NIAP: Add a new argument to determine single user mode status.
This is being used to section off the feature to single user mode
devices as provisioned devices requiring compliance will be
single user mode only. This is a stop-gap waiting on a vendor code fix.
RE keystore (qseecom) problems: b/129759834
Bug: b/117993149
Test: atest net_test_bluetooth
Change-Id: I4fb3f4e663a051db8f8ba12901a20fa18ebf197e
diff --git a/btif/include/btif_api.h b/btif/include/btif_api.h
index 519fc9c..cef1aad 100644
--- a/btif/include/btif_api.h
+++ b/btif/include/btif_api.h
@@ -105,6 +105,19 @@
/*******************************************************************************
*
+ * Function is_single_user_mode_
+ *
+ * Description Checks if BT was enabled in single user mode. In this
+ * mode, use of keystore for key attestation of LTK is limitee
+ * to this mode defined by UserManager.
+ *
+ * Returns bool
+ *
+ ******************************************************************************/
+bool is_single_user_mode(void);
+
+/*******************************************************************************
+ *
* Function btif_get_adapter_properties
*
* Description Fetches all local adapter properties
diff --git a/btif/src/bluetooth.cc b/btif/src/bluetooth.cc
index 1faca2d..9dd4908 100644
--- a/btif/src/bluetooth.cc
+++ b/btif/src/bluetooth.cc
@@ -81,6 +81,7 @@
bt_callbacks_t* bt_hal_cbacks = NULL;
bool restricted_mode = false;
+bool single_user_mode = false;
/*******************************************************************************
* Externs
@@ -132,8 +133,10 @@
*
****************************************************************************/
-static int init(bt_callbacks_t* callbacks) {
- LOG_INFO(LOG_TAG, "%s", __func__);
+static int init(bt_callbacks_t* callbacks, bool start_restricted,
+ bool is_single_user_mode) {
+ LOG_INFO(LOG_TAG, "%s: start restricted = %d ; single user = %d", __func__,
+ start_restricted, is_single_user_mode);
if (interface_ready()) return BT_STATUS_DONE;
@@ -142,16 +145,14 @@
#endif
bt_hal_cbacks = callbacks;
+ restricted_mode = start_restricted;
+ single_user_mode = is_single_user_mode;
stack_manager_get_interface()->init_stack();
btif_debug_init();
return BT_STATUS_SUCCESS;
}
-static int enable(bool start_restricted) {
- LOG_INFO(LOG_TAG, "%s: start restricted = %d", __func__, start_restricted);
-
- restricted_mode = start_restricted;
-
+static int enable() {
if (!interface_ready()) return BT_STATUS_NOT_READY;
stack_manager_get_interface()->start_up_stack_async();
@@ -168,6 +169,7 @@
static void cleanup(void) { stack_manager_get_interface()->clean_up_stack(); }
bool is_restricted_mode() { return restricted_mode; }
+bool is_single_user_mode() { return single_user_mode; }
static int get_adapter_properties(void) {
/* sanity check */
diff --git a/btif/src/btif_config.cc b/btif/src/btif_config.cc
index 7d23e34..be006ab 100644
--- a/btif/src/btif_config.cc
+++ b/btif/src/btif_config.cc
@@ -60,7 +60,9 @@
constexpr int kBufferSize = 400 * 10; // initial file is ~400B
-static bool use_key_attestation() { return getuid() == AID_BLUETOOTH; }
+static bool use_key_attestation() {
+ return getuid() == AID_BLUETOOTH && is_single_user_mode();
+}
#define BT_CONFIG_METRICS_SECTION "Metrics"
#define BT_CONFIG_METRICS_SALT_256BIT "Salt256Bit"
diff --git a/include/hardware/bluetooth.h b/include/hardware/bluetooth.h
index f97e116..063abf9 100644
--- a/include/hardware/bluetooth.h
+++ b/include/hardware/bluetooth.h
@@ -466,11 +466,16 @@
/**
* Opens the interface and provides the callback routines
* to the implemenation of this interface.
+ * The |start_restricted| flag inits the adapter in restricted mode. In
+ * restricted mode, bonds that are created are marked as restricted in the
+ * config file. These devices are deleted upon leaving restricted mode.
+ * The |is_single_user_mode| flag inits the adapter in NIAP mode.
