hwcryptohal: Adding hwcrypto hal vendor service
Adding hwcrypto hal vendor service delegator to forward kernel
binder requests to trusty.
Bug: 393162614
Test: cf build/ manual test
Change-Id: Ibded55a85b43d9c35322c0d3cee5af0417f5c039
diff --git a/security/see/hwcrypto/aidl/Android.bp b/security/see/hwcrypto/aidl/Android.bp
index c64b827..2115f19 100644
--- a/security/see/hwcrypto/aidl/Android.bp
+++ b/security/see/hwcrypto/aidl/Android.bp
@@ -31,6 +31,7 @@
},
frozen: true,
system_ext_specific: true,
+ vendor_available: true,
versions_with_info: [
{
version: "1",
diff --git a/security/see/hwcrypto/aidl/vts/functional/Android.bp b/security/see/hwcrypto/aidl/vts/functional/Android.bp
index 52c7feb..c2514d1 100644
--- a/security/see/hwcrypto/aidl/vts/functional/Android.bp
+++ b/security/see/hwcrypto/aidl/vts/functional/Android.bp
@@ -19,6 +19,8 @@
rust_defaults {
name: "hw_crypto_hal_aidl_rust_defaults",
enabled: false,
+ prefer_rlib: true,
+ vendor_available: true,
rustlibs: [
"libbinder_rs",
"android.hardware.security.see.hwcrypto-V1-rust",
@@ -29,6 +31,11 @@
"librpcbinder_rs",
"librustutils",
],
+ arch: {
+ arm64: {
+ enabled: true,
+ },
+ },
}
rust_library {
@@ -42,18 +49,14 @@
],
}
-rust_binary {
- name: "wait_hw_crypto",
- prefer_rlib: true,
+rust_test {
+ name: "VtsAidlHwCryptoConnTest",
+ srcs: ["connection_test.rs"],
+ require_root: true,
defaults: [
"hw_crypto_hal_aidl_rust_defaults",
],
- srcs: ["wait_service.rs"],
rustlibs: [
"libhwcryptohal_vts_test",
- "liblogger",
- "liblog_rust",
- "libanyhow",
- "libclap",
],
}
diff --git a/security/see/hwcrypto/aidl/vts/functional/AndroidTest.