key, - device_boot_locked, - verified_boot_state, - verified_boot_hash, - boot_patchlevel, - } -} diff --git a/guest/hals/ril/reference-libril/Android.bp b/guest/hals/ril/reference-libril/Android.bp index de07522e1..09acbd451 100644 --- a/guest/hals/ril/reference-libril/Android.bp +++ b/guest/hals/ril/reference-libril/Android.bp @@ -43,16 +43,16 @@ cc_library { ], shared_libs: [ "android.hardware.radio-library.compat", - "android.hardware.radio.config-V2-ndk", - "android.hardware.radio.data-V2-ndk", - "android.hardware.radio.ims-V1-ndk", - "android.hardware.radio.ims.media-V1-ndk", - "android.hardware.radio.messaging-V2-ndk", - "android.hardware.radio.modem-V2-ndk", - "android.hardware.radio.network-V2-ndk", + "android.hardware.radio.config-V3-ndk", + "android.hardware.radio.data-V3-ndk", + "android.hardware.radio.ims-V2-ndk", + "android.hardware.radio.ims.media-V2-ndk", + "android.hardware.radio.messaging-V3-ndk", + "android.hardware.radio.modem-V3-ndk", + "android.hardware.radio.network-V3-ndk", "android.hardware.radio.sap-V1-ndk", - "android.hardware.radio.sim-V2-ndk", - "android.hardware.radio.voice-V2-ndk", + "android.hardware.radio.sim-V3-ndk", + "android.hardware.radio.voice-V3-ndk", "android.hardware.radio@1.0", "android.hardware.radio@1.1", "android.hardware.radio@1.2", diff --git a/guest/hals/ril/reference-libril/RefRadioNetwork.cpp b/guest/hals/ril/reference-libril/RefRadioNetwork.cpp index 407efaa5e..941cd2470 100644 --- a/guest/hals/ril/reference-libril/RefRadioNetwork.cpp +++ b/guest/hals/ril/reference-libril/RefRadioNetwork.cpp @@ -89,4 +89,28 @@ ScopedAStatus RefRadioNetwork::isNullCipherAndIntegrityEnabled(int32_t serial) { respond()->isNullCipherAndIntegrityEnabledResponse(responseInfo(serial), true); return ok(); } + +ScopedAStatus RefRadioNetwork::setCellularIdentifierTransparencyEnabled(int32_t serial, bool enabled) { + mIsCellularIdentifierTransparencyEnabled = enabled; + respond()->setCellularIdentifierTransparencyEnabledResponse(responseInfo(serial)); + return ok(); +} + +ScopedAStatus RefRadioNetwork::isCellularIdentifierTransparencyEnabled(int32_t serial) { + respond()->isCellularIdentifierTransparencyEnabledResponse( + responseInfo(serial), mIsCellularIdentifierTransparencyEnabled); + return ok(); +} + +ScopedAStatus RefRadioNetwork::setSecurityAlgorithmsUpdatedEnabled(int32_t serial, bool enabled) { + mIsCipheringTransparencyEnabled = enabled; + respond()->setSecurityAlgorithmsUpdatedEnabledResponse(responseInfo(serial)); + return ok(); +} + +ScopedAStatus RefRadioNetwork::isSecurityAlgorithmsUpdatedEnabled(int32_t serial) { + respond()->isSecurityAlgorithmsUpdatedEnabledResponse(responseInfo(serial), + mIsCipheringTransparencyEnabled); + return ok(); +} } // namespace cf::ril diff --git a/guest/hals/ril/reference-libril/RefRadioNetwork.h b/guest/hals/ril/reference-libril/RefRadioNetwork.h index c99bf1827..caf4e5e95 100644 --- a/guest/hals/ril/reference-libril/RefRadioNetwork.h +++ b/guest/hals/ril/reference-libril/RefRadioNetwork.h @@ -22,6 +22,9 @@ namespace cf::ril { class RefRadioNetwork : public android::hardware::radio::compat::RadioNetwork { ::aidl::android::hardware::radio::network::UsageSetting mUsageSetting = ::aidl::android::hardware::radio::network::UsageSetting::VOICE_CENTRIC; + // As per the specs, the default is true. + bool mIsCellularIdentifierTransparencyEnabled = true; + bool mIsCipheringTransparencyEnabled = true; public: using android::hardware::radio::compat::RadioNetwork::RadioNetwork; @@ -49,7 +52,16 @@ class RefRadioNetwork : public android::hardware::radio::compat::RadioNetwork { ::ndk::ScopedAStatus setN1ModeEnabled(int32_t serial, bool enable) override; ::ndk::ScopedAStatus setNullCipherAndIntegrityEnabled(int32_t serial, bool enabled) override; + ::ndk::ScopedAStatus isNullCipherAndIntegrityEnabled(int32_t serial) override; + + ::ndk::ScopedAStatus setCellularIdentifierTransparencyEnabled(int32_t serial, bool enabled) override; + + ::ndk::ScopedAStatus isCellularIdentifierTransparencyEnabled(int32_t serial) override; + + ::ndk::ScopedAStatus setSecurityAlgorithmsUpdatedEnabled(int32_t serial, bool enabled) override; + + ::ndk::ScopedAStatus isSecurityAlgorithmsUpdatedEnabled(int32_t serial) override; }; } // namespace cf::ril diff --git a/guest/hals/ril/reference-libril/android.hardware.radio@2.1.xml b/guest/hals/ril/reference-libril/android.hardware.radio@2.1.xml index 0ffa0d774..a581292ec 100644 --- a/guest/hals/ril/reference-libril/android.hardware.radio@2.1.xml +++ b/guest/hals/ril/reference-libril/android.hardware.radio@2.1.xml @@ -1,40 +1,42 @@ <manifest version="1.0" type="device"> <hal format="aidl"> <name>android.hardware.radio.config</name> - <version>2</version> + <version>3</version> <fqname>IRadioConfig/default</fqname> </hal> <hal format="aidl"> <name>android.hardware.radio.data</name> - <version>2</version> + <version>3</version> <fqname>IRadioData/slot1</fqname> </hal> <hal format="aidl"> <name>android.hardware.radio.ims</name> + <version>2</version> <fqname>IRadioIms/slot1</fqname> </hal> <hal format="aidl"> <name>android.hardware.radio.ims.media</name> + <version>2</version> <fqname>IImsMedia/default</fqname> </hal> <hal format="aidl"> <name>android.hardware.radio.messaging</name> - <version>2</version> + <version>3</version> <fqname>IRadioMessaging/slot1</fqname> </hal> <hal format="aidl"> <name>android.hardware.radio.modem</name> - <version>2</version> + <version>3</version> <fqname>IRadioModem/slot1</fqname> </hal> <hal format="aidl"> <name>android.hardware.radio.network</name> - <version>2</version> + <version>3</version> <fqname>IRadioNetwork/slot1</fqname> </hal> <hal format="aidl"> <name>android.hardware.radio.sim</name> - <version>2</version> + <version>3</version> <fqname>IRadioSim/slot1</fqname> </hal> <hal format="aidl"> @@ -43,7 +45,7 @@ </hal> <hal format="aidl"> <name>android.hardware.radio.voice</name> - <version>2</version> + <version>3</version> <fqname>IRadioVoice/slot1</fqname> </hal> </manifest> diff --git a/guest/services/cf_satellite_service/src/com/google/android/telephony/satellite/CFSatelliteService.java b/guest/services/cf_satellite_service/src/com/google/android/telephony/satellite/CFSatelliteService.java index db9cce133..147383555 100644 --- a/guest/services/cf_satellite_service/src/com/google/android/telephony/satellite/CFSatelliteService.java +++ b/guest/services/cf_satellite_service/src/com/google/android/telephony/satellite/CFSatelliteService.java @@ -21,27 +21,25 @@ import android.annotation.Nullable; import android.content.Intent; import android.os.Binder; import android.os.IBinder; +import android.telephony.IBooleanConsumer; +import android.telephony.IIntegerConsumer; import android.telephony.satellite.stub.ISatelliteCapabilitiesConsumer; import android.telephony.satellite.stub.ISatelliteListener; import android.telephony.satellite.stub.NTRadioTechnology; import android.telephony.satellite.stub.PointingInfo; import android.telephony.satellite.stub.SatelliteCapabilities; import android.telephony.satellite.stub.SatelliteDatagram; -import android.telephony.satellite.stub.SatelliteError; +import android.telephony.satellite.stub.SatelliteResult; import android.telephony.satellite.stub.SatelliteImplBase; import android.telephony.satellite.stub.SatelliteModemState; import android.telephony.satellite.stub.SatelliteService; -import com.android.internal.telephony.IBooleanConsumer; -import com.android.internal.telephony.IIntegerConsumer; import com.android.internal.util.FunctionalUtils; import com.android.telephony.Rlog; import java.util.ArrayList; -import java.util.HashMap; import java.util.HashSet; import java.util.List; -import java.util.Map; import java.util.Set; import java.util.concurrent.Executor; @@ -58,7 +56,7 @@ public class CFSatelliteService extends SatelliteImplBase { /** SatelliteCapabilities constant indicating the maximum number of characters per datagram. */ private static final int MAX_BYTES_PER_DATAGRAM = 339; - @NonNull private final Map<IBinder, ISatelliteListener> mListeners = new HashMap<>(); + @NonNull private final Set<ISatelliteListener> mListeners = new HashSet<>(); private boolean mIsCommunicationAllowedInLocation; private boolean mIsEnabled; @@ -112,7 +110,7 @@ public class CFSatelliteService extends SatelliteImplBase { @Override public void setSatelliteListener(@NonNull ISatelliteListener listener) { logd("setSatelliteListener"); - mListeners.put(listener.asBinder(), listener); + mListeners.add(listener); } @Override @@ -127,7 +125,7 @@ public class CFSatelliteService extends SatelliteImplBase { } else { updateSatelliteModemState(SatelliteModemState.SATELLITE_MODEM_STATE_IDLE); } - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); } @Override @@ -144,13 +142,13 @@ public class CFSatelliteService extends SatelliteImplBase { private void enableSatellite(@NonNull IIntegerConsumer errorCallback) { mIsEnabled = true; updateSatelliteModemState(SatelliteModemState.SATELLITE_MODEM_STATE_IDLE); - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); } private void disableSatellite(@NonNull IIntegerConsumer errorCallback) { mIsEnabled = false; updateSatelliteModemState(SatelliteModemState.SATELLITE_MODEM_STATE_OFF); - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); } @Override @@ -184,20 +182,20 @@ public class CFSatelliteService extends SatelliteImplBase { if (!verifySatelliteModemState(errorCallback)) { return; } - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); } @Override public void stopSendingSatellitePointingInfo(@NonNull IIntegerConsumer errorCallback) { logd("stopSendingSatellitePointingInfo"); - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); } @Override public void provisionSatelliteService(@NonNull String token, @NonNull byte[] provisionData, @NonNull IIntegerConsumer errorCallback) { logd("provisionSatelliteService"); - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); updateSatelliteProvisionState(true); } @@ -205,7 +203,7 @@ public class CFSatelliteService extends SatelliteImplBase { public void deprovisionSatelliteService(@NonNull String token, @NonNull IIntegerConsumer errorCallback) { logd("deprovisionSatelliteService"); - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); updateSatelliteProvisionState(false); } @@ -219,14 +217,14 @@ public class CFSatelliteService extends SatelliteImplBase { @Override public void pollPendingSatelliteDatagrams(@NonNull IIntegerConsumer errorCallback) { logd("pollPendingSatelliteDatagrams"); - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); } @Override public void sendSatelliteDatagram(@NonNull SatelliteDatagram datagram, boolean isEmergency, @NonNull IIntegerConsumer errorCallback) { logd("sendSatelliteDatagram"); - runWithExecutor(() -> errorCallback.accept(SatelliteError.ERROR_NONE)); + runWithExecutor(() -> errorCallback.accept(SatelliteResult.SATELLITE_RESULT_SUCCESS)); } @Override @@ -263,15 +261,18 @@ public class CFSatelliteService extends SatelliteImplBase { */ private boolean verifySatelliteModemState(@NonNull IIntegerConsumer errorCallback) { if (!mIsSupported) { - runWithExecutor(() -> errorCallback.accept(SatelliteError.REQUEST_NOT_SUPPORTED)); + runWithExecutor(() -> errorCallback.accept( + SatelliteResult.SATELLITE_RESULT_REQUEST_NOT_SUPPORTED)); return false; } if (!mIsProvisioned) { - runWithExecutor(() -> errorCallback.accept(SatelliteError.SERVICE_NOT_PROVISIONED)); + runWithExecutor(() -> errorCallback.accept( + SatelliteResult.SATELLITE_RESULT_SERVICE_NOT_PROVISIONED)); return false; } if (!mIsEnabled) { - runWithExecutor(() -> errorCallback.accept(SatelliteError.INVALID_MODEM_STATE)); + runWithExecutor(() -> errorCallback.accept( + SatelliteResult.SATELLITE_RESULT_INVALID_MODEM_STATE)); return false; } return true; @@ -286,8 +287,7 @@ public class CFSatelliteService extends SatelliteImplBase { if (modemState == mModemState) { return; } - logd("updateSatelliteModemState: mListeners.size=" + mListeners.size()); - mListeners.values().forEach(listener -> runWithExecutor(() -> + mListeners.forEach(listener -> runWithExecutor(() -> listener.onSatelliteModemStateChanged(modemState))); mModemState = modemState; } @@ -302,9 +302,8 @@ public class CFSatelliteService extends SatelliteImplBase { if (isProvisioned == mIsProvisioned) { return; } - logd("updateSatelliteProvisionState: mListeners.size=" + mListeners.size()); mIsProvisioned = isProvisioned; - mListeners.values().forEach(listener -> runWithExecutor(() -> + mListeners.forEach(listener -> runWithExecutor(() -> listener.onSatelliteProvisionStateChanged(mIsProvisioned))); } diff --git a/host/commands/assemble_cvd/assemble_cvd.cc b/host/commands/assemble_cvd/assemble_cvd.cc index 5f1f3fd69..9e2ea0ad4 100644 --- a/host/commands/assemble_cvd/assemble_cvd.cc +++ b/host/commands/assemble_cvd/assemble_cvd.cc @@ -253,10 +253,7 @@ Result<std::set<std::string>> PreservingOnResume( return preserving; } -Result<const CuttlefishConfig*> InitFilesystemAndCreateConfig( - FetcherConfig fetcher_config, const std::vector<GuestConfig>& guest_configs, - fruit::Injector<>& injector) { - std::string runtime_dir_parent = AbsolutePath(FLAGS_instance_dir); +Result<SharedFD> SetLogger(std::string runtime_dir_parent) { while (runtime_dir_parent[runtime_dir_parent.size() - 1] == '/') { runtime_dir_parent = runtime_dir_parent.substr(0, FLAGS_instance_dir.rfind('/')); @@ -274,7 +271,12 @@ Result<const CuttlefishConfig*> InitFilesystemAndCreateConfig( {LogFileSeverity(), log, MetadataLevel::FULL}, })); } + return log; +} +Result<const CuttlefishConfig*> InitFilesystemAndCreateConfig( + FetcherConfig fetcher_config, const std::vector<GuestConfig>& guest_configs, + fruit::Injector<>& injector, SharedFD log) { { // The config object is created here, but only exists in memory until the // SaveConfig line below. Don't launch cuttlefish subprocesses between these @@ -488,6 +490,8 @@ Result<int> AssembleCvdMain(int argc, char** argv) { setenv("ANDROID_LOG_TAGS", "*:v", /* overwrite */ 0); ::android::base::InitLogging(argv, android::base::StderrLogger); + auto log = CF_EXPECT(SetLogger(AbsolutePath(FLAGS_instance_dir))); + int tty = isatty(0); int error_num = errno; CF_EXPECT(tty == 0, @@ -563,7 +567,7 @@ Result<int> AssembleCvdMain(int argc, char** argv) { auto config = CF_EXPECT(InitFilesystemAndCreateConfig(std::move(fetcher_config), - guest_configs, injector), + guest_configs, injector, log), "Failed to create config"); std::cout << GetConfigFilePath(*config) << "\n"; diff --git a/host/commands/assemble_cvd/boot_config.cc b/host/commands/assemble_cvd/boot_config.cc index b1215173c..9604653df 100644 --- a/host/commands/assemble_cvd/boot_config.cc +++ b/host/commands/assemble_cvd/boot_config.cc @@ -133,138 +133,118 @@ size_t WriteEnvironment(const CuttlefishConfig::InstanceSpecific& instance, return env_str.length(); } -} // namespace +std::unordered_map<std::string, std::string> ReplaceKernelBootArgs( + const