Merge "Package the rust_nonsecure keymint default HAL in an APEX" into main am: d741ab8a51

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3017012 Change-Id: Ic5d0897039611919a6135a7c5b01875e619bfca2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2026-02-01 16:50:18 +00:00 · 2024-03-30 10:28:13 +00:00
parent 2887010baf d741ab8a51
commit 780804059f
3 changed files with 51 additions and 1 deletions
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -115,5 +115,47 @@ rust_library {
        "libkmr_wire",
    ],
    srcs: ["ta/lib.rs"],
-
+}
+
+apex {
+    name: "com.android.hardware.keymint.rust_nonsecure",
+    manifest: "manifest.json",
+    file_contexts: "file_contexts",
+    key: "com.google.cf.apex.key",
+    certificate: ":com.android.hardware.certificate",
+    soc_specific: true,
+    updatable: false,
+    binaries: [
+        "android.hardware.security.keymint-service.nonsecure",
+    ],
+    prebuilts: [
+        "keymint_aidl_nonsecure_init_rc",
+        "keymint_aidl_nonsecure_vintf",
+        "android.hardware.hardware_keystore.xml", // permissions
+    ],
+}
+
+prebuilt_etc {
+    name: "keymint_aidl_nonsecure_init_rc",
+    filename_from_src: true,
+    vendor: true,
+    src: ":gen-keymint_aidl_nonsecure_init_rc",
+}
+
+genrule {
+    name: "gen-keymint_aidl_nonsecure_init_rc",
+    srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
+    out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
+    cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
+}
+
+prebuilt_etc {
+    name: "keymint_aidl_nonsecure_vintf",
+    sub_dir: "vintf",
+    vendor: true,
+    srcs: [
+        "android.hardware.security.keymint-service.xml",
+        "android.hardware.security.sharedsecret-service.xml",
+        "android.hardware.security.secureclock-service.xml",
+    ],
 }
--- a/security/keymint/aidl/default/file_contexts
+++ b/security/keymint/aidl/default/file_contexts
@@ -0,0 +1,3 @@
+(/.*)?                                                           u:object_r:vendor_file:s0
+/etc(/.*)?                                                       u:object_r:vendor_configs_file:s0
+/bin/hw/android\.hardware\.security\.keymint-service\.nonsecure  u:object_r:hal_keymint_rust_exec:s0
--- a/security/keymint/aidl/default/manifest.json
+++ b/security/keymint/aidl/default/manifest.json
@@ -0,0 +1,5 @@
+{
+    "name": "com.android.hardware.keymint",
+    "version": 1,
+    "vendorBootstrap": true
+}