ProtonAOSP-GSI/patches
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

merge into: ProtonAOSP-GSI:sc
Branches Tags
ProtonAOSP-GSI:sc-v2
ProtonAOSP-GSI:sc
...
pull from: ProtonAOSP-GSI:sc-v2
Branches Tags
ProtonAOSP-GSI:sc-v2
ProtonAOSP-GSI:sc

8 commits
sc ... sc-v2

Author SHA1 Message Date
Peter Cai f63374e53c frameworks/base: Add fix for ShortcutService deadlock 2022-06-12 20:51:24 -04:00
Peter Cai ec7870219a frameworks/base: Add patch for using ro.build.version.incremental to trigger OTA 2022-06-03 08:17:29 -04:00
Peter Cai 43a3af91c0 Update patch for default camera id in frameworks/av 2022-06-01 18:39:33 -04:00
Peter Cai 2bcc86538e Add patch for default camera overriding 
Useful on my Sony Xperia 5 II (KDDI), which for some reason has broken
autofocus on official vendor after unlocking.
 2022-06-01 16:58:14 -04:00
Peter Cai 4207e6af29 add patch for fs_mgr overlay threshold 2022-04-28 21:23:44 -04:00
Peter Cai 22526128c0 refresh system/core and system/sepolicy patches for Sv2 2022-04-28 18:28:32 -04:00
Peter Cai 8c4bc15e8f add keystore patch for sc-v2 2022-04-16 21:22:42 -04:00
Peter Cai c1d481b27d remove unused vold patch 2022-04-16 21:21:10 -04:00
14 changed files with 695 additions and 85 deletions
Show stats Expand all files Collapse all files

12
frameworks/av/0001-APM-Restore-R-and-Q-behavior-respectively-for-teleph.patch
View file

@ -1,7 +1,7 @@
From ffc51e7cf3896389a5e015ea1774d59bb200d806 Mon Sep 17 00:00:00 2001
From 8100be359a6806e589c0b8846e34daac00a450ed Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Tue, 19 Oct 2021 21:16:55 -0400
Subject: [PATCH] APM: Restore R and Q behavior respectively for telephony
Subject: [PATCH 1/2] APM: Restore R and Q behavior respectively for telephony
audio
This conditionally reverts part of 51c9cc (S) and afd4ce (R) when the
@ -34,7 +34,7 @@ Change-Id: I56d36d2aef4319935cb88a3e4771b23c6d5b2145
2 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
index cc2d8e8cf4..8defaad32c 100644
index e334532ebc..5a15e235e0 100644
--- a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
+++ b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
@@ -601,6 +601,11 @@ status_t AudioPolicyManager::updateCallRoutingInternal(
@ -90,10 +90,10 @@ index cc2d8e8cf4..8defaad32c 100644
// on other HW module, SinkMetaData of telephony input should handle it
// assuming the device uses audio HAL V5.0 and above
diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.h b/services/audiopolicy/managerdefault/AudioPolicyManager.h
index 98f96d1951..e8b19091d5 100644
index 967aa10441..a1e875f559 100644
--- a/services/audiopolicy/managerdefault/AudioPolicyManager.h
+++ b/services/audiopolicy/managerdefault/AudioPolicyManager.h
@@ -827,6 +827,7 @@ protected:
@@ -839,6 +839,7 @@ protected:
SoundTriggerSessionCollection mSoundTriggerSessions;
sp<AudioPatch> mCallTxPatch;
@ -102,5 +102,5 @@ index 98f96d1951..e8b19091d5 100644
HwAudioOutputCollection mHwOutputs;
SourceClientCollection mAudioSources;
--
2.33.1
2.36.1

62
frameworks/av/0002-camera-Implement-property-to-override-default-camera.patch Normal file
View file

@ -0,0 +1,62 @@
From 899e3cf94287d412a5a00274749575973075cd87 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Wed, 1 Jun 2022 16:56:46 -0400
Subject: [PATCH 2/2] camera: Implement property to override default camera
Complement to the frameworks/base patch.
Change-Id: I002bfa974bafc2cc01365eeea31c7a5dcb5a2028
---
.../common/CameraProviderManager.cpp | 22 +++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/services/camera/libcameraservice/common/CameraProviderManager.cpp b/services/camera/libcameraservice/common/CameraProviderManager.cpp
index 2f74df9770..d1326b6047 100644
--- a/services/camera/libcameraservice/common/CameraProviderManager.cpp
+++ b/services/camera/libcameraservice/common/CameraProviderManager.cpp
@@ -33,6 +33,7 @@
#include <functional>
#include <camera_metadata_hidden.h>
#include <android-base/parseint.h>
+#include <android-base/properties.h>
#include <android-base/logging.h>
#include <cutils/properties.h>
#include <hwbinder/IPCThreadState.h>
@@ -142,6 +143,15 @@ std::vector<std::string> CameraProviderManager::getCameraDeviceIds() const {
deviceIds.push_back(id);
}
}
+
+ int32_t altPrimaryCamera = property_get_int32("persist.sys.alt_primary_camera", 0);
+
+ if (altPrimaryCamera != 0 && deviceIds.size() > (size_t) altPrimaryCamera) {
+ const std::string origPrimary = deviceIds[0];
+ deviceIds[0] = deviceIds[altPrimaryCamera];
+ deviceIds[altPrimaryCamera] = origPrimary;
+ }
+
return deviceIds;
}
@@ -208,6 +218,18 @@ std::vector<std::string> CameraProviderManager::getAPI1CompatibleCameraDeviceIds
std::sort(systemDeviceIds.begin(), systemDeviceIds.end(), sortFunc);
deviceIds.insert(deviceIds.end(), publicDeviceIds.begin(), publicDeviceIds.end());
deviceIds.insert(deviceIds.end(), systemDeviceIds.begin(), systemDeviceIds.end());
+
+ // Default camera ID hack should match with android.hardware.camera2.CameraManager.sortCameraIds
+ // Note that the alt primary camera may not be available here due to filterLogicalCameraIdsLocked()
+ // in which case we will just ignore it.
+ int altPrimaryCameraId = base::GetIntProperty("persist.sys.alt_primary_camera", -1);
+
+ if (altPrimaryCameraId > 0 && altPrimaryCameraId < (int) deviceIds.size()) {
+ std::string origPrimary = deviceIds[0];
+ deviceIds[0] = deviceIds[altPrimaryCameraId];
+ deviceIds[altPrimaryCameraId] = origPrimary;
+ }
+
return deviceIds;
}
--
2.36.1