std::unordered_map<std::string, std::string>& args) { + std::unordered_map<std::string, std::string> ret; + std::transform(std::begin(args), std::end(args), + std::inserter(ret, ret.end()), [](const auto& kv) { + const auto& k = kv.first; + const auto& v = kv.second; + return std::make_pair( + android::base::StringReplace(k, " kernel.", " ", true), + v); + }); + return ret; +} -class InitBootloaderEnvPartitionImpl : public InitBootloaderEnvPartition { - public: - INJECT(InitBootloaderEnvPartitionImpl( - const CuttlefishConfig& config, - const CuttlefishConfig::InstanceSpecific& instance)) - : config_(config), instance_(instance) {} - - // SetupFeature - std::string Name() const override { return "InitBootloaderEnvPartitionImpl"; } - bool Enabled() const override { return !instance_.protected_vm(); } - - private: - std::unordered_set<SetupFeature*> Dependencies() const override { return {}; } - Result<void> ResultSetup() override { - if (instance_.ap_boot_flow() == CuttlefishConfig::InstanceSpecific::APBootFlow::Grub) { - CF_EXPECT(PrepareBootEnvImage( - instance_.ap_uboot_env_image_path(), - CuttlefishConfig::InstanceSpecific::BootFlow::Linux)); - } - CF_EXPECT(PrepareBootEnvImage(instance_.uboot_env_image_path(), - instance_.boot_flow())); +Result<void> PrepareBootEnvImage( + const CuttlefishConfig& config, + const CuttlefishConfig::InstanceSpecific& instance, + const std::string& image_path, + const CuttlefishConfig::InstanceSpecific::BootFlow& flow) { + if (instance.protected_vm()) { return {}; } + auto tmp_boot_env_image_path = image_path + ".tmp"; + auto uboot_env_path = instance.PerInstancePath("mkenvimg_input"); + auto kernel_cmdline = + android::base::Join(KernelCommandLineFromConfig(config, instance), " "); + // If the bootconfig isn't supported in the guest kernel, the bootconfig + // args need to be passed in via the uboot env. This won't be an issue for + // protect kvm which is running a kernel with bootconfig support. + if (!instance.bootconfig_supported()) { + auto bootconfig_args = + CF_EXPECT(BootconfigArgsFromConfig(config, instance)); + + // "androidboot.hardware" kernel parameter has changed to "hardware" in + // bootconfig and needs to be replaced before being used in the kernel + // cmdline. + auto bootconfig_hardware_it = bootconfig_args.find("hardware"); + if (bootconfig_hardware_it != bootconfig_args.end()) { + bootconfig_args["androidboot.hardware"] = bootconfig_hardware_it->second; + bootconfig_args.erase(bootconfig_hardware_it); + } - std::unordered_map<std::string, std::string> ReplaceKernelBootArgs( - const std::unordered_map<std::string, std::string>& args) { - std::unordered_map<std::string, std::string> ret; - std::transform(std::begin(args), std::end(args), - std::inserter(ret, ret.end()), [](const auto& kv) { - const auto& k = kv.first; - const auto& v = kv.second; - return std::make_pair( - android::base::StringReplace(k, " kernel.", " ", true), - v); - }); - return ret; + // TODO(b/182417593): Until we pass the module parameters through + // modules.options, we pass them through bootconfig using + // 'kernel.<key>=<value>' But if we don't support bootconfig, we need to + // rename them back to the old cmdline version + bootconfig_args = ReplaceKernelBootArgs(bootconfig_args); + + kernel_cmdline += + " " + CF_EXPECT(BootconfigArgsString(bootconfig_args, " ")); } - Result<void> PrepareBootEnvImage( - const std::string& image_path, - const CuttlefishConfig::InstanceSpecific::BootFlow& flow) { - auto tmp_boot_env_image_path = image_path + ".tmp"; - auto uboot_env_path = instance_.PerInstancePath("mkenvimg_input"); - auto kernel_cmdline = android::base::Join( - KernelCommandLineFromConfig(config_, instance_), " "); - // If the bootconfig isn't supported in the guest kernel, the bootconfig - // args need to be passed in via the uboot env. This won't be an issue for - // protect kvm which is running a kernel with bootconfig support. - if (!instance_.bootconfig_supported()) { - auto bootconfig_args = - CF_EXPECT(BootconfigArgsFromConfig(config_, instance_)); - - // "androidboot.hardware" kernel parameter has changed to "hardware" in - // bootconfig and needs to be replaced before being used in the kernel - // cmdline. - auto bootconfig_hardware_it = bootconfig_args.find("hardware"); - if (bootconfig_hardware_it != bootconfig_args.end()) { - bootconfig_args["androidboot.hardware"] = - bootconfig_hardware_it->second; - bootconfig_args.erase(bootconfig_hardware_it); - } - - // TODO(b/182417593): Until we pass the module parameters through - // modules.options, we pass them through bootconfig using - // 'kernel.<key>=<value>' But if we don't support bootconfig, we need to - // rename them back to the old cmdline version - bootconfig_args = ReplaceKernelBootArgs(bootconfig_args); - - kernel_cmdline += - " " + CF_EXPECT(BootconfigArgsString(bootconfig_args, " ")); - } + CF_EXPECTF(WriteEnvironment(instance, flow, kernel_cmdline, uboot_env_path), + "Unable to write out plaintext env '{}'", uboot_env_path); + + auto mkimage_path = HostBinaryPath("mkenvimage_slim"); + Command cmd(mkimage_path); + cmd.AddParameter("-output_path"); + cmd.AddParameter(tmp_boot_env_image_path); + cmd.AddParameter("-input_path"); + cmd.AddParameter(uboot_env_path); + int success = cmd.Start().Wait(); + CF_EXPECTF(success == 0, + "Unable to run mkenvimage_slim. Exited with status {}", success); + + const off_t boot_env_size_bytes = + AlignToPowerOf2(MAX_AVB_METADATA_SIZE + 4096, PARTITION_SIZE_SHIFT); + + auto avbtool_path = HostBinaryPath("avbtool"); + Command boot_env_hash_footer_cmd(avbtool_path); + boot_env_hash_footer_cmd.AddParameter("add_hash_footer"); + boot_env_hash_footer_cmd.AddParameter("--image"); + boot_env_hash_footer_cmd.AddParameter(tmp_boot_env_image_path); + boot_env_hash_footer_cmd.AddParameter("--partition_size"); + boot_env_hash_footer_cmd.AddParameter(boot_env_size_bytes); + boot_env_hash_footer_cmd.AddParameter("--partition_name"); + boot_env_hash_footer_cmd.AddParameter("uboot_env"); + boot_env_hash_footer_cmd.AddParameter("--key"); + boot_env_hash_footer_cmd.AddParameter( + DefaultHostArtifactsPath("etc/cvd_avb_testkey.pem")); + boot_env_hash_footer_cmd.AddParameter("--algorithm"); + boot_env_hash_footer_cmd.AddParameter("SHA256_RSA4096"); + success = boot_env_hash_footer_cmd.Start().Wait(); + CF_EXPECTF(success == 0, + "Unable to append hash footer. Exited with status {}", success); + + if (!FileExists(image_path) || + ReadFile(image_path) != ReadFile(tmp_boot_env_image_path)) { + CF_EXPECT(RenameFile(tmp_boot_env_image_path, image_path), + "Unable to delete the old env image"); + LOG(DEBUG) << "Updated bootloader environment image."; + } else { + RemoveFile(tmp_boot_env_image_path); + } - CF_EXPECTF( - WriteEnvironment(instance_, flow, kernel_cmdline, uboot_env_path), - "Unable to write out plaintext env '{}'", uboot_env_path); - - auto mkimage_path = HostBinaryPath("mkenvimage_slim"); - Command cmd(mkimage_path); - cmd.AddParameter("-output_path"); - cmd.AddParameter(tmp_boot_env_image_path); - cmd.AddParameter("-input_path"); - cmd.AddParameter(uboot_env_path); - int success = cmd.Start().Wait(); - CF_EXPECTF(success == 0, - "Unable to run mkenvimage_slim. Exited with status {}", success); - - const off_t boot_env_size_bytes = AlignToPowerOf2( - MAX_AVB_METADATA_SIZE + 4096, PARTITION_SIZE_SHIFT); - - auto avbtool_path = HostBinaryPath("avbtool"); - Command boot_env_hash_footer_cmd(avbtool_path); - boot_env_hash_footer_cmd.AddParameter("add_hash_footer"); - boot_env_hash_footer_cmd.AddParameter("--image"); - boot_env_hash_footer_cmd.AddParameter(tmp_boot_env_image_path); - boot_env_hash_footer_cmd.AddParameter("--partition_size"); - boot_env_hash_footer_cmd.AddParameter(boot_env_size_bytes); - boot_env_hash_footer_cmd.AddParameter("--partition_name"); - boot_env_hash_footer_cmd.AddParameter("uboot_env"); - boot_env_hash_footer_cmd.AddParameter("--key"); - boot_env_hash_footer_cmd.AddParameter( - DefaultHostArtifactsPath("etc/cvd_avb_testkey.pem")); - boot_env_hash_footer_cmd.AddParameter("--algorithm"); - boot_env_hash_footer_cmd.AddParameter("SHA256_RSA4096"); - success = boot_env_hash_footer_cmd.Start().Wait(); - CF_EXPECTF(success == 0, - "Unable to append hash footer. Exited with status {}", success); - - if (!FileExists(image_path) || - ReadFile(image_path) != ReadFile(tmp_boot_env_image_path)) { - CF_EXPECT(RenameFile(tmp_boot_env_image_path, image_path), - "Unable to delete the old env image"); - LOG(DEBUG) << "Updated bootloader environment image."; - } else { - RemoveFile(tmp_boot_env_image_path); - } + return {}; +} - return {}; - } +} // namespace - const CuttlefishConfig& config_; - const CuttlefishConfig::InstanceSpecific& instance_; -}; - -fruit::Component<fruit::Required<const CuttlefishConfig, - const CuttlefishConfig::InstanceSpecific>, - InitBootloaderEnvPartition> -InitBootloaderEnvPartitionComponent() { - return fruit::createComponent() - .bind<InitBootloaderEnvPartition, InitBootloaderEnvPartitionImpl>() - .addMultibinding<SetupFeature, InitBootloaderEnvPartition>(); +Result<void> InitBootloaderEnvPartition( + const CuttlefishConfig& config, + const CuttlefishConfig::InstanceSpecific& instance) { + if (instance.ap_boot_flow() == + CuttlefishConfig::InstanceSpecific::APBootFlow::Grub) { + CF_EXPECT(PrepareBootEnvImage( + config, instance, instance.ap_uboot_env_image_path(), + CuttlefishConfig::InstanceSpecific::BootFlow::Linux)); + } + CF_EXPECT(PrepareBootEnvImage( + config, instance, instance.uboot_env_image_path(), instance.boot_flow())); + return {}; } } // namespace cuttlefish diff --git a/host/commands/assemble_cvd/boot_config.h b/host/commands/assemble_cvd/boot_config.h index 87318495e..dc5328ff2 100644 --- a/host/commands/assemble_cvd/boot_config.h +++ b/host/commands/assemble_cvd/boot_config.h @@ -17,16 +17,12 @@ #include <fruit/fruit.h> +#include "common/libs/utils/result.h" #include "host/libs/config/cuttlefish_config.h" -#include "host/libs/config/feature.h" namespace cuttlefish { -class InitBootloaderEnvPartition : public SetupFeature {}; - -fruit::Component<fruit::Required<const CuttlefishConfig, - const CuttlefishConfig::InstanceSpecific>, - InitBootloaderEnvPartition> -InitBootloaderEnvPartitionComponent(); +Result<void> InitBootloaderEnvPartition( + const CuttlefishConfig&, const CuttlefishConfig::InstanceSpecific&); } // namespace cuttlefish diff --git a/host/commands/assemble_cvd/disk/disk.h b/host/commands/assemble_cvd/disk/disk.h index 1265d8121..548ab71b2 100644 --- a/host/commands/assemble_cvd/disk/disk.h +++ b/host/commands/assemble_cvd/disk/disk.h @@ -33,32 +33,26 @@ fruit::Component<fruit::Required<const CuttlefishConfig, KernelRamdiskRepacker> KernelRamdiskRepackerComponent(); -class GeneratePersistentBootconfig : public SetupFeature {}; - -fruit::Component<fruit::Required<const CuttlefishConfig, - const CuttlefishConfig::InstanceSpecific>, - GeneratePersistentBootconfig> -GeneratePersistentBootconfigComponent(); +Result<void> GeneratePersistentBootconfig( + const CuttlefishConfig&, const CuttlefishConfig::InstanceSpecific&); fruit::Component<fruit::Required<const CuttlefishConfig, KernelRamdiskRepacker>> Gem5ImageUnpackerComponent(); class GeneratePersistentVbmeta : public SetupFeature {}; -fruit::Component< - fruit::Required<const CuttlefishConfig::InstanceSpecific, - InitBootloaderEnvPartition, GeneratePersistentBootconfig>, - GeneratePersistentVbmeta> +fruit::Component<fruit::Required<const CuttlefishConfig::InstanceSpecific, + AutoSetup<InitBootloaderEnvPartition>::Type, + AutoSetup<GeneratePersistentBootconfig>::Type>, + GeneratePersistentVbmeta> GeneratePersistentVbmetaComponent(); -class InitializeFactoryResetProtected : public SetupFeature {}; - -fruit::Component<fruit::Required<const CuttlefishConfig::InstanceSpecific>, - InitializeFactoryResetProtected> -InitializeFactoryResetProtectedComponent(); +Result<void> InitializeFactoryResetProtected( + const CuttlefishConfig::InstanceSpecific&); Result<void> InitializeInstanceCompositeDisk( const CuttlefishConfig&, const CuttlefishConfig::InstanceSpecific&, - InitializeFactoryResetProtected&, GeneratePersistentVbmeta&); + AutoSetup<InitializeFactoryResetProtected>::Type&, + GeneratePersistentVbmeta&); } // namespace cuttlefish diff --git a/host/commands/assemble_cvd/disk/factory_reset_protected.cc b/host/commands/assemble_cvd/disk/factory_reset_protected.cc index a20cb58bc..3a2cd2976 100644 --- a/host/commands/assemble_cvd/disk/factory_reset_protected.cc +++ b/host/commands/assemble_cvd/disk/factory_reset_protected.cc @@ -24,41 +24,18 @@ namespace cuttlefish { -class InitializeFactoryResetProtectedImpl - : public InitializeFactoryResetProtected { - public: - INJECT(InitializeFactoryResetProtectedImpl( - const CuttlefishConfig::InstanceSpecific& instance)) - : instance_(instance) {} - - // SetupFeature - std::string Name() const override { - return "InitializeFactoryResetProtected"; +Result<void> InitializeFactoryResetProtected( + const CuttlefishConfig::InstanceSpecific& instance) { + if (instance.protected_vm()) { + return {}; } - bool Enabled() const override { return !instance_.protected_vm(); } - - private: - std::unordered_set<SetupFeature*> Dependencies() const override { return {}; } - Result<void> ResultSetup() override { - auto frp = instance_.factory_reset_protected_path(); - if (FileExists(frp)) { - return {}; - } - CF_EXPECT(CreateBlankImage(frp, 1 /* mb */, "none"), - "Failed to create \"" << frp << "\""); + auto frp = instance.factory_reset_protected_path(); + if (FileExists(frp)) { return {}; } - - const CuttlefishConfig::InstanceSpecific& instance_; -}; - -fruit::Component<fruit::Required<const CuttlefishConfig::InstanceSpecific>, - InitializeFactoryResetProtected> -InitializeFactoryResetProtectedComponent() { - return fruit::createComponent() - .bind<InitializeFactoryResetProtected, - InitializeFactoryResetProtectedImpl>() - .addMultibinding<SetupFeature, InitializeFactoryResetProtected>(); + CF_EXPECT(CreateBlankImage(frp, 1 /* mb */, "none"), + "Failed to create \"" << frp << "\""); + return {}; } } // namespace cuttlefish diff --git a/host/commands/assemble_cvd/disk/generate_persistent_bootconfig.cpp b/host/commands/assemble_cvd/disk/generate_persistent_bootconfig.cpp index 568220594..d0a841fec 100644 --- a/host/commands/assemble_cvd/disk/generate_persistent_bootconfig.cpp +++ b/host/commands/assemble_cvd/disk/generate_persistent_bootconfig.cpp @@ -37,98 +37,77 @@ namespace cuttlefish { -class GeneratePersistentBootconfigImpl : public GeneratePersistentBootconfig { - public: - INJECT(GeneratePersistentBootconfigImpl( - const CuttlefishConfig& config, - const CuttlefishConfig::InstanceSpecific& instance)) - : config_(config), instance_(instance) {} - - // SetupFeature - std::string Name() const override { return "GeneratePersistentBootconfig"; } - bool Enabled() const override { return (!instance_.protected_vm()); } - - private: - std::unordered_set<SetupFeature*> Dependencies() const override { return {}; } - Result<void> ResultSetup() override { - // Cuttlefish for the time being won't be able to support OTA from a - // non-bootconfig kernel to a bootconfig-kernel (or vice versa) IF the - // device is stopped (via stop_cvd). This is rarely an issue since OTA - // testing run on cuttlefish is done within one launch cycle of the device. - // If this ever becomes an issue, this code will have to be rewritten. - if (!instance_.bootconfig_supported()) { - return {}; - } - const auto bootconfig_path = instance_.persistent_bootconfig_path(); - if (!FileExists(bootconfig_path)) { - CF_EXPECT(CreateBlankImage(bootconfig_path, 1 /* mb */, "none"), - "Failed to create image at " << bootconfig_path); - } - - auto bootconfig_fd = SharedFD::Open(bootconfig_path, O_RDWR); - CF_EXPECT(bootconfig_fd->IsOpen(), - "Unable to open bootconfig file: " << bootconfig_fd->StrError()); - - const auto bootconfig_args = - CF_EXPECT(BootconfigArgsFromConfig(config_, instance_)); - const auto bootconfig = - CF_EXPECT(BootconfigArgsString(bootconfig_args, "\n")) + "\n"; - - LOG(DEBUG) << "bootconfig size is " << bootconfig.size(); - ssize_t bytesWritten = WriteAll(bootconfig_fd, bootconfig); - CF_EXPECT(WriteAll(bootconfig_fd, bootconfig) == bootconfig.size(), - "Failed to write bootconfig to \"" << bootconfig_path << "\""); - LOG(DEBUG) << "Bootconfig parameters from vendor boot image and config are " - << ReadFile(bootconfig_path); - - CF_EXPECT(bootconfig_fd->Truncate(bootconfig.size()) == 0, - "`truncate --size=" << bootconfig.size() << " bytes " - << bootconfig_path - << "` failed:" << bootconfig_fd->StrError()); - - if (config_.vm_manager() == vm_manager::Gem5Manager::name()) { - const off_t bootconfig_size_bytes_gem5 = - AlignToPowerOf2(bytesWritten, PARTITION_SIZE_SHIFT); - CF_EXPECT(bootconfig_fd->Truncate(bootconfig_size_bytes_gem5) == 0); - bootconfig_fd->Close(); - } else { - bootconfig_fd->Close(); - const off_t bootconfig_size_bytes = AlignToPowerOf2( - MAX_AVB_METADATA_SIZE + bootconfig.size(), PARTITION_SIZE_SHIFT); - - auto avbtool_path = HostBinaryPath("avbtool"); - Command bootconfig_hash_footer_cmd(avbtool_path); - bootconfig_hash_footer_cmd.AddParameter("add_hash_footer"); - bootconfig_hash_footer_cmd.AddParameter("--image"); - bootconfig_hash_footer_cmd.AddParameter(bootconfig_path); - bootconfig_hash_footer_cmd.AddParameter("--partition_size"); - bootconfig_hash_footer_cmd.AddParameter(bootconfig_size_bytes); - bootconfig_hash_footer_cmd.AddParameter("--partition_name"); - bootconfig_hash_footer_cmd.AddParameter("bootconfig"); - bootconfig_hash_footer_cmd.AddParameter("--key"); - bootconfig_hash_footer_cmd.AddParameter( - DefaultHostArtifactsPath("etc/cvd_avb_testkey.pem")); - bootconfig_hash_footer_cmd.AddParameter("--algorithm"); - bootconfig_hash_footer_cmd.AddParameter("SHA256_RSA4096"); - int success = bootconfig_hash_footer_cmd.Start().Wait(); - CF_EXPECT( - success == 0, - "Unable to run append hash footer. Exited with status " << success); - } +Result<void> GeneratePersistentBootconfig( + const CuttlefishConfig& config, + const CuttlefishConfig::InstanceSpecific& instance) { + if (instance.protected_vm()) { return {}; } + // Cuttlefish for the time being won't be able to support OTA from a + // non-bootconfig kernel to a bootconfig-kernel (or vice versa) IF the + // device is stopped (via stop_cvd). This is rarely an issue since OTA + // testing run on cuttlefish is done within one launch cycle of the device. + // If this ever becomes an issue, this code will have to be rewritten. + if (!instance.bootconfig_supported()) { + return {}; + } + const auto bootconfig_path = instance.persistent_bootconfig_path(); + if (!FileExists(bootconfig_path)) { + CF_EXPECT(CreateBlankImage(bootconfig_path, 1 /* mb */, "none"), + "Failed to create image at " << bootconfig_path); + } - const CuttlefishConfig& config_; - const CuttlefishConfig::InstanceSpecific& instance_; -}; - -fruit::Component<fruit::Required<const CuttlefishConfig, - const CuttlefishConfig::InstanceSpecific>, - GeneratePersistentBootconfig> -GeneratePersistentBootconfigComponent() { - return fruit::createComponent() - .addMultibinding<SetupFeature, GeneratePersistentBootconfigImpl>() - .bind<GeneratePersistentBootconfig, GeneratePersistentBootconfigImpl>(); + auto bootconfig_fd = SharedFD::Open(bootconfig_path, O_RDWR); + CF_EXPECT(bootconfig_fd->IsOpen(), + "Unable to open bootconfig file: " << bootconfig_fd->StrError()); + + const auto bootconfig_args = + CF_EXPECT(BootconfigArgsFromConfig(config, instance)); + const auto bootconfig = + CF_EXPECT(BootconfigArgsString(bootconfig_args, "\n")) + "\n"; + + LOG(DEBUG) << "bootconfig size is " << bootconfig.size(); + ssize_t bytesWritten = WriteAll(bootconfig_fd, bootconfig); + CF_EXPECT(WriteAll(bootconfig_fd, bootconfig) == bootconfig.size(), + "Failed to write bootconfig to \"" << bootconfig_path << "\""); + LOG(DEBUG) << "Bootconfig parameters from vendor boot image and config are " + << ReadFile(bootconfig_path); + + CF_EXPECT(bootconfig_fd->Truncate(bootconfig.size()) == 0, + "`truncate --size=" << bootconfig.size() << " bytes " + << bootconfig_path + << "` failed:" << bootconfig_fd->StrError()); + + if (config.vm_manager() == vm_manager::Gem5Manager::name()) { + const off_t bootconfig_size_bytes_gem5 = + AlignToPowerOf2(bytesWritten, PARTITION_SIZE_SHIFT); + CF_EXPECT(bootconfig_fd->Truncate(bootconfig_size_bytes_gem5) == 0); + bootconfig_fd->Close(); + } else { + bootconfig_fd->Close(); + const off_t bootconfig_size_bytes = AlignToPowerOf2( + MAX_AVB_METADATA_SIZE + bootconfig.size(), PARTITION_SIZE_SHIFT); + + auto avbtool_path = HostBinaryPath("avbtool"); + Command bootconfig_hash_footer_cmd(avbtool_path); + bootconfig_hash_footer_cmd.AddParameter("add_hash_footer"); + bootconfig_hash_footer_cmd.AddParameter("--image"); + bootconfig_hash_footer_cmd.AddParameter(bootconfig_path); + bootconfig_hash_footer_cmd.AddParameter("--partition_size"); + bootconfig_hash_footer_cmd.AddParameter(bootconfig_size_bytes); + bootconfig_hash_footer_cmd.AddParameter("--partition_name"); + bootconfig_hash_footer_cmd.AddParameter("bootconfig"); + bootconfig_hash_footer_cmd.AddParameter("--key"); + bootconfig_hash_footer_cmd.AddParameter( + DefaultHostArtifactsPath("etc/cvd_avb_testkey.pem")); + bootconfig_hash_footer_cmd.AddParameter("--algorithm"); + bootconfig_hash_footer_cmd.AddParameter("SHA256_RSA4096"); + int success = bootconfig_hash_footer_cmd.Start().Wait(); + CF_EXPECT( + success == 0, + "Unable to run append hash footer. Exited with status " << success); + } + return {}; } } // namespace cuttlefish diff --git a/host/commands/assemble_cvd/disk/generate_persistent_vbmeta.cpp b/host/commands/assemble_cvd/disk/generate_persistent_vbmeta.cpp index 1f95b9b1c..6c3560c00 100644 --- a/host/commands/assemble_cvd/disk/generate_persistent_vbmeta.cpp +++ b/host/commands/assemble_cvd/disk/generate_persistent_vbmeta.cpp @@ -34,8 +34,8 @@ class GeneratePersistentVbmetaImpl : public GeneratePersistentVbmeta { public: INJECT(GeneratePersistentVbmetaImpl( const CuttlefishConfig::InstanceSpecific& instance, - InitBootloaderEnvPartition& bootloader_env, - GeneratePersistentBootconfig& bootconfig)) + AutoSetup<InitBootloaderEnvPartition>::Type& bootloader_env, + AutoSetup<GeneratePersistentBootconfig>::Type& bootconfig)) : instance_(instance), bootloader_env_(bootloader_env), bootconfig_(bootconfig) {} @@ -111,14 +111,14 @@ class GeneratePersistentVbmetaImpl : public GeneratePersistentVbmeta { } const CuttlefishConfig::InstanceSpecific& instance_; - InitBootloaderEnvPartition& bootloader_env_; - GeneratePersistentBootconfig& bootconfig_; + AutoSetup<InitBootloaderEnvPartition>::Type& bootloader_env_; + AutoSetup<GeneratePersistentBootconfig>::Type& bootconfig_; }; -fruit::Component< - fruit::Required<const CuttlefishConfig::InstanceSpecific, - InitBootloaderEnvPartition, GeneratePersistentBootconfig>, - GeneratePersistentVbmeta> +fruit::Component<fruit::Required<const CuttlefishConfig::InstanceSpecific, + AutoSetup<InitBootloaderEnvPartition>::Type, + AutoSetup<GeneratePersistentBootconfig>::Type>, + GeneratePersistentVbmeta> GeneratePersistentVbmetaComponent() { return fruit::createComponent() .addMultibinding<SetupFeature, GeneratePersistentVbmetaImpl>() diff --git a/host/commands/assemble_cvd/disk/initialize_instance_composite_disk.cc b/host/commands/assemble_cvd/disk/initialize_instance_composite_disk.cc index e1567b6b1..f71d8e718 100644 --- a/host/commands/assemble_cvd/disk/initialize_instance_composite_disk.cc +++ b/host/commands/assemble_cvd/disk/initialize_instance_composite_disk.cc @@ -89,7 +89,7 @@ bool IsVmManagerQemu(const CuttlefishConfig& config) { Result<void> InitializeInstanceCompositeDisk( const CuttlefishConfig& config, const CuttlefishConfig::InstanceSpecific& instance, - InitializeFactoryResetProtected& /* dependency */, + AutoSetup<InitializeFactoryResetProtected>::Type& /* dependency */, GeneratePersistentVbmeta& /* dependency */) { const auto ipath = [&instance](const std::string& path) -> std::string { return instance.PerInstancePath(path.c_str()); diff --git a/host/commands/assemble_cvd/disk_flags.cc b/host/commands/assemble_cvd/disk_flags.cc index f321def87..07b17be2e 100644 --- a/host/commands/assemble_cvd/disk_flags.cc +++ b/host/commands/assemble_cvd/disk_flags.cc @@ -684,15 +684,15 @@ static fruit::Component<> DiskChangesPerInstanceComponent( .bindInstance(*config) .bindInstance(*instance) .install(AutoSetup<InitializeAccessKregistryImage>::Component) + .install(AutoSetup<InitBootloaderEnvPartition>::Component) + .install(AutoSetup<InitializeFactoryResetProtected>::Component) .install(AutoSetup<InitializeHwcomposerPmemImage>::Component) .install(AutoSetup<InitializePstore>::Component) .install(AutoSetup<InitializeSdCard>::Component) - .install(InitializeFactoryResetProtectedComponent) - .install(GeneratePersistentBootconfigComponent) + .install(AutoSetup<GeneratePersistentBootconfig>::Component) .install(GeneratePersistentVbmetaComponent) .install(AutoSetup<InitializeInstanceCompositeDisk>::Component) - .install(InitializeDataImageComponent) - .install(InitBootloaderEnvPartitionComponent); + .install(InitializeDataImageComponent); } Result<void> DiskImageFlagsVectorization(CuttlefishConfig& config, const FetcherConfig& fetcher_config) { diff --git a/host/commands/assemble_cvd/graphics_flags.cc b/host/commands/assemble_cvd/graphics_flags.cc index 19aebc519..c56e3da5c 100644 --- a/host/commands/assemble_cvd/graphics_flags.cc +++ b/host/commands/assemble_cvd/graphics_flags.cc @@ -255,9 +255,10 @@ Result<std::string> SelectGpuMode( LOG(INFO) << "GPU auto mode: detected prerequisites for accelerated " << "rendering support."; - if (vm_manager == vm_manager::QemuManager::name()) { - LOG(INFO) << "Enabling --gpu_mode=drm_virgl."; - return kGpuModeDrmVirgl; + + if (vm_manager == vm_manager::QemuManager::name() && !UseQemu8()) { + LOG(INFO) << "Not using QEMU8: selecting guest swiftshader"; + return kGpuModeGuestSwiftshader; } else if (!guest_config.gfxstream_supported) { LOG(INFO) << "GPU auto mode: guest does not support gfxstream, " "enabling --gpu_mode=guest_swiftshader"; @@ -284,6 +285,11 @@ Result<std::string> SelectGpuMode( "function correctly. Please consider switching to " "--gpu_mode=auto or --gpu_mode=guest_swiftshader."; } + + if (vm_manager == vm_manager::QemuManager::name() && !UseQemu8()) { + LOG(INFO) << "Not using QEMU8: selecting guest swiftshader"; + return kGpuModeGuestSwiftshader; + } } return gpu_mode_arg; diff --git a/host/commands/assemble_cvd/graphics_flags.h b/host/commands/assemble_cvd/graphics_flags.h index 69b1d7485..6a96dccb3 100644 --- a/host/commands/assemble_cvd/graphics_flags.h +++ b/host/commands/assemble_cvd/graphics_flags.h @@ -19,6 +19,7 @@ #include "common/libs/utils/result.h" #include "host/commands/assemble_cvd/flags.h" +#include "host/libs/config/config_utils.h" #include "host/libs/config/cuttlefish_config.h" namespace cuttlefish { @@ -28,4 +29,4 @@ Result<std::string> ConfigureGpuSettings( const std::string& vm_manager, const GuestConfig& guest_config, CuttlefishConfig::MutableInstanceSpecific& instance); -} // namespace cuttlefish
\ No newline at end of file +} // namespace cuttlefish diff --git a/host/commands/cvd_load_tester/end_to_end_test/multi/demo.json b/host/commands/cvd_load_tester/end_to_end_test/multi/demo.json new file mode 100644 index 000000000..00af4bdc6 --- /dev/null +++ b/host/commands/cvd_load_tester/end_to_end_test/multi/demo.json @@ -0,0 +1,27 @@ +{ + "instances" : + [ + { + "@import" : "phone", + "vm": { + "memory_mb": 8192, + "setupwizard_mode": "OPTIONAL", + "cpus": 4 + }, + "disk": { + "default_build": "git_master/cf_x86_64_phone-userdebug" + } + }, + { + "@import" : "wearable", + "vm": { + "memory_mb": 8192, + "setupwizard_mode": "REQUIRED", + "cpus": 4 + }, + "disk": { + "default_build": "git_master/cf_gwear_x86-userdebug" + } + } + ] +} diff --git a/host/commands/run_cvd/launch/mcu.cpp b/host/commands/run_cvd/launch/mcu.cpp index 96e426e7d..8076abebd 100644 --- a/host/commands/run_cvd/launch/mcu.cpp +++ b/host/commands/run_cvd/launch/mcu.cpp @@ -62,12 +62,14 @@ class Mcu : public vm_manager::VmmDependencyCommand { CF_EXPECT(start.type() == Json::arrayValue, "mcu: config: start-cmd: array expected"); CF_EXPECT(start.size() > 0, "mcu: config: empty start-cmd"); - Command command(start[0].asString()); + Command command(android::base::StringReplace(start[0].asString(), "${bin}", + HostBinaryPath(""), true)); - std::string wdir = "${wdir}"; for (unsigned int i = 1; i < start.size(); i++) { auto param = start[i].asString(); param = android::base::StringReplace(param, "${wdir}", mcu_dir_, true); + param = android::base::StringReplace(param, "${bin}", HostBinaryPath(""), + true); command.AddParameter(param); } diff --git a/host/commands/secure_env/rust/Android.bp b/host/commands/secure_env/rust/Android.bp index 6b04e7b12..57e8f7741 100644 --- a/host/commands/secure_env/rust/Android.bp +++ b/host/commands/secure_env/rust/Android.bp @@ -27,7 +27,7 @@ rust_protobuf { rust_library_host { name: "libkmr_cf", - srcs: [ "lib.rs" ], + srcs: ["lib.rs"], crate_name: "kmr_cf", rustlibs: [ "libhex", @@ -35,6 +35,7 @@ rust_library_host { "libkmr_crypto_boring", "libkmr_proto_rust", "libkmr_ta", + "libkmr_ta_nonsecure", "libkmr_wire", "liblibc", "liblog_rust", @@ -48,7 +49,7 @@ rust_library_host { rust_ffi_host { name: "libkmr_cf_ffi", compile_multilib: "64", - srcs: [ "ffi.rs" ], + srcs: ["ffi.rs"], crate_name: "kmr_cf_ffi", rustlibs: [ "libkmr_cf", @@ -68,6 +69,7 @@ rust_test_host { "libkmr_crypto_boring", "libkmr_proto_rust", "libkmr_ta", + "libkmr_ta_nonsecure", "libkmr_tests", "libkmr_wire", "liblibc", diff --git a/host/commands/secure_env/rust/attest.rs b/host/commands/secure_env/rust/attest.rs deleted file mode 100644 index b8410d68c..000000000 --- a/host/commands/secure_env/rust/attest.rs +++ /dev/null @@ -1,423 +0,0 @@ -// -// Copyright (C) 2022 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//! Attestation keys and certificates. -//! -//! Hard-coded keys and certs copied from system/keymaster/context/soft_attestation_cert.cpp - -use kmr_common::{ - crypto::ec, crypto::rsa, crypto::CurveType, crypto::KeyMaterial, wire::keymint, - wire::keymint::EcCurve, Error, -}; -use kmr_ta::device::{RetrieveCertSigningInfo, SigningAlgorithm, SigningKeyType}; - -/// RSA attestation private key in PKCS#1 format. -/// -/// Decoded contents (using [der2ascii](https://github.com/google/der-ascii)): -/// -/// ``` -/// SEQUENCE { -/// INTEGER { 0 } -/// INTEGER { `00c08323dc56881bb8302069f5b08561c6eebe7f05e2f5a842048abe8b47be76feaef25cf29b2afa3200141601429989a15fcfc6815eb363583c2fd2f20be4983283dd814b16d7e185417ae54abc296a3a6db5c004083b68c556c1f02339916419864d50b74d40aeca484c77356c895a0c275abfac499d5d7d2362f29c5e02e871` } -/// INTEGER { 65537 } -/// INTEGER { `00be860b0b99a802a6fb1a59438a7bb715065b09a36dc6e9cacc6bf3c02c34d7d79e94c6606428d88c7b7f6577c1cdea64074abe8e7286df1f0811dc9728260868de95d32efc96b6d084ff271a5f60defcc703e7a38e6e29ba9a3c5fc2c28076b6a896af1d34d78828ce9bddb1f34f9c9404430781298e201316725bbdbc993a41` } -/// INTEGER { `00e1c6d927646c0916ec36826d594983740c21f1b074c4a1a59867c669795c85d3dc464c5b929e94bfb34e0dcc5014b10f13341ab7fdd5f60414d2a326cad41cc5` } -/// INTEGER { `00da485997785cd5630fb0fd8c5254f98e538e18983aae9e6b7e6a5a7b5d343755b9218ebd40320d28387d789f76fa218bcc2d8b68a5f6418fbbeca5179ab3afbd` } -/// INTEGER { `50fefc32649559616ed6534e154509329d93a3d810dbe5bdb982292cf78bd8badb8020ae8d57f4b71d05386ffe9e9db271ca3477a34999db76f8e5ece9c0d49d` } -/// INTEGER { `15b74cf27cceff8bb36bf04d9d8346b09a2f70d2f4439b0f26ac7e03f7e9d1f77d4b915fd29b2823f03acb5d5200e0857ff2a803e93eee96d6235ce95442bc21` } -/// INTEGER { `0090a745da8970b2cd649660324228c5f82856ffd665ba9a85c8d60f1b8bee717ecd2c72eae01dad86ba7654d4cf45adb5f1f2b31d9f8122cfa5f1a5570f9b2d25` } -/// } -/// ``` -const RSA_ATTEST_KEY: &str = concat!