diff --git a/Android.bp b/Android.bp deleted file mode 100644 index 52a1055..0000000 --- a/Android.bp +++ /dev/null @@ -1,45 +0,0 @@ -// -// Copyright (C) 2023 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package { - default_applicable_licenses: ["device_google_gs-common_license"], -} - -// Added automatically by a large-scale-change that took the approach of -// 'apply every license found to every target'. While this makes sure we respect -// every license restriction, it may not be entirely correct. -// -// e.g. GPL in an MIT project might only apply to the contrib/ directory. -// -// Please consider splitting the single license below into multiple licenses, -// taking care not to lose any license_kind information, and overriding the -// default license using the 'licenses: [...]' property on targets as needed. -// -// For unused files, consider creating a 'fileGroup' with "//visibility:private" -// to attach the license to, and including a comment whether the files may be -// used in the current project. -// See: http://go/android-license-faq -license { - name: "device_google_gs-common_license", - visibility: [":__subpackages__"], - license_kinds: [ - "SPDX-license-identifier-Apache-2.0", - "SPDX-license-identifier-BSD", - ], - license_text: [ - "NOTICE", - ], -} diff --git a/NOTICE b/NOTICE deleted file mode 100644 index 316b4eb..0000000 --- a/NOTICE +++ /dev/null @@ -1,190 +0,0 @@ - - Copyright (c) 2014, The Android Open Source Project - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - diff --git a/bootctrl/aidl/Android.bp b/bootctrl/aidl/Android.bp deleted file mode 100644 index 9e47cca..0000000 --- a/bootctrl/aidl/Android.bp +++ /dev/null @@ -1,65 +0,0 @@ -// -// Copyright (C) 2023 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package { - // See: http://go/android-license-faq - // A large-scale-change added 'default_applicable_licenses' to import - // all of the 'license_kinds' from "//device/google/gs-common:device_google_gs-common_license" - // to get the below license kinds: - // SPDX-license-identifier-Apache-2.0 - default_applicable_licenses: [ - "//device/google/gs-common:device_google_gs-common_license", - ], -} - -cc_defaults { - name: "android.hardware.boot-service_common-pixel", - relative_install_path: "hw", - defaults: ["libboot_control_defaults"], - shared_libs: [ - "libbase", - "libbinder_ndk", - "libcutils", - "libz", - "libtrusty", - "android.hardware.boot@1.1", - "android.hardware.boot-V1-ndk", - ], - static_libs: [ - "libboot_control", - "libbootloader_message_vendor", - ], - srcs: [ - "BootControl.cpp", - "GptUtils.cpp", - "service.cpp" - ], -} - -cc_binary { - name: "android.hardware.boot-service.default-pixel", - defaults: ["android.hardware.boot-service_common-pixel"], - init_rc: ["android.hardware.boot-service.default-pixel.rc"], - vendor: true, -} - -cc_binary { - name: "android.hardware.boot-service.default_recovery-pixel", - defaults: ["android.hardware.boot-service_common-pixel"], - vintf_fragments: ["android.hardware.boot-service.default_recovery-pixel.xml"], - init_rc: ["android.hardware.boot-service.default_recovery-pixel.rc"], - recovery: true, -} diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp deleted file mode 100644 index 941b0d2..0000000 --- a/bootctrl/aidl/BootControl.cpp +++ /dev/null @@ -1,538 +0,0 @@ -/* - * Copyright (C) 2023 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define LOG_TAG "bootcontrolhal" - -#include "BootControl.