summaryrefslogtreecommitdiffstats
path: root/trusty
diff options
context:
space:
mode:
authorXin Li2017-11-14 14:12:57 -0600
committerXin Li2017-11-14 15:19:45 -0600
commit23e27db576d06761363365494327baf062468a66 (patch)
treecc76a40025c2189fc70dd6edd4a0eba251fd7b44 /trusty
parentea41bcf7a3a9095feb39cc6bd37d865c2eec3c36 (diff)
parenta63ccea6abc7ea02e2d98e41c80793ca97237bd3 (diff)
downloadplatform-system-core-23e27db576d06761363365494327baf062468a66.tar.gz
platform-system-core-23e27db576d06761363365494327baf062468a66.tar.xz
platform-system-core-23e27db576d06761363365494327baf062468a66.zip
Merge commit 'a63ccea6abc7ea02e2d98e41c80793ca97237bd3' from
oc-mr1-dev-plus-aosp into stage-aosp-master Change-Id: Ia33311cd1fd26dfaea59a69317b306fb91203c40 Merged-In: I03d06b10807e8a313c9654c2e1db36bfb59e3f99
Diffstat (limited to 'trusty')
-rw-r--r--trusty/Android.bp1
-rw-r--r--trusty/gatekeeper/Android.bp2
-rw-r--r--trusty/keymaster/Android.bp3
-rw-r--r--trusty/libtrusty/Android.bp1
-rw-r--r--trusty/libtrusty/tipc-test/Android.bp6
-rw-r--r--trusty/nvram/Android.bp61
-rw-r--r--trusty/nvram/module.c39
-rw-r--r--trusty/nvram/nvram_wipe.cpp66
-rw-r--r--trusty/nvram/trusty_nvram_device.cpp34
-rw-r--r--trusty/nvram/trusty_nvram_implementation.cpp113
-rw-r--r--trusty/nvram/trusty_nvram_implementation.h59
-rw-r--r--trusty/storage/interface/Android.bp1
-rw-r--r--trusty/storage/lib/Android.bp5
-rw-r--r--trusty/storage/proxy/Android.bp2
-rw-r--r--trusty/storage/proxy/proxy.c2
-rw-r--r--trusty/storage/tests/Android.bp3
16 files changed, 21 insertions, 377 deletions
diff --git a/trusty/Android.bp b/trusty/Android.bp
index 386fbe623..2fb2e194b 100644
--- a/trusty/Android.bp
+++ b/trusty/Android.bp
@@ -2,6 +2,5 @@ subdirs = [
2 "gatekeeper", 2 "gatekeeper",
3 "keymaster", 3 "keymaster",
4 "libtrusty", 4 "libtrusty",
5 "nvram",
6 "storage/*", 5 "storage/*",
7] 6]
diff --git a/trusty/gatekeeper/Android.bp b/trusty/gatekeeper/Android.bp
index a9566a17e..65b271a79 100644
--- a/trusty/gatekeeper/Android.bp
+++ b/trusty/gatekeeper/Android.bp
@@ -22,6 +22,7 @@
22 22
23cc_library_shared { 23cc_library_shared {
24 name: "gatekeeper.trusty", 24 name: "gatekeeper.trusty",
25 vendor: true,
25 26
26 relative_install_path: "hw", 27 relative_install_path: "hw",
27 28
@@ -43,4 +44,5 @@ cc_library_shared {
43 "libcutils", 44 "libcutils",
44 "libtrusty", 45 "libtrusty",
45 ], 46 ],
47 header_libs: ["libhardware_headers"],
46} 48}
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 773568499..322a63d28 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -25,6 +25,7 @@
25// and ECDSA keys. 25// and ECDSA keys.
26cc_binary { 26cc_binary {
27 name: "trusty_keymaster_tipc", 27 name: "trusty_keymaster_tipc",
28 vendor: true,
28 srcs: [ 29 srcs: [
29 "trusty_keymaster_device.cpp", 30 "trusty_keymaster_device.cpp",
30 "trusty_keymaster_ipc.cpp", 31 "trusty_keymaster_ipc.cpp",
@@ -46,6 +47,7 @@ cc_binary {
46// keystore.trusty is the HAL used by keystore on Trusty devices. 47// keystore.trusty is the HAL used by keystore on Trusty devices.