10
frameworks/base/0001-PackageParser-support-glob-matching-for-properties.patch
View file

@ -1,7 +1,7 @@
From 70f7d35dda51036f04d31d507e4c30ee0a033ec5 Mon Sep 17 00:00:00 2001
From a26d483d257bdb33553f43719cdad0b392fc6ea4 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Tue, 12 Oct 2021 21:37:22 -0400
Subject: [PATCH 1/2] PackageParser: support glob matching for properties
Subject: [PATCH 1/5] PackageParser: support glob matching for properties
Needed to make phh's vendor overlays work
---
@ -9,10 +9,10 @@ Needed to make phh's vendor overlays work
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index bbb0b8e30938..45ebe8e1aaaf 100644
index 80058d31245c..0ea286c1591a 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -2500,8 +2500,16 @@ public class PackageParser {
@@ -2504,8 +2504,16 @@ public class PackageParser {
for (int i = 0; i < propNames.length; i++) {
// Check property value: make sure it is both set and equal to expected value
final String currValue = SystemProperties.get(propNames[i]);
@ -32,5 +32,5 @@ index bbb0b8e30938..45ebe8e1aaaf 100644
}
return true;
--
2.33.1
2.36.1

8
frameworks/base/0002-core-Use-real-security-patch-level-property.patch
View file

@ -1,7 +1,7 @@
From 214f184c91b39047046f5cc14af7541e5fb1b458 Mon Sep 17 00:00:00 2001
From 4182ca99bed1bed96178c382a75d4f747f206b1e Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Sat, 7 Nov 2020 23:47:30 -0800
Subject: [PATCH 2/2] core: Use real security patch level property
Subject: [PATCH 2/5] core: Use real security patch level property
The standard platform security patch level property may not reflect the
real patch level due to SafetyNet hacks, so we need to check the custom
@ -14,7 +14,7 @@ Change-Id: I18f8b6812335f132a935e0cfc04523cf693d1101
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java
index 95bcdf42f739..49ced75734d0 100755
index f0fab3f64113..449336dd53ab 100755
--- a/core/java/android/os/Build.java
+++ b/core/java/android/os/Build.java
@@ -306,7 +306,7 @@ public class Build {
@ -27,5 +27,5 @@ index 95bcdf42f739..49ced75734d0 100755
/**
* The media performance class of the device or 0 if none.
--
2.33.1
2.36.1

59
frameworks/base/0003-Implement-a-persistent-property-to-override-the-defa.patch Normal file
View file

@ -0,0 +1,59 @@
From b2c3942e6eb0f899039f6be96f87b7b0727b41d3 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Wed, 1 Jun 2022 16:56:20 -0400
Subject: [PATCH 3/5] Implement a persistent property to override the default
primary camera (0)
Change-Id: I49b45d00bf71d7932591b3516d49a680e1b6568b
---
core/java/android/hardware/Camera.java | 6 ++++++
core/java/android/hardware/camera2/CameraManager.java | 9 +++++++++
2 files changed, 15 insertions(+)
diff --git a/core/java/android/hardware/Camera.java b/core/java/android/hardware/Camera.java
index 3bdd39f5d7d7..fff46f20342b 100644
--- a/core/java/android/hardware/Camera.java
+++ b/core/java/android/hardware/Camera.java
@@ -45,6 +45,7 @@ import android.os.Message;
import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceManager;
+import android.os.SystemProperties;
import android.renderscript.Allocation;
import android.renderscript.Element;
import android.renderscript.RSIllegalArgumentException;
@@ -408,6 +409,11 @@ public class Camera {
* @see #open(int)
*/
public static Camera open() {
+ int altPrimaryCamera = SystemProperties.getInt("persist.sys.alt_primary_camera", -1);
+ if (altPrimaryCamera > 0) {
+ return new Camera(altPrimaryCamera);
+ }
+
int numberOfCameras = getNumberOfCameras();
CameraInfo cameraInfo = new CameraInfo();
for (int i = 0; i < numberOfCameras; i++) {
diff --git a/core/java/android/hardware/camera2/CameraManager.java b/core/java/android/hardware/camera2/CameraManager.java
index b7c5644df107..72b4b8e7799a 100644
--- a/core/java/android/hardware/camera2/CameraManager.java
+++ b/core/java/android/hardware/camera2/CameraManager.java
@@ -1595,6 +1595,15 @@ public final class CameraManager {
}
}});
+ // HAXX: Allow overriding default primary camera (assumed to be camera 0) via property
+ // Should match with libcameraservice/common/CameraProviderManager.cpp
+ int altPrimaryCamera = SystemProperties.getInt("persist.sys.alt_primary_camera", -1);
+ if (altPrimaryCamera > 0 && altPrimaryCamera < cameraIds.length) {
+ String origPrimary = cameraIds[0];
+ cameraIds[0] = cameraIds[altPrimaryCamera];
+ cameraIds[altPrimaryCamera] = origPrimary;
+ }
+
}
public static boolean cameraStatusesContains(CameraStatus[] cameraStatuses, String id) {
--
2.36.1