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "DevInfo.h" -#include "GptUtils.h" - -using HIDLMergeStatus = ::android::bootable::BootControl::MergeStatus; -using ndk::ScopedAStatus; - -using android::bootable::GetMiscVirtualAbMergeStatus; -using android::bootable::InitMiscVirtualAbMessageIfNeeded; -using android::bootable::SetMiscVirtualAbMergeStatus; - -namespace aidl::android::hardware::boot { - -namespace { - -// clang-format off - -#define BOOT_A_PATH "/dev/block/by-name/boot_a" -#define BOOT_B_PATH "/dev/block/by-name/boot_b" -#define DEVINFO_PATH "/dev/block/by-name/devinfo" - -// slot flags -#define AB_ATTR_PRIORITY_SHIFT 52 -#define AB_ATTR_PRIORITY_MASK (3UL << AB_ATTR_PRIORITY_SHIFT) -#define AB_ATTR_ACTIVE_SHIFT 54 -#define AB_ATTR_ACTIVE (1UL << AB_ATTR_ACTIVE_SHIFT) -#define AB_ATTR_RETRY_COUNT_SHIFT (55) -#define AB_ATTR_RETRY_COUNT_MASK (7UL << AB_ATTR_RETRY_COUNT_SHIFT) -#define AB_ATTR_SUCCESSFUL (1UL << 58) -#define AB_ATTR_UNBOOTABLE (1UL << 59) - -#define AB_ATTR_MAX_PRIORITY 3UL -#define AB_ATTR_MAX_RETRY_COUNT 3UL - -// clang-format on - -static std::string getDevPath(int32_t in_slot) { - char real_path[PATH_MAX]; - - const char *path = in_slot == 0 ? BOOT_A_PATH : BOOT_B_PATH; - - int ret = readlink(path, real_path, sizeof real_path); - if (ret < 0) { - ALOGE("readlink failed for boot device %s\n", strerror(errno)); - return std::string(); - } - - std::string dp(real_path); - // extract /dev/sda.. part - return dp.substr(0, sizeof "/dev/block/sdX" - 1); -} - -static bool isSlotFlagSet(int32_t in_slot, uint64_t flag) { - std::string dev_path = getDevPath(in_slot); - if (dev_path.empty()) { - ALOGI("Could not get device path for slot %d\n", in_slot); - return false; - } - - GptUtils gpt(dev_path); - if (gpt.Load()) { - ALOGI("failed to load gpt data\n"); - return false; - } - - gpt_entry *e = gpt.GetPartitionEntry(in_slot ? "boot_b" : "boot_a"); - if (e == nullptr) { - ALOGI("failed to get gpt entry\n"); - return false; - } - - return !!(e->attr & flag); -} - -static bool setSlotFlag(int32_t in_slot, uint64_t flag) { - std::string dev_path = getDevPath(in_slot); - if (dev_path.empty()) { - ALOGI("Could not get device path for slot %d\n", in_slot); - return false; - } - - GptUtils gpt(dev_path); - if (gpt.Load()) { - ALOGI("failed to load gpt data\n"); - return false; - } - - gpt_entry *e = gpt.GetPartitionEntry(in_slot ? "boot_b" : "boot_a"); - if (e == nullptr) { - ALOGI("failed to get gpt entry\n"); - return false; - } - - e->attr |= flag; - gpt.Sync(); - - return true; -} - -static bool is_devinfo_valid; -static bool is_devinfo_initialized; -static std::mutex devinfo_lock; -static devinfo_t devinfo; - -static bool isDevInfoValid() { - const std::lock_guard lock(devinfo_lock); - - if (is_devinfo_initialized) { - return is_devinfo_valid; - } - - is_devinfo_initialized = true; - - ::android::base::unique_fd fd(open(DEVINFO_PATH, O_RDONLY)); - ::android::base::ReadFully(fd, &devinfo, sizeof devinfo); - - if (devinfo.magic != DEVINFO_MAGIC) { - return is_devinfo_valid; - } - - uint32_t version = ((uint32_t)devinfo.ver_major << 16) | devinfo.ver_minor; - // only version 3.3+ supports A/B data - if (version >= 0x0003'0003) { - is_devinfo_valid = true; - } - - return is_devinfo_valid; -} - -static bool DevInfoSync() { - if (!isDevInfoValid()) { - return false; - } - - ::android::base::unique_fd fd(open(DEVINFO_PATH, O_WRONLY | O_DSYNC)); - return ::android::base::WriteFully(fd, &devinfo, sizeof devinfo); -} - -static void DevInfoInitSlot(devinfo_ab_slot_data_t &slot_data) { - slot_data.retry_count = AB_ATTR_MAX_RETRY_COUNT; - slot_data.unbootable = 0; - slot_data.successful = 0; - slot_data.active = 1; - slot_data.fastboot_ok = 0; -} - -static int blow_otp_AR(bool secure) { - static const char *dev_name = "/dev/trusty-ipc-dev0"; - static const char *otp_name = "com.android.trusty.otp_manager.tidl"; - int fd = 1, ret = 0; - uint32_t cmd = secure? OTP_CMD_write_antirbk_secure_ap : OTP_CMD_write_antirbk_non_secure_ap; - fd = tipc_connect(dev_name, otp_name); - if (fd < 0) { - ALOGI("Failed to connect to OTP_MGR ns TA - is it missing?