Snap for 10453563 from 67a62014717e45d94f35716bd39934d38b827dcf to mainline-ipsec-release
Change-Id: I6bde586ead4bd9c1dfd908c39e6e277a39c3acb9
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 903cb3d..89cd1f1 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -40,7 +40,7 @@
TARGET_USERIMAGES_USE_EXT4 := true
BOARD_SYSTEMIMAGE_PARTITION_SIZE := 536870912 # 512M
-BOARD_USERDATAIMAGE_PARTITION_SIZE := 134217728 # 128M
+BOARD_USERDATAIMAGE_PARTITION_SIZE := 268435456 # 256M
TARGET_COPY_OUT_VENDOR := vendor
# ~100 MB vendor image. Please adjust system image / vendor image sizes
# when finalizing them.
@@ -48,14 +48,12 @@
BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4
BOARD_FLASH_BLOCK_SIZE := 512
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
-DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
# Enable A/B update
TARGET_NO_RECOVERY := true
-BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
# Specify HALs
DEVICE_MANIFEST_FILE := device/generic/trusty/manifest.xml
diff --git a/init.qemu_trusty.rc b/init.qemu_trusty.rc
index a7c605d..d31d2f2 100644
--- a/init.qemu_trusty.rc
+++ b/init.qemu_trusty.rc
@@ -8,6 +8,7 @@
setprop vold.post_fs_data_done 1
# The storage proxy is a vendor binary, and so cannot access /data/ss
mkdir /data/vendor/ss 700 system system
+ mkdir /data/vendor/ss/persist 0770 system system
enable storageproxyd
on boot
@@ -111,4 +112,4 @@
-r /dev/vport3p1 -p /data/vendor/ss -t virt
class main
disabled
- user root
+ user system
diff --git a/manifest.xml b/manifest.xml
index d3cbdb2..abe0a91 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -1,4 +1,4 @@
-<manifest version="1.0" type="device" target-level="3">
+<manifest version="1.0" type="device" target-level="4">
<hal format="hidl">
<name>android.hardware.drm</name>
<transport>hwbinder</transport>
@@ -17,7 +17,7 @@
<hal format="hidl">
<name>android.hardware.audio.effect</name>
<transport>hwbinder</transport>
- <version>4.0</version>
+ <version>5.0</version>
<interface>
<name>IEffectsFactory</name>
<instance>default</instance>
@@ -44,7 +44,7 @@
<hal format="hidl">
<name>android.hardware.audio</name>
<transport>hwbinder</transport>
- <version>4.0</version>
+ <version>5.0</version>
<interface>
<name>IDevicesFactory</name>
<instance>default</instance>
@@ -62,7 +62,7 @@
<hal format="hidl">
<name>android.hardware.graphics.mapper</name>
<transport arch="32+64">passthrough</transport>
- <version>2.0</version>
+ <version>2.1</version>
<interface>
<name>IMapper</name>
<instance>default</instance>
diff --git a/qemu_trusty_base.mk b/qemu_trusty_base.mk
index c3ac377..00ed815 100644
--- a/qemu_trusty_base.mk
+++ b/qemu_trusty_base.mk
@@ -28,8 +28,9 @@
adbd_system_api \
android.hardware.confirmationui@1.0-service.trusty \
android.hidl.allocator@1.0-service \
- android.system.suspend@1.0-service \
+ android.system.suspend-service \
apexd \
+ cgroups.json \
com.android.art \
com.android.i18n \
com.android.runtime \
@@ -40,6 +41,7 @@
init_vendor \
init.environ.rc \
keymaster_soft_wrapped_attestation_keys.xml \
+ keystore2 \
libandroid_servers \
libc.bootstrap \
libdl.bootstrap \
@@ -47,7 +49,6 @@
libm.bootstrap \
linker \
linker64 \
- linkerconfig \
logcat \
logd \
logwrapper \
@@ -111,6 +112,7 @@
device/generic/trusty/fstab.ranchu:root/fstab.qemu_trusty \