273
frameworks/base/0004-fw-b-Use-ro.build.version.incremental-to-signal-OTA-.patch Normal file
View file

@ -0,0 +1,273 @@
From 6da03d0eadcabe836e71d2d88d7d2d057ba9efa4 Mon Sep 17 00:00:00 2001
From: dhacker29 <dhackerdvm@gmail.com>
Date: Tue, 24 Nov 2015 01:53:47 -0500
Subject: [PATCH 4/5] fw/b: Use ro.build.version.incremental to signal OTA
upgrades
Squash of:
Author: dhacker29 <dhackerdvm@gmail.com>
Date: Tue Nov 24 01:53:47 2015 -0500
Core: Use ro.build.date to signal mIsUpgrade
M: We use a static fingerprint that is only changed when a new OEM build is released, so
every flash shows Android is starting instead of upgrading. This will fix that.
N: even though we dont have the dexopt sceen on N, this is still needed to delete the
correct caches, and grant/deny specific runtime permissions like a true oem update
would do.
Updated for Nougat By: BeansTown106
Change-Id: I0e3ed5c8f0351e48944432ae6a0c5194ddeff1fa
Author: Sam Mortimer <sam@mortimer.me.uk>
Date: Fri Sep 28 13:45:00 2018 -0700
fw/b UserManagerService: Use ro.build.date to signal upgrades
*) We changed PackageManagerService to use Build.DATE instead of
Build.FINGERPRINT to detect upgrade. Do the same for
UserManagerService.
*) Affects generation of preboot intent and app data migration.
Change-Id: I56887b7ca842afdcf3cf84b27b4c04667cf43307
Author: Wang Han <416810799@qq.com>
Date: Sat Dec 29 23:33:20 2018 +0800
ShortcutService: Use ro.build.date to signal package scanning
* Affects system apps scanning.
Change-Id: I5f6d6647929f5b5ae7e820b18e95bf5ed2ec8d1c
Author: maxwen <max.weninger@gmail.com>
Date: Tue Nov 19 01:02:01 2019 +0100
base: Use ro.build.date to clear cache dirs on update
instead of using ro.build.fingerprint we explictly need to use ro.build.date
Change-Id: Ib3e80e58eb8c9a21c108e9f5cd2dbdb7ada8e3a4
Author: maxwen <max.weninger@gmail.com>
Date: Wed Oct 28 07:07:10 2020 -0400
One more Build.FINGERPRINT to Build.DATE change
Change-Id: I13dbf3d7f6587d3fcd6591cc0f861b34b6d5561c
Change-Id: If0eb969ba509981f9209ffa37a949d9042ef4c2a
---
.../android/app/admin/SystemUpdateInfo.java | 4 ++--
.../com/android/server/am/UserController.java | 2 +-
.../server/pm/PackageManagerService.java | 24 ++++++++++---------
.../java/com/android/server/pm/Settings.java | 6 ++---
.../android/server/pm/ShortcutService.java | 2 +-
.../android/server/pm/UserManagerService.java | 10 ++++----
6 files changed, 26 insertions(+), 22 deletions(-)
diff --git a/core/java/android/app/admin/SystemUpdateInfo.java b/core/java/android/app/admin/SystemUpdateInfo.java
index b88bf76c96ca..fdf2b3f54311 100644
--- a/core/java/android/app/admin/SystemUpdateInfo.java
+++ b/core/java/android/app/admin/SystemUpdateInfo.java
@@ -132,7 +132,7 @@ public final class SystemUpdateInfo implements Parcelable {
out.startTag(null, tag);
out.attributeLong(null, ATTR_RECEIVED_TIME, mReceivedTime);
out.attributeInt(null, ATTR_SECURITY_PATCH_STATE, mSecurityPatchState);
- out.attribute(null, ATTR_ORIGINAL_BUILD , Build.FINGERPRINT);
+ out.attribute(null, ATTR_ORIGINAL_BUILD , Build.VERSION.INCREMENTAL);
out.endTag(null, tag);
}
@@ -141,7 +141,7 @@ public final class SystemUpdateInfo implements Parcelable {
public static SystemUpdateInfo readFromXml(TypedXmlPullParser parser) {
// If an OTA has been applied (build fingerprint has changed), discard stale info.
final String buildFingerprint = parser.getAttributeValue(null, ATTR_ORIGINAL_BUILD );
- if (!Build.FINGERPRINT.equals(buildFingerprint)) {
+ if (!Build.VERSION.INCREMENTAL.equals(buildFingerprint)) {
return null;
}
try {
diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index b28b1a66cd97..4187a1387f02 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -711,7 +711,7 @@ class UserController implements Handler.Callback {
// purposefully block sending BOOT_COMPLETED until after all
// PRE_BOOT receivers are finished to avoid ANR'ing apps
final UserInfo info = getUserInfo(userId);
- if (!Objects.equals(info.lastLoggedInFingerprint, Build.FINGERPRINT)
