From 2b1ff5aaab693483dc1064137e46214baf3b00a7 Mon Sep 17 00:00:00 2001
From: Shawn Willden <swillden@google.com>
Date: Thu, 16 Jan 2020 14:08:36 -0700
Subject: [PATCH] Have vold inform keymaster that early boot ended

Just before mounting partition(s) not verified by verified boot, vold
should notify keymaster that early boot has ended so it won't allow
EARLY_BOOT_ONLY keys to be created or used.

Test: VtsHalKeymasterV4_1TargetTest
Change-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
Merged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
---
 Keymaster.cpp     | 11 +++++++++++
 Keymaster.h       |  5 +++++
 MetadataCrypt.cpp |  8 ++++++++
 3 files changed, 24 insertions(+)

diff --git a/Keymaster.cpp b/Keymaster.cpp
index a3853f9..abee9b2 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -207,6 +207,17 @@ bool Keymaster::isSecure() {
     return mDevice->halVersion().securityLevel != km::SecurityLevel::SOFTWARE;
 }
 
+void Keymaster::earlyBootEnded() {
+    auto error = mDevice->earlyBootEnded();
+    if (!error.isOk()) {
+        LOG(ERROR) << "earlyBootEnded failed: " << error.description();
+    }
+    km::V4_1_ErrorCode km_error = error;
+    if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
+        LOG(ERROR) << "Error reporting early boot ending to keymaster: " << int32_t(km_error);
+    }
+}
+
 }  // namespace vold
 }  // namespace android
 
diff --git a/Keymaster.h b/Keymaster.h
index 7ade10d..8ddd8f7 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -39,6 +39,7 @@ using namespace ::android::hardware::keymaster::V4_1;
 // dangerous thing to rely on, but in this case its implications are simple and straightforward:
 // km::ErrorCode refers to the 4.0 ErrorCode, though we pull everything else from 4.1.
 using ErrorCode = ::android::hardware::keymaster::V4_0::ErrorCode;
+using V4_1_ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode;
 
 }  // namespace km
 
@@ -125,6 +126,10 @@ class Keymaster {
                              km::AuthorizationSet* outParams);
     bool isSecure();
 
+    // Tell Keymaster that early boot has ended and early boot-only keys can no longer be created or
+    // used.
+    void earlyBootEnded();
+
   private:
     std::unique_ptr<KmDevice> mDevice;
     DISALLOW_COPY_AND_ASSIGN(Keymaster);
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 088960e..acd5b59 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -56,6 +56,14 @@ static const char* kFn_keymaster_key_blob = "keymaster_key_blob";
 static const char* kFn_keymaster_key_blob_upgraded = "keymaster_key_blob_upgraded";
 
 static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
+    // We're about to mount data not verified by verified boot.  Tell Keymaster that early boot has
+    // ended.
+    //
+    // TODO(paulcrowley): Make a Keymaster singleton or something, so we don't have to repeatedly
+    // open and initialize the service.
+    ::android::vold::Keymaster keymaster;
+    keymaster.earlyBootEnded();
+
     // fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
     // partitions in the fsck domain.
     if (setexeccon(android::vold::sFsckContext)) {