Call earlyBootEnded from vdc.
This allows us to determine the place where early boot ends from init.
It also allows fixing a bug where early boot wasn't ended previously on
devices without metadata encryption.
Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: I78775672a7d3c140e007235a10fb1d1bc816fcee
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index fdee21f..cf7c5f7 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -79,10 +79,6 @@
}
static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
- // We're about to mount data not verified by verified boot. Tell Keymaster instances that early
- // boot has ended.
- ::android::vold::Keymaster::earlyBootEnded();
-
// fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
// partitions in the fsck domain.
if (setexeccon(android::vold::sFsckContext)) {
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 3fb4e65..674a721 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -33,6 +33,7 @@
#include "Checkpoint.h"
#include "FsCrypt.h"
#include "IdleMaint.h"
+#include "Keymaster.h"
#include "MetadataCrypt.h"
#include "MoveStorage.h"
#include "Process.h"
@@ -879,6 +880,14 @@
return Ok();
}
+binder::Status VoldNativeService::earlyBootEnded() {
+ ENFORCE_SYSTEM_OR_ROOT;
+ ACQUIRE_LOCK;
+
+ Keymaster::earlyBootEnded();
+ return Ok();
+}
+
binder::Status VoldNativeService::incFsEnabled(bool* _aidl_return) {
ENFORCE_SYSTEM_OR_ROOT;
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 9914879..390e9fc 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -150,6 +150,8 @@
binder::Status supportsFileCheckpoint(bool* _aidl_return);
binder::Status resetCheckpoint();
+ binder::Status earlyBootEnded();
+
binder::Status incFsEnabled(bool* _aidl_return) override;
binder::Status mountIncFs(
const std::string& backingPath, const std::string& targetDir, int32_t flags,
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index 1d6225f..bb284b8 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -126,6 +126,7 @@
boolean supportsFileCheckpoint();
void resetCheckpoint();
+ void earlyBootEnded();
@utf8InCpp String createStubVolume(@utf8InCpp String sourcePath,
@utf8InCpp String mountPath, @utf8InCpp String fsType,
@utf8InCpp String fsUuid, @utf8InCpp String fsLabel, int flags);
diff --git a/vdc.cpp b/vdc.cpp
index 11562e7..b6bb5ed 100644
--- a/vdc.cpp
+++ b/vdc.cpp
@@ -152,6 +152,8 @@
checkStatus(args, vold->abortChanges(args[2], retry != 0));
} else if (args[0] == "checkpoint" && args[1] == "resetCheckpoint") {
checkStatus(args, vold->resetCheckpoint());
+ } else if (args[0] == "keymaster" && args[1] == "early-boot-ended") {
+ checkStatus(args, vold->earlyBootEnded());
} else {
LOG(ERROR) << "Raw commands are no longer supported";
exit(EINVAL);