( - "3082025d02010002818100c08323dc56881bb8302069f5b08561c6eebe7f05e2", - "f5a842048abe8b47be76feaef25cf29b2afa3200141601429989a15fcfc6815e", - "b363583c2fd2f20be4983283dd814b16d7e185417ae54abc296a3a6db5c00408", - "3b68c556c1f02339916419864d50b74d40aeca484c77356c895a0c275abfac49", - "9d5d7d2362f29c5e02e871020301000102818100be860b0b99a802a6fb1a5943", - "8a7bb715065b09a36dc6e9cacc6bf3c02c34d7d79e94c6606428d88c7b7f6577", - "c1cdea64074abe8e7286df1f0811dc9728260868de95d32efc96b6d084ff271a", - "5f60defcc703e7a38e6e29ba9a3c5fc2c28076b6a896af1d34d78828ce9bddb1", - "f34f9c9404430781298e201316725bbdbc993a41024100e1c6d927646c0916ec", - "36826d594983740c21f1b074c4a1a59867c669795c85d3dc464c5b929e94bfb3", - "4e0dcc5014b10f13341ab7fdd5f60414d2a326cad41cc5024100da485997785c", - "d5630fb0fd8c5254f98e538e18983aae9e6b7e6a5a7b5d343755b9218ebd4032", - "0d28387d789f76fa218bcc2d8b68a5f6418fbbeca5179ab3afbd024050fefc32", - "649559616ed6534e154509329d93a3d810dbe5bdb982292cf78bd8badb8020ae", - "8d57f4b71d05386ffe9e9db271ca3477a34999db76f8e5ece9c0d49d024015b7", - "4cf27cceff8bb36bf04d9d8346b09a2f70d2f4439b0f26ac7e03f7e9d1f77d4b", - "915fd29b2823f03acb5d5200e0857ff2a803e93eee96d6235ce95442bc210241", - "0090a745da8970b2cd649660324228c5f82856ffd665ba9a85c8d60f1b8bee71", - "7ecd2c72eae01dad86ba7654d4cf45adb5f1f2b31d9f8122cfa5f1a5570f9b2d", - "25", -); - -/// Attestation certificate corresponding to [`RSA_ATTEST_KEY`], signed by the key in -/// [`RSA_ATTEST_ROOT_CERT`]. -/// -/// Decoded contents: -/// -/// ``` -/// Certificate: -/// Data: -/// Version: 3 (0x2) -/// Serial Number: 4096 (0x1000) -/// Signature Algorithm: SHA256-RSA -/// Issuer: C=US, O=Google, Inc., OU=Android, L=Mountain View, ST=California -/// Validity: -/// Not Before: 2016-01-04 12:40:53 +0000 UTC -/// Not After : 2035-12-30 12:40:53 +0000 UTC -/// Subject: C=US, O=Google, Inc., OU=Android, ST=California, CN=Android Software Attestation Key -/// Subject Public Key Info: -/// Public Key Algorithm: rsaEncryption -/// Public Key: (1024 bit) -/// Modulus: -/// c0:83:23:dc:56:88:1b:b8:30:20:69:f5:b0:85:61: -/// c6:ee:be:7f:05:e2:f5:a8:42:04:8a:be:8b:47:be: -/// 76:fe:ae:f2:5c:f2:9b:2a:fa:32:00:14:16:01:42: -/// 99:89:a1:5f:cf:c6:81:5e:b3:63:58:3c:2f:d2:f2: -/// 0b:e4:98:32:83:dd:81:4b:16:d7:e1:85:41:7a:e5: -/// 4a:bc:29:6a:3a:6d:b5:c0:04:08:3b:68:c5:56:c1: -/// f0:23:39:91:64:19:86:4d:50:b7:4d:40:ae:ca:48: -/// 4c:77:35:6c:89:5a:0c:27:5a:bf:ac:49:9d:5d:7d: -/// 23:62:f2:9c:5e:02:e8:71: -/// Exponent: 65537 (0x10001) -/// X509v3 extensions: -/// X509v3 Authority Key Identifier: -/// keyid:29faf1accc4dd24c96402775b6b0e932e507fe2e -/// X509v3 Subject Key Identifier: -/// keyid:d40c101bf8cd63b9f73952b50e135ca6d7999386 -/// X509v3 Key Usage: critical -/// Digital Signature, Certificate Signing -/// X509v3 Basic Constraints: critical -/// CA:true, pathlen:0 -/// Signature Algorithm: SHA256-RSA -/// 9e:2d:48:5f:8c:67:33:dc:1a:85:ad:99:d7:50:23:ea:14:ec: -/// 43:b0:e1:9d:ea:c2:23:46:1e:72:b5:19:dc:60:22:e4:a5:68: -/// 31:6c:0b:55:c4:e6:9c:a2:2d:9f:3a:4f:93:6b:31:8b:16:78: -/// 16:0d:88:cb:d9:8b:cc:80:9d:84:f0:c2:27:e3:6b:38:f1:fd: -/// d1:e7:17:72:31:59:35:7d:96:f3:c5:7f:ab:9d:8f:96:61:26: -/// 4f:b2:be:81:bb:0d:49:04:22:8a:ce:9f:f7:f5:42:2e:25:44: -/// fa:21:07:12:5a:83:b5:55:ad:18:82:f8:40:14:9b:9c:20:63: -/// 04:7f: -/// ``` -const RSA_ATTEST_CERT: &str = concat!( - "308202b63082021fa00302010202021000300d06092a864886f70d01010b0500", - "3063310b30090603550406130255533113301106035504080c0a43616c69666f", - "726e69613116301406035504070c0d4d6f756e7461696e205669657731153013", - "060355040a0c0c476f6f676c652c20496e632e3110300e060355040b0c07416e", - "64726f6964301e170d3136303130343132343035335a170d3335313233303132", - "343035335a3076310b30090603550406130255533113301106035504080c0a43", - "616c69666f726e696131153013060355040a0c0c476f6f676c652c20496e632e", - "3110300e060355040b0c07416e64726f69643129302706035504030c20416e64", - "726f696420536f667477617265204174746573746174696f6e204b657930819f", - "300d06092a864886f70d010101050003818d0030818902818100c08323dc5688", - "1bb8302069f5b08561c6eebe7f05e2f5a842048abe8b47be76feaef25cf29b2a", - "fa3200141601429989a15fcfc6815eb363583c2fd2f20be4983283dd814b16d7", - "e185417ae54abc296a3a6db5c004083b68c556c1f02339916419864d50b74d40", - "aeca484c77356c895a0c275abfac499d5d7d2362f29c5e02e8710203010001a3", - "663064301d0603551d0e04160414d40c101bf8cd63b9f73952b50e135ca6d799", - "9386301f0603551d2304183016801429faf1accc4dd24c96402775b6b0e932e5", - "07fe2e30120603551d130101ff040830060101ff020100300e0603551d0f0101", - "ff040403020284300d06092a864886f70d01010b0500038181009e2d485f8c67", - "33dc1a85ad99d75023ea14ec43b0e19deac223461e72b519dc6022e4a568316c", - "0b55c4e69ca22d9f3a4f936b318b1678160d88cbd98bcc809d84f0c227e36b38", - "f1fdd1e717723159357d96f3c57fab9d8f9661264fb2be81bb0d4904228ace9f", - "f7f5422e2544fa2107125a83b555ad1882f840149b9c2063047f", -); - -/// Attestation self-signed root certificate holding the key that signed [`RSA_ATTEST_CERT`]. -/// -/// Decoded contents: -/// -/// ``` -/// Certificate: -/// Data: -/// Version: 3 (0x2) -/// Serial Number: 18416584322103887884 (0xff94d9dd9f07c80c) -/// Signature Algorithm: SHA256-RSA -/// Issuer: C=US, O=Google, Inc., OU=Android, L=Mountain View, ST=California -/// Validity: -/// Not Before: 2016-01-04 12:31:08 +0000 UTC -/// Not After : 2035-12-30 12:31:08 +0000 UTC -/// Subject: C=US, O=Google, Inc., OU=Android, L=Mountain View, ST=California -/// Subject Public Key Info: -/// Public Key Algorithm: rsaEncryption -/// Public Key: (1024 bit) -/// Modulus: -/// a2:6b:ad:eb:6e:2e:44:61:ef:d5:0e:82:e6:b7:94: -/// d1:75:23:1f:77:9b:63:91:63:ff:f7:aa:ff:0b:72: -/// 47:4e:c0:2c:43:ec:33:7c:d7:ac:ed:40:3e:8c:28: -/// a0:66:d5:f7:87:0b:33:97:de:0e:b8:4e:13:40:ab: -/// af:a5:27:bf:95:69:a0:31:db:06:52:65:f8:44:59: -/// 57:61:f0:bb:f2:17:4b:b7:41:80:64:c0:28:0e:8f: -/// 52:77:8e:db:d2:47:b6:45:e9:19:c8:e9:8b:c3:db: -/// c2:91:3f:d7:d7:50:c4:1d:35:66:f9:57:e4:97:96: -/// 0b:09:ac:ce:92:35:85:9b: -/// Exponent: 65537 (0x10001) -/// X509v3 extensions: -/// X509v3 Authority Key Identifier: -/// keyid:29faf1accc4dd24c96402775b6b0e932e507fe2e -/// X509v3 Subject Key Identifier: -/// keyid:29faf1accc4dd24c96402775b6b0e932e507fe2e -/// X509v3 Key Usage: critical -/// Digital Signature, Certificate Signing -/// X509v3 Basic Constraints: critical -/// CA:true -/// Signature Algorithm: SHA256-RSA -/// 4f:72:f3:36:59:8d:0e:c1:b9:74:5b:31:59:f6:f0:8d:25:49: -/// 30:9e:a3:1c:1c:29:d2:45:2d:20:b9:4d:5f:64:b4:e8:80:c7: -/// 78:7a:9c:39:de:a8:b3:f5:bf:2f:70:5f:47:10:5c:c5:e6:eb: -/// 4d:06:99:61:d2:ae:9a:07:ff:f7:7c:b8:ab:eb:9c:0f:24:07: -/// 5e:b1:7f:ba:79:71:fd:4d:5b:9e:df:14:a9:fe:df:ed:7c:c0: -/// 88:5d:f8:dd:9b:64:32:56:d5:35:9a:e2:13:f9:8f:ce:c1:7c: -/// dc:ef:a4:aa:b2:55:c3:83:a9:2e:fb:5c:f6:62:f5:27:52:17: -/// be:63: -/// ``` -const RSA_ATTEST_ROOT_CERT: &str = concat!( - "308202a730820210a003020102020900ff94d9dd9f07c80c300d06092a864886", - "f70d01010b05003063310b30090603550406130255533113301106035504080c", - "0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e2056", - "69657731153013060355040a0c0c476f6f676c652c20496e632e3110300e0603", - "55040b0c07416e64726f6964301e170d3136303130343132333130385a170d33", - "35313233303132333130385a3063310b30090603550406130255533113301106", - "035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e74", - "61696e205669657731153013060355040a0c0c476f6f676c652c20496e632e31", - "10300e060355040b0c07416e64726f696430819f300d06092a864886f70d0101", - "01050003818d0030818902818100a26badeb6e2e4461efd50e82e6b794d17523", - "1f779b639163fff7aaff0b72474ec02c43ec337cd7aced403e8c28a066d5f787", - "0b3397de0eb84e1340abafa527bf9569a031db065265f844595761f0bbf2174b", - "b7418064c0280e8f52778edbd247b645e919c8e98bc3dbc2913fd7d750c41d35", - "66f957e497960b09acce9235859b0203010001a3633061301d0603551d0e0416", - "041429faf1accc4dd24c96402775b6b0e932e507fe2e301f0603551d23041830", - "16801429faf1accc4dd24c96402775b6b0e932e507fe2e300f0603551d130101", - "ff040530030101ff300e0603551d0f0101ff040403020284300d06092a864886", - "f70d01010b0500038181004f72f336598d0ec1b9745b3159f6f08d2549309ea3", - "1c1c29d2452d20b94d5f64b4e880c7787a9c39dea8b3f5bf2f705f47105cc5e6", - "eb4d069961d2ae9a07fff77cb8abeb9c0f24075eb17fba7971fd4d5b9edf14a9", - "fedfed7cc0885df8dd9b643256d5359ae213f98fcec17cdcefa4aab255c383a9", - "2efb5cf662f5275217be63", -); - -/// EC attestation private key in `ECPrivateKey` format. -/// -/// Decoded contents (using [der2ascii](https://github.com/google/der-ascii)): -/// -/// ``` -/// SEQUENCE { -/// INTEGER { 1 } -/// OCTET_STRING { `21e086432a15198459cf363a50fc14c9daadf935f527c2dfd71e4d6dbc42e544` } -/// [0] { -/// # secp256r1 -/// OBJECT_IDENTIFIER { 1.2.840.10045.3.1.7 } -/// } -/// [1] { -/// BIT_STRING { `00` `04eb9e79f8426359accb2a914c8986cc70ad90669382a9732613feaccbf821274c2174974a2afea5b94d7f66d4e065106635bc53b7a0a3a671583edb3e11ae1014` } -/// } -/// } -/// ``` -const EC_ATTEST_KEY: &str = concat!( - "3077020101042021e086432a15198459cf363a50fc14c9daadf935f527c2dfd7", - "1e4d6dbc42e544a00a06082a8648ce3d030107a14403420004eb9e79f8426359", - "accb2a914c8986cc70ad90669382a9732613feaccbf821274c2174974a2afea5", - "b94d7f66d4e065106635bc53b7a0a3a671583edb3e11ae1014", -); - -/// Attestation certificate corresponding to [`EC_ATTEST_KEY`], signed by the key in -/// [`EC_ATTEST_ROOT_CERT`]. -/// -/// Decoded contents: -/// -/// ``` -/// Certificate: -/// Data: -/// Version: 3 (0x2) -/// Serial Number: 4097 (0x1001) -/// Signature Algorithm: ECDSA-SHA256 -/// Issuer: C=US, O=Google, Inc., OU=Android, L=Mountain View, ST=California, CN=Android Keystore Software Attestation Root -/// Validity: -/// Not Before: 2016-01-11 00:46:09 +0000 UTC -/// Not After : 2026-01-08 00:46:09 +0000 UTC -/// Subject: C=US, O=Google, Inc., OU=Android, ST=California, CN=Android Keystore Software Attestation Intermediate -/// Subject Public Key Info: -/// Public Key Algorithm: id-ecPublicKey -/// Public Key: (256 bit) -/// pub: -/// 04:eb:9e:79:f8:42:63:59:ac:cb:2a:91:4c:89:86: -/// cc:70:ad:90:66:93:82:a9:73:26:13:fe:ac:cb:f8: -/// 21:27:4c:21:74:97:4a:2a:fe:a5:b9:4d:7f:66:d4: -/// e0:65:10:66:35:bc:53:b7:a0:a3:a6:71:58:3e:db: -/// 3e:11:ae:10:14: -/// ASN1 OID: prime256v1 -/// X509v3 extensions: -/// X509v3 Authority Key Identifier: -/// keyid:c8ade9774c45c3a3cf0d1610e479433a215a30cf -/// X509v3 Subject Key Identifier: -/// keyid:3ffcacd61ab13a9e8120b8d5251cc565bb1e91a9 -/// X509v3 Key Usage: critical -/// Digital Signature, Certificate Signing -/// X509v3 Basic Constraints: critical -/// CA:true, pathlen:0 -/// Signature Algorithm: ECDSA-SHA256 -/// 30:45:02:20:4b:8a:9b:7b:ee:82:bc:c0:33:87:ae:2f:c0:89: -/// 98:b4:dd:c3:8d:ab:27:2a:45:9f:69:0c:c7:c3:92:d4:0f:8e: -/// 02:21:00:ee:da:01:5d:b6:f4:32:e9:d4:84:3b:62:4c:94:04: -/// ef:3a:7c:cc:bd:5e:fb:22:bb:e7:fe:b9:77:3f:59:3f:fb: -/// ``` -const EC_ATTEST_CERT: &str = concat!( - "308202783082021ea00302010202021001300a06082a8648ce3d040302308198", - "310b30090603550406130255533113301106035504080c0a43616c69666f726e", - "69613116301406035504070c0d4d6f756e7461696e2056696577311530130603", - "55040a0c0c476f6f676c652c20496e632e3110300e060355040b0c07416e6472", - "6f69643133303106035504030c2a416e64726f6964204b657973746f72652053", - "6f667477617265204174746573746174696f6e20526f6f74301e170d31363031", - "31313030343630395a170d3236303130383030343630395a308188310b300906", - "03550406130255533113301106035504080c0a43616c69666f726e6961311530", - "13060355040a0c0c476f6f676c652c20496e632e3110300e060355040b0c0741", - "6e64726f6964313b303906035504030c32416e64726f6964204b657973746f72", - "6520536f667477617265204174746573746174696f6e20496e7465726d656469", - "6174653059301306072a8648ce3d020106082a8648ce3d03010703420004eb9e", - "79f8426359accb2a914c8986cc70ad90669382a9732613feaccbf821274c2174", - "974a2afea5b94d7f66d4e065106635bc53b7a0a3a671583edb3e11ae1014a366", - "3064301d0603551d0e041604143ffcacd61ab13a9e8120b8d5251cc565bb1e91", - "a9301f0603551d23041830168014c8ade9774c45c3a3cf0d1610e479433a215a", - "30cf30120603551d130101ff040830060101ff020100300e0603551d0f0101ff", - "040403020284300a06082a8648ce3d040302034800304502204b8a9b7bee82bc", - "c03387ae2fc08998b4ddc38dab272a459f690cc7c392d40f8e022100eeda015d", - "b6f432e9d4843b624c9404ef3a7cccbd5efb22bbe7feb9773f593ffb", -); - -/// Attestation self-signed root certificate holding the key that signed [`EC_ATTEST_CERT`]. -/// -/// Decoded contents: -/// -/// ``` -/// Certificate: -/// Data: -/// Version: 3 (0x2) -/// Serial Number: 11674912229752527703 (0xa2059ed10e435b57) -/// Signature Algorithm: ECDSA-SHA256 -/// Issuer: C=US, O=Google, Inc., OU=Android, L=Mountain View, ST=California, CN=Android Keystore Software Attestation Root -/// Validity: -/// Not Before: 2016-01-11 00:43:50 +0000 UTC -/// Not After : 2036-01-06 00:43:50 +0000 UTC -/// Subject: C=US, O=Google, Inc., OU=Android, L=Mountain View, ST=California, CN=Android Keystore Software Attestation Root -/// Subject Public Key Info: -/// Public Key Algorithm: id-ecPublicKey -/// Public Key: (256 bit) -/// pub: -/// 04:ee:5d:5e:c7:e1:c0:db:6d:03:a6:7e:e6:b6:1b: -/// ec:4d:6a:5d:6a:68:2e:0f:ff:7f:49:0e:7d:77:1f: -/// 44:22:6d:bd:b1:af:fa:16:cb:c7:ad:c5:77:d2:56: -/// 9c:aa:b7:b0:2d:54:01:5d:3e:43:2b:2a:8e:d7:4e: -/// ec:48:75:41:a4: -/// ASN1 OID: prime256v1 -/// X509v3 extensions: -/// X509v3 Authority Key Identifier: -/// keyid:c8ade9774c45c3a3cf0d1610e479433a215a30cf -/// X509v3 Subject Key Identifier: -/// keyid:c8ade9774c45c3a3cf0d1610e479433a215a30cf -/// X509v3 Key Usage: critical -/// Digital Signature, Certificate Signing -/// X509v3 Basic Constraints: critical -/// CA:true -/// Signature Algorithm: ECDSA-SHA256 -/// 30:44:02:20:35:21:a3:ef:8b:34:46:1e:9c:d5:60:f3:1d:58: -/// 89:20:6a:dc:a3:65:41:f6:0d:9e:ce:8a:19:8c:66:48:60:7b: -/// 02:20:4d:0b:f3:51:d9:30:7c:7d:5b:da:35:34:1d:a8:47:1b: -/// 63:a5:85:65:3c:ad:4f:24:a7:e7:4d:af:41:7d:f1:bf: -/// ``` -const EC_ATTEST_ROOT_CERT: &str = concat!