Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e02a8bec authored by Martin Brabham's avatar Martin Brabham
Browse files

NIAP: Add a new argument to determine single user mode status. 

This is being used to section off the feature to single user mode
devices as provisioned devices requiring compliance will be
single user mode only.  This is a stop-gap waiting on a vendor code fix.

RE keystore (qseecom) problems: b/129759834

Bug: b/117993149
Test: atest net_test_bluetooth
Change-Id: I4fb3f4e663a051db8f8ba12901a20fa18ebf197e
parent 88b78f69

system/btif/include/btif_api.h

+13 −0
Original line number Diff line number Diff line
@@ -103,6 +103,19 @@ bt_status_t btif_cleanup_bluetooth(void); 
 ******************************************************************************/

bool is_restricted_mode(void);



/*******************************************************************************

 *

 * Function         is_single_user_mode_

 *

 * Description      Checks if BT was enabled in single user mode. In this

 *                  mode, use of keystore for key attestation of LTK is limitee

 *                  to this mode defined by UserManager.

 *

 * Returns          bool

 *

 ******************************************************************************/

bool is_single_user_mode(void);



/*******************************************************************************

 *

 * Function         btif_get_adapter_properties

system/btif/src/bluetooth.cc

+9 −7
Original line number Diff line number Diff line
@@ -81,6 +81,7 @@ using bluetooth::hearing_aid::HearingAidInterface; 


bt_callbacks_t* bt_hal_cbacks = NULL;

bool restricted_mode = false;

bool single_user_mode = false;



/*******************************************************************************

 *  Externs
@@ -132,8 +133,10 @@ static bool is_profile(const char* p1, const char* p2) { 
 *

 ****************************************************************************/



static int init(bt_callbacks_t* callbacks) {

  LOG_INFO(LOG_TAG, "%s", __func__);

static int init(bt_callbacks_t* callbacks, bool start_restricted,

                bool is_single_user_mode) {

  LOG_INFO(LOG_TAG, "%s: start restricted = %d ; single user = %d", __func__,

           start_restricted, is_single_user_mode);



  if (interface_ready()) return BT_STATUS_DONE;
@@ -142,16 +145,14 @@ static int init(bt_callbacks_t* callbacks) { 
#endif



  bt_hal_cbacks = callbacks;

  restricted_mode = start_restricted;

  single_user_mode = is_single_user_mode;

  stack_manager_get_interface()->init_stack();

  btif_debug_init();

  return BT_STATUS_SUCCESS;

}



static int enable(bool start_restricted) {

  LOG_INFO(LOG_TAG, "%s: start restricted = %d", __func__, start_restricted);



  restricted_mode = start_restricted;



static int enable() {

  if (!interface_ready()) return BT_STATUS_NOT_READY;



  stack_manager_get_interface()->start_up_stack_async();
@@ -168,6 +169,7 @@ static int disable(void) { 
static void cleanup(void) { stack_manager_get_interface()->clean_up_stack(); }



bool is_restricted_mode() { return restricted_mode; }

bool is_single_user_mode() { return single_user_mode; }



static int get_adapter_properties(void) {

  /* sanity check */

system/btif/src/btif_config.cc

+3 −1
Original line number Diff line number Diff line
@@ -60,7 +60,9 @@ static const char* TIME_STRING_FORMAT = "%Y-%m-%d %H:%M:%S"; 


constexpr int kBufferSize = 400 * 10;  // initial file is ~400B



static bool use_key_attestation() { return getuid() == AID_BLUETOOTH; }

static bool use_key_attestation() {

  return getuid() == AID_BLUETOOTH && is_single_user_mode();

}



#define BT_CONFIG_METRICS_SECTION "Metrics"

#define BT_CONFIG_METRICS_SALT_256BIT "Salt256Bit"

system/include/hardware/bluetooth.h

+7 −2
Original line number Diff line number Diff line
@@ -466,11 +466,16 @@ typedef struct { 
  /**

   * Opens the interface and provides the callback routines

   * to the implemenation of this interface.

   * The |start_restricted| flag inits the adapter in restricted mode. In

   * restricted mode, bonds that are created are marked as restricted in the

   * config file. These devices are deleted upon leaving restricted mode.

   * The |is_single_user_mode| flag inits the adapter in NIAP mode.

   */

  int (*init)(bt_callbacks_t* callbacks);

  int (*init)(bt_callbacks_t* callbacks, bool guest_mode,

              bool is_single_user_mode);



  /** Enable Bluetooth. */

  int (*enable)(bool guest_mode);

  int (*enable)();



  /** Disable Bluetooth. */

  int (*disable)(void);

system/service/adapter.cc

+2 −3
Original line number Diff line number Diff line
@@ -230,7 +230,7 @@ class AdapterImpl : public Adapter, public hal::BluetoothInterface::Observer { 


  bool IsEnabled() const override { return state_.load() == ADAPTER_STATE_ON; }



  bool Enable(bool start_restricted) override {

  bool Enable() override {

    AdapterState current_state = GetState();

    if (current_state != ADAPTER_STATE_OFF) {

      LOG(INFO) << "Adapter not disabled - state: "
@@ -243,8 +243,7 @@ class AdapterImpl : public Adapter, public hal::BluetoothInterface::Observer { 
    state_ = ADAPTER_STATE_TURNING_ON;

    NotifyAdapterStateChanged(current_state, state_);



    int status = hal::BluetoothInterface::Get()->GetHALInterface()->enable(

        start_restricted);

    int status = hal::BluetoothInterface::Get()->GetHALInterface()->enable();

    if (status != BT_STATUS_SUCCESS) {

      LOG(ERROR) << "Failed to enable Bluetooth - status: "

                 << BtStatusText((const bt_status_t)status);