*/
- int (*init)(bt_callbacks_t* callbacks);
+ int (*init)(bt_callbacks_t* callbacks, bool guest_mode,
+ bool is_single_user_mode);
/** Enable Bluetooth. */
- int (*enable)(bool guest_mode);
+ int (*enable)();
/** Disable Bluetooth. */
int (*disable)(void);
diff --git a/service/adapter.cc b/service/adapter.cc
index 669aeff..4d414dd 100644
--- a/service/adapter.cc
+++ b/service/adapter.cc
@@ -230,7 +230,7 @@
bool IsEnabled() const override { return state_.load() == ADAPTER_STATE_ON; }
- bool Enable(bool start_restricted) override {
+ bool Enable() override {
AdapterState current_state = GetState();
if (current_state != ADAPTER_STATE_OFF) {
LOG(INFO) << "Adapter not disabled - state: "
@@ -243,8 +243,7 @@
state_ = ADAPTER_STATE_TURNING_ON;
NotifyAdapterStateChanged(current_state, state_);
- int status = hal::BluetoothInterface::Get()->GetHALInterface()->enable(
- start_restricted);
+ int status = hal::BluetoothInterface::Get()->GetHALInterface()->enable();
if (status != BT_STATUS_SUCCESS) {
LOG(ERROR) << "Failed to enable Bluetooth - status: "
<< BtStatusText((const bt_status_t)status);
diff --git a/service/adapter.h b/service/adapter.h
index edb8afe..a4e517c 100644
--- a/service/adapter.h
+++ b/service/adapter.h
@@ -119,10 +119,7 @@
// to the controller, otherwise returns false. A successful call to this
// method only means that the enable request has been sent to the Bluetooth
// controller and does not imply that the operation itself succeeded.
- // The |start_restricted| flag enables the adapter in restricted mode. In
- // restricted mode, bonds that are created are marked as restricted in the
- // config file. These devices are deleted upon leaving restricted mode.
- virtual bool Enable(bool start_restricted) = 0;
+ virtual bool Enable() = 0;
// Powers off the Bluetooth radio. Returns true, if the disable request was
// successfully sent to the Bluetooth controller.
diff --git a/service/client/main.cc b/service/client/main.cc
index 43228a4..6458b2d 100644
--- a/service/client/main.cc
+++ b/service/client/main.cc
@@ -389,25 +389,8 @@
}
void HandleEnable(IBluetooth* bt_iface, const vector<string>& args) {
- bool is_restricted_mode = false;
-
- for (const auto& iter : args) {
- const std::string& arg = iter;
- if (arg == "-h") {
- static const char kUsage[] =
- "Usage: start-adv [flags]\n"
- "\n"
- "Flags:\n"
- "\t--restricted|-r\tStart in restricted mode\n";
- cout << kUsage << endl;
- return;
- } else if (arg == "--restricted" || arg == "-r") {
- is_restricted_mode = true;
- }
- }
-
bool status;
- bt_iface->Enable(is_restricted_mode, &status);
+ bt_iface->Enable(&status);
PrintCommandStatus(status);
}
diff --git a/service/common/android/bluetooth/IBluetooth.aidl b/service/common/android/bluetooth/IBluetooth.aidl
index 3986ad7..46c7654 100644
--- a/service/common/android/bluetooth/IBluetooth.aidl
+++ b/service/common/android/bluetooth/IBluetooth.aidl
@@ -32,7 +32,7 @@
interface IBluetooth {
boolean IsEnabled();
int GetState();
- boolean Enable(boolean startRestricted);
+ boolean Enable();
boolean EnableNoAutoConnect();
boolean Disable();
diff --git a/service/daemon.cc b/service/daemon.cc
index a64c2d8..439c2c2 100644
--- a/service/daemon.cc
+++ b/service/daemon.cc
@@ -59,7 +59,7 @@
// ipc::IPCManager::Delegate implementation:
void OnIPCHandlerStarted(ipc::IPCManager::Type /* type */) override {
if (!settings_->EnableOnStart()) return;
- adapter_->Enable(false /* start_restricted */);
+ adapter_->Enable();
}
void OnIPCHandlerStopped(ipc::IPCManager::Type /* type */) override {
diff --git a/service/hal/bluetooth_interface.cc b/service/hal/bluetooth_interface.cc
index a08fb7b..5ca220c 100644
--- a/service/hal/bluetooth_interface.cc
+++ b/service/hal/bluetooth_interface.cc
@@ -254,7 +254,7 @@
// Initialize the Bluetooth interface. Set up the adapter (Bluetooth DM) API
// callbacks.