( - "3082028b30820232a003020102020900a2059ed10e435b57300a06082a8648ce", - "3d040302308198310b30090603550406130255533113301106035504080c0a43", - "616c69666f726e69613116301406035504070c0d4d6f756e7461696e20566965", - "7731153013060355040a0c0c476f6f676c652c20496e632e3110300e06035504", - "0b0c07416e64726f69643133303106035504030c2a416e64726f6964204b6579", - "73746f726520536f667477617265204174746573746174696f6e20526f6f7430", - "1e170d3136303131313030343335305a170d3336303130363030343335305a30", - "8198310b30090603550406130255533113301106035504080c0a43616c69666f", - "726e69613116301406035504070c0d4d6f756e7461696e205669657731153013", - "060355040a0c0c476f6f676c652c20496e632e3110300e060355040b0c07416e", - "64726f69643133303106035504030c2a416e64726f6964204b657973746f7265", - "20536f667477617265204174746573746174696f6e20526f6f74305930130607", - "2a8648ce3d020106082a8648ce3d03010703420004ee5d5ec7e1c0db6d03a67e", - "e6b61bec4d6a5d6a682e0fff7f490e7d771f44226dbdb1affa16cbc7adc577d2", - "569caab7b02d54015d3e432b2a8ed74eec487541a4a3633061301d0603551d0e", - "04160414c8ade9774c45c3a3cf0d1610e479433a215a30cf301f0603551d2304", - "1830168014c8ade9774c45c3a3cf0d1610e479433a215a30cf300f0603551d13", - "0101ff040530030101ff300e0603551d0f0101ff040403020284300a06082a86", - "48ce3d040302034700304402203521a3ef8b34461e9cd560f31d5889206adca3", - "6541f60d9ece8a198c6648607b02204d0bf351d9307c7d5bda35341da8471b63", - "a585653cad4f24a7e74daf417df1bf", -); - -/// Per-algorithm attestation certificate signing information. -pub(crate) struct CertSignAlgoInfo { - key: KeyMaterial, - chain: Vec<keymint::Certificate>, -} - -pub(crate) struct CertSignInfo { - rsa_info: CertSignAlgoInfo, - ec_info: CertSignAlgoInfo, -} - -impl CertSignInfo { - pub(crate) fn new() -> Self { - CertSignInfo { - rsa_info: CertSignAlgoInfo { - key: KeyMaterial::Rsa(rsa::Key(hex::decode(RSA_ATTEST_KEY).unwrap()).into()), - chain: vec![ - keymint::Certificate { - encoded_certificate: hex::decode(RSA_ATTEST_CERT).unwrap(), - }, - keymint::Certificate { - encoded_certificate: hex::decode(RSA_ATTEST_ROOT_CERT).unwrap(), - }, - ], - }, - ec_info: CertSignAlgoInfo { - key: KeyMaterial::Ec( - EcCurve::P256, - CurveType::Nist, - ec::Key::P256(ec::NistKey(hex::decode(EC_ATTEST_KEY).unwrap())).into(), - ), - chain: vec![ - keymint::Certificate { - encoded_certificate: hex::decode(EC_ATTEST_CERT).unwrap(), - }, - keymint::Certificate { - encoded_certificate: hex::decode(EC_ATTEST_ROOT_CERT).unwrap(), - }, - ], - }, - } - } -} - -impl RetrieveCertSigningInfo for CertSignInfo { - fn signing_key(&self, key_type: SigningKeyType) -> Result<KeyMaterial, Error> { - Ok(match key_type.algo_hint { - SigningAlgorithm::Rsa => self.rsa_info.key.clone(), - SigningAlgorithm::Ec => self.ec_info.key.clone(), - }) - } - - fn cert_chain(&self, key_type: SigningKeyType) -> Result<Vec<keymint::Certificate>, Error> { - Ok(match key_type.algo_hint { - SigningAlgorithm::Rsa => self.rsa_info.chain.clone(), - SigningAlgorithm::Ec => self.ec_info.chain.clone(), - }) - } -} diff --git a/host/commands/secure_env/rust/lib.rs b/host/commands/secure_env/rust/lib.rs index e1f4e6930..ca510dc62 100644 --- a/host/commands/secure_env/rust/lib.rs +++ b/host/commands/secure_env/rust/lib.rs @@ -26,6 +26,7 @@ use kmr_ta::device::{ BootloaderDone, CsrSigningAlgorithm, Implementation, TrustedPresenceUnsupported, }; use kmr_ta::{HardwareInfo, KeyMintTa, RpcInfo, RpcInfoV3}; +use kmr_ta_nonsecure::{attest, rpc, soft}; use kmr_wire::keymint::SecurityLevel; use kmr_wire::rpc::MINIMUM_SUPPORTED_KEYS_IN_CSR; use log::{error, info, trace}; @@ -34,11 +35,8 @@ use std::io::{Read, Write}; use std::os::fd::AsRawFd; use std::os::unix::ffi::OsStrExt; -pub mod attest; mod clock; -pub mod rpc; mod sdd; -mod soft; mod tpm; #[cfg(test)] diff --git a/host/commands/secure_env/rust/rpc.rs b/host/commands/secure_env/rust/rpc.rs deleted file mode 100644 index 1e5c3ee5f..000000000 --- a/host/commands/secure_env/rust/rpc.rs +++ /dev/null @@ -1,218 +0,0 @@ -// -// Copyright (C) 2022 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//! Emulated implementation of device traits for `IRemotelyProvisionedComponent`. - -use core::cell::RefCell; -use kmr_common::crypto::{ec, ec::CoseKeyPurpose, Ec, KeyMaterial}; -use kmr_common::{crypto, explicit, rpc_err, vec_try, Error}; -use kmr_crypto_boring::{ec::BoringEc, hmac::BoringHmac, rng::BoringRng}; -use kmr_ta::device::{ - CsrSigningAlgorithm, DiceInfo, PubDiceArtifacts, RetrieveRpcArtifacts, RpcV2Req, -}; -use kmr_wire::coset::{iana, CoseSign1Builder, HeaderBuilder}; -use kmr_wire::keymint::{Digest, EcCurve}; -use kmr_wire::{cbor::value::Value, coset::AsCborValue, rpc, CborError}; - -/// Trait to encapsulate deterministic derivation of secret data. -pub trait DeriveBytes { - /// Derive `output_len` bytes of data from `context`, deterministically. - fn derive_bytes(&self, context: &[u8], output_len: usize) -> Result<Vec<u8>, Error>; -} - -/// Common emulated implementation of RPC artifact retrieval. -pub struct Artifacts<T: DeriveBytes> { - derive: T, - sign_algo: CsrSigningAlgorithm, - // Invariant once populated: `self.dice_info.signing_algorithm` == `self.sign_algo` - dice_info: RefCell<Option<DiceInfo>>, - // Invariant once populated: `self.bcc_signing_key` is a variant that matches `self.sign_algo` - bcc_signing_key: RefCell<Option<ec::Key>>, -} - -impl<T: DeriveBytes> RetrieveRpcArtifacts for Artifacts<T> { - fn derive_bytes_from_hbk( - &self, - _hkdf: &dyn crypto::Hkdf, - context: &[u8], - output_len: usize, - ) -> Result<Vec<u8>, Error> { - self.derive.derive_bytes(context, output_len) - } - - fn get_dice_info<'a>(&self, _test_mode: rpc::TestMode) -> Result<DiceInfo, Error> { - if self.dice_info.borrow().is_none() { - let (dice_info, priv_key) = self.generate_dice_artifacts(rpc::TestMode(false))?; - *self.dice_info.borrow_mut() = Some(dice_info); - *self.bcc_signing_key.borrow_mut() = Some(priv_key); - } - - Ok(self - .dice_info - .borrow() - .as_ref() - .ok_or_else(|| rpc_err!(Failed, "DICE artifacts are not initialized."))? - .clone()) - } - - fn sign_data( - &self, - ec: &dyn crypto::Ec, - data: &[u8], - _rpc_v2: Option<RpcV2Req>, - ) -> Result<Vec<u8>, Error> { - // DICE artifacts should have been initialized via `get_dice_info()` by the time this - // method is called. - let private_key = self - .bcc_signing_key - .borrow() - .as_ref() - .ok_or_else(|| rpc_err!(Failed, "DICE artifacts are not initialized."))? - .clone(); - - let mut op = ec.begin_sign(private_key.into(), self.signing_digest())?; - op.update(data)?; - let sig = op.finish()?; - crypto::ec::to_cose_signature(self.signing_curve(), sig) - } -} - -impl<T: DeriveBytes> Artifacts<T> { - /// Constructor. - pub fn new(derive: T, sign_algo: CsrSigningAlgorithm) -> Self { - Self { - derive, - sign_algo, - dice_info: RefCell::new(None), - bcc_signing_key: RefCell::new(None), - } - } - - /// Indicate the curve used in signing. - fn signing_curve(&self) -> EcCurve { - match self.sign_algo { - CsrSigningAlgorithm::ES256 => EcCurve::P256, - CsrSigningAlgorithm::ES384 => EcCurve::P384, - CsrSigningAlgorithm::EdDSA => EcCurve::Curve25519, - } - } - - /// Indicate the digest used in signing. - fn signing_digest(&self) -> Digest { - match self.sign_algo { - CsrSigningAlgorithm::ES256 => Digest::Sha256, - CsrSigningAlgorithm::ES384 => Digest::Sha384, - CsrSigningAlgorithm::EdDSA => Digest::None, - } - } - - /// Indicate the COSE algorithm value associated with signing. - fn signing_cose_algo(&self) -> iana::Algorithm { - match self.sign_algo { - CsrSigningAlgorithm::ES256 => iana::Algorithm::ES256, - CsrSigningAlgorithm::ES384 => iana::Algorithm::ES384, - CsrSigningAlgorithm::EdDSA => iana::Algorithm::EdDSA, - } - } - - fn generate_dice_artifacts( - &self, - _test_mode: rpc::TestMode, - ) -> Result<(DiceInfo, ec::Key), Error> { - let ec = BoringEc::default(); - - let key_material = match self.sign_algo { - CsrSigningAlgorithm::EdDSA => { - let secret = self.derive_bytes_from_hbk(&BoringHmac, b"Device Key Seed", 32)?; - ec::import_raw_ed25519_key(&secret) - } - // TODO: generate the *same* key after reboot, by use of the TPM. - CsrSigningAlgorithm::ES256 => { - ec.generate_nist_key(&mut BoringRng, ec::NistCurve::P256, &[]) - } - CsrSigningAlgorithm::ES384 => { - ec.generate_nist_key(&mut BoringRng, ec::NistCurve::P384, &[]) - } - }?; - let (pub_cose_key, private_key) = match key_material { - KeyMaterial::Ec(curve, curve_type, key) => ( - key.public_cose_key( - &ec, - curve, - curve_type, - CoseKeyPurpose::Sign, - None, /* no key ID */ - rpc::TestMode(false), - )?, - key, - ), - _ => { - return Err(rpc_err!( - Failed, - "expected the Ec variant of KeyMaterial for the cdi leaf key." - )) - } - }; - - let cose_key_cbor = pub_cose_key.to_cbor_value().map_err(CborError::from)?; - let cose_key_cbor_data = kmr_ta::rkp::serialize_cbor(&cose_key_cbor)?; - - // Construct `DiceChainEntryPayload` - let dice_chain_entry_payload = Value::Map(vec_try![ - // Issuer - (Value::Integer(1.into()), Value::Text(String::from("Issuer"))), - // Subject - (Value::Integer(2.into()), Value::Text(String::from("Subject"))), - // Subject public key - (Value::Integer((-4670552).into()), Value::Bytes(cose_key_cbor_data)), - // Key Usage field contains a CBOR byte string of the bits which correspond - // to `keyCertSign` as per RFC 5280 Section 4.2.1.3 (in little-endian byte order) - (Value::Integer((-4670553).into()), Value::Bytes(vec_try![0x20]?)), - ]?); - let dice_chain_entry_payload_data = kmr_ta::rkp::serialize_cbor(&dice_chain_entry_payload)?; - - // Construct `DiceChainEntry` - let protected = HeaderBuilder::new().algorithm(self.signing_cose_algo()).build(); - let dice_chain_entry = CoseSign1Builder::new() - .protected(protected) - .payload(dice_chain_entry_payload_data) - .try_create_signature(&[], |input| { - let mut op = ec.begin_sign(private_key.clone(), self.signing_digest())?; - op.update(input)?; - let sig = op.finish()?; - crypto::ec::to_cose_signature(self.signing_curve(), sig) - })? - .build(); - let dice_chain_entry_cbor = dice_chain_entry.to_cbor_value().map_err(CborError::from)?; - - // Construct `DiceCertChain` - let dice_cert_chain = Value::Array(vec_try![cose_key_cbor, dice_chain_entry_cbor]?); - let dice_cert_chain_data = kmr_ta::rkp::serialize_cbor(&dice_cert_chain)?; - - // Construct `UdsCerts` as an empty CBOR map - let uds_certs_data = kmr_ta::rkp::serialize_cbor(&Value::Map(Vec::new()))?; - - let pub_dice_artifacts = - PubDiceArtifacts { dice_cert_chain: dice_cert_chain_data, uds_certs: uds_certs_data }; - - let dice_info = DiceInfo { - pub_dice_artifacts, - signing_algorithm: self.sign_algo, - rpc_v2_test_cdi_priv: None, - }; - - Ok((dice_info, explicit!(private_key)?)) - } -} diff --git a/host/commands/secure_env/rust/soft.rs b/host/commands/secure_env/rust/soft.rs deleted file mode 100644 index 3f031bbf7..000000000 --- a/host/commands/secure_env/rust/soft.rs +++ /dev/null @@ -1,66 +0,0 @@ -// -// Copyright (C) 2022 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//! Software-only trait implementations using fake keys. - -use kmr_common::{ - crypto, - crypto::{Hkdf, Rng}, - Error, -}; -use kmr_crypto_boring::{hmac::BoringHmac, rng::BoringRng}; -use kmr_ta::device::RetrieveKeyMaterial; - -/// Root key retrieval using hard-coded fake keys. -pub struct Keys; - -impl RetrieveKeyMaterial for Keys { - fn root_kek(&self, _context: &[u8]) -> Result<crypto::OpaqueOr<crypto::hmac::Key>, Error> { - // Matches `MASTER_KEY` in system/keymaster/key_blob_utils/software_keyblobs.cpp - Ok(crypto::hmac::Key::new([0; 16].to_vec()).into()) - } - fn kak(&self) -> Result<crypto::OpaqueOr<crypto::aes::Key>, Error> { - // Matches `kFakeKeyAgreementKey` in - // system/keymaster/km_openssl/soft_keymaster_enforcement.cpp. - Ok(crypto::aes::Key::Aes256([0; 32]).into()) - } - fn unique_id_hbk(&self, _ckdf: &dyn crypto::Ckdf) -> Result<crypto::hmac::Key, Error> { - // Matches value used in system/keymaster/contexts/pure_soft_keymaster_context.cpp. - crypto::hmac::Key::new_from(b"MustBeRandomBits") - } -} - -pub struct Derive { - hbk: Vec<u8>, -} - -impl Default for Derive { - fn default() -> Self { - // Use random data as an emulation of a hardware-backed key. - let mut hbk = vec![0; 32]; - let mut rng = BoringRng; - rng.fill_bytes(&mut hbk); - Self { hbk } - } -} - -impl crate::rpc::DeriveBytes for Derive { - fn derive_bytes(&self, context: &[u8], output_len: usize) -> Result<Vec<u8>, Error> { - BoringHmac.hkdf(&[], &self.hbk, context, output_len) - } -} - -/// RPC artifact retrieval using software fake key. -pub type RpcArtifacts = crate::rpc::Artifacts<Derive>; diff --git a/host/libs/audio_connector/buffers.cpp b/host/libs/audio_connector/buffers.cpp index 29804cadf..100599acd 100644 --- a/host/libs/audio_connector/buffers.cpp +++ b/host/libs/audio_connector/buffers.cpp @@ -19,11 +19,23 @@ namespace cuttlefish { +ShmBuffer::ShmBuffer(const virtio_snd_pcm_xfer& header, + volatile uint8_t* buffer, uint32_t len, + OnConsumedCb on_consumed) + : header_(header), + len_(len), + on_consumed_(on_consumed), + // Cast away the volatile qualifier: No one else will touch this buffer + // until SendStatus is called, at which point a memory fence will be used + // to ensure reads and writes are completed before the status is sent. + buffer_(const_cast<uint8_t*>(buffer)) {} + ShmBuffer::ShmBuffer(ShmBuffer&& other) : header_(std::move(other.header_)), len_(std::move(other.len_)), on_consumed_(std::move(other.on_consumed_)), - status_sent_(other.status_sent_) { + status_sent_(other.status_sent_.load()), + buffer_(other.buffer_) { // It's now this buffer's responsibility to send the status. other.status_sent_ = true; } @@ -32,12 +44,16 @@ ShmBuffer::~ShmBuffer() { CHECK(status_sent_) << "Disposing of ShmBuffer before setting status"; } -uint32_t ShmBuffer::stream_id() const { return header_.stream_id.as_uint32_t(); } +uint32_t ShmBuffer::stream_id() const { + return header_.stream_id.as_uint32_t(); +} void ShmBuffer::SendStatus(AudioStatus