From 9f3f37f28801ef26c3c15fdfe8906ca218a5983a Mon Sep 17 00:00:00 2001
From: Jooyung Han <jooyung@google.com>
Date: Tue, 21 Nov 2023 17:00:18 +0900
Subject: [PATCH] Add authgraph HAL APEX

Bug: 309463258
Test: VtsAidlAuthGraphSessionTest
Change-Id: I5ac32a6e5d70321f31321b613a982020bf51db68
---
 security/authgraph/default/Android.bp         | 35 +++++++++++++++++--
 security/authgraph/default/apex_file_contexts |  3 ++
 security/authgraph/default/apex_manifest.json |  4 +++
 security/authgraph/default/authgraph.rc       |  2 +-
 4 files changed, 41 insertions(+), 3 deletions(-)
 create mode 100644 security/authgraph/default/apex_file_contexts
 create mode 100644 security/authgraph/default/apex_manifest.json

diff --git a/security/authgraph/default/Android.bp b/security/authgraph/default/Android.bp
index c4810759ec..7894477ea5 100644
--- a/security/authgraph/default/Android.bp
+++ b/security/authgraph/default/Android.bp
@@ -46,11 +46,11 @@ rust_binary {
     name: "android.hardware.security.authgraph-service.nonsecure",
     relative_install_path: "hw",
     vendor: true,
-    init_rc: ["authgraph.rc"],
-    vintf_fragments: ["authgraph.xml"],
+    installable: false, // install com.android.hardware.security.authgraph
     defaults: [
         "authgraph_use_latest_hal_aidl_rust",
     ],
+    prefer_rlib: true,
     rustlibs: [
         "libandroid_logger",
         "libauthgraph_hal",
@@ -80,3 +80,34 @@ rust_fuzz {
         ],
     },
 }
+
+prebuilt_etc {
+    name: "authgraph.xml",
+    src: "authgraph.xml",
+    sub_dir: "vintf",
+    installable: false,
+}
+
+prebuilt_etc {
+    name: "authgraph.rc",
+    src: "authgraph.rc",
+    installable: false,
+}
+
+apex {
+    name: "com.android.hardware.security.authgraph",
+    manifest: "apex_manifest.json",
+    file_contexts: "apex_file_contexts",
+    key: "com.android.hardware.key",
+    certificate: ":com.android.hardware.certificate",
+    vendor: true,
+    updatable: false,
+
+    binaries: [
+        "android.hardware.security.authgraph-service.nonsecure",
+    ],
+    prebuilts: [
+        "authgraph.rc",
+        "authgraph.xml",
+    ],
+}
diff --git a/security/authgraph/default/apex_file_contexts b/security/authgraph/default/apex_file_contexts
new file mode 100644
index 0000000000..9a54613b6d
--- /dev/null
+++ b/security/authgraph/default/apex_file_contexts
@@ -0,0 +1,3 @@
+(/.*)?                                          u:object_r:vendor_file:s0
+/etc(/.*)?                                      u:object_r:vendor_configs_file:s0
+/bin/hw/android\.hardware\.security\.authgraph-service\.nonsecure  u:object_r:hal_authgraph_default_exec:s0
diff --git a/security/authgraph/default/apex_manifest.json b/security/authgraph/default/apex_manifest.json
new file mode 100644
index 0000000000..0723846c0d
--- /dev/null
+++ b/security/authgraph/default/apex_manifest.json
@@ -0,0 +1,4 @@
+{
+    "name": "com.android.hardware.security.authgraph",
+    "version": 1
+}
\ No newline at end of file
diff --git a/security/authgraph/default/authgraph.rc b/security/authgraph/default/authgraph.rc
index 022299404a..2d07542b87 100644
--- a/security/authgraph/default/authgraph.rc
+++ b/security/authgraph/default/authgraph.rc
@@ -1,4 +1,4 @@
-service vendor.authgraph /vendor/bin/hw/android.hardware.security.authgraph-service.nonsecure
+service vendor.authgraph /apex/com.android.hardware.security.authgraph/bin/hw/android.hardware.security.authgraph-service.nonsecure
     interface aidl android.hardware.security.authgraph.IAuthGraph/nonsecure
     class hal
     user nobody