device/generic/trusty/init.qemu_trusty.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.qemu_trusty.rc \
device/generic/trusty/ueventd.qemu_trusty.rc:$(TARGET_COPY_OUT_VENDOR)/etc/ueventd.rc \
+ system/core/libprocessgroup/profiles/task_profiles.json:$(TARGET_COPY_OUT_VENDOR)/etc/task_profiles.json \
PRODUCT_COPY_FILES += \
device/generic/goldfish/data/etc/config.ini:config.ini \
@@ -123,9 +125,10 @@
# Test Utilities
PRODUCT_PACKAGES += \
+ binderRpcToTrustyTest \
tipc-test \
- libtrusty_metrics_test \
trusty-ut-ctrl \
+ trusty_stats_test \
VtsAidlKeyMintTargetTest \
VtsHalConfirmationUIV1_0TargetTest \
VtsHalGatekeeperV1_0TargetTest \
diff --git a/secure_dpu/main.cpp b/secure_dpu/main.cpp
index dce2eb4..684f604 100644
--- a/secure_dpu/main.cpp
+++ b/secure_dpu/main.cpp
@@ -31,7 +31,7 @@
exit(code);
}
-static void parse_device_name(int argc, char* argv[], char*& device_name) {
+static void parse_device_name(int argc, char* argv[], std::string& device_name) {
static const char* _sopts = "h:d:";
static const struct option _lopts[] = {{"help", no_argument, NULL, 'h'},
{"trusty_dev", required_argument, NULL, 'd'},
@@ -42,7 +42,7 @@
while ((opt = getopt_long(argc, argv, _sopts, _lopts, &oidx)) != -1) {
switch (opt) {
case 'd':
- device_name = strdup(optarg);
+ device_name = optarg;
break;
default:
@@ -51,7 +51,7 @@
}
}
- if (device_name == nullptr) {
+ if (device_name.empty()) {
LOG(ERROR) << "missing required argument(s)";
show_usage_and_exit(EXIT_FAILURE);
}
@@ -62,12 +62,12 @@
int main(int argc, char* argv[])
{
- char* device_name;
+ std::string device_name;
/* parse arguments */
parse_device_name(argc, argv, device_name);
android::trusty::secure_dpu::DPUHandler dpu_handler;
- auto rc = dpu_handler.Init(std::string(device_name));
+ auto rc = dpu_handler.Init(device_name);
if (!rc.ok()) {
LOG(ERROR) << rc.error();
return EXIT_FAILURE;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index ccfee13..09b10d0 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -8,7 +8,9 @@
/vendor/bin/storageproxyd u:object_r:tee_exec:s0
/data/vendor/var/run(/.*)? u:object_r:varrun_file:s0
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
-/vendor/bin/hw/android.hardware.confirmationui@1.0-service.trusty u:object_r:hal_confirmationui_default_exec:s0
+/vendor/bin/hw/android.hardware.confirmationui-service.trusty u:object_r:hal_confirmationui_default_exec:s0
/vendor/bin/hw/android.hardware.gatekeeper@1.0-service.trusty u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android.hardware.gatekeeper-service.trusty u:object_r:hal_gatekeeper_default_exec:s0
/vendor/bin/hw/android.hardware.keymaster@4.0-service.trusty u:object_r:hal_keymaster_default_exec:s0
/vendor/bin/hw/android.hardware.security.keymint-service.trusty u:object_r:hal_keymint_default_exec:s0
+/vendor/bin/hw/android.hardware.security.keymint-service.rust.trusty u:object_r:hal_keymint_default_exec:s0
diff --git a/sepolicy/storageproxyd.te b/sepolicy/storageproxyd.te
index d394b60..63a1d6b 100644
--- a/sepolicy/storageproxyd.te
+++ b/sepolicy/storageproxyd.te
@@ -1,7 +1,6 @@
type rpmb_virt_device, dev_type;
allow tee rpmb_virt_device:chr_file { open read write };
-allow tee self:capability { setgid setuid };
allow tee tee_data_file:dir rw_dir_perms;