47cc_library_shared { 48cc_library_shared {
48 name: "keystore.trusty", 49 name: "keystore.trusty",
50 vendor: true,
49 relative_install_path: "hw", 51 relative_install_path: "hw",
50 srcs: [ 52 srcs: [
51 "module.cpp", 53 "module.cpp",
@@ -66,4 +68,5 @@ cc_library_shared {
66 "liblog", 68 "liblog",
67 "libcutils", 69 "libcutils",
68 ], 70 ],
71 header_libs: ["libhardware_headers"],
69} 72}
diff --git a/trusty/libtrusty/Android.bp b/trusty/libtrusty/Android.bp
index 1a8db2f90..c48deed1c 100644
--- a/trusty/libtrusty/Android.bp
+++ b/trusty/libtrusty/Android.bp
@@ -18,6 +18,7 @@ subdirs = [
18 18
19cc_library { 19cc_library {
20 name: "libtrusty", 20 name: "libtrusty",
21 vendor: true,
21 22
22 srcs: ["trusty.c"], 23 srcs: ["trusty.c"],
23 export_include_dirs: ["include"], 24 export_include_dirs: ["include"],
diff --git a/trusty/libtrusty/tipc-test/Android.bp b/trusty/libtrusty/tipc-test/Android.bp
index 6ec8c23f7..1e8467f0f 100644
--- a/trusty/libtrusty/tipc-test/Android.bp
+++ b/trusty/libtrusty/tipc-test/Android.bp
@@ -14,12 +14,14 @@
14 14
15cc_test { 15cc_test {
16 name: "tipc-test", 16 name: "tipc-test",
17 static_executable: true, 17 vendor: true,
18 18
19 srcs: ["tipc_test.c"], 19 srcs: ["tipc_test.c"],
20 static_libs: [ 20 static_libs: [
21 "libc",
22 "libtrusty", 21 "libtrusty",
22 ],
23 shared_libs: [
24 "libc",
23 "liblog", 25 "liblog",
24 ], 26 ],
25 gtest: false, 27 gtest: false,
diff --git a/trusty/nvram/Android.bp b/trusty/nvram/Android.bp
deleted file mode 100644
index 15e6c3e5e..000000000
--- a/trusty/nvram/Android.bp
+++ /dev/null
@@ -1,61 +0,0 @@
1//
2// Copyright (C) 2016 The Android Open-Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
16
17// nvram.trusty is the Trusty NVRAM HAL module.
18cc_library_shared {
19 name: "nvram.trusty",
20 relative_install_path: "hw",
21 srcs: [
22 "module.c",
23 "trusty_nvram_device.cpp",
24 "trusty_nvram_implementation.cpp",
25 ],
26
27 cflags: [
28 "-Wall",
29 "-Werror",
30 "-Wextra",
31 "-fvisibility=hidden",
32 ],
33 static_libs: ["libnvram-hal"],
34 shared_libs: [
35 "libtrusty",
36 "libnvram-messages",
37 "liblog",
38 ],
39}
40
41// nvram-wipe is a helper tool for clearing NVRAM state.
42cc_binary {
43 name: "nvram-wipe",
44 srcs: [
45 "nvram_wipe.cpp",
46 "trusty_nvram_implementation.cpp",
47 ],
48
49 cflags: [
50 "-Wall",
51 "-Werror",
52 "-Wextra",
53 "-fvisibility=hidden",
54 ],
55 static_libs: ["libnvram-hal"],
56 shared_libs: [
57 "libtrusty",
58 "libnvram-messages",
59 "liblog",
60 ],
61}
diff --git a/trusty/nvram/module.c b/trusty/nvram/module.c
deleted file mode 100644
index a2e64d372..000000000
--- a/trusty/nvram/module.c
+++ /dev/null
@@ -1,39 +0,0 @@
1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <hardware/nvram.h>
18
19// This function is defined in trusty_nvram_device.cpp.