+ if (!Objects.equals(info.lastLoggedInFingerprint, Build.VERSION.INCREMENTAL)
|| SystemProperties.getBoolean("persist.pm.mock-upgrade", false)) {
// Suppress double notifications for managed profiles that
// were unlocked automatically as part of their parent user
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 88435c12f0a7..048987482e65 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -7126,7 +7126,7 @@ public class PackageManagerService extends IPackageManager.Stub
}
PackageManagerService m = new PackageManagerService(injector, onlyCore, factoryTest,
- Build.FINGERPRINT, Build.IS_ENG, Build.IS_USERDEBUG, Build.VERSION.SDK_INT,
+ Build.VERSION.INCREMENTAL, Build.IS_ENG, Build.IS_USERDEBUG, Build.VERSION.SDK_INT,
Build.VERSION.INCREMENTAL);
t.traceEnd(); // "create package manager"
@@ -7616,7 +7616,7 @@ public class PackageManagerService extends IPackageManager.Stub
!buildFingerprint.equals(ver.fingerprint);
if (mIsUpgrade) {
PackageManagerServiceUtils.logCriticalInfo(Log.INFO,
- "Upgrading from " + ver.fingerprint + " to " + Build.FINGERPRINT);
+ "Upgrading from " + ver.fingerprint + " to " + Build.VERSION.INCREMENTAL);
}
// when upgrading from pre-M, promote system app permissions from install to runtime
@@ -8003,8 +8003,9 @@ public class PackageManagerService extends IPackageManager.Stub
// allow... it would be nice to have some better way to handle
// this situation.
if (mIsUpgrade) {
- Slog.i(TAG, "Build fingerprint changed from " + ver.fingerprint + " to "
- + Build.FINGERPRINT + "; regranting permissions for internal storage");
+ Slog.i(TAG, "Build incremental version changed from " + ver.fingerprint + " to "
+ + Build.VERSION.INCREMENTAL +
+ "; regranting permissions for internal storage");
}
mPermissionManager.onStorageVolumeMounted(
StorageManager.UUID_PRIVATE_INTERNAL, mIsUpgrade);
@@ -8087,7 +8088,7 @@ public class PackageManagerService extends IPackageManager.Stub
// across OTAs and are used to drive profile verification (post OTA) and
// profile compilation (without waiting to collect a fresh set of profiles).
if (mIsUpgrade && !mOnlyCore) {
- Slog.i(TAG, "Build fingerprint changed; clearing code caches");
+ Slog.i(TAG, "Build incremental version changed; clearing code caches");
for (int i = 0; i < packageSettings.size(); i++) {
final PackageSetting ps = packageSettings.valueAt(i);
if (Objects.equals(StorageManager.UUID_PRIVATE_INTERNAL, ps.volumeUuid)) {
@@ -8098,7 +8099,7 @@ public class PackageManagerService extends IPackageManager.Stub
| Installer.FLAG_CLEAR_APP_DATA_KEEP_ART_PROFILES);
}
}
- ver.fingerprint = Build.FINGERPRINT;
+ ver.fingerprint = Build.VERSION.INCREMENTAL;
}
// Legacy existing (installed before Q) non-system apps to hide
@@ -8535,7 +8536,7 @@ public class PackageManagerService extends IPackageManager.Stub
// identify cached items. In particular, changing the value of certain
// feature flags should cause us to invalidate any caches.
final String cacheName = FORCE_PACKAGE_PARSED_CACHE_ENABLED ? "debug"
- : SystemProperties.digestOf("ro.build.fingerprint");
+ : SystemProperties.digestOf("ro.build.version.incremental");
// Reconcile cache directories, keeping only what we'd actually use.
for (File cacheDir : FileUtils.listFilesOrEmpty(cacheBaseDir)) {
@@ -25579,7 +25580,7 @@ public class PackageManagerService extends IPackageManager.Stub
Slog.w(TAG, "Failed to scan " + ps.getPath() + ": " + e.getMessage());
}
- if (!Build.FINGERPRINT.equals(ver.fingerprint)) {
+ if (!Build.VERSION.INCREMENTAL.equals(ver.fingerprint)) {
clearAppDataLIF(ps.pkg, UserHandle.USER_ALL, FLAG_STORAGE_DE | FLAG_STORAGE_CE
| FLAG_STORAGE_EXTERNAL | Installer.FLAG_CLEAR_CODE_CACHE_ONLY
| Installer.FLAG_CLEAR_APP_DATA_KEEP_ART_PROFILES);
@@ -25614,10 +25615,11 @@ public class PackageManagerService extends IPackageManager.Stub
}
synchronized (mLock) {
- final boolean isUpgrade = !Build.FINGERPRINT.equals(ver.fingerprint);
+ final boolean isUpgrade = !Build.VERSION.INCREMENTAL.equals(ver.fingerprint);
