Add encryption in incidentd.
+ Sections which require encryption will be encryted on disk.
+ When the sections are requested by clients (e.g., permission controller, report assignee),
incidentd will decrypte the data.
+ For efficiency, encryption is done ONLY for sections that require encryption.
+ Use Keystore API for key management.
Bug: 131084614
Test: incidentd_test
Change-Id: I84d6b86807ba5bbde1051e847b2df6e79e6b5be5
diff --git a/cmds/incidentd/Android.bp b/cmds/incidentd/Android.bp
index 8f9a5f8..9c9b6c7 100644
--- a/cmds/incidentd/Android.bp
+++ b/cmds/incidentd/Android.bp
@@ -59,6 +59,12 @@
"libservices",
"libutils",
"libprotobuf-cpp-lite",
+ "libcrypto",
+ "libkeystore_aidl",
+ "libkeystore_binder",
+ "libkeystore_parcelables",
+ "android.hardware.keymaster@4.0",
+ "libkeymaster4support",
],
static_libs: [
@@ -111,6 +117,8 @@
"src/incidentd_util.cpp",
"src/proto_util.cpp",
"src/report_directory.cpp",
+ "src/cipher/IncidentKeyStore.cpp",
+ "src/cipher/ProtoEncryption.cpp",
"src/**/*.proto",
],
@@ -132,6 +140,12 @@
"libprotoutil",
"libservices",
"libutils",
+ "libcrypto",
+ "libkeystore_aidl",
+ "libkeystore_binder",
+ "libkeystore_parcelables",
+ "android.hardware.keymaster@4.0",
+ "libkeymaster4support",
],
target: {