mirror of
https://github.com/Evolution-X/hardware_interfaces
synced 2026-02-01 11:36:00 +00:00
30196cf77c
Copy code that can be re-used from the Cuttlefish KeyMint
implementation, specifically from the following directories
under device/google/cuttlefish:
- HAL-side code from guest/hals/keymint/rust/
- TA-side code from host/commands/secure_env/rust/
Create a corresponding pair of libkmr_{hal,ta}_nonsecure libraries here.
The only changes to the copied code are:
- Convert `pub(crate)` to `pub` in `attest.rs`.
- Add some missing doc comments.
- Add comment noting need for SELinux permission to read ro.serialno.
- Add comment noting need for clock to be in sync with Gatekeeper.
(A subsequent CL aosp/2852598 adjusts Cuttlefish so that it uses the
copied modules here, and can remove the original copies.)
In addition to the moved code, the default implementation also needs
a new implementation of a monotonic clock, added here in clock.rs
using `std::time::Instant`.
With the new nonsecure HAL and TA libraries in place, implement the
default KeyMint HAL service using the former, and spin up a single
thread running a nonsecure TA using the latter. Communicate between
the two via a pair of mpsc::channel()s.
Test: VtsAidlKeyMintTargetTest with normal Cuttlefish (all pass)
Test: VtsAidlKeyMintTargetTest with default/nonsecure impl (auth
tests fail, but this is expected as Gatekeeper hasn't moved)
Bug: 314513765
Change-Id: Ia450e9a8f2dc530f79e8d74d7ce65f7d67ea129f
81 lines
1.9 KiB
Plaintext
81 lines
1.9 KiB
Plaintext
package {
|
|
// See: http://go/android-license-faq
|
|
// A large-scale-change added 'default_applicable_licenses' to import
|
|
// all of the 'license_kinds' from "hardware_interfaces_license"
|
|
// to get the below license kinds:
|
|
// SPDX-license-identifier-Apache-2.0
|
|
default_applicable_licenses: ["hardware_interfaces_license"],
|
|
}
|
|
|
|
rust_binary {
|
|
name: "android.hardware.security.keymint-service",
|
|
relative_install_path: "hw",
|
|
vendor: true,
|
|
init_rc: ["android.hardware.security.keymint-service.rc"],
|
|
vintf_fragments: [
|
|
"android.hardware.security.keymint-service.xml",
|
|
"android.hardware.security.sharedsecret-service.xml",
|
|
"android.hardware.security.secureclock-service.xml",
|
|
],
|
|
defaults: [
|
|
"keymint_use_latest_hal_aidl_rust",
|
|
],
|
|
srcs: [
|
|
"main.rs",
|
|
],
|
|
rustlibs: [
|
|
"libandroid_logger",
|
|
"libbinder_rs",
|
|
"liblog_rust",
|
|
"libkmr_hal",
|
|
"libkmr_hal_nonsecure",
|
|
"libkmr_ta_nonsecure",
|
|
],
|
|
required: [
|
|
"android.hardware.hardware_keystore.xml",
|
|
],
|
|
}
|
|
|
|
prebuilt_etc {
|
|
name: "android.hardware.hardware_keystore.xml",
|
|
sub_dir: "permissions",
|
|
vendor: true,
|
|
src: "android.hardware.hardware_keystore.xml",
|
|
}
|
|
|
|
rust_library {
|
|
name: "libkmr_hal_nonsecure",
|
|
crate_name: "kmr_hal_nonsecure",
|
|
vendor_available: true,
|
|
lints: "android",
|
|
rustlibs: [
|
|
"libbinder_rs",
|
|
"libhex",
|
|
"liblibc",
|
|
"liblog_rust",
|
|
"libkmr_hal",
|
|
"libkmr_wire",
|
|
],
|
|
srcs: ["hal/lib.rs"],
|
|
|
|
}
|
|
|
|
rust_library {
|
|
name: "libkmr_ta_nonsecure",
|
|
crate_name: "kmr_ta_nonsecure",
|
|
vendor_available: true,
|
|
host_supported: true,
|
|
lints: "android",
|
|
rustlibs: [
|
|
"libhex",
|
|
"liblibc",
|
|
"liblog_rust",
|
|
"libkmr_common",
|
|
"libkmr_crypto_boring",
|
|
"libkmr_ta",
|
|
"libkmr_wire",
|
|
],
|
|
srcs: ["ta/lib.rs"],
|
|
|
|
}
|