\n"); - ret = -1; - return ret; - } - - struct otp_mgr_req_base req = { - .command = cmd, - .resp_payload_size = 0, - }; - struct iovec iov[] = { - { - .iov_base = &req, - .iov_len = sizeof(req), - }, - }; - - size_t rc = tipc_send(fd, iov, 1, NULL, 0); - if (rc != sizeof(req)) { - ALOGI("Send fail! %zx\n", rc); - return rc; - } - - struct otp_mgr_rsp_base resp; - rc = read(fd, &resp, sizeof(resp)); - if (rc < 0) { - ALOGI("Read fail! %zx\n", rc); - return rc; - } - - if (rc < sizeof(resp)) { - ALOGI("Not enough data! %zx\n", rc); - return -EIO; - } - - if (resp.command != (cmd | OTP_RESP_BIT)) { - ALOGI("Wrong command! %x\n", resp.command); - return -EINVAL; - } - - if (resp.result != 0) { - fprintf(stderr, "AR writing error! %x\n", resp.result); - return -EINVAL; - } - - tipc_close(fd); - return 0; -} - -static bool blowAR() { - int ret = blow_otp_AR(true); - if (ret) { - ALOGI("Blow secure anti-rollback OTP failed"); - return false; - } - - ret = blow_otp_AR(false); - if (ret) { - ALOGI("Blow non-secure anti-rollback OTP failed"); - return false; - } - - return true; -} - -static constexpr MergeStatus ToAIDLMergeStatus(HIDLMergeStatus status) { - switch (status) { - case HIDLMergeStatus::NONE: - return MergeStatus::NONE; - case HIDLMergeStatus::UNKNOWN: - return MergeStatus::UNKNOWN; - case HIDLMergeStatus::SNAPSHOTTED: - return MergeStatus::SNAPSHOTTED; - case HIDLMergeStatus::MERGING: - return MergeStatus::MERGING; - case HIDLMergeStatus::CANCELLED: - return MergeStatus::CANCELLED; - } -} - -static constexpr HIDLMergeStatus ToHIDLMergeStatus(MergeStatus status) { - switch (status) { - case MergeStatus::NONE: - return HIDLMergeStatus::NONE; - case MergeStatus::UNKNOWN: - return HIDLMergeStatus::UNKNOWN; - case MergeStatus::SNAPSHOTTED: - return HIDLMergeStatus::SNAPSHOTTED; - case MergeStatus::MERGING: - return HIDLMergeStatus::MERGING; - case MergeStatus::CANCELLED: - return HIDLMergeStatus::CANCELLED; - } -} - -} // namespace - -BootControl::BootControl() { - CHECK(InitMiscVirtualAbMessageIfNeeded()); -} - -ScopedAStatus BootControl::getActiveBootSlot(int32_t* _aidl_return) { - int32_t slots = 0; - getNumberSlots(&slots); - if (slots == 0) { - *_aidl_return = 0; - return ScopedAStatus::ok(); - } - - if (isDevInfoValid()) { - *_aidl_return = devinfo.ab_data.slots[1].active ? 1 : 0; - return ScopedAStatus::ok(); - } - *_aidl_return = isSlotFlagSet(1, AB_ATTR_ACTIVE) ? 1 : 0; - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::getCurrentSlot(int32_t* _aidl_return) { - char suffix[PROPERTY_VALUE_MAX]; - property_get("ro.boot.slot_suffix", suffix, "_a"); - *_aidl_return = std::string(suffix) == "_b" ? 1 : 0; - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::getNumberSlots(int32_t* _aidl_return) { - int32_t slots = 0; - - if (access(BOOT_A_PATH, F_OK) == 0) - slots++; - - if (access(BOOT_B_PATH, F_OK) == 0) - slots++; - - *_aidl_return = slots; - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::getSnapshotMergeStatus(MergeStatus* _aidl_return) { - HIDLMergeStatus status; - int32_t current_slot = 0; - getCurrentSlot(¤t_slot); - if (!GetMiscVirtualAbMergeStatus(current_slot, &status)) { - *_aidl_return = MergeStatus::UNKNOWN; - return ScopedAStatus::ok(); - } - *_aidl_return = ToAIDLMergeStatus(status); - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::getSuffix(int32_t in_slot, std::string* _aidl_return) { - *_aidl_return = in_slot == 0 ? "_a" : in_slot == 1 ? "_b" : ""; - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::isSlotBootable(int32_t in_slot, bool* _aidl_return) { - int32_t slots = 0; - getNumberSlots(&slots); - if (slots == 0) { - *_aidl_return = false; - return ScopedAStatus::ok(); - } - if (in_slot >= slots) - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str()); - - bool unbootable; - if (isDevInfoValid()) { - auto &slot_data = devinfo.ab_data.slots[in_slot]; - unbootable = !!slot_data.unbootable; - } else { - unbootable = isSlotFlagSet(in_slot, AB_ATTR_UNBOOTABLE); - } - - *_aidl_return = unbootable ? false: true; - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_return) { - int32_t slots = 0; - getNumberSlots(&slots); - if (slots == 0) { - // just return true so that we don't we another call trying to mark it as successful - // when there is no slots - *_aidl_return = true; - return ScopedAStatus::ok(); - } - if (in_slot >= slots) - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str()); - - bool successful; - if (isDevInfoValid()) { - auto &slot_data = devinfo.ab_data.slots[in_slot]; - successful = !!slot_data.successful; - } else { - successful = isSlotFlagSet(in_slot, AB_ATTR_SUCCESSFUL); - } - - *_aidl_return = successful ? true : false; - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::markBootSuccessful() { - int32_t slots = 0; - getNumberSlots(&slots); - if (slots == 0) { - // no slots, just return true otherwise Android keeps trying - return ScopedAStatus::ok(); - } - - bool ret; - int32_t current_slot = 0; - getCurrentSlot(¤t_slot); - if (isDevInfoValid()) { - auto const slot = current_slot; - devinfo.ab_data.slots[slot].successful = 1; - ret = DevInfoSync(); - } else { - ret = setSlotFlag(current_slot, AB_ATTR_SUCCESSFUL); - } - - if (!ret) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED, - "Failed to set successful flag"); - } - - if (!blowAR()) { - ALOGE("Failed to blow anti-rollback counter"); - // Ignore the error, since ABL will re-trigger it on reboot - } - - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::setActiveBootSlot(int32_t in_slot) { - if (in_slot >= 2) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str()); - } - - if (isDevInfoValid()) { - auto &active_slot_data = devinfo.ab_data.slots[in_slot]; - auto &inactive_slot_data = devinfo.ab_data.slots[!in_slot]; - - inactive_slot_data.active = 0; - DevInfoInitSlot(active_slot_data); - - if (!DevInfoSync()) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - COMMAND_FAILED, "Could not update DevInfo data"); - } - } else { - std::string dev_path = getDevPath(in_slot); - if (dev_path.empty()) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - COMMAND_FAILED, "Could not get device path for slot"); - } - - GptUtils gpt(dev_path); - if (gpt.Load()) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED, - "failed to load gpt data"); - } - - gpt_entry *active_entry = gpt.GetPartitionEntry(in_slot == 0 ? "boot_a" : "boot_b"); - gpt_entry *inactive_entry = gpt.GetPartitionEntry(in_slot == 0 ? "boot_b" : "boot_a"); - if (active_entry == nullptr || inactive_entry == nullptr) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - COMMAND_FAILED, "failed to get entries for boot partitions"); - } - - ALOGV("slot active attributes %lx\n", active_entry->attr); - ALOGV("slot inactive attributes %lx\n", inactive_entry->attr); - - // update attributes for active and inactive - inactive_entry->attr &= ~AB_ATTR_ACTIVE; - active_entry->attr = AB_ATTR_ACTIVE | (AB_ATTR_MAX_PRIORITY << AB_ATTR_PRIORITY_SHIFT) | - (AB_ATTR_MAX_RETRY_COUNT << AB_ATTR_RETRY_COUNT_SHIFT); - } - - char boot_dev[PROPERTY_VALUE_MAX]; - property_get("ro.boot.bootdevice", boot_dev, ""); - if (boot_dev[0] == '\0') { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - COMMAND_FAILED, "invalid ro.boot.bootdevice prop"); - } - - std::string boot_lun_path = - std::string("/sys/devices/platform/") + boot_dev + "/pixel/boot_lun_enabled"; - int fd = open(boot_lun_path.c_str(), O_RDWR | O_DSYNC); - if (fd < 0) { - // Try old path for kernels < 5.4 - // TODO: remove once kernel 4.19 support is deprecated - std::string boot_lun_path = - std::string("/sys/devices/platform/") + boot_dev + "/attributes/boot_lun_enabled"; - fd = open(boot_lun_path.c_str(), O_RDWR | O_DSYNC); - if (fd < 0) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - COMMAND_FAILED, "failed to open ufs attr boot_lun_enabled"); - } - } - - // - // bBootLunEn - // 0x1 => Boot LU A = enabled, Boot LU B = disable - // 0x2 => Boot LU A = disable, Boot LU B = enabled - // - int ret = ::android::base::WriteStringToFd(in_slot == 0 ? "1" : "2", fd); - close(fd); - if (ret < 0) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - COMMAND_FAILED, "faied to write boot_lun_enabled attribute"); - } - - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::setSlotAsUnbootable(int32_t in_slot) { - if (in_slot >= 2) - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str()); - - if (isDevInfoValid()) { - auto &slot_data = devinfo.ab_data.slots[in_slot]; - slot_data.unbootable = 1; - if (!DevInfoSync()) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - COMMAND_FAILED, "Could not update DevInfo data"); - } - } else { - std::string dev_path = getDevPath(in_slot); - if (dev_path.empty()) { - return ScopedAStatus::fromServiceSpecificErrorWithMessage( - COMMAND_FAILED, "Could not get device path for slot"); - } - - GptUtils gpt(dev_path); - gpt.Load(); - - gpt_entry *e = gpt.GetPartitionEntry(in_slot ? "boot_b" : "boot_a"); - e->attr |= AB_ATTR_UNBOOTABLE; - - gpt.Sync(); - } - - return ScopedAStatus::ok(); -} - -ScopedAStatus BootControl::setSnapshotMergeStatus(MergeStatus in_status) { - int32_t current_slot = 0; - getCurrentSlot(¤t_slot); - if (!SetMiscVirtualAbMergeStatus(current_slot, ToHIDLMergeStatus(in_status))) - return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED, - "Operation failed"); - return ScopedAStatus::ok(); -} - -} // namespace aidl::android::hardware::boot diff --git a/bootctrl/aidl/BootControl.h b/bootctrl/aidl/BootControl.h deleted file mode 100644 index a54f66d..0000000 --- a/bootctrl/aidl/BootControl.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (C) 2023 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include -#include - -namespace aidl::android::hardware::boot { - -class BootControl final : public BnBootControl { - public: - BootControl(); - ::ndk::ScopedAStatus getActiveBootSlot(int32_t* _aidl_return) override; - ::ndk::ScopedAStatus getCurrentSlot(int32_t* _aidl_return) override; - ::ndk::ScopedAStatus getNumberSlots(int32_t* _aidl_return) override; - ::ndk::ScopedAStatus getSnapshotMergeStatus( - ::aidl::android::hardware::boot::MergeStatus* _aidl_return) override; - ::ndk::ScopedAStatus getSuffix(int32_t in_slot, std::string* _aidl_return) override; - ::ndk::ScopedAStatus isSlotBootable(int32_t in_slot, bool* _aidl_return) override; - ::ndk::ScopedAStatus isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_return) override; - ::ndk::ScopedAStatus markBootSuccessful() override; - ::ndk::ScopedAStatus setActiveBootSlot(int32_t in_slot) override; - ::ndk::ScopedAStatus setSlotAsUnbootable(int32_t in_slot) override; - ::ndk::ScopedAStatus setSnapshotMergeStatus( - ::aidl::android::hardware::boot::MergeStatus in_status) override; -}; - -enum otpmgr_command : uint32_t { - OTP_REQ_SHIFT = 1, - OTP_RESP_BIT = 1, - OTP_CMD_write_antirbk_non_secure_ap = (7 << OTP_REQ_SHIFT), - OTP_CMD_write_antirbk_secure_ap = (8 << OTP_REQ_SHIFT), -}; - -struct otp_mgr_req_base { - uint32_t command; - uint32_t resp_payload_size; - uint8_t handle; -}__packed; - -struct otp_mgr_rsp_base { - uint32_t command; - uint32_t resp_payload_size; - int result; -}__packed; - -} // namespace aidl::android::hardware::boot \ No newline at end of file diff --git a/bootctrl/aidl/DevInfo.h b/bootctrl/aidl/DevInfo.h deleted file mode 100644 index aa5f5d3..0000000 --- a/bootctrl/aidl/DevInfo.