Send earlyBootEnded notice to all Keymasters
Vold incorrectly sends the earlyBootEnded signal only to the Keymaster
instance used for device encryption, but all of them need it.
Bug: 152932559
Test: VtsHalKeymasterV4_1TargetTest
Change-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829
diff --git a/Keymaster.cpp b/Keymaster.cpp
index c3f2912..786cdb5 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -229,13 +229,19 @@
}
void Keymaster::earlyBootEnded() {
- auto error = mDevice->earlyBootEnded();
- if (!error.isOk()) {
- LOG(ERROR) << "earlyBootEnded failed: " << error.description();
- }
- km::V4_1_ErrorCode km_error = error;
- if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
- LOG(ERROR) << "Error reporting early boot ending to keymaster: " << int32_t(km_error);
+ auto devices = KmDevice::enumerateAvailableDevices();
+ for (auto& dev : devices) {
+ auto error = dev->earlyBootEnded();
+ if (!error.isOk()) {
+ LOG(ERROR) << "earlyBootEnded call failed: " << error.description() << " for "
+ << dev->halVersion().keymasterName;
+ }
+ km::V4_1_ErrorCode km_error = error;
+ if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
+ LOG(ERROR) << "Error reporting early boot ending to keymaster: "
+ << static_cast<int32_t>(km_error) << " for "
+ << dev->halVersion().keymasterName;
+ }
}
}
diff --git a/Keymaster.h b/Keymaster.h
index 4a9ed02..d9ced91 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -128,9 +128,9 @@
km::AuthorizationSet* outParams);
bool isSecure();
- // Tell Keymaster that early boot has ended and early boot-only keys can no longer be created or
- // used.
- void earlyBootEnded();
+ // Tell all Keymaster instances that early boot has ended and early boot-only keys can no longer
+ // be created or used.
+ static void earlyBootEnded();
private:
sp<KmDevice> mDevice;
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 8227e74..8659502 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -87,13 +87,9 @@
}
static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
- // We're about to mount data not verified by verified boot. Tell Keymaster that early boot has
- // ended.
- //
- // TODO(paulcrowley): Make a Keymaster singleton or something, so we don't have to repeatedly
- // open and initialize the service.
- ::android::vold::Keymaster keymaster;
- keymaster.earlyBootEnded();
+ // We're about to mount data not verified by verified boot. Tell Keymaster instances that early
+ // boot has ended.
+ ::android::vold::Keymaster::earlyBootEnded();
// fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
// partitions in the fsck domain.