diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:08:02 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:08:02 +0000 |
| commit | d2d748eef42b74f2df5770c23cf45d336c258288 (patch) | |
| tree | 4376ae838ae6402e3e842217c7c6e8691c4f44e3 | |
| parent | cae413c97b4b9c533508c1daf349d9cd51889f72 (diff) | |
| parent | 67a62014717e45d94f35716bd39934d38b827dcf (diff) | |
| download | trusty-android14-mainline-uwb-release.tar.gz | |
Snap for 10453563 from 67a62014717e45d94f35716bd39934d38b827dcf to mainline-uwb-releaseaml_uwb_341513070aml_uwb_341511050aml_uwb_341310300aml_uwb_341310030aml_uwb_341111010aml_uwb_341011000android14-mainline-uwb-release
Change-Id: Iaaa65918b4f93fdb6c46b3f906f23a015467874a
| -rw-r--r-- | BoardConfig.mk | 4 | ||||
| -rw-r--r-- | init.qemu_trusty.rc | 3 | ||||
| -rw-r--r-- | manifest.xml | 8 | ||||
| -rw-r--r-- | qemu_trusty_base.mk | 9 | ||||
| -rw-r--r-- | secure_dpu/main.cpp | 10 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 4 | ||||
| -rw-r--r-- | sepolicy/storageproxyd.te | 1 |
7 files changed, 21 insertions, 18 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index 903cb3d..89cd1f1 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -40,7 +40,7 @@ QEMU_CUSTOMIZATIONS := true TARGET_USERIMAGES_USE_EXT4 := true BOARD_SYSTEMIMAGE_PARTITION_SIZE := 536870912 # 512M -BOARD_USERDATAIMAGE_PARTITION_SIZE := 134217728 # 128M +BOARD_USERDATAIMAGE_PARTITION_SIZE := 268435456 # 256M TARGET_COPY_OUT_VENDOR := vendor # ~100 MB vendor image. Please adjust system image / vendor image sizes # when finalizing them. @@ -48,14 +48,12 @@ BOARD_VENDORIMAGE_PARTITION_SIZE := 8388608 # 8M BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4 BOARD_FLASH_BLOCK_SIZE := 512 TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true -DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy # Enable A/B update TARGET_NO_RECOVERY := true -BOARD_BUILD_SYSTEM_ROOT_IMAGE := true # Specify HALs DEVICE_MANIFEST_FILE := device/generic/trusty/manifest.xml diff --git a/init.qemu_trusty.rc b/init.qemu_trusty.rc index a7c605d..d31d2f2 100644 --- a/init.qemu_trusty.rc +++ b/init.qemu_trusty.rc @@ -8,6 +8,7 @@ on post-fs-data setprop vold.post_fs_data_done 1 # The storage proxy is a vendor binary, and so cannot access /data/ss mkdir /data/vendor/ss 700 system system + mkdir /data/vendor/ss/persist 0770 system system enable storageproxyd on boot @@ -111,4 +112,4 @@ service storageproxyd /vendor/bin/storageproxyd -d /dev/trusty-ipc-dev0 \ -r /dev/vport3p1 -p /data/vendor/ss -t virt class main disabled - user root + user system diff --git a/manifest.xml b/manifest.xml index d3cbdb2..abe0a91 100644 --- a/manifest.xml +++ b/manifest.xml @@ -1,4 +1,4 @@ -<manifest version="1.0" type="device" target-level="3"> +<manifest version="1.0" type="device" target-level="4"> <hal format="hidl"> <name>android.hardware.drm</name> <transport>hwbinder</transport> @@ -17,7 +17,7 @@ <hal format="hidl"> <name>android.hardware.audio.effect</name> <transport>hwbinder</transport> - <version>4.0</version> + <version>5.0</version> <interface> <name>IEffectsFactory</name> <instance>default</instance> @@ -44,7 +44,7 @@ <hal format="hidl"> <name>android.hardware.audio</name> <transport>hwbinder</transport> - <version>4.0</version> + <version>5.0</version> <interface> <name>IDevicesFactory</name> <instance>default</instance> @@ -62,7 +62,7 @@ <hal format="hidl"> <name>android.hardware.graphics.mapper</name> <transport arch="32+64">passthrough</transport> - <version>2.0</version> + <version>2.1</version> <interface> <name>IMapper</name> <instance>default</instance> diff --git a/qemu_trusty_base.mk b/qemu_trusty_base.mk index c3ac377..00ed815 100644 --- a/qemu_trusty_base.mk +++ b/qemu_trusty_base.mk @@ -28,8 +28,9 @@ PRODUCT_PACKAGES += \ adbd_system_api \ android.hardware.confirmationui@1.0-service.trusty \ android.hidl.allocator@1.0-service \ - android.system.suspend@1.0-service \ + android.system.suspend-service \ apexd \ + cgroups.json \ com.android.art \ com.android.i18n \ com.android.runtime \ @@ -40,6 +41,7 @@ PRODUCT_PACKAGES += \ init_vendor \ init.environ.rc \ keymaster_soft_wrapped_attestation_keys.xml \ + keystore2 \ libandroid_servers \ libc.bootstrap \ libdl.bootstrap \ @@ -47,7 +49,6 @@ PRODUCT_PACKAGES += \ libm.bootstrap \ linker \ linker64 \ - linkerconfig \ logcat \ logd \ logwrapper \ @@ -111,6 +112,7 @@ PRODUCT_COPY_FILES += \ device/generic/trusty/fstab.ranchu:root/fstab.qemu_trusty \ device/generic/trusty/init.qemu_trusty.