diff --git a/boot/1.1/default/boot_control/include/libboot_control/libboot_control.h b/boot/1.1/default/boot_control/include/libboot_control/libboot_control.h index ac17d6dbd8..572a8b6784 100644 --- a/boot/1.1/default/boot_control/include/libboot_control/libboot_control.h +++ b/boot/1.1/default/boot_control/include/libboot_control/libboot_control.h @@ -25,9 +25,8 @@ namespace bootable { // Helper library to implement the IBootControl HAL using the misc partition. class BootControl { - using MergeStatus = ::android::hardware::boot::V1_1::MergeStatus; - public: + using MergeStatus = ::android::hardware::boot::V1_1::MergeStatus; bool Init(); unsigned int GetNumberSlots(); unsigned int GetCurrentSlot(); diff --git a/boot/aidl/Android.bp b/boot/aidl/Android.bp new file mode 100644 index 0000000000..b1a6be0e9e --- /dev/null +++ b/boot/aidl/Android.bp @@ -0,0 +1,32 @@ +// +// Copyright (C) 2022 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +aidl_interface { + name: "android.hardware.boot", + vendor_available: true, + srcs: ["android/hardware/boot/*.aidl"], + stability: "vintf", + recovery_available: true, + backend: { + java: { + sdk_version: "module_current", + }, + cpp: { + enabled: false, + }, + }, +} + diff --git a/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/IBootControl.aidl b/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/IBootControl.aidl new file mode 100644 index 0000000000..c8ab51ea6b --- /dev/null +++ b/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/IBootControl.aidl @@ -0,0 +1,50 @@ +// +// Copyright (C) 2022 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL file. Do not edit it manually. There are +// two cases: +// 1). this is a frozen version file - do not edit this in any case. +// 2). this is a 'current' file. If you make a backwards compatible change to +// the interface (from the latest frozen version), the build system will +// prompt you to update this file with `m -update-api`. +// +// You must not make a backward incompatible change to any AIDL file built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.boot; +@VintfStability +interface IBootControl { + int getActiveBootSlot(); + int getCurrentSlot(); + int getNumberSlots(); + android.hardware.boot.MergeStatus getSnapshotMergeStatus(); + String getSuffix(in int slot); + boolean isSlotBootable(in int slot); + boolean isSlotMarkedSuccessful(in int slot); + void markBootSuccessful(); + void setActiveBootSlot(in int slot); + void setSlotAsUnbootable(in int slot); + void setSnapshotMergeStatus(in android.hardware.boot.MergeStatus status); + const int INVALID_SLOT = -1; + const int COMMAND_FAILED = -2; +} diff --git a/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/MergeStatus.aidl b/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/MergeStatus.aidl new file mode 100644 index 0000000000..53c62047cc --- /dev/null +++ b/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/MergeStatus.aidl @@ -0,0 +1,42 @@ +// +// Copyright (C) 2022 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL file. Do not edit it manually. There are +// two cases: +// 1). this is a frozen version file - do not edit this in any case. +// 2). this is a 'current' file. If you make a backwards compatible change to +// the interface (from the latest frozen version), the build system will +// prompt you to update this file with `m -update-api`. +// +// You must not make a backward incompatible change to any AIDL file built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.boot; +@Backing(type="int") @VintfStability +enum MergeStatus { + NONE = 0, + UNKNOWN = 1, + SNAPSHOTTED = 2, + MERGING = 3, + CANCELLED = 4, +} diff --git a/boot/aidl/android/hardware/boot/IBootControl.aidl b/boot/aidl/android/hardware/boot/IBootControl.aidl new file mode 100644 index 0000000000..6c9e8cebcb --- /dev/null +++ b/boot/aidl/android/hardware/boot/IBootControl.aidl @@ -0,0 +1,158 @@ +// +// Copyright (C) 2022 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package android.hardware.boot; + +import android.hardware.boot.MergeStatus; + +@VintfStability +interface IBootControl { + const int INVALID_SLOT = -1; + const int COMMAND_FAILED = -2; + /** + * Returns the active slot to boot into on the next boot. If + * setActiveBootSlot() has been called, the getter function should return the + * same slot as the one provided in the last setActiveBootSlot() call. + * The returned value is always guaranteed to be strictly less than the + * value returned by getNumberSlots. Slots start at 0 and finish at + * getNumberSlots() - 1. For instance, a system with A/B must return 0 or 1. + * @return the active slot to boot into on the next boot. + */ + int getActiveBootSlot(); + + /** + * getCurrentSlot() returns the slot number of that the current boot is booted + * from, for example slot number 0 (Slot A). It is assumed that if the current + * slot is A, then the block devices underlying B can be accessed directly + * without any risk of corruption. + * The returned value is always guaranteed to be strictly less than the + * value returned by getNumberSlots. Slots start at 0 and finish at + * getNumberSlots() - 1. The value returned here must match the suffix passed + * from the bootloader, regardless of which slot is active or successful. + * @return the slot number of that the current boot is booted + */ + int getCurrentSlot(); + + /** + * getNumberSlots() returns the number of available slots. + * For instance, a system with a single set of partitions must return + * 1, a system with A/B must return 2, A/B/C -> 3 and so on. A system with + * less than two slots