- status = hal_iface_->init(&bt_callbacks);
+ status = hal_iface_->init(&bt_callbacks, false, false);
if (status != BT_STATUS_SUCCESS) {
LOG(ERROR) << "Failed to initialize Bluetooth stack";
return false;
diff --git a/service/hal/fake_bluetooth_interface.cc b/service/hal/fake_bluetooth_interface.cc
index 7979155..f1d03ad 100644
--- a/service/hal/fake_bluetooth_interface.cc
+++ b/service/hal/fake_bluetooth_interface.cc
@@ -23,7 +23,7 @@
FakeBluetoothInterface::Manager g_hal_manager;
-int FakeHALEnable(bool start_restricted) {
+int FakeHALEnable() {
return g_hal_manager.enable_succeed ? BT_STATUS_SUCCESS : BT_STATUS_FAIL;
}
diff --git a/service/ipc/binder/bluetooth_binder_server.cc b/service/ipc/binder/bluetooth_binder_server.cc
index ca36019..097abb7 100644
--- a/service/ipc/binder/bluetooth_binder_server.cc
+++ b/service/ipc/binder/bluetooth_binder_server.cc
@@ -64,10 +64,9 @@
return Status::ok();
}
-Status BluetoothBinderServer::Enable(bool start_restricted,
- bool* _aidl_return) {
+Status BluetoothBinderServer::Enable(bool* _aidl_return) {
VLOG(2) << __func__;
- *_aidl_return = adapter_->Enable(start_restricted);
+ *_aidl_return = adapter_->Enable();
return Status::ok();
}
diff --git a/service/ipc/binder/bluetooth_binder_server.h b/service/ipc/binder/bluetooth_binder_server.h
index bfeb589..7131e8b 100644
--- a/service/ipc/binder/bluetooth_binder_server.h
+++ b/service/ipc/binder/bluetooth_binder_server.h
@@ -71,7 +71,7 @@
// IBluetooth overrides:
Status IsEnabled(bool* _aidl_return) override;
Status GetState(int32_t* _aidl_return) override;
- Status Enable(bool start_restricted, bool* _aidl_return) override;
+ Status Enable(bool* _aidl_return) override;
Status EnableNoAutoConnect(bool* _aidl_return) override;
Status Disable(bool* _aidl_return) override;
diff --git a/service/test/adapter_unittest.cc b/service/test/adapter_unittest.cc
index e6f5d10..b1cedc1 100644
--- a/service/test/adapter_unittest.cc
+++ b/service/test/adapter_unittest.cc
@@ -124,12 +124,12 @@
EXPECT_EQ(bluetooth::ADAPTER_STATE_OFF, adapter_->GetState());
// Enable fails at HAL level
- EXPECT_FALSE(adapter_->Enable(false));
+ EXPECT_FALSE(adapter_->Enable());
EXPECT_EQ(bluetooth::ADAPTER_STATE_OFF, adapter_->GetState());
// Enable success
fake_hal_manager_->enable_succeed = true;
- EXPECT_TRUE(adapter_->Enable(false));
+ EXPECT_TRUE(adapter_->Enable());
// Should have received a state update.