if (isUpgrade) {
- logCriticalInfo(Log.INFO, "Build fingerprint changed from " + ver.fingerprint
- + " to " + Build.FINGERPRINT + "; regranting permissions for "
+ logCriticalInfo(Log.INFO, "Build incremental version changed from "
+ + ver.fingerprint
+ + " to " + Build.VERSION.INCREMENTAL + "; regranting permissions for "
+ volumeUuid);
}
mPermissionManager.onStorageVolumeMounted(volumeUuid, isUpgrade);
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 26aebbc1ea93..3bf3e1a1e3a3 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -433,7 +433,7 @@ public final class Settings implements Watchable, Snappable {
public void forceCurrent() {
sdkVersion = Build.VERSION.SDK_INT;
databaseVersion = CURRENT_DATABASE_VERSION;
- fingerprint = Build.FINGERPRINT;
+ fingerprint = Build.VERSION.INCREMENTAL;
}
}
@@ -2972,7 +2972,7 @@ public final class Settings implements Watchable, Snappable {
// on update drop the files before loading them.
if (PackageManagerService.CLEAR_RUNTIME_PERMISSIONS_ON_UPGRADE) {
final VersionInfo internal = getInternalVersion();
- if (!Build.FINGERPRINT.equals(internal.fingerprint)) {
+ if (!Build.VERSION.INCREMENTAL.equals(internal.fingerprint)) {
for (UserInfo user : users) {
mRuntimePermissionsPersistence.deleteUserRuntimePermissionsFile(user.id);
}
@@ -5346,7 +5346,7 @@ public final class Settings implements Watchable, Snappable {
}
private String getExtendedFingerprint(long version) {
- return Build.FINGERPRINT + "?pc_version=" + version;
+ return Build.VERSION.INCREMENTAL + "?pc_version=" + version;
}
public void writeStateForUserAsyncLPr(int userId) {
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 62d6717e847a..4e9e7a026a90 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -5240,7 +5240,7 @@ public class ShortcutService extends IShortcutService.Stub {
// Injection point.
String injectBuildFingerprint() {
- return Build.FINGERPRINT;
+ return Build.VERSION.INCREMENTAL;
}
final void wtf(String message) {
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 6d8137e74061..826370006dca 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -3657,7 +3657,7 @@ public class UserManagerService extends IUserManager.Stub {
userInfo.creationTime = getCreationTime();
userInfo.partial = true;
userInfo.preCreated = preCreate;
- userInfo.lastLoggedInFingerprint = Build.FINGERPRINT;
+ userInfo.lastLoggedInFingerprint = Build.VERSION.INCREMENTAL;
if (userTypeDetails.hasBadge() && parentId != UserHandle.USER_NULL) {
userInfo.profileBadge = getFreeProfileBadgeLU(parentId, userType);
}
@@ -4785,7 +4785,8 @@ public class UserManagerService extends IUserManager.Stub {
t.traceBegin("onBeforeStartUser-" + userId);
final int userSerial = userInfo.serialNumber;
// Migrate only if build fingerprints mismatch
- boolean migrateAppsData = !Build.FINGERPRINT.equals(userInfo.lastLoggedInFingerprint);
+ boolean migrateAppsData =
+ !Build.VERSION.INCREMENTAL.equals(userInfo.lastLoggedInFingerprint);
t.traceBegin("prepareUserData");
mUserDataPreparer.prepareUserData(userId, userSerial, StorageManager.FLAG_STORAGE_DE);
t.traceEnd();
@@ -4814,7 +4815,8 @@ public class UserManagerService extends IUserManager.Stub {
}
final int userSerial = userInfo.serialNumber;
// Migrate only if build fingerprints mismatch
- boolean migrateAppsData = !Build.FINGERPRINT.equals(userInfo.lastLoggedInFingerprint);
+ boolean migrateAppsData =
+ !Build.VERSION.INCREMENTAL.equals(userInfo.lastLoggedInFingerprint);
mUserDataPreparer.prepareUserData(userId, userSerial, StorageManager.FLAG_STORAGE_CE);
StorageManagerInternal smInternal = LocalServices.getService(StorageManagerInternal.class);
@@ -4851,7 +4853,7 @@ public class UserManagerService extends IUserManager.Stub {
if (now > EPOCH_PLUS_30_YEARS) {
userData.info.lastLoggedInTime = now;
}
- userData.info.lastLoggedInFingerprint = Build.FINGERPRINT;
+ userData.info.lastLoggedInFingerprint = Build.VERSION.INCREMENTAL;
scheduleWriteUser(userData);
}
--
2.36.1