status, uint32_t latency_bytes, - uint32_t consumed_len) { + uint32_t consumed_len) { + // Memory order is seq_cst to provide memory fence. It ensures all accesses + // are completed before the status is sent and the buffer is released. + CHECK(!status_sent_.exchange(true)) << "Status should only be sent once"; on_consumed_(status, latency_bytes, consumed_len); - status_sent_ = true; } } // namespace cuttlefish diff --git a/host/libs/audio_connector/buffers.h b/host/libs/audio_connector/buffers.h index a92fd83f9..5dd589e2c 100644 --- a/host/libs/audio_connector/buffers.h +++ b/host/libs/audio_connector/buffers.h @@ -14,6 +14,7 @@ // limitations under the License. #pragma once +#include <atomic> #include <cinttypes> #include <functional> @@ -35,11 +36,11 @@ using OnConsumedCb = std::function<void(AudioStatus, uint32_t /*latency*/, // Objects of this class can only be moved, not copied. Destroying a buffer // without sending the status to the client is a bug so the program aborts in // those cases. +// This class is NOT thread safe despite its use of atomic variables. class ShmBuffer { public: - ShmBuffer(const virtio_snd_pcm_xfer& header, uint32_t len, - OnConsumedCb on_consumed) - : header_(header), len_(len), on_consumed_(on_consumed) {} + ShmBuffer(const virtio_snd_pcm_xfer& header, volatile uint8_t* buffer, + uint32_t len, OnConsumedCb on_consumed); ShmBuffer(const ShmBuffer& other) = delete; ShmBuffer(ShmBuffer&& other); ShmBuffer& operator=(const ShmBuffer& other) = delete; @@ -52,41 +53,27 @@ class ShmBuffer { void SendStatus(AudioStatus status, uint32_t latency_bytes, uint32_t consumed_len); + const uint8_t* get() const { return buffer_; } + private: const virtio_snd_pcm_xfer header_; const uint32_t len_; OnConsumedCb on_consumed_; - bool status_sent_ = false; -}; - -class TxBuffer : public ShmBuffer { - public: - TxBuffer(const virtio_snd_pcm_xfer& header, const volatile uint8_t* buffer, - uint32_t len, OnConsumedCb on_consumed) - : ShmBuffer(header, len, on_consumed), buffer_(buffer) {} - TxBuffer(const TxBuffer& other) = delete; - TxBuffer(TxBuffer&& other) = default; - TxBuffer& operator=(const TxBuffer& other) = delete; + std::atomic<bool> status_sent_ = false; - const volatile uint8_t* get() const { return buffer_; } - - private: - const volatile uint8_t* const buffer_; + protected: + uint8_t* buffer_; }; +using TxBuffer = ShmBuffer; +// Only RxBuffer can be written to class RxBuffer : public ShmBuffer { public: RxBuffer(const virtio_snd_pcm_xfer& header, volatile uint8_t* buffer, uint32_t len, OnConsumedCb on_consumed) - : ShmBuffer(header, len, on_consumed), buffer_(buffer) {} - RxBuffer(const RxBuffer& other) = delete; - RxBuffer(RxBuffer&& other) = default; - RxBuffer& operator=(const RxBuffer& other) = delete; + : ShmBuffer(header, buffer, len, on_consumed) {} - volatile uint8_t* get() const { return buffer_; } - - private: - volatile uint8_t* const buffer_; + uint8_t* get() { return buffer_; } }; } // namespace cuttlefish diff --git a/host/libs/audio_connector/server.cpp b/host/libs/audio_connector/server.cpp index ab74daa02..f98621c3b 100644 --- a/host/libs/audio_connector/server.cpp +++ b/host/libs/audio_connector/server.cpp @@ -55,6 +55,13 @@ ScopedMMap AllocateShm(size_t size, const std::string& name, SharedFD* shm_fd) { return mmap_res; } +volatile uint8_t* BufferAt(ScopedMMap& shm, size_t offset, size_t len) { + CHECK(shm.WithinBounds(offset, len)) + << "Tx buffer bounds outside the buffer area: " << offset << " " << len; + void* ptr = shm.get(); + return &reinterpret_cast<volatile uint8_t*>(ptr)[offset]; +} + bool CreateSocketPair(SharedFD* local, SharedFD* remote) { auto ret = SharedFD::SocketPair(AF_UNIX, SOCK_SEQPACKET, 0, local, remote); if (!ret) { @@ -301,10 +308,11 @@ bool AudioClientConnection::ReceivePlayback(AudioServerExecutor& executor) { LOG(ERROR) << "Received PCM_XFER message is too small: " << recv_size; return false; } - TxBuffer buffer(msg_hdr->io_xfer, - TxBufferAt(msg_hdr->buffer_offset, msg_hdr->buffer_len), - msg_hdr->buffer_len, - SendStatusCallback(msg_hdr->buffer_offset, tx_socket_)); + TxBuffer buffer( + msg_hdr->io_xfer, + BufferAt(tx_shm_, msg_hdr->buffer_offset, msg_hdr->buffer_len), + msg_hdr->buffer_len, + SendStatusCallback(msg_hdr->buffer_offset, tx_socket_)); executor.OnPlaybackBuffer(std::move(buffer)); return true; } @@ -320,10 +328,11 @@ bool AudioClientConnection::ReceiveCapture(AudioServerExecutor& executor) { LOG(ERROR) << "Received PCM_XFER message is too small: " << recv_size; return false; } - RxBuffer buffer(msg_hdr->io_xfer, - RxBufferAt(msg_hdr->buffer_offset, msg_hdr->buffer_len), - msg_hdr->buffer_len, - SendStatusCallback(msg_hdr->buffer_offset, rx_socket_)); + RxBuffer buffer( + msg_hdr->io_xfer, + BufferAt(rx_shm_, msg_hdr->buffer_offset, msg_hdr->buffer_len), + msg_hdr->buffer_len, + SendStatusCallback(msg_hdr->buffer_offset, rx_socket_)); executor.OnCaptureBuffer(std::move(buffer)); return true; } @@ -347,22 +356,6 @@ bool AudioClientConnection::CmdReply(AudioStatus status, const void* data, return true; } -const volatile uint8_t* AudioClientConnection::TxBufferAt(size_t offset, - size_t len) const { - CHECK(tx_shm_.WithinBounds(offset, len)) - << "Tx buffer bounds outside the buffer area: " << offset << " " << len; - const void* ptr = tx_shm_.get(); - return &reinterpret_cast<const volatile uint8_t*>(ptr)[offset]; -} - -volatile uint8_t* AudioClientConnection::RxBufferAt(size_t offset, - size_t len) { - CHECK(rx_shm_.WithinBounds(offset, len)) - << "Rx buffer bounds outside the buffer area: " << offset << " " << len; - void* ptr = rx_shm_.get(); - return &reinterpret_cast<volatile uint8_t*>(ptr)[offset]; -} - bool AudioClientConnection::SendEvent(/*TODO*/) { return false; } ssize_t AudioClientConnection::ReceiveMsg(SharedFD socket, void* buffer, diff --git a/host/libs/audio_connector/server.h b/host/libs/audio_connector/server.h index 6fa14d936..fec36dcb2 100644 --- a/host/libs/audio_connector/server.h +++ b/host/libs/audio_connector/server.h @@ -87,10 +87,8 @@ class AudioClientConnection { AudioServerExecutor& executor); ssize_t ReceiveMsg(SharedFD socket, void* buffer, size_t size); - const volatile uint8_t* TxBufferAt(size_t offset, size_t len) const; - volatile uint8_t* RxBufferAt(size_t offset, size_t len); - const ScopedMMap tx_shm_; + ScopedMMap tx_shm_; ScopedMMap rx_shm_; SharedFD control_socket_; SharedFD event_socket_; diff --git a/host/libs/config/config_utils.cpp b/host/libs/config/config_utils.cpp index 0ee99118f..9197877dc 100644 --- a/host/libs/config/config_utils.cpp +++ b/host/libs/config/config_utils.cpp @@ -111,10 +111,18 @@ std::string HostBinaryDir() { return DefaultHostArtifactsPath("bin"); } -std::string DefaultQemuBinaryDir() { +bool UseQemu8() { const std::string target_prod_str = StringFromEnv("TARGET_PRODUCT", ""); if (HostArch() == Arch::X86_64 && target_prod_str.find("arm") == std::string::npos) { + return true; + } + + return false; +} + +std::string DefaultQemuBinaryDir() { + if (UseQemu8()) { return HostBinaryDir(); } return "/usr/bin"; diff --git a/host/libs/config/config_utils.h b/host/libs/config/config_utils.h index 1f9ca2843..8107f5e9b 100644 --- a/host/libs/config/config_utils.h +++ b/host/libs/config/config_utils.h @@ -59,4 +59,6 @@ std::string DefaultEnvironmentPath(const char* environment_key, // Whether the host supports qemu bool HostSupportsQemuCli(); +// Whether to use QEMU8 +bool UseQemu8(); } diff --git a/shared/api_level.h b/shared/api_level.h index 36b3a87da..06cf49c5b 100644 --- a/shared/api_level.h +++ b/shared/api_level.h @@ -15,4 +15,4 @@ */ #pragma once -#define PRODUCT_SHIPPING_API_LEVEL 34 +#define PRODUCT_SHIPPING_API_LEVEL 35 diff --git a/shared/auto/car_audio_configuration.xml b/shared/auto/car_audio_configuration.xml index 482726e7e..7b2cf687a 100644 --- a/shared/auto/car_audio_configuration.xml +++ b/shared/auto/car_audio_configuration.xml @@ -17,8 +17,9 @@ <!-- Defines the audio configuration in a car, including - Audio zones - - Context to audio bus mappings - - Volume groups + - Zone configurations (in each audio zone) + - Volume groups (in each zone configuration) + - Context to audio bus mappings (in each volume group) in the car environment. --> <carAudioConfiguration version="3"> diff --git a/shared/auto/device_vendor.mk b/shared/auto/device_vendor.mk index b7147c32a..5cc893ff3 100644 --- a/shared/auto/device_vendor.mk +++ b/shared/auto/device_vendor.mk @@ -78,13 +78,13 @@ PRODUCT_COPY_FILES += \ # vehicle HAL ifeq ($(LOCAL_VHAL_PRODUCT_PACKAGE),) - LOCAL_VHAL_PRODUCT_PACKAGE := android.hardware.automotive.vehicle@V1-emulator-service + LOCAL_VHAL_PRODUCT_PACKAGE := android.hardware.automotive.vehicle@V3-emulator-service BOARD_SEPOLICY_DIRS += device/google/cuttlefish/shared/auto/sepolicy/vhal endif PRODUCT_PACKAGES += $(LOCAL_VHAL_PRODUCT_PACKAGE) # Remote access HAL -PRODUCT_PACKAGES += android.hardware.automotive.remoteaccess@V1-default-service +PRODUCT_PACKAGES += android.hardware.automotive.remoteaccess@V2-default-service # Broadcast Radio PRODUCT_PACKAGES += android.hardware.broadcastradio-service.default @@ -102,6 +102,13 @@ PRODUCT_PACKAGES += $(LOCAL_AUDIOCONTROL_HAL_PRODUCT_PACKAGE) # CAN bus HAL PRODUCT_PACKAGES += android.hardware.automotive.can-service +# MACSEC HAL +PRODUCT_PACKAGES += android.hardware.macsec-service +PRODUCT_PACKAGES += wpa_supplicant_macsec +PRODUCT_COPY_FILES += \ + $(LOCAL_PATH)/macsec/wpa_supplicant_macsec.conf:$(TARGET_COPY_OUT_VENDOR)/etc/wpa_supplicant_macsec.conf \ + $(LOCAL_PATH)/macsec/init.wpa_supplicant_macsec.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/init.wpa_supplicant_macsec.rc + # Occupant Awareness HAL PRODUCT_PACKAGES += android.hardware.automotive.occupant_awareness@1.0-service include packages/services/Car/car_product/occupant_awareness/OccupantAwareness.mk @@ -141,4 +148,7 @@ DEVICE_PACKAGE_OVERLAYS += device/google/cuttlefish/shared/auto/overlay PRODUCT_PACKAGES += CarServiceOverlayCuttleFish GOOGLE_CAR_SERVICE_OVERLAY += CarServiceOverlayCuttleFishGoogle +PRODUCT_PACKAGES += ConnectivityOverlayCuttleFish +GOOGLE_CAR_SERVICE_OVERLAY += ConnectivityOverlayCuttleFishGoogle + TARGET_BOARD_INFO_FILE ?= device/google/cuttlefish/shared/auto/android-info.txt diff --git a/shared/auto/macsec/init.wpa_supplicant_macsec.rc b/shared/auto/macsec/init.wpa_supplicant_macsec.rc new file mode 100644 index 000000000..c5b30f676 --- /dev/null +++ b/shared/auto/macsec/init.wpa_supplicant_macsec.rc @@ -0,0 +1,22 @@ +# Copyright (C) 2023 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +on late-fs + wait /sys/class/net/eth1 + start wpa_supplicant_macsec + +service wpa_supplicant_macsec /vendor/bin/hw/wpa_supplicant_macsec \ + -i eth1 -Dmacsec_linux -c /vendor/etc/wpa_supplicant_macsec.conf + user root + oneshot diff --git a/shared/auto/macsec/wpa_supplicant_macsec.conf b/shared/auto/macsec/wpa_supplicant_macsec.conf new file mode 100644 index 000000000..2f4cb0410 --- /dev/null +++ b/shared/auto/macsec/wpa_supplicant_macsec.conf @@ -0,0 +1,15 @@ +eapol_version=3 +ap_scan=0 +fast_reauth=1 +# Example configuration for MACsec with preshared key +# mka_cak is not actual key but index for HAL +network={ + key_mgmt=NONE + eapol_flags=0 + macsec_policy=1 + macsec_replay_protect=1 + macsec_replay_window=0 + mka_cak=00000000000000000000000000000001 + mka_ckn=31323334 + mka_priority=128 +} diff --git a/shared/auto/rro_overlay/CarServiceOverlay/res/values/config.xml b/shared/auto/rro_overlay/CarServiceOverlay/res/values/config.xml index e889df36a..fb11fa82c 100644 --- a/shared/auto/rro_overlay/CarServiceOverlay/res/values/config.xml +++ b/shared/auto/rro_overlay/CarServiceOverlay/res/values/config.xml @@ -62,15 +62,15 @@ Some examples are: <item>displayPort=0,displayType=MAIN,occupantZoneId=0,inputTypes=DPAD_KEYS| - NAVIGATE_KEYS|ROTARY_NAVIGATION</item> + NAVIGATE_KEYS|ROTARY_NAVIGATION|TOUCH_SCREEN</item> <item>displayPort=1,displayType=INSTRUMENT_CLUSTER,occupantZoneId=0, inputTypes=DPAD_KEYS</item> <item>displayPort=2,displayType=MAIN,occupantZoneId=1, - inputTypes=NAVIGATE_KEYS</item> + inputTypes=TOUCH_SCREEN</item> <item>displayPort=3,displayType=MAIN,occupantZoneId=2, - inputTypes=NAVIGATE_KEYS</item> + inputTypes=TOUCH_SCREEN</item> <item>displayUniqueId=virtual:com.example:MainD,displayType=MAIN,occupantZoneId=3, - inputTypes=NAVIGATE_KEYS</item> + inputTypes=TOUCH_SCREEN</item> displayPort: Unique port id for the display. displayType: Display type for the display. Use * part from diff --git a/shared/auto/rro_overlay/ConnectivityOverlay/Android.bp b/shared/auto/rro_overlay/ConnectivityOverlay/Android.bp new file mode 100644 index 000000000..218d4438b --- /dev/null +++ b/shared/auto/rro_overlay/ConnectivityOverlay/Android.bp @@ -0,0 +1,35 @@ +// Copyright (C) 2023 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +runtime_resource_overlay { + name: "ConnectivityOverlayCuttleFish", + resource_dirs: ["res"], + manifest: "AndroidManifest.xml", + sdk_version: "current", + product_specific: true +} + +override_runtime_resource_overlay { + name: "ConnectivityOverlayCuttleFishGoogle", + base: "ConnectivityOverlayCuttleFish", + package_name: "com.google.android.connectivity.resources.cuttlefish", + target_package_name: "com.google.android.connectivity.resources", +} + diff --git a/shared/auto/rro_overlay/ConnectivityOverlay/AndroidManifest.xml b/shared/auto/rro_overlay/ConnectivityOverlay/AndroidManifest.xml new file mode 100644 index 000000000..340fbb368 --- /dev/null +++ b/shared/auto/rro_overlay/ConnectivityOverlay/AndroidManifest.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + ~ Copyright (C) 2023 The Android Open Source Project + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="com.google.android.connectivity.resources.cuttlefish"> + <application android:hasCode="false"/> + <overlay + android:targetPackage="com.android.connectivity.resources" + android:targetName="ServiceConnectivityResourcesConfig" + android:priority="0" + android:isStatic="true" /> +</manifest> diff --git a/shared/auto/rro_overlay/ConnectivityOverlay/res/values/config.xml b/shared/auto/rro_overlay/ConnectivityOverlay/res/values/config.xml new file mode 100644 index 000000000..7033e83dc --- /dev/null +++ b/shared/auto/rro_overlay/ConnectivityOverlay/res/values/config.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +/* +** Copyright 2023, The Android Open Source Project +** +** Licensed under the Apache License, Version 2.0 (the "License"); +** you may not use this file except in compliance with the License. +** You may obtain a copy of the License at +** +** http://www.apache.org/licenses/LICENSE-2.0 +** +** Unless required by applicable law or agreed to in writing, software +** distributed under the License is distributed on an "AS IS" BASIS, +** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +** See the License for the specific language governing permissions and +** limitations under the License. +*/ +--> + +<!