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.qemu_trusty.rc \ device/generic/trusty/ueventd.qemu_trusty.rc:$(TARGET_COPY_OUT_VENDOR)/etc/ueventd.rc \ + system/core/libprocessgroup/profiles/task_profiles.json:$(TARGET_COPY_OUT_VENDOR)/etc/task_profiles.json \ PRODUCT_COPY_FILES += \ device/generic/goldfish/data/etc/config.ini:config.ini \ @@ -123,9 +125,10 @@ $(call inherit-product, system/core/trusty/trusty-test.mk) # Test Utilities PRODUCT_PACKAGES += \ + binderRpcToTrustyTest \ tipc-test \ - libtrusty_metrics_test \ trusty-ut-ctrl \ + trusty_stats_test \ VtsAidlKeyMintTargetTest \ VtsHalConfirmationUIV1_0TargetTest \ VtsHalGatekeeperV1_0TargetTest \ diff --git a/secure_dpu/main.cpp b/secure_dpu/main.cpp index dce2eb4..684f604 100644 --- a/secure_dpu/main.cpp +++ b/secure_dpu/main.cpp @@ -31,7 +31,7 @@ static void show_usage_and_exit(int code) { exit(code); } -static void parse_device_name(int argc, char* argv[], char*& device_name) { +static void parse_device_name(int argc, char* argv[], std::string& device_name) { static const char* _sopts = "h:d:"; static const struct option _lopts[] = {{"help", no_argument, NULL, 'h'}, {"trusty_dev", required_argument, NULL, 'd'}, @@ -42,7 +42,7 @@ static void parse_device_name(int argc, char* argv[], char*& device_name) { while ((opt = getopt_long(argc, argv, _sopts, _lopts, &oidx)) != -1) { switch (opt) { case 'd': - device_name = strdup(optarg); + device_name = optarg; break; default: @@ -51,7 +51,7 @@ static void parse_device_name(int argc, char* argv[], char*& device_name) { } } - if (device_name == nullptr) { + if (device_name.empty()) { LOG(ERROR) << "missing required argument(s)"; show_usage_and_exit(EXIT_FAILURE); } @@ -62,12 +62,12 @@ static void parse_device_name(int argc, char* argv[], char*& device_name) { int main(int argc, char* argv[]) { - char* device_name; + std::string device_name; /* parse arguments */ parse_device_name(argc, argv, device_name); android::trusty::secure_dpu::DPUHandler dpu_handler; - auto rc = dpu_handler.Init(std::string(device_name)); + auto rc = dpu_handler.Init(device_name); if (!rc.ok()) { LOG(ERROR) << rc.error(); return EXIT_FAILURE; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index ccfee13..09b10d0 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -8,7 +8,9 @@ /vendor/bin/storageproxyd u:object_r:tee_exec:s0 /data/vendor/var/run(/.*)? u:object_r:varrun_file:s0 /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 -/vendor/bin/hw/android.hardware.confirmationui@1.0-service.trusty u:object_r:hal_confirmationui_default_exec:s0 +/vendor/bin/hw/android.hardware.confirmationui-service.trusty u:object_r:hal_confirmationui_default_exec:s0 /vendor/bin/hw/android.hardware.gatekeeper@1.0-service.trusty u:object_r:hal_gatekeeper_default_exec:s0 +/vendor/bin/hw/android.hardware.gatekeeper-service.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android.hardware.keymaster@4.0-service.trusty u:object_r:hal_keymaster_default_exec:s0 /vendor/bin/hw/android.hardware.security.keymint-service.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android.hardware.security.keymint-service.rust.trusty u:object_r:hal_keymint_default_exec:s0 diff --git a/sepolicy/storageproxyd.te b/sepolicy/storageproxyd.te index d394b60..63a1d6b 100644 --- a/sepolicy/storageproxyd.te +++ b/sepolicy/storageproxyd.te @@ -1,7 +1,6 @@ type rpmb_virt_device, dev_type; allow tee rpmb_virt_device:chr_file { open read write }; -allow tee self:capability { setgid setuid }; allow tee tee_data_file:dir rw_dir_perms; |