20int trusty_nvram_open(const hw_module_t* module,
21 const char* device_id,
22 hw_device_t** device_ptr);
23
24static struct hw_module_methods_t nvram_module_methods = {
25 .open = trusty_nvram_open,
26};
27
28struct nvram_module HAL_MODULE_INFO_SYM
29 __attribute__((visibility("default"))) = {
30 .common = {.tag = HARDWARE_MODULE_TAG,
31 .module_api_version = NVRAM_MODULE_API_VERSION_0_1,
32 .hal_api_version = HARDWARE_HAL_API_VERSION,
33 .id = NVRAM_HARDWARE_MODULE_ID,
34 .name = "Trusty NVRAM HAL",
35 .author = "The Android Open Source Project",
36 .methods = &nvram_module_methods,
37 .dso = 0,
38 .reserved = {}},
39};
diff --git a/trusty/nvram/nvram_wipe.cpp b/trusty/nvram/nvram_wipe.cpp
deleted file mode 100644
index d0f4faded..000000000
--- a/trusty/nvram/nvram_wipe.cpp
+++ /dev/null
@@ -1,66 +0,0 @@
1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include <nvram/messages/nvram_messages.h>
22
23#include "trusty_nvram_implementation.h"
24
25void usage(const char* program_name) {
26 fprintf(stderr, "Usage: %s [status|disable|wipe]\n", program_name);
27 exit(-1);
28}
29
30int main(int argc, char* argv[]) {
31 if (argc < 2) {
32 usage(argv[0]);
33 }
34
35 nvram::TrustyNvramImplementation nvram_proxy;
36 nvram::Request request;
37 nvram::Response response;
38
39 if (!strcmp(argv[1], "status")) {
40 request.payload.Activate<nvram::COMMAND_GET_INFO>();
41 nvram_proxy.Execute(request, &response);
42 const nvram::GetInfoResponse* get_info_response =
43 response.payload.get<nvram::COMMAND_GET_INFO>();
44 if (response.result == NV_RESULT_SUCCESS) {
45 int status = get_info_response && get_info_response->wipe_disabled;
46 printf("Wiping disabled: %d\n", status);
47 return status;
48 }
49 } else if (!strcmp(argv[1], "disable")) {
50 request.payload.Activate<nvram::COMMAND_DISABLE_WIPE>();
51 nvram_proxy.Execute(request, &response);
52 } else if (!strcmp(argv[1], "wipe")) {
53 request.payload.Activate<nvram::COMMAND_WIPE_STORAGE>();
54 nvram_proxy.Execute(request, &response);
55 } else {
56 usage(argv[0]);
57 }
58
59 if (response.result != NV_RESULT_SUCCESS) {
60 fprintf(stderr, "Command execution failure: %u\n", response.result);
61 return -1;
62 }
63
64 return 0;
65}
66
diff --git a/trusty/nvram/trusty_nvram_device.cpp b/trusty/nvram/trusty_nvram_device.cpp
deleted file mode 100644
index 82a122870..000000000
--- a/trusty/nvram/trusty_nvram_device.cpp
+++ /dev/null
@@ -1,34 +0,0 @@
1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <errno.h>
18
19#include <nvram/hal/nvram_device_adapter.h>
20
21#include "trusty_nvram_implementation.h"
22
23extern "C" int trusty_nvram_open(const hw_module_t* module,
24 const char* device_id,
25 hw_device_t** device_ptr) {
26 if (strcmp(NVRAM_HARDWARE_DEVICE_ID, device_id) != 0) {
27 return -EINVAL;
28 }
29
30 nvram::NvramDeviceAdapter* adapter = new nvram::NvramDeviceAdapter(
31 module, new nvram::TrustyNvramImplementation);
32 *device_ptr = adapter->as_device();
33 return 0;
34}
diff --git a/trusty/nvram/trusty_nvram_implementation.cpp b/trusty/nvram/trusty_nvram_implementation.cpp
deleted file mode 100644
index 9215c8502..000000000
--- a/trusty/nvram/trusty_nvram_implementation.cpp
+++ /dev/null
@@ -1,113 +0,0 @@
1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "TrustyNVRAM"
18
19#include "trusty_nvram_implementation.h"
20
21#include <errno.h>
22#include <string.h>
23#include <unistd.h>
24
25#include <hardware/nvram.h>
26#include <log/log.h>
27#include <trusty/tipc.h>
28
29#include <nvram/messages/blob.h>
30
31namespace nvram {
32namespace {
33
34// Character device to open for Trusty IPC connections.
