mirror of
https://github.com/Evolution-X/hardware_interfaces
synced 2026-02-02 17:31:58 +00:00
7dcdd5b9c8
Make it easier for vendors to declare the Package Manager flag that matches the version of KeyMint that their device implements. Test: TreeHugger Bug: 381125092 Change-Id: I13f781836b4b06c43811b315ca78da076ecd928f
224 lines
6.2 KiB
Plaintext
224 lines
6.2 KiB
Plaintext
package {
|
|
// See: http://go/android-license-faq
|
|
// A large-scale-change added 'default_applicable_licenses' to import
|
|
// all of the 'license_kinds' from "hardware_interfaces_license"
|
|
// to get the below license kinds:
|
|
// SPDX-license-identifier-Apache-2.0
|
|
default_applicable_licenses: ["hardware_interfaces_license"],
|
|
}
|
|
|
|
vintf_fragment {
|
|
name: "android.hardware.security.keymint-service.xml",
|
|
src: "android.hardware.security.keymint-service.xml",
|
|
vendor: true,
|
|
}
|
|
|
|
vintf_fragment {
|
|
name: "android.hardware.security.sharedsecret-service.xml",
|
|
src: "android.hardware.security.sharedsecret-service.xml",
|
|
vendor: true,
|
|
}
|
|
|
|
vintf_fragment {
|
|
name: "android.hardware.security.secureclock-service.xml",
|
|
src: "android.hardware.security.secureclock-service.xml",
|
|
vendor: true,
|
|
}
|
|
|
|
// The following target has an insecure implementation of KeyMint where the
|
|
// trusted application (TA) code runs in-process alongside the HAL service
|
|
// code.
|
|
//
|
|
// A real device is required to run the TA code in a secure environment, as
|
|
// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
|
|
// isolated execution environment."
|
|
cc_binary {
|
|
name: "android.hardware.security.keymint-service",
|
|
relative_install_path: "hw",
|
|
init_rc: ["android.hardware.security.keymint-service.rc"],
|
|
vendor: true,
|
|
cflags: [
|
|
"-Wall",
|
|
"-Wextra",
|
|
],
|
|
defaults: [
|
|
"keymint_use_latest_hal_aidl_ndk_shared",
|
|
],
|
|
shared_libs: [
|
|
"android.hardware.security.rkp-V3-ndk",
|
|
"android.hardware.security.sharedsecret-V1-ndk",
|
|
"android.hardware.security.secureclock-V1-ndk",
|
|
"libbase",
|
|
"libbinder_ndk",
|
|
"libcppbor",
|
|
"libcrypto",
|
|
"libkeymaster_portable",
|
|
"libkeymint",
|
|
"liblog",
|
|
"libpuresoftkeymasterdevice",
|
|
"libutils",
|
|
],
|
|
srcs: [
|
|
"service.cpp",
|
|
],
|
|
required: [
|
|
"android.hardware.hardware_keystore.xml",
|
|
],
|
|
vintf_fragment_modules: [
|
|
"android.hardware.security.keymint-service.xml",
|
|
"android.hardware.security.sharedsecret-service.xml",
|
|
"android.hardware.security.secureclock-service.xml",
|
|
],
|
|
}
|
|
|
|
// The following target has an insecure implementation of KeyMint where the
|
|
// trusted application (TA) code runs in-process alongside the HAL service
|
|
// code.
|
|
//
|
|
// A real device is required to run the TA code in a secure environment, as
|
|
// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
|
|
// isolated execution environment."
|
|
rust_binary {
|
|
name: "android.hardware.security.keymint-service.nonsecure",
|
|
relative_install_path: "hw",
|
|
vendor: true,
|
|
init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
|
|
defaults: [
|
|
"keymint_use_latest_hal_aidl_rust",
|
|
],
|
|
srcs: [
|
|
"main.rs",
|
|
],
|
|
rustlibs: [
|
|
"libandroid_logger",
|
|
"libbinder_rs",
|
|
"liblog_rust",
|
|
"libkmr_hal",
|
|
"libkmr_hal_nonsecure",
|
|
"libkmr_ta_nonsecure",
|
|
],
|
|
vintf_fragment_modules: [
|
|
"android.hardware.security.keymint-service.xml",
|
|
"android.hardware.security.sharedsecret-service.xml",
|
|
"android.hardware.security.secureclock-service.xml",
|
|
],
|
|
}
|
|
|
|
// The following target declares the latest version of KeyMint.