-- Resources to configure the connectivity module based on each OEM's preference. --> + +<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2"> + <!-- Whether the internal vehicle network should remain active even when no + apps requested it. --> + <bool name="config_vehicleInternalNetworkAlwaysRequested">true</bool> + <string-array translatable="false" name="config_ethernet_interfaces"> + <!-- Not metered, trusted, not vpn, vehicle, not vcn managed, restricted --> + <item>macsec0;11,14,15,27,28;</item> + <item>eth1;11,14,15,27,28;</item> + </string-array> + <string translatable="false" name="config_ethernet_iface_regex">(eth|macsec)\\d+</string> +</resources> diff --git a/shared/auto_md/overlay/frameworks/base/core/res/res/values/config.xml b/shared/auto_md/overlay/frameworks/base/core/res/res/values/config.xml index 2ed6f0da1..f12cba55c 100644 --- a/shared/auto_md/overlay/frameworks/base/core/res/res/values/config.xml +++ b/shared/auto_md/overlay/frameworks/base/core/res/res/values/config.xml @@ -60,8 +60,4 @@ Should be false for most devices, except automotive vehicle with passenger displays. --> <!-- The config is enabled for the development purpose only. --> <bool name="config_multiuserVisibleBackgroundUsers">true</bool> - - <!-- Enable multi-user IME sessions --> - <string translatable="false" name="config_deviceSpecificInputMethodManagerService">com.android.server.inputmethod.InputMethodManagerServiceProxy$Lifecycle</string> - </resources> diff --git a/shared/biometrics_face/device_vendor.mk b/shared/biometrics_face/device_vendor.mk index 45eb7c4cd..de76343a4 100644 --- a/shared/biometrics_face/device_vendor.mk +++ b/shared/biometrics_face/device_vendor.mk @@ -15,4 +15,4 @@ # PRODUCT_PACKAGES += \ - com.android.hardware.biometrics.face + com.android.hardware.biometrics.face.virtual diff --git a/shared/biometrics_fingerprint/device_vendor.mk b/shared/biometrics_fingerprint/device_vendor.mk new file mode 100644 index 000000000..24bef1e2c --- /dev/null +++ b/shared/biometrics_fingerprint/device_vendor.mk @@ -0,0 +1,23 @@ +# +# Copyright (C) 2023 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +ifneq ($(LOCAL_PREFER_VENDOR_APEX),true) +PRODUCT_COPY_FILES += \ + frameworks/native/data/etc/android.hardware.fingerprint.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.fingerprint.xml +endif + +PRODUCT_PACKAGES += \ + com.android.hardware.biometrics.fingerprint.virtual diff --git a/shared/bluetooth/device_vendor.mk b/shared/bluetooth/device_vendor.mk index 451f30063..60c090adb 100644 --- a/shared/bluetooth/device_vendor.mk +++ b/shared/bluetooth/device_vendor.mk @@ -32,12 +32,6 @@ PRODUCT_COPY_FILES += \ PRODUCT_PACKAGES += com.google.cf.bt -# -# Bluetooth Audio AIDL HAL -# -PRODUCT_PACKAGES += \ - android.hardware.bluetooth.audio-impl \ - else # BOARD_HAVE_BLUETOOTH == true PRODUCT_COPY_FILES += \ diff --git a/shared/camera/config/external.mk b/shared/camera/config/external.mk new file mode 100644 index 000000000..c9886993d --- /dev/null +++ b/shared/camera/config/external.mk @@ -0,0 +1,27 @@ +# +# Copyright (C) 2023 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Load the external feature permissions. +PRODUCT_COPY_FILES += \ + frameworks/native/data/etc/android.hardware.camera.external.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.external.xml + +# Inform the camera HAL that we only want an external camera loaded. +PRODUCT_VENDOR_PROPERTIES += \ + ro.vendor.camera.config=external + +# Load the non-APEX external camera config. The APEX loads all the configs by default, which the HAl picks from. +PRODUCT_COPY_FILES += \ + hardware/google/camera/devices/EmulatedCamera/hwl/configs/emu_camera_external.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/emu_camera_external.json diff --git a/shared/camera/config/standard.mk b/shared/camera/config/standard.mk new file mode 100644 index 000000000..ff6c3f3fe --- /dev/null +++ b/shared/camera/config/standard.mk @@ -0,0 +1,33 @@ +# +# Copyright (C) 2023 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Fills in the features that the full camera array needs. +PRODUCT_COPY_FILES += \ + frameworks/native/data/etc/android.hardware.camera.concurrent.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.concurrent.xml \ + frameworks/native/data/etc/android.hardware.camera.flash-autofocus.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.flash-autofocus.xml \ + frameworks/native/data/etc/android.hardware.camera.front.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.front.xml \ + frameworks/native/data/etc/android.hardware.camera.full.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.full.xml \ + frameworks/native/data/etc/android.hardware.camera.raw.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.raw.xml \ + +# Camera support library; this isn't supported by the external camera config. +PRODUCT_VENDOR_PROPERTIES += \ + ro.camerax.extensions.enabled=true + +# Loads the non-APEX config files. The APEX loads all the configs by default, which the HAl picks from. +PRODUCT_COPY_FILES += \ + hardware/google/camera/devices/EmulatedCamera/hwl/configs/emu_camera_back.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/emu_camera_back.json \ + hardware/google/camera/devices/EmulatedCamera/hwl/configs/emu_camera_front.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/emu_camera_front.json \ + hardware/google/camera/devices/EmulatedCamera/hwl/configs/emu_camera_depth.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/emu_camera_depth.json diff --git a/shared/camera/device_vendor.mk b/shared/camera/device_vendor.mk index 600c705be..599c32fe4 100644 --- a/shared/camera/device_vendor.mk +++ b/shared/camera/device_vendor.mk @@ -14,14 +14,20 @@ # limitations under the License. # -PRODUCT_VENDOR_PROPERTIES += \ - ro.camerax.extensions.enabled=true - # Enable Camera Extension sample ifeq ($(TARGET_USE_CAMERA_ADVANCED_EXTENSION_SAMPLE),true) PRODUCT_PACKAGES += \ androidx.camera.extensions.impl.advanced advancedSample_camera_extensions.xml \ libencoderjpeg_jni + +PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \ + system/app/EyesFreeVidService/EyesFreeVidService.apk + +PRODUCT_PACKAGES += EyesFreeVidService + +PRODUCT_VENDOR_PROPERTIES += \ + ro.vendor.camera.extensions.package=android.camera.extensions.impl.service \ + ro.vendor.camera.extensions.service=android.camera.extensions.impl.service.EyesFreeVidService else PRODUCT_PACKAGES += androidx.camera.extensions.impl sample_camera_extensions.xml endif @@ -44,23 +50,6 @@ $(call soong_config_set,lyric,camera_hardware,cuttlefish) $(call soong_config_set,lyric,tuning_product,cuttlefish) $(call soong_config_set,google3a_config,target_device,cuttlefish) -PRODUCT_COPY_FILES += \ - frameworks/native/data/etc/android.hardware.camera.concurrent.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.concurrent.xml \ - frameworks/native/data/etc/android.hardware.camera.flash-autofocus.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.flash-autofocus.xml \ - frameworks/native/data/etc/android.hardware.camera.front.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.front.xml \ - frameworks/native/data/etc/android.hardware.camera.full.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.full.xml \ - frameworks/native/data/etc/android.hardware.camera.raw.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.raw.xml \ - -ifeq ($(PRODUCT_IS_ATV_CF),true) - PRODUCT_COPY_FILES += \ - hardware/google/camera/devices/EmulatedCamera/hwl/configs/emu_camera_front.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/emu_camera_front.json -else - PRODUCT_COPY_FILES += \ - hardware/google/camera/devices/EmulatedCamera/hwl/configs/emu_camera_back.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/emu_camera_back.json \ - hardware/google/camera/devices/EmulatedCamera/hwl/configs/emu_camera_front.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/emu_camera_front.json \ - hardware/google/camera/devices/EmulatedCamera/hwl/configs/emu_camera_depth.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/emu_camera_depth.json -endif - ifeq ($(TARGET_USE_VSOCK_CAMERA_HAL_IMPL),true) PRODUCT_PACKAGES += \ android.hardware.camera.provider@2.7-external-vsock-service \ diff --git a/shared/camera/sepolicy/hal_camera_default.te b/shared/camera/sepolicy/hal_camera_default.te index d1230177a..8783a4472 100644 --- a/shared/camera/sepolicy/hal_camera_default.te +++ b/shared/camera/sepolicy/hal_camera_default.te @@ -16,3 +16,7 @@ set_prop(hal_camera_default, vendor_camera_prop) # For observing apex file changes allow hal_camera_default apex_info_file:file r_file_perms; + +# Allow vendor files to define their own config. +set_prop(vendor_init, vendor_camera_config) +get_prop(domain, vendor_camera_config) diff --git a/shared/camera/sepolicy/property.te b/shared/camera/sepolicy/property.te index bb7a5b110..4bb4accf9 100644 --- a/shared/camera/sepolicy/property.te +++ b/shared/camera/sepolicy/property.te @@ -1 +1,2 @@ vendor_internal_prop(vendor_camera_prop) +vendor_restricted_prop(vendor_camera_config) diff --git a/shared/camera/sepolicy/property_contexts b/shared/camera/sepolicy/property_contexts index 3d6ebfb27..26abad973 100644 --- a/shared/camera/sepolicy/property_contexts +++ b/shared/camera/sepolicy/property_contexts @@ -1,2 +1,4 @@ persist.vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera. u:object_r:vendor_camera_prop:s0 + +ro.vendor.camera.config u:object_r:vendor_camera_config:s0 exact string diff --git a/shared/device.mk b/shared/device.mk index 4dd1de652..ff8ebbdfd 100644 --- a/shared/device.mk +++ b/shared/device.mk @@ -55,7 +55,7 @@ TARGET_USERDATAIMAGE_PARTITION_SIZE ?= 8589934592 TARGET_VULKAN_SUPPORT ?= true # Enable Virtual A/B -$(call inherit-product, $(SRC_TARGET_DIR)/product/virtual_ab_ota/android_t_baseline.mk) +$(call inherit-product, $(SRC_TARGET_DIR)/product/virtual_ab_ota/vabc_features.mk) PRODUCT_VIRTUAL_AB_COMPRESSION_METHOD := lz4 PRODUCT_VIRTUAL_AB_COW_VERSION := 3 @@ -315,12 +315,6 @@ PRODUCT_COPY_FILES += $(LOCAL_AUDIO_PRODUCT_COPY_FILES) DEVICE_PACKAGE_OVERLAYS += $(LOCAL_AUDIO_DEVICE_PACKAGE_OVERLAYS) # -# BiometricsFingerprint HAL (AIDL) -# -PRODUCT_PACKAGES += \ - com.android.hardware.biometrics.fingerprint.virtual - -# # Contexthub HAL # LOCAL_CONTEXTHUB_PRODUCT_PACKAGE ?= \ diff --git a/shared/go/device_vendor.mk b/shared/go/device_vendor.mk index 9822fc593..3e5eb8df1 100644 --- a/shared/go/device_vendor.mk +++ b/shared/go/device_vendor.mk @@ -26,7 +26,6 @@ PRODUCT_COPY_FILES += \ $(call inherit-product, frameworks/native/build/phone-xhdpi-2048-dalvik-heap.mk) $(call inherit-product, device/google/cuttlefish/shared/biometrics_face/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/bluetooth/device_vendor.mk) -$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/gnss/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/graphics/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/identity/device_vendor.mk) @@ -39,6 +38,10 @@ $(call inherit-product, device/google/cuttlefish/shared/sensors/device_vendor.mk $(call inherit-product, device/google/cuttlefish/shared/virgl/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/device.mk) +# Loads the camera HAL and which set of cameras is required. +$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) +$(call inherit-product, device/google/cuttlefish/shared/camera/config/standard.mk) + PRODUCT_PACKAGES += \ cuttlefish_phone_overlay_frameworks_base_core \ cuttlefish_go_phone_overlay_frameworks_base_core \ diff --git a/shared/graphics/device_vendor.mk b/shared/graphics/device_vendor.mk index 0bd21ad9a..2d01146ef 100644 --- a/shared/graphics/device_vendor.mk +++ b/shared/graphics/device_vendor.mk @@ -63,5 +63,4 @@ PRODUCT_PACKAGES += com.google.cf.gralloc PRODUCT_PACKAGES += \ android.hardware.graphics.allocator-service.minigbm \ - android.hardware.graphics.mapper@4.0-impl.minigbm \ mapper.minigbm diff --git a/shared/overlays/foldable/core/res/values/config.xml b/shared/overlays/foldable/core/res/values/config.xml index 6a2fdd5d4..0ac21a53e 100644 --- a/shared/overlays/foldable/core/res/values/config.xml +++ b/shared/overlays/foldable/core/res/values/config.xml @@ -76,7 +76,7 @@ <!-- Radius of the software rounded corners. --> <dimen name="rounded_corner_radius">34px</dimen> <!-- Whether to show Fold lock behavior setting feature in Settings App --> - <bool name="config_fold_lock_behavior">false</bool> + <bool name="config_fold_lock_behavior">true</bool> <!-- List of the labels of requestable device state config values --> <string-array name="config_deviceStatesAvailableForAppRequests"> diff --git a/shared/pc/device_vendor.mk b/shared/pc/device_vendor.mk index 83c082cf6..8ec1897d6 100644 --- a/shared/pc/device_vendor.mk +++ b/shared/pc/device_vendor.mk @@ -24,7 +24,6 @@ PRODUCT_COPY_FILES += \ $(call inherit-product, frameworks/native/build/tablet-7in-xhdpi-2048-dalvik-heap.mk) $(call inherit-product, device/google/cuttlefish/shared/bluetooth/device_vendor.mk) -$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/gnss/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/graphics/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/reboot_escrow/device_vendor.mk) @@ -34,4 +33,8 @@ $(call inherit-product, device/google/cuttlefish/shared/sensors/device_vendor.mk $(call inherit-product, device/google/cuttlefish/shared/virgl/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/device.mk) +# Loads the camera HAL and which set of cameras is required. +$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) +$(call inherit-product, device/google/cuttlefish/shared/camera/config/standard.mk) + DEVICE_PACKAGE_OVERLAYS += device/google/cuttlefish/shared/pc/overlay diff --git a/shared/phone/device_vendor.mk b/shared/phone/device_vendor.mk index a9be2ced5..678c640f8 100644 --- a/shared/phone/device_vendor.mk +++ b/shared/phone/device_vendor.mk @@ -25,8 +25,8 @@ PRODUCT_COPY_FILES += \ $(call inherit-product, frameworks/native/build/phone-xhdpi-2048-dalvik-heap.mk) $(call inherit-product, device/google/cuttlefish/shared/biometrics_face/device_vendor.mk) +$(call inherit-product, device/google/cuttlefish/shared/biometrics_fingerprint/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/bluetooth/device_vendor.mk) -$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/consumerir/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/gnss/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/graphics/device_vendor.mk) @@ -40,15 +40,18 @@ $(call inherit-product, device/google/cuttlefish/shared/sensors/device_vendor.mk $(call inherit-product, device/google/cuttlefish/shared/virgl/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/device.mk) +# Loads the camera HAL and which set of cameras is required. +$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) +$(call inherit-product, device/google/cuttlefish/shared/camera/config/standard.mk) + # Support mixing CF system onto previous versions of vendor -PRODUCT_EXTRA_VNDK_VERSIONS := 30 31 32 33 +PRODUCT_EXTRA_VNDK_VERSIONS := 30 31 32 33 34 TARGET_PRODUCT_PROP := $(LOCAL_PATH)/product.prop TARGET_VENDOR_PROP := $(LOCAL_PATH)/vendor.prop PRODUCT_COPY_FILES += \ frameworks/native/data/etc/android.hardware.touchscreen.multitouch.distinct.