116
frameworks/base/0005-ShortcutPackage-Acquire-the-service-s-lock-before-re.patch Normal file
View file

@ -0,0 +1,116 @@
From 9ae7ba267da4f6bf098bc3dd1ea0edc6aea59894 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Sun, 12 Jun 2022 13:17:38 -0400
Subject: [PATCH 5/5] ShortcutPackage: Acquire the service's lock before
reporting usage
When `ShortcutPackage.pushDynamicShortcut()` is called from
`ShortcutService.pushDynamicShortcut()`, the lock
`ShortcutService.mLock` is acquired. However, the final
`injectPostToHandler()` call drops this lock before calling
`awaitInAppSearch()`.
The `awaitInAppSearch()` method assumes that it is called while being
guarded by the `ShortcutService` lock. When called without acquiring the
lock, it will end up acquiring `ShortcutPackage.mLock` first, then
acquiring `ShortcutService.mLock` anyway due to various calls into
`ShortcutService` methods. This creates an opportunity for a dead lock
to happen, since two threads can wait on each other for releasing the
other lock they are currently trying to acquire. On one of my
development devices, this happens quite regularly:
> "android.bg" prio=5 tid=22 Blocked
> | group="main" sCount=1 ucsCount=0 flags=1 obj=0x16040c48 self=0xb40000709b1a3c00
> | sysTid=1515 nice=10 cgrp=default sched=0/0 handle=0x70904ebcb0
> | state=S schedstat=( 14737747935 45952650258 46431 ) utm=610 stm=862 core=0 HZ=100
> | stack=0x70903e8000-0x70903ea000 stackSize=1039KB
> | held mutexes=
> at com.android.server.pm.ShortcutService.scheduleSaveInner(ShortcutService.java:1176)
> - waiting to lock <0x0a5766e4> (a java.lang.Object) held by thread 122
> at com.android.server.pm.ShortcutService.scheduleSaveUser(ShortcutService.java:1166)
> at com.android.server.pm.ShortcutService.packageShortcutsChanged(ShortcutService.java:1769)
> at com.android.server.pm.ShortcutPackage.rescanPackage(ShortcutPackage.java:1224)
> at com.android.server.pm.ShortcutPackage.awaitInAppSearch(ShortcutPackage.java:2627)
> - locked <0x00e8774d> (a java.lang.Object)
> at com.android.server.pm.ShortcutPackage.awaitInAppSearch(ShortcutPackage.java:2593)
> at com.android.server.pm.ShortcutPackage.lambda$pushDynamicShortcut$3$ShortcutPackage(ShortcutPackage.java:452)
> at com.android.server.pm.ShortcutPackage$$ExternalSyntheticLambda3.run(unavailable:-1)
> at android.os.Handler.handleCallback(Handler.java:938)
> at android.os.Handler.dispatchMessage(Handler.java:99)
> at android.os.Looper.loopOnce(Looper.java:201)
> at android.os.Looper.loop(Looper.java:288)
> at android.os.HandlerThread.run(HandlerThread.java:67)
Meanwhile, in thread 122:
> "Binder:1489_6" prio=5 tid=122 Blocked
> | group="main" sCount=1 ucsCount=0 flags=1 obj=0x16047388 self=0xb400007074947c00
> | sysTid=2070 nice=0 cgrp=default sched=0/0 handle=0x70218e4cb0
> | state=S schedstat=( 10396689438 3745391103 31237 ) utm=808 stm=231 core=1 HZ=100
> | stack=0x70217ed000-0x70217ef000 stackSize=991KB
> | held mutexes=
> at com.android.server.pm.ShortcutPackage.awaitInAppSearch(ShortcutPackage.java:2605)
> - waiting to lock <0x00e8774d> (a java.lang.Object) held by thread 22
> at com.android.server.pm.ShortcutPackage.awaitInAppSearch(ShortcutPackage.java:2593)
> at com.android.server.pm.ShortcutPackage.forEachShortcutStopWhen(ShortcutPackage.java:2542)
> at com.android.server.pm.ShortcutPackage.forEachShortcutStopWhen(ShortcutPackage.java:2524)
> at com.android.server.pm.ShortcutPackage.areAllActivitiesStillEnabled(ShortcutPackage.java:1039)
> at com.android.server.pm.ShortcutPackage.rescanPackageIfNeeded(ShortcutPackage.java:1096)
> at com.android.server.pm.ShortcutUser.rescanPackageIfNeeded(ShortcutUser.java:338)
> at com.android.server.pm.ShortcutUser.onCalledByPublisher(ShortcutUser.java:294)
> at com.android.server.pm.ShortcutService.getPackageShortcutsForPublisherLocked(ShortcutService.java:1355)
> at com.android.server.pm.ShortcutService.lambda$pushDynamicShortcut$9$ShortcutService(ShortcutService.java:2210)
> - locked <0x0a5766e4> (a java.lang.Object)
> at com.android.server.pm.ShortcutService$$ExternalSyntheticLambda14.run(unavailable:-1)
> at com.android.server.pm.ShortcutService.injectPostToHandlerIfAppSearch(ShortcutService.java:1740)
> at com.android.server.pm.ShortcutService.pushDynamicShortcut(ShortcutService.java:2200)
> at android.content.pm.IShortcutService$Stub.onTransact(IShortcutService.java:715)
> at android.os.Binder.execTransactInternal(Binder.java:1201)
> at android.os.Binder.execTransact(Binder.java:1164)
The straightforward fix here seems to be just taking the
`ShortcutService` lock before calling `awaitInAppSearch()`. This commit
also added a method in `ShortcutService` to facilitate this interaction.
Test: manual
Change-Id: I0f997a02820b1598ca2a4ec25415c03f8f87fc87
---
.../core/java/com/android/server/pm/ShortcutPackage.java | 2 +-
.../core/java/com/android/server/pm/ShortcutService.java | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/pm/ShortcutPackage.java b/services/core/java/com/android/server/pm/ShortcutPackage.java
index b4bd086af272..d4f5a237f250 100644
--- a/services/core/java/com/android/server/pm/ShortcutPackage.java
+++ b/services/core/java/com/android/server/pm/ShortcutPackage.java
@@ -449,7 +449,7 @@ class ShortcutPackage extends ShortcutPackageItem {
forceReplaceShortcutInner(newShortcut);
if (isAppSearchEnabled()) {
- mShortcutUser.mService.injectPostToHandler(() -> awaitInAppSearch("reportUsage",
+ mShortcutUser.mService.injectPostToHandlerWithLock(() -> awaitInAppSearch("reportUsage",
session -> {
final AndroidFuture<Boolean> future = new AndroidFuture<>();
session.reportUsage(
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 4e9e7a026a90..c688943d2838 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -1731,6 +1731,14 @@ public class ShortcutService extends IShortcutService.Stub {
mHandler.post(r);
}
+ void injectPostToHandlerWithLock(Runnable r) {
+ injectPostToHandler(() -> {
+ synchronized (mLock) {
+ r.run();
+ }
+ });
+ }
+
void injectRunOnNewThread(Runnable r) {
new Thread(r).start();
}
--
2.36.1

8
system/core/0001-Stop-overriding-system-properties-from-vendor.patch
View file

@ -1,7 +1,7 @@
From 2a6fd2529fa57658fb503f43ffd11bcddd22aacb Mon Sep 17 00:00:00 2001
From 6e17845221ec781e003432b96c1d08dc582859f3 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 7 Oct 2021 15:48:11 -0400
Subject: [PATCH 1/2] Stop overriding system properties from vendor
Subject: [PATCH 1/4] Stop overriding system properties from vendor
This is annoying to disable apexes, or force adb
@ -11,7 +11,7 @@ Change-Id: Ifd0072c631349b23945df4ab401ba26eca07131f
1 file changed, 1 deletion(-)
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 4805a7b9f..a2b424386 100644
index 6711e7d66..6bf0e81bd 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -725,7 +725,6 @@ static void LoadProperties(char* data, const char* filter, const char* filename,
@ -23,5 +23,5 @@ index 4805a7b9f..a2b424386 100644
} else {
LOG(ERROR) << "Do not have permissions to set '" << key << "' to '" << value
--
2.33.1
2.36.0