EXPECT_EQ(bluetooth::ADAPTER_STATE_OFF, observer.prev_state());
@@ -137,7 +137,7 @@
// Enable fails because not disabled
EXPECT_EQ(bluetooth::ADAPTER_STATE_TURNING_ON, adapter_->GetState());
- EXPECT_FALSE(adapter_->Enable(false));
+ EXPECT_FALSE(adapter_->Enable());
// Adapter state updates properly
fake_hal_iface_->NotifyAdapterStateChanged(BT_STATE_ON);
@@ -148,7 +148,7 @@
EXPECT_EQ(bluetooth::ADAPTER_STATE_ON, observer.cur_state());
// Enable fails because already enabled
- EXPECT_FALSE(adapter_->Enable(false));
+ EXPECT_FALSE(adapter_->Enable());
}
TEST_F(AdapterTest, Disable) {
diff --git a/service/test/mock_adapter.h b/service/test/mock_adapter.h
index 2c496b1..b652026 100644
--- a/service/test/mock_adapter.h
+++ b/service/test/mock_adapter.h
@@ -32,7 +32,7 @@
MOCK_METHOD1(RemoveObserver, void(Observer*));
MOCK_CONST_METHOD0(GetState, AdapterState());
MOCK_CONST_METHOD0(IsEnabled, bool());
- MOCK_METHOD1(Enable, bool(bool));
+ MOCK_METHOD0(Enable, bool());
MOCK_METHOD0(Disable, bool());
MOCK_CONST_METHOD0(GetName, std::string());
MOCK_METHOD1(SetName, bool(const std::string&));
diff --git a/test/suite/adapter/adapter_unittest.cc b/test/suite/adapter/adapter_unittest.cc
index 24ca3e5..7a26e28 100644
--- a/test/suite/adapter/adapter_unittest.cc
+++ b/test/suite/adapter/adapter_unittest.cc
@@ -35,7 +35,7 @@
EXPECT_EQ(GetState(), BT_STATE_OFF)
<< "Test should be run with Adapter disabled";
- EXPECT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ EXPECT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
EXPECT_EQ(GetState(), BT_STATE_ON) << "Adapter did not turn on.";
@@ -49,7 +49,7 @@
<< "Test should be run with Adapter disabled";
for (int i = 0; i < kTestRepeatCount; ++i) {
- EXPECT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ EXPECT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
EXPECT_EQ(GetState(), BT_STATE_ON) << "Adapter did not turn on.";
@@ -62,7 +62,7 @@
TEST_F(BluetoothTest, AdapterSetGetName) {
bt_property_t* new_name = property_new_name("BluetoothTestName1");
- EXPECT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ EXPECT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
EXPECT_EQ(GetState(), BT_STATE_ON)
<< "Test should be run with Adapter enabled";
@@ -114,7 +114,7 @@
}
TEST_F(BluetoothTest, AdapterStartDiscovery) {
- EXPECT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ EXPECT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
EXPECT_EQ(GetState(), BT_STATE_ON)
<< "Test should be run with Adapter enabled";
@@ -130,7 +130,7 @@
}
TEST_F(BluetoothTest, AdapterCancelDiscovery) {
- EXPECT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ EXPECT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
EXPECT_EQ(GetState(), BT_STATE_ON)
<< "Test should be run with Adapter enabled";
@@ -155,7 +155,7 @@
RawAddress bdaddr = {{0x22, 0x22, 0x22, 0x22, 0x22, 0x22}};
for (int i = 0; i < kTestRepeatCount; ++i) {
- EXPECT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ EXPECT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
EXPECT_EQ(GetState(), BT_STATE_ON) << "Adapter did not turn on.";
@@ -179,8 +179,8 @@
ASSERT_TRUE(bt_callbacks != nullptr);
for (int i = 0; i < kTestRepeatCount; ++i) {
- bt_interface()->init(bt_callbacks);
- EXPECT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ bt_interface()->init(bt_callbacks, false, false);
+ EXPECT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
EXPECT_EQ(GetState(), BT_STATE_ON) << "Adapter did not turn on.";
diff --git a/test/suite/gatt/gatt_test.cc b/test/suite/gatt/gatt_test.cc
index e3546d3..8c8f1ab 100644
--- a/test/suite/gatt/gatt_test.cc
+++ b/test/suite/gatt/gatt_test.cc
@@ -33,7 +33,7 @@
status_ = 0;
BluetoothTest::SetUp();
- ASSERT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ ASSERT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
EXPECT_TRUE(GetState() == BT_STATE_ON);
diff --git a/test/suite/rfcomm/rfcomm_test.cc b/test/suite/rfcomm/rfcomm_test.cc
index 01d9fed..d5baf35 100644
--- a/test/suite/rfcomm/rfcomm_test.cc
+++ b/test/suite/rfcomm/rfcomm_test.cc
@@ -28,7 +28,7 @@
void RFCommTest::SetUp() {
BluetoothTest::SetUp();
- ASSERT_EQ(bt_interface()->enable(false), BT_STATUS_SUCCESS);
+ ASSERT_EQ(bt_interface()->enable(), BT_STATUS_SUCCESS);
semaphore_wait(adapter_state_changed_callback_sem_);
ASSERT_TRUE(GetState() == BT_STATE_ON);
socket_interface_ =