|
|
prebuilt_etc {
|
|
name: "android.hardware.hardware_keystore.xml",
|
|
sub_dir: "permissions",
|
|
vendor: true,
|
|
src: "android.hardware.hardware_keystore.xml",
|
|
}
|
|
|
|
// The following targets (and underlying XML files) declare specific
|
|
// versions of KeyMint. Vendors should use the version that matches the
|
|
// version of the KeyMint HAL that the device implements.
|
|
|
|
prebuilt_etc {
|
|
name: "android.hardware.hardware_keystore_V1.xml",
|
|
sub_dir: "permissions",
|
|
vendor: true,
|
|
src: "android.hardware.hardware_keystore_V1.xml",
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "android.hardware.hardware_keystore_V2.xml",
|
|
sub_dir: "permissions",
|
|
vendor: true,
|
|
src: "android.hardware.hardware_keystore_V2.xml",
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "android.hardware.hardware_keystore_V3.xml",
|
|
sub_dir: "permissions",
|
|
vendor: true,
|
|
src: "android.hardware.hardware_keystore_V3.xml",
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "android.hardware.hardware_keystore_V4.xml",
|
|
sub_dir: "permissions",
|
|
vendor: true,
|
|
src: "android.hardware.hardware_keystore_V4.xml",
|
|
}
|
|
|
|
rust_library {
|
|
name: "libkmr_hal_nonsecure",
|
|
crate_name: "kmr_hal_nonsecure",
|
|
vendor_available: true,
|
|
lints: "android",
|
|
rustlibs: [
|
|
"libbinder_rs",
|
|
"libhex",
|
|
"liblibc",
|
|
"liblog_rust",
|
|
"libkmr_hal",
|
|
"libkmr_wire",
|
|
],
|
|
srcs: ["hal/lib.rs"],
|
|
|
|
}
|
|
|
|
rust_library {
|
|
name: "libkmr_ta_nonsecure",
|
|
crate_name: "kmr_ta_nonsecure",
|
|
vendor_available: true,
|
|
host_supported: true,
|
|
lints: "android",
|
|
rustlibs: [
|
|
"libhex",
|
|
"liblibc",
|
|
"liblog_rust",
|
|
"libkmr_common",
|
|
"libkmr_crypto_boring",
|
|
"libkmr_ta",
|
|
"libkmr_wire",
|
|
],
|
|
srcs: ["ta/lib.rs"],
|
|
}
|
|
|
|
apex {
|
|
name: "com.android.hardware.keymint.rust_nonsecure",
|
|
manifest: "manifest.json",
|
|
file_contexts: "file_contexts",
|
|
key: "com.google.cf.apex.key",
|
|
certificate: ":com.android.hardware.certificate",
|
|
soc_specific: true,
|
|
updatable: false,
|
|
binaries: [
|
|
"android.hardware.security.keymint-service.nonsecure",
|
|
],
|
|
prebuilts: [
|
|
"keymint_aidl_nonsecure_init_rc",
|
|
"keymint_aidl_nonsecure_vintf",
|
|
"android.hardware.hardware_keystore.xml", // permissions
|
|
],
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "keymint_aidl_nonsecure_init_rc",
|
|
filename_from_src: true,
|
|
vendor: true,
|
|
src: ":gen-keymint_aidl_nonsecure_init_rc",
|
|
}
|
|
|
|
genrule {
|
|
name: "gen-keymint_aidl_nonsecure_init_rc",
|
|
srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
|
|
out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
|
|
cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "keymint_aidl_nonsecure_vintf",
|
|
sub_dir: "vintf",
|
|
vendor: true,
|
|
srcs: [
|
|
"android.hardware.security.keymint-service.xml",
|
|
"android.hardware.security.sharedsecret-service.xml",
|
|
"android.hardware.security.secureclock-service.xml",
|
|
],
|
|
}
|