10
system/core/0002-init-Do-not-start-console-service-when-debuggable.patch
View file

@ -1,7 +1,7 @@
From 3dc5868ed984b0ec01e5d3d96ad7a6e6af31f585 Mon Sep 17 00:00:00 2001
From 40f60ce5f786f8121aebcb8e1521d2edb5bb7f43 Mon Sep 17 00:00:00 2001
From: Isaac Chen <tingyi364@gmail.com>
Date: Wed, 23 Jun 2021 13:07:30 +0800
Subject: [PATCH 2/2] init: Do not start console service when debuggable
Subject: [PATCH 2/4] init: Do not start console service when debuggable
Google added a check for this in R, when it's running it will show a
notification about that performance is impacted.
@ -13,10 +13,10 @@ Change-Id: I34cfd6b42d3b9aee4b3e63181480cfb8b1255f29
1 file changed, 3 deletions(-)
diff --git a/rootdir/init.rc b/rootdir/init.rc
index d38eb5d4a..1680aebcc 100644
index c59cbf0cc..d262be761 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -1217,9 +1217,6 @@ on property:ro.debuggable=1
@@ -1235,9 +1235,6 @@ on property:ro.debuggable=1
# Give reads to anyone for the accessibility trace folder on debug builds.
chmod 0775 /data/misc/a11ytrace
@ -27,5 +27,5 @@ index d38eb5d4a..1680aebcc 100644
# TODO(b/135984674): reset all necessary properties here.
setprop sys.boot_completed ""
--
2.33.1
2.36.0

38
system/core/0003-remount-Fix-failure-for-system-as-root.patch Normal file
View file

@ -0,0 +1,38 @@
From 74faf05b941682bd1930b92ae879c8baba09d6ac Mon Sep 17 00:00:00 2001
From: Leo Yan <leo.yan@linaro.org>
Date: Fri, 4 Jun 2021 15:19:33 +0100
Subject: [PATCH 3/4] remount: Fix failure for system-as-root
Since commit 5ad7b3cbc5c1 ("Try to remount mounted points only"), the
system-as-root cannot be remounted successfully when execute command
"adb remount". This is because the mount point "/system" cannot be
found and directly bails out with failure.
Add an extra checking for the mount point "/system" for the
system-as-root case, takes it as a found entry; thus the function can
continue to run and fix up to remount root.
Suggested-by: David Anderson <dvander@google.com>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Change-Id: Ia936c9d97bed951184813a087c70fe591cb33fe0
---
fs_mgr/fs_mgr_remount.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index e685070a8..5411acacf 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -420,7 +420,8 @@ static int do_remount(int argc, char* argv[]) {
break;
}
// Find overlayfs mount point?
- if ((mount_point == "/") && (rentry.mount_point == "/system")) {
+ if ((mount_point == "/" && rentry.mount_point == "/system") ||
+ (mount_point == "/system" && rentry.mount_point == "/")) {
blk_device = rentry.blk_device;
mount_point = "/system";
found = true;
--
2.36.0

35
system/core/0004-fs_mgr-trigger-the-use-of-overlayfs-earlier.patch Normal file
View file

@ -0,0 +1,35 @@
From df349dcccc43dc45f4ff0ba8eb10c3f59f4f4f17 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Thu, 28 Apr 2022 21:22:30 -0400
Subject: [PATCH 4/4] fs_mgr: trigger the use of overlayfs earlier
At 1%, it's barely useable to do anything at all if remounted rw
---
fs_mgr/fs_mgr_overlayfs.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index 4d32bda80..ec6fef89a 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -176,7 +176,7 @@ bool fs_mgr_dir_is_writable(const std::string& path) {
return ret | !rmdir(test_directory.c_str());
}
-// At less than 1% or 8MB of free space return value of false,
+// At less than 20% or 8MB of free space return value of false,
// means we will try to wrap with overlayfs.
bool fs_mgr_filesystem_has_space(const std::string& mount_point) {
// If we have access issues to find out space remaining, return true
@@ -188,7 +188,7 @@ bool fs_mgr_filesystem_has_space(const std::string& mount_point) {
return true;
}
- static constexpr int kPercentThreshold = 1; // 1%
+ static constexpr int kPercentThreshold = 20; // 20%
static constexpr unsigned long kSizeThreshold = 8 * 1024 * 1024; // 8MB
return (vst.f_bfree >= (vst.f_blocks * kPercentThreshold / 100)) &&
--
2.36.0

68
system/security/0001-Keystore-2.0-Add-CREATION_DATETIME-only-for-Keymint-.patch Normal file
View file