35const char kTrustyDeviceName[] = "/dev/trusty-ipc-dev0";
36
37// App identifier of the NVRAM app.
38const char kTrustyNvramAppId[] = "com.android.trusty.nvram";
39
40} // namespace
41
42TrustyNvramImplementation::~TrustyNvramImplementation() {
43 if (tipc_nvram_fd_ != -1) {
44 tipc_close(tipc_nvram_fd_);
45 tipc_nvram_fd_ = -1;
46 }
47}
48
49void TrustyNvramImplementation::Execute(const nvram::Request& request,
50 nvram::Response* response) {
51 if (!SendRequest(request, response)) {
52 response->result = NV_RESULT_INTERNAL_ERROR;
53 }
54}
55
56bool TrustyNvramImplementation::Connect() {
57 if (tipc_nvram_fd_ != -1) {
58 return true;
59 }
60
61 int rc = tipc_connect(kTrustyDeviceName, kTrustyNvramAppId);
62 if (rc < 0) {
63 ALOGE("Failed to connect to Trusty NVRAM app: %s\n", strerror(-rc));
64 return false;
65 }
66
67 tipc_nvram_fd_ = rc;
68 return true;
69}
70
71bool TrustyNvramImplementation::SendRequest(const nvram::Request& request,
72 nvram::Response* response) {
73 if (!Connect()) {
74 return false;
75 }
76
77 nvram::Blob request_buffer;
78 if (!nvram::Encode(request, &request_buffer)) {
79 ALOGE("Failed to encode NVRAM request.\n");
80 return false;
81 }
82
83 ssize_t rc =
84 write(tipc_nvram_fd_, request_buffer.data(), request_buffer.size());
85 if (rc < 0) {
86 ALOGE("Failed to send NVRAM request: %s\n", strerror(-rc));
87 return false;
88 }
89 if (static_cast<size_t>(rc) != request_buffer.size()) {
90 ALOGE("Failed to send full request buffer: %zd\n", rc);
91 return false;
92 }
93
94 rc = read(tipc_nvram_fd_, response_buffer_, sizeof(response_buffer_));
95 if (rc < 0) {
96 ALOGE("Failed to read NVRAM response: %s\n", strerror(-rc));
97 return false;
98 }
99
100 if (static_cast<size_t>(rc) >= sizeof(response_buffer_)) {
101 ALOGE("NVRAM response exceeds response buffer size.\n");
102 return false;
103 }
104
105 if (!nvram::Decode(response_buffer_, static_cast<size_t>(rc), response)) {
106 ALOGE("Failed to decode NVRAM response.\n");
107 return false;
108 }
109
110 return true;
111}
112
113} // namespace nvram
diff --git a/trusty/nvram/trusty_nvram_implementation.h b/trusty/nvram/trusty_nvram_implementation.h
deleted file mode 100644
index 60758f7fb..000000000
--- a/trusty/nvram/trusty_nvram_implementation.h
+++ /dev/null
@@ -1,59 +0,0 @@
1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_
18#define TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_
19
20#include <stdint.h>
21
22#include <nvram/hal/nvram_device_adapter.h>
23#include <nvram/messages/nvram_messages.h>
24
25namespace nvram {
26
27// |TrustyNvramImplementation| proxies requests to the Trusty NVRAM app. It
28// serializes the request objects, sends it to the Trusty app and finally reads
29// back the result and decodes it.
30class TrustyNvramImplementation : public nvram::NvramImplementation {
31 public:
32 ~TrustyNvramImplementation() override;
33
34 void Execute(const nvram::Request& request,
35 nvram::Response* response) override;
36
37 private:
38 // Connects the IPC channel to the Trusty app if it is not already open.
39 // Returns true if the channel is open, false on errors.
40 bool Connect();
41
42 // Dispatches a command to the trust app. Returns true if successful (note
43 // that the response may still indicate an error on the Trusty side), false if
44 // there are any I/O or encoding/decoding errors.
45 bool SendRequest(const nvram::Request& request,
46 nvram::Response* response);
47
48 // The file descriptor for the IPC connection to the Trusty app.