doesn't support background updates, for example if + * running from a virtual machine with only one copy of each partition for the + * purpose of testing. + * @return number of available slots + */ + int getNumberSlots(); + + /** + * Returns whether a snapshot-merge of any dynamic partition is in progress. + * + * This function must return the merge status set by the last setSnapshotMergeStatus call and + * recorded by the bootloader with one exception. If the partitions are being flashed from the + * bootloader such that the pending merge must be canceled (for example, if the super partition + * is being flashed), this function must return CANCELLED. + * + * @param out success True if the merge status is read successfully, false otherwise. + * @return Merge status. + */ + MergeStatus getSnapshotMergeStatus(); + + /** + * getSuffix() returns the string suffix used by partitions that correspond to + * the slot number passed in as a parameter. The bootloader must pass the + * suffix of the currently active slot either through a kernel command line + * property at androidboot.slot_suffix, or the device tree at + * /firmware/android/slot_suffix. + * @return suffix for the input slot, or the empty string "" if slot + * does not match an existing slot. + */ + String getSuffix(in int slot); + + /** + * isSlotBootable() returns if the slot passed in parameter is bootable. Note + * that slots can be made unbootable by both the bootloader and by the OS + * using setSlotAsUnbootable. + * @return true if the slot is bootable, false if it's not. + * @throws service specific error INVALID_SLOT if slot is invalid. + */ + boolean isSlotBootable(in int slot); + + /** + * isSlotMarkedSuccessful() returns if the slot passed in parameter has been + * marked as successful using markBootSuccessful. Note that only the current + * slot can be marked as successful but any slot can be queried. + * @return true if the slot has been marked as successful, false if it has + * not. + * @throws service specific error INVALID_SLOT if slot is invalid. + */ + boolean isSlotMarkedSuccessful(in int slot); + + /** + * markBootSuccessful() marks the current slot as having booted successfully. + * + * @throws Service specific error COMMAND_FAILED if command failed. + */ + void markBootSuccessful(); + + /** + * setActiveBootSlot() marks the slot passed in parameter as the active boot + * slot (see getCurrentSlot for an explanation of the "slot" parameter). This + * overrides any previous call to setSlotAsUnbootable. + * @throws Service specific error INVALID_SLOT if slot is invalid, or COMMAND_FAILED if + * operation failed. + */ + void setActiveBootSlot(in int slot); + + /** + * setSlotAsUnbootable() marks the slot passed in parameter as + * an unbootable. This can be used while updating the contents of the slot's + * partitions, so that the system must not attempt to boot a known bad set up. + * @throws Service specific error INVALID_SLOT if slot is invalid, or COMMAND_FAILED if + * operation failed. + */ + void setSlotAsUnbootable(in int slot); + + /** + * Sets whether a snapshot-merge of any dynamic partition is in progress. + * + * After the merge status is set to a given value, subsequent calls to + * getSnapshotMergeStatus must return the set value. + * + * The merge status must be persistent across reboots. That is, getSnapshotMergeStatus + * must return the same value after a reboot if the merge status is not altered in any way + * (e.g. set by setSnapshotMergeStatus or set to CANCELLED by bootloader). + * + * Read/write access to the merge status must be atomic. When the HAL is processing a + * setSnapshotMergeStatus call, all subsequent calls to getSnapshotMergeStatus must block until + * setSnapshotMergeStatus has returned. + * + * A MERGING state indicates that dynamic partitions are partially comprised by blocks in the + * userdata partition. + * + * When the merge status is set to MERGING, the following operations must be prohibited from the + * bootloader: + * - Flashing or erasing "userdata" or "metadata". + * + * The following operations may be prohibited when the status is set to MERGING. If not + * prohibited, it is recommended that the user receive a warning. + * - Changing the active slot (e.g. via "fastboot set_active") + * + * @param status Merge status. + * + * @throws service specific error COMMAND_FAILED if operation failed. + */ + void setSnapshotMergeStatus(in MergeStatus status); +} diff --git a/boot/aidl/android/hardware/boot/MergeStatus.aidl b/boot/aidl/android/hardware/boot/MergeStatus.aidl new file mode 100644 index 0000000000..16ac85f7be --- /dev/null +++ b/boot/aidl/android/hardware/boot/MergeStatus.aidl @@ -0,0 +1,42 @@ +// +// Copyright (C) 2022 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package android.hardware.boot; + +@VintfStability +@Backing(type="int") +enum MergeStatus { + /** + * No snapshot or merge is in progress. + */ + NONE = 0, + /** + * The merge status could not be determined. + */ + UNKNOWN, + /** + * Partitions are being snapshotted, but no merge has been started. + */ + SNAPSHOTTED, + /** + * At least one partition has merge is in progress. + */ + MERGING, + /** + * A merge was in progress, but it was canceled by the bootloader. + */ + CANCELLED, +} diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml index 886f7f5b39..943fdb1035 100644 --- a/compatibility_matrices/compatibility_matrix.current.xml +++ b/compatibility_matrices/compatibility_matrix.current.xml @@ -156,6 +156,13 @@ default + + android.hardware.boot + + IBootControl + default + + android.hardware.broadcastradio 1.0-1