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -namespace aidl::android::hardware::boot { - -// -// definitions taken from ABL code -// - -constexpr uint32_t DEVINFO_MAGIC = 0x49564544; -constexpr size_t DEVINFO_AB_SLOT_COUNT = 2; - -struct devinfo_ab_slot_data_t { - uint8_t retry_count; - uint8_t unbootable : 1; - uint8_t successful : 1; - uint8_t active : 1; - uint8_t fastboot_ok : 1; - uint8_t : 4; - uint8_t unused[2]; -} __attribute__((packed)); - -typedef struct { - devinfo_ab_slot_data_t slots[DEVINFO_AB_SLOT_COUNT]; -} __attribute__((packed)) devinfo_ab_data_t; - -struct devinfo_t { - uint32_t magic; - uint16_t ver_major; - uint16_t ver_minor; - uint8_t unused[40]; - devinfo_ab_data_t ab_data; - uint8_t unused1[72]; // use remaining up to complete 128 bytes -} __attribute__((packed)); - -static_assert(sizeof(devinfo_t) == 128, "invalid devinfo struct size"); - -} // namespace aidl::android::hardware::boot \ No newline at end of file diff --git a/bootctrl/aidl/GptUtils.cpp b/bootctrl/aidl/GptUtils.cpp deleted file mode 100644 index 34dec11..0000000 --- a/bootctrl/aidl/GptUtils.cpp +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define LOG_TAG "bootcontrolhal" - -#include "GptUtils.h" - -#include -#include -#include -#include -#include - -namespace aidl::android::hardware::boot { - -namespace { - -static int ValidateGptHeader(gpt_header *gpt) { - if (gpt->signature != GPT_SIGNATURE) { - ALOGE("invalid gpt signature 0x%lx\n", gpt->signature); - return -1; - } - - if (gpt->header_size != sizeof(gpt_header)) { - ALOGE("invalid gpt header size %u\n", gpt->header_size); - return -1; - } - - if (gpt->entry_size != sizeof(gpt_entry)) { - ALOGE("invalid gpt entry size %u\n", gpt->entry_size); - return -1; - } - - return 0; -} - -} // namespace - -GptUtils::GptUtils(const std::string dev_path) : dev_path(dev_path), fd(0) {} - -int GptUtils::Load(void) { - fd = open(dev_path.c_str(), O_RDWR); - if (fd < 0) { - ALOGE("failed to open block dev %s, %d\n", dev_path.c_str(), errno); - return -1; - } - - int ret = ioctl(fd, BLKSSZGET, &block_size); - if (ret < 0) { - ALOGE("failed to get block size %d\n", errno); - return -1; - } - - // read primary header - lseek64(fd, block_size, SEEK_SET); - ret = read(fd, &gpt_primary, sizeof gpt_primary); - if (ret < 0) { - ALOGE("failed to read gpt primary header %d\n", errno); - return -1; - } - - if (ValidateGptHeader(&gpt_primary)) { - ALOGE("error validating gpt header\n"); - return -1; - } - - // read partition entries - entry_array.resize(gpt_primary.entry_count); - uint32_t entries_size = gpt_primary.entry_size * gpt_primary.entry_count; - lseek64(fd, block_size * gpt_primary.start_lba, SEEK_SET); - ret = read(fd, entry_array.data(), entries_size); - if (ret < 0) { - ALOGE("failed to read gpt partition entries %d\n", errno); - return -1; - } - - // read gpt back header - lseek64(fd, block_size * gpt_primary.backup_lba, SEEK_SET); - ret = read(fd, &gpt_backup, sizeof gpt_backup); - if (ret < 0) { - ALOGE("failed to read gpt backup header %d\n", errno); - return -1; - } - - if (ValidateGptHeader(&gpt_backup)) { - ALOGW("error validating gpt backup\n"); // just warn about it, not fail - } - - // Create map - auto get_name = [](const uint16_t *efi_name) { - char name[37] = {}; - for (size_t i = 0; efi_name[i] && i < sizeof name - 1; ++i) name[i] = efi_name[i]; - return std::string(name); - }; - - for (auto const &e : entry_array) { - if (e.name[0] == 0) - break; // stop at the first partition with no name - std::string s = get_name(e.name); - entries[s] = const_cast(&e); - } - - return 0; -} - -gpt_entry *GptUtils::GetPartitionEntry(std::string name) { - return entries.find(name) != entries.end() ? entries[name] : nullptr; -} - -int GptUtils::Sync(void) { - if (!fd) - return -1; - - // calculate crc and check if we need to update gpt - gpt_primary.entries_crc32 = crc32(0, reinterpret_cast(entry_array.data()), - entry_array.size() * sizeof(gpt_entry)); - - // save old crc - uint32_t crc = gpt_primary.crc32; - gpt_primary.crc32 = 0; - - gpt_primary.crc32 = crc32(0, reinterpret_cast(&gpt_primary), sizeof gpt_primary); - if (crc == gpt_primary.crc32) - return 0; // nothing to do (no changes) - - ALOGI("updating GPT\n"); - - lseek64(fd, block_size * gpt_primary.current_lba, SEEK_SET); - int ret = write(fd, &gpt_primary, sizeof gpt_primary); - if (ret < 0) { - ALOGE("failed to write gpt primary header %d\n", errno); - return -1; - } - - lseek64(fd, block_size * gpt_primary.start_lba, SEEK_SET); - ret = write(fd, entry_array.data(), entry_array.size() * sizeof(gpt_entry)); - if (ret < 0) { - ALOGE("failed to write gpt partition entries %d\n", errno); - return -1; - } - - // update GPT backup entries and backup - lseek64(fd, block_size * gpt_backup.start_lba, SEEK_SET); - ret = write(fd, entry_array.data(), entry_array.size() * sizeof(gpt_entry)); - if (ret < 0) { - ALOGE("failed to write gpt backup partition entries %d\n", errno); - return -1; - } - - gpt_backup.entries_crc32 = gpt_primary.entries_crc32; - gpt_backup.crc32 = 0; - gpt_backup.crc32 = crc32(0, reinterpret_cast(&gpt_backup), sizeof gpt_backup); - lseek64(fd, block_size * gpt_primary.backup_lba, SEEK_SET); - ret = write(fd, &gpt_backup, sizeof gpt_backup); - if (ret < 0) { - ALOGE("failed to write gpt backup header %d\n", errno); - return -1; - } - - fsync(fd); - - return 0; -} - -GptUtils::~GptUtils() { - if (fd) { - Sync(); - close(fd); - } -} - -} // namespace aidl::android::hardware::boot \ No newline at end of file diff --git a/bootctrl/aidl/GptUtils.h b/bootctrl/aidl/GptUtils.h deleted file mode 100644 index ec68cf6..0000000 --- a/bootctrl/aidl/GptUtils.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include -#include -#include - -namespace aidl::android::hardware::boot { - -#define GPT_SIGNATURE 0x5452415020494645UL - -typedef struct { - uint8_t type_guid[16]; - uint8_t guid[16]; - uint64_t first_lba; - uint64_t last_lba; - uint64_t attr; - uint16_t name[36]; -} __attribute__((packed)) gpt_entry; - -typedef struct { - uint64_t signature; - uint32_t revision; - uint32_t header_size; - uint32_t crc32; - uint32_t reserved; - uint64_t current_lba; - uint64_t backup_lba; - uint64_t first_usable_lba; - uint64_t last_usable_lba; - uint8_t disk_guid[16]; - uint64_t start_lba; - uint32_t entry_count; - uint32_t entry_size; - uint32_t entries_crc32; -} __attribute__((packed)) gpt_header; - -class GptUtils { - public: - GptUtils(const std::string dev_path); - int Load(void); - gpt_entry *GetPartitionEntry(std::string name); - int Sync(void); - ~GptUtils(); - - private: - std::string dev_path; - int fd; - uint32_t block_size; - gpt_header gpt_primary; - gpt_header gpt_backup; - std::vector entry_array; - std::map entries; -}; - -} // namespace aidl::android::hardware::boot \ No newline at end of file diff --git a/bootctrl/aidl/android.hardware.boot-service.default-pixel.rc b/bootctrl/aidl/android.hardware.boot-service.default-pixel.rc deleted file mode 100644 index a9887b9..0000000 --- a/bootctrl/aidl/android.hardware.boot-service.default-pixel.rc +++ /dev/null @@ -1,5 +0,0 @@ -service vendor.boot-default /vendor/bin/hw/android.hardware.boot-service.default-pixel - class early_hal - user root - group root drmrpc - diff --git