@ -0,0 +1,68 @@
From 0c610f5f6935977142a7dbb9dbca4b9b1bc83c55 Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Mon, 20 Dec 2021 13:16:23 -0800
Subject: [PATCH] Keystore 2.0: Add CREATION_DATETIME only for Keymint V1 and
higher.
Adding CREATION_DATETIME unconditionally should be accepted by all
keymaster implementations. Alas, VTS tests never covered this before
Keymint V1 and so there are implementations that fail when the caller
presents the tag.
Test: CtsKeystoreTestCases for regression testing.
Bug: 210792876
Bug: 204578637
Change-Id: I3cf7e8def7a369839844ef1b3628f477d8fe6b53
---
keystore2/src/security_level.rs | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 1b2e3485..0f4c0f7d 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -405,23 +405,26 @@ impl KeystoreSecurityLevel {
);
}
- result.push(KeyParameter {
- tag: Tag::CREATION_DATETIME,
- value: KeyParameterValue::DateTime(
- SystemTime::now()
- .duration_since(SystemTime::UNIX_EPOCH)
- .context(
- "In KeystoreSecurityLevel::add_required_parameters: \
+ // Add CREATION_DATETIME only if the backend version Keymint V1 (100) or newer.
+ if self.hw_info.versionNumber >= 100 {
+ result.push(KeyParameter {
+ tag: Tag::CREATION_DATETIME,
+ value: KeyParameterValue::DateTime(
+ SystemTime::now()
+ .duration_since(SystemTime::UNIX_EPOCH)
+ .context(
+ "In KeystoreSecurityLevel::add_required_parameters: \
Failed to get epoch time.",
- )?
- .as_millis()
- .try_into()
- .context(
- "In KeystoreSecurityLevel::add_required_parameters: \
+ )?
+ .as_millis()
+ .try_into()
+ .context(
+ "In KeystoreSecurityLevel::add_required_parameters: \
Failed to convert epoch time.",
- )?,
- ),
- });
+ )?,
+ ),
+ });
+ }
// If there is an attestation challenge we need to get an application id.
if params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE) {
--
2.35.3

27
system/sepolicy/0001-Protect-real-SPL-property.patch
View file

@ -1,4 +1,4 @@
From d64b74058176dedbe0c7f209956ecb1a9377f079 Mon Sep 17 00:00:00 2001
From 2586397a0d9f1d7ade0e9919821a6a194f011475 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Wed, 20 Oct 2021 16:01:00 -0400
Subject: [PATCH] Protect real SPL property
@ -6,14 +6,27 @@ Subject: [PATCH] Protect real SPL property
Label it with the same SELinux context as the original SPL property.
---
prebuilts/api/31.0/private/property_contexts | 1 +
prebuilts/api/32.0/private/property_contexts | 1 +
private/property_contexts | 1 +
2 files changed, 2 insertions(+)
3 files changed, 3 insertions(+)
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index 8ac1e7005..b8be6dbf2 100644
index 192e55e56..f7aba0c96 100644
--- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts
@@ -710,6 +710,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string
@@ -711,6 +711,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string
ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string
ro.build.version.sdk u:object_r:build_prop:s0 exact int
ro.build.version.security_patch u:object_r:build_prop:s0 exact string
+ro.build.version.real_security_patch u:object_r:build_prop:s0 exact string
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
diff --git a/prebuilts/api/32.0/private/property_contexts b/prebuilts/api/32.0/private/property_contexts
index 1c7151837..709328436 100644
--- a/prebuilts/api/32.0/private/property_contexts
+++ b/prebuilts/api/32.0/private/property_contexts
@@ -716,6 +716,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string
ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string
ro.build.version.sdk u:object_r:build_prop:s0 exact int
ro.build.version.security_patch u:object_r:build_prop:s0 exact string
@ -22,10 +35,10 @@ index 8ac1e7005..b8be6dbf2 100644
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
diff --git a/private/property_contexts b/private/property_contexts
index 8ac1e7005..b8be6dbf2 100644
index 1c7151837..709328436 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -710,6 +710,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string
@@ -716,6 +716,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string
ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string
ro.build.version.sdk u:object_r:build_prop:s0 exact int
ro.build.version.security_patch u:object_r:build_prop:s0 exact string
@ -34,5 +47,5 @@ index 8ac1e7005..b8be6dbf2 100644
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
--
2.33.1
2.36.0

54
system/vold/0001-Fallback-to-non-rollback-resistant-keys-if-not-avail.patch
View file

@ -1,54 +0,0 @@
From 6d24663905ec1735eefc4b13b60f09465b28111a Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 5 Oct 2021 16:17:15 -0400
Subject: [PATCH] Fallback to non-rollback resistant keys if not available
Boot on Mediatek devices was broken with:
~ Add ROLLBACK_RESISTANCE tag to key usage
Change-Id: I0ab7103c317c70779dee03dce25ba9c9da1629f4
---
KeyStorage.cpp | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 93c5c29..ef089ad 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -378,12 +378,15 @@ static KeymasterOperation BeginKeymasterOp(Keymaster& keymaster, const std::stri
static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir,
const km::AuthorizationSet& keyParams,
const KeyBuffer& message, std::string* ciphertext) {
- km::AuthorizationSet opParams =
+ auto opParams =
km::AuthorizationSetBuilder()
- .Authorization(km::TAG_ROLLBACK_RESISTANCE)
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
+ auto opParamsWithRollback = opParams;
+ opParamsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
+
km::AuthorizationSet outParams;
- auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
+ auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParamsWithRollback, &outParams);
+ if (!opHandle) opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
if (!opHandle) return false;
auto nonceBlob = outParams.GetTagValue(km::TAG_NONCE);
if (!nonceBlob) {
@@ -410,9 +413,12 @@ static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
auto opParams = km::AuthorizationSetBuilder()
.Authorization(km::TAG_NONCE, nonce)
- .Authorization(km::TAG_ROLLBACK_RESISTANCE)
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
- auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
+ auto opParamsWithRollback = opParams;
+ opParamsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
+
+ auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParamsWithRollback, nullptr);
+ if (!opHandle) opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
if (!opHandle) return false;
if (!opHandle.updateCompletely(bodyAndMac, message)) return false;
if (!opHandle.finish(nullptr)) return false;
--
2.33.0