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.touchscreen.multitouch.distinct.xml \ - frameworks/native/data/etc/android.hardware.fingerprint.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.fingerprint.xml \ ifneq ($(TARGET_DISABLE_BIOMETRICS_FACE),true) PRODUCT_COPY_FILES += \ diff --git a/shared/slim/device_vendor.mk b/shared/slim/device_vendor.mk index e980edfb6..63005bb18 100644 --- a/shared/slim/device_vendor.mk +++ b/shared/slim/device_vendor.mk @@ -26,8 +26,8 @@ PRODUCT_PACKAGES += slim_excluded_hardware.prebuilt.xml $(call inherit-product, frameworks/native/build/phone-xhdpi-2048-dalvik-heap.mk) $(call inherit-product, device/google/cuttlefish/shared/biometrics_face/device_vendor.mk) +$(call inherit-product, device/google/cuttlefish/shared/biometrics_fingerprint/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/bluetooth/device_vendor.mk) -$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/consumerir/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/gnss/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/graphics/device_vendor.mk) @@ -41,12 +41,15 @@ $(call inherit-product, device/google/cuttlefish/shared/sensors/device_vendor.mk $(call inherit-product, device/google/cuttlefish/shared/virgl/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/device.mk) +# Loads the camera HAL and which set of cameras is required. +$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) +$(call inherit-product, device/google/cuttlefish/shared/camera/config/standard.mk) + PRODUCT_VENDOR_PROPERTIES += \ debug.hwui.drawing_enabled=0 \ PRODUCT_COPY_FILES += \ frameworks/native/data/etc/android.hardware.faketouch.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.faketouch.xml \ - frameworks/native/data/etc/android.hardware.fingerprint.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.fingerprint.xml \ # Runtime Resource Overlays PRODUCT_PACKAGES += \ diff --git a/guest/hals/wpa_supplicant/Android.bp b/shared/tablet/Android.bp index 888b6e049..83ae87d58 100644 --- a/guest/hals/wpa_supplicant/Android.bp +++ b/shared/tablet/Android.bp @@ -1,4 +1,5 @@ -// Copyright (C) 2021 The Android Open Source Project +// +// Copyright (C) 2023 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -13,15 +14,12 @@ // limitations under the License. package { - default_applicable_licenses: [ - "external_wpa_supplicant_8_license", - ], + default_applicable_licenses: ["Android-Apache-2.0"], } -cc_binary { - name: "wpa_supplicant_cf", - defaults: ["wpa_supplicant_defaults"], - static_libs: [ - "lib_driver_cmd_simulated_cf_bp", - ], -} +prebuilt_etc { + name: "tablet_excluded_hardware.prebuilt.xml", + src: "tablet_excluded_hardware.xml", + relative_install_path: "permissions", + soc_specific: true, +}
\ No newline at end of file diff --git a/shared/tablet/tablet_excluded_hardware.xml b/shared/tablet/tablet_excluded_hardware.xml new file mode 100644 index 000000000..901de8261 --- /dev/null +++ b/shared/tablet/tablet_excluded_hardware.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright 2023 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<permissions> + <!-- Tablet does not support autofocus --> + <unavailable-feature name="android.hardware.camera.autofocus" /> +</permissions>
\ No newline at end of file diff --git a/shared/tv/device_vendor.mk b/shared/tv/device_vendor.mk index 49e26cee5..77e6a493a 100644 --- a/shared/tv/device_vendor.mk +++ b/shared/tv/device_vendor.mk @@ -23,9 +23,13 @@ $(call inherit-product, frameworks/native/build/phone-xhdpi-2048-dalvik-heap.mk) $(call inherit-product, device/google/cuttlefish/shared/bluetooth/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/graphics/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/swiftshader/device_vendor.mk) -$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/virgl/device_vendor.mk) $(call inherit-product, device/google/cuttlefish/shared/device.mk) +$(call inherit-product, vendor/google/tv/gcbs/projects/reference-v4/dtvstack.mk) + +# Loads the camera HAL and which set of cameras is required. +$(call inherit-product, device/google/cuttlefish/shared/camera/device_vendor.mk) +$(call inherit-product, device/google/cuttlefish/shared/camera/config/external.mk) # Extend cuttlefish common sepolicy with tv-specific functionality BOARD_SEPOLICY_DIRS += device/google/cuttlefish/shared/tv/sepolicy/vendor @@ -58,7 +62,9 @@ PRODUCT_PACKAGES += \ android.hardware.tv.hdmi.earc-service # Setup HDMI CEC as Playback Device -PRODUCT_PROPERTY_OVERRIDES += ro.hdmi.device_type=4 +PRODUCT_PROPERTY_OVERRIDES += \ + ro.hdmi.device_type=4 \ + ro.hdmi.cec_device_types=playback_device # Tuner lazy HAL PRODUCT_PACKAGES += android.hardware.tv.tuner-service.example-lazy diff --git a/shared/tv/tv_excluded_hardware.xml b/shared/tv/tv_excluded_hardware.xml index 97b232c5c..64234e3e7 100644 --- a/shared/tv/tv_excluded_hardware.xml +++ b/shared/tv/tv_excluded_hardware.xml @@ -17,13 +17,16 @@ <!-- Excludes all non-default ATV CF features to comply with CTS --> <permissions> <!-- ATV CF needs some basic camera features to enable video calling, but can exclude some --> + <unavailable-feature name="android.hardware.camera" /> <unavailable-feature name="android.hardware.camera.ar" /> <unavailable-feature name="android.hardware.camera.autofocus" /> <unavailable-feature name="android.hardware.camera.concurrent" /> <unavailable-feature name="android.hardware.camera.flash" /> + <unavailable-feature name="android.hardware.camera.front" /> <unavailable-feature name="android.hardware.camera.level.full" /> <unavailable-feature name="android.hardware.camera.capability.manual_sensor" /> <unavailable-feature name="android.hardware.camera.capability.manual_post_processing" /> + <unavailable-feature name="android.hardware.camera.capability.raw" /> <!-- ATV CF is not designed to have telephony services by default --> <unavailable-feature name="android.hardware.telephony" /> diff --git a/shared/wear/aosp_vendor.mk b/shared/wear/aosp_vendor.mk index ef4cd2e07..9ce5d967b 100644 --- a/shared/wear/aosp_vendor.mk +++ b/shared/wear/aosp_vendor.mk @@ -39,5 +39,3 @@ ifneq (,$(filter eng, $(TARGET_BUILD_VARIANT))) endif TARGET_SYSTEM_PROP += device/google/cuttlefish/shared/wear/wearable-1024.prop - -TARGET_VNDK_USE_CORE_VARIANT := true diff --git a/shared/wear/overlays/core/res/values/config.xml b/shared/wear/overlays/core/res/values/config.xml index 6e6c1ec33..4a20b3a3f 100644 --- a/shared/wear/overlays/core/res/values/config.xml +++ b/shared/wear/overlays/core/res/values/config.xml @@ -40,6 +40,8 @@ <bool name="config_voice_capable">true</bool> <bool name="config_requireCallCapableAccountForHandle">true</bool> <bool name="config_enableWallpaperService">true</bool> + <!-- Wallpaper will get top app scheduling priority if this is set to true.--> + <bool name="config_wallpaperTopApp">true</bool> <bool name="config_dreamsSupported">false</bool> <!--<bool name="config_suspendWhenScreenOffDueToProximity">true</bool>--> <!--<bool name="config_powerDecoupleAutoSuspendModeFromDisplay">true</bool>--> @@ -91,8 +93,6 @@ <integer name="config_triplePressOnStemPrimaryBehavior">1</integer> <integer name="config_doublePressOnPowerBehavior">3</integer> <integer name="config_veryLongPressTimeout">3000</integer> - <integer name="config_mashPressOnPowerBehavior">1</integer> - <integer name="config_mashPressVibrateTimeOnPowerButton">500</integer> <item name="config_wallpaperMinScale" format="float" type="dimen">0</item> <item name="config_wallpaperMaxScale" format="float" type="dimen">1</item> <bool name="config_alwaysScaleWallpaper">true</bool> @@ -107,6 +107,10 @@ <item>0</item> <item>0</item> <item>0</item> + <item>0</item> + <item>0</item> + <item>0</item> + <item>0</item> <item>6350</item> </integer-array> <bool name="config_preventTranslucentTaskTransitUpdateToActivity">true</bool> @@ -114,6 +118,17 @@ <bool name="config_telephonySingleSimDefaultSubscription">false</bool> <bool name="config_disableTaskSnapshots">true</bool> + <!-- Restrict Wear to single user --> + <integer name="config_multiuserMaximumUsers">1</integer> + <bool name="config_windowIsRound">true</bool> + <!-- Package name of the required service extension package. --> <string name="config_servicesExtensionPackage" translatable="false">android.ext.services</string> + + <!-- The name of the package that will hold the assistant role by default. --> + <string name="config_defaultAssistant" translatable="false">com.google.android.wearable.assistant</string> + + <!-- Colon separated list of package names that should be granted Notification Listener access --> + <string name="config_defaultListenerAccessPackages" translatable="false">com.google.android.wearable.media.sessions:com.google.wear.services</string> + </resources> diff --git a/tests/hal/hal_implementation_test.cpp b/tests/hal/hal_implementation_test.cpp index 0343ffde3..71439b584 100644 --- a/tests/hal/hal_implementation_test.cpp +++ b/tests/hal/hal_implementation_test.cpp @@ -100,6 +100,7 @@ static const std::set<std::string> kKnownMissingHidl = { "android.hardware.graphics.composer@2.4", // converted to AIDL, see b/193240715 "android.hardware.graphics.mapper@2.1", "android.hardware.graphics.mapper@3.0", + "android.hardware.graphics.mapper@4.0", // converted to Stable C, see b/205761028 "android.hardware.health.storage@1.0", // converted to AIDL, see b/177470478 "android.hardware.health@2.1", // converted to AIDL, see b/177269435 "android.hardware.input.classifier@1.0", // converted to AIDL, see b/205761620 @@ -168,6 +169,7 @@ static const std::set<std::string> kAutomotiveOnlyAidl = { */ "android.automotive.watchdog", "android.frameworks.automotive.display", + "android.frameworks.automotive.powerpolicy", "android.frameworks.automotive.powerpolicy.internal", "android.frameworks.automotive.telemetry", "android.hardware.automotive.audiocontrol", @@ -176,6 +178,8 @@ static const std::set<std::string> kAutomotiveOnlyAidl = { "android.hardware.automotive.occupant_awareness", "android.hardware.automotive.remoteaccess", "android.hardware.automotive.vehicle", + "android.hardware.automotive.ivn", + "android.hardware.macsec", }; static const std::set<std::string> kTvOnlyAidl = { @@ -196,6 +200,9 @@ static const std::set<std::string> kRadioOnlyAidl = { "android.hardware.radio.messaging", "android.hardware.radio.modem", "android.hardware.radio.network", "android.hardware.radio.sap", "android.hardware.radio.sim", "android.hardware.radio.voice", + "android.hardware.radio.ims", "android.hardware.radio.ims.media", + "android.hardware.radio.satellite", + }; /* @@ -219,6 +226,7 @@ static const std::set<std::string> kAlwaysMissingAidl = { "android.media.audio.common.types", "android.hardware.radio", "android.hardware.uwb.fira_android", + "android.hardware.wifi.common", "android.hardware.keymaster", "android.hardware.automotive.vehicle.property", // not on Cuttlefish since it's needed only on systems using HIDL audio HAL @@ -260,9 +268,7 @@ static const std::vector<VersionedAidlPackage> kKnownMissingAidl = { {"android.automotive.computepipe.registry.", 2, 273549907}, {"android.automotive.computepipe.runner.", 2, 273549907}, - {"android.frameworks.automotive.powerpolicy.", 2, 274160980}, {"android.hardware.automotive.evs.", 2, 274162534}, - {"android.hardware.automotive.ivn.", 1, 274139217}, }; // android.hardware.foo.IFoo -> android.hardware.foo. diff --git a/tools/launch_cvd_arm64_server.sh b/tools/launch_cvd_arm64_server.sh index 60c7a4966..8bfea1fd3 100755 --- a/tools/launch_cvd_arm64_server.sh +++ b/tools/launch_cvd_arm64_server.sh @@ -17,19 +17,29 @@ color_cyan="\033[0;36m" color_plain="\033[0m" color_yellow="\033[0;33m" -# validate number of arguments to equal 3 -if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then - echo "This script requires 2 mandatory and 1 optional parameters, server address, base instance number and optionally number of instances to invoke" +# validate number of arguments to between 2 and 4 +if [ "$#" -lt 2 ] || [ "$#" -gt 4 ]; then + echo "This script requires 2 mandatory and 2 optional parameters:" + echo "Mandatory: server address, base instance number." + echo "Optional: the number of instances to invoke, the path to a vendor debug ramdisk image." + echo "For example: ./launch_cvd_arm64_server.sh user@<ip> 10 1 ./vendor_boot-debug.img" exit 1 fi # map arguments to variables server=$1 base_instance_num=$2 -if [ "$#" -eq 3 ]; then - num_instances=$3 +if [ "$#" -gt 2 ]; then + num_instances=$3 else - num_instances=1 + num_instances=1 +fi +if [ "$#" -eq 4 ]; then + vendor_boot_debug_image=$4 + vendor_boot_debug_flag="--vendor_boot_image=$(basename $4)" +else + vendor_boot_debug_image="" + vendor_boot_debug_flag="" fi # set img_dir and cvd_host_tool_dir @@ -50,6 +60,10 @@ if [ -f $img_dir/required_images ]; then else rsync -aSvch --recursive $img_dir/bootloader $img_dir/*.img $server:~/$cvd_home_dir --info=progress2 fi +if [ ! -z "$vendor_boot_debug_image" ]; then + echo "use the debug ramdisk image: $vendor_boot_debug_image" + rsync -Svch $vendor_boot_debug_image $server:~/$cvd_home_dir --info=progress2 +fi # copy the cvd host package if [ -d $cvd_host_tool_dir/cvd-host_package ]; then @@ -79,7 +93,7 @@ instance_ids_flag="--base_instance_num=$base_instance_num \ --num_instances=$num_instances" echo -e "${color_cyan}Booting the cuttlefish instances${color_plain}" ssh $server \ - -t "cd ~/$cvd_home_dir && HOME=~/$cvd_home_dir bin/launch_cvd $instance_ids_flag $daemon_flag" + -t "cd ~/$cvd_home_dir && HOME=~/$cvd_home_dir bin/launch_cvd $instance_ids_flag $daemon_flag $vendor_boot_debug_flag" # Web UI port is 2443 instead 1443 because there could be a running operator in this machine as well. web_ui_port=2443 diff --git a/tools/launch_cvd_arm64_server_docker.sh b/tools/launch_cvd_arm64_server_docker.sh index 81354f20b..7bd520c85 100755 --- a/tools/launch_cvd_arm64_server_docker.sh +++ b/tools/launch_cvd_arm64_server_docker.sh @@ -123,6 +123,7 @@ ssh $server \ echo -e "Done" # start Cuttlefish instance on top of docker instance +# TODO(b/317942272): support starting the instance with an optional vendor boot debug image. echo -e "Starting Cuttlefish" ssh $server "curl -s -k -X POST $host_orchestrator_url/cvds \ -H 'Content-Type: application/json' \ diff --git a/vsoc_x86/BoardConfig.mk b/vsoc_x86/BoardConfig.mk index f57c379a1..61abe4fd7 100644 --- a/vsoc_x86/BoardConfig.mk +++ b/vsoc_x86/BoardConfig.mk @@ -47,3 +47,4 @@ TARGET_KERNEL_ARCH := x86_64 -include device/google/cuttlefish/shared/telephony/BoardConfig.mk -include device/google/cuttlefish/shared/vibrator/BoardConfig.mk -include device/google/cuttlefish/shared/virgl/BoardConfig.mk +-include vendor/google/tv/gcbs/projects/reference-v4/dtvBoardConfig.mk |