a/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.rc b/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.rc deleted file mode 100644 index e58617e..0000000 --- a/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.rc +++ /dev/null @@ -1,7 +0,0 @@ -service vendor.boot-default /system/bin/hw/android.hardware.boot-service.default_recovery-pixel - class early_hal - user root - group root - seclabel u:r:hal_bootctl_default:s0 - interface aidl android.hardware.boot.IBootControl/default - diff --git a/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.xml b/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.xml deleted file mode 100644 index 23ccc4e..0000000 --- a/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - android.hardware.boot - IBootControl/default - - diff --git a/bootctrl/aidl/service.cpp b/bootctrl/aidl/service.cpp deleted file mode 100644 index 41b6c25..0000000 --- a/bootctrl/aidl/service.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2023 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define LOG_TAG "aidl.android.hardware.boot-service.default" - -#include -#include -#include -#include -#include - -#include "BootControl.h" - -using aidl::android::hardware::boot::BootControl; -using aidl::android::hardware::boot::IBootControl; -using ::android::hardware::configureRpcThreadpool; -using ::android::hardware::joinRpcThreadpool; - -int main(int, char* argv[]) { - android::base::InitLogging(argv, android::base::KernelLogger); - ABinderProcess_setThreadPoolMaxThreadCount(0); - std::shared_ptr service = ndk::SharedRefBase::make(); - - const std::string instance = std::string(BootControl::descriptor) + "/default"; - auto status = AServiceManager_addService(service->asBinder().get(), instance.c_str()); - CHECK_EQ(status, STATUS_OK) << "Failed to add service " << instance << " " << status; - LOG(INFO) << "IBootControl AIDL service running..."; - - ABinderProcess_joinThreadPool(); - return EXIT_FAILURE; // should not reach -} diff --git a/bootctrl/bootctrl_aidl.mk b/bootctrl/bootctrl_aidl.mk deleted file mode 100644 index 6133c0e..0000000 --- a/bootctrl/bootctrl_aidl.mk +++ /dev/null @@ -1,5 +0,0 @@ -PRODUCT_PACKAGES += \ - android.hardware.boot-service.default-pixel \ - android.hardware.boot-service.default_recovery-pixel - -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bootctrl/sepolicy/aidl diff --git a/bootctrl/sepolicy/aidl/device.te b/bootctrl/sepolicy/aidl/device.te deleted file mode 100644 index 4fd0240..0000000 --- a/bootctrl/sepolicy/aidl/device.te +++ /dev/null @@ -1,5 +0,0 @@ -# devinfo block device -type devinfo_block_device, dev_type; - -# OTA -type sda_block_device, dev_type; diff --git a/bootctrl/sepolicy/aidl/file.te b/bootctrl/sepolicy/aidl/file.te deleted file mode 100644 index 5357fa9..0000000 --- a/bootctrl/sepolicy/aidl/file.te +++ /dev/null @@ -1,2 +0,0 @@ -# sysfs -type sysfs_ota, sysfs_type, fs_type; diff --git a/bootctrl/sepolicy/aidl/file_contexts b/bootctrl/sepolicy/aidl/file_contexts deleted file mode 100644 index 339896f..0000000 --- a/bootctrl/sepolicy/aidl/file_contexts +++ /dev/null @@ -1 +0,0 @@ -/vendor/bin/hw/android\.hardware\.boot-service\.default-pixel u:object_r:hal_bootctl_default_exec:s0 diff --git a/bootctrl/sepolicy/aidl/hal_bootctl_default.te b/bootctrl/sepolicy/aidl/hal_bootctl_default.te deleted file mode 100644 index 2ffeb27..0000000 --- a/bootctrl/sepolicy/aidl/hal_bootctl_default.te +++ /dev/null @@ -1,8 +0,0 @@ -allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; -allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; -allow hal_bootctl_default sysfs_ota:file rw_file_perms; -allow hal_bootctl_default tee_device:chr_file rw_file_perms; - -recovery_only(` - allow hal_bootctl_default rootfs:dir r_dir_perms; -')