49 int tipc_nvram_fd_ = -1;
50
51 // Response buffer. This puts a hard size limit on the responses from the
52 // Trusty app. 4096 matches the maximum IPC message size currently supported
53 // by Trusty.
54 uint8_t response_buffer_[4096];
55};
56
57} // namespace nvram
58
59#endif // TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_
diff --git a/trusty/storage/interface/Android.bp b/trusty/storage/interface/Android.bp
index a551c37aa..18b4a5f90 100644
--- a/trusty/storage/interface/Android.bp
+++ b/trusty/storage/interface/Android.bp
@@ -16,5 +16,6 @@
16 16
17cc_library_static { 17cc_library_static {
18 name: "libtrustystorageinterface", 18 name: "libtrustystorageinterface",
19 vendor: true,
19 export_include_dirs: ["include"], 20 export_include_dirs: ["include"],
20} 21}
diff --git a/trusty/storage/lib/Android.bp b/trusty/storage/lib/Android.bp
index 5eb3f0778..4e41674bd 100644
--- a/trusty/storage/lib/Android.bp
+++ b/trusty/storage/lib/Android.bp
@@ -16,16 +16,19 @@
16 16
17cc_library_static { 17cc_library_static {
18 name: "libtrustystorage", 18 name: "libtrustystorage",
19 vendor: true,
19 20
20 srcs: ["storage.c"], 21 srcs: ["storage.c"],
21 22
22 export_include_dirs: ["include"], 23 export_include_dirs: ["include"],
23 24
24 static_libs: [ 25 static_libs: [
25 "liblog",
26 "libtrusty", 26 "libtrusty",
27 "libtrustystorageinterface", 27 "libtrustystorageinterface",
28 ], 28 ],
29 shared_libs: [
30 "liblog",
31 ],
29 32
30 cflags: [ 33 cflags: [
31 "-fvisibility=hidden", 34 "-fvisibility=hidden",
diff --git a/trusty/storage/proxy/Android.bp b/trusty/storage/proxy/Android.bp
index eb34df014..da8542d5a 100644
--- a/trusty/storage/proxy/Android.bp
+++ b/trusty/storage/proxy/Android.bp
@@ -16,6 +16,7 @@
16 16
17cc_binary { 17cc_binary {
18 name: "storageproxyd", 18 name: "storageproxyd",
19 vendor: true,
19 20
20 srcs: [ 21 srcs: [
21 "ipc.c", 22 "ipc.c",
@@ -25,6 +26,7 @@ cc_binary {
25 ], 26 ],
26 27
27 shared_libs: ["liblog"], 28 shared_libs: ["liblog"],
29 header_libs: ["libcutils_headers"],
28 30
29 static_libs: [ 31 static_libs: [
30 "libtrustystorageinterface", 32 "libtrustystorageinterface",
diff --git a/trusty/storage/proxy/proxy.c b/trusty/storage/proxy/proxy.c
index 27e58917f..41263e5df 100644
--- a/trusty/storage/proxy/proxy.c
+++ b/trusty/storage/proxy/proxy.c
@@ -24,7 +24,7 @@
24#include <sys/stat.h> 24#include <sys/stat.h>
25#include <unistd.h> 25#include <unistd.h>
26 26
27#include <private/android_filesystem_config.h> 27#include <cutils/android_filesystem_config.h>
28 28
29#include "ipc.h" 29#include "ipc.h"
30#include "log.h" 30#include "log.h"
diff --git a/trusty/storage/tests/Android.bp b/trusty/storage/tests/Android.bp
index 1e4fced8f..536c3ca7a 100644
--- a/trusty/storage/tests/Android.bp
+++ b/trusty/storage/tests/Android.bp
@@ -16,6 +16,7 @@
16 16
17cc_test { 17cc_test {
18 name: "secure-storage-unit-test", 18 name: "secure-storage-unit-test",
19 vendor: true,
19 20
20 cflags: [ 21 cflags: [
21 "-g", 22 "-g",
@@ -28,6 +29,8 @@ cc_test {
28 "libtrustystorageinterface", 29 "libtrustystorageinterface",
29 "libtrustystorage", 30 "libtrustystorage",
30 "libtrusty", 31 "libtrusty",
32 ],
33 shared_libs: [
31 "liblog", 34 "liblog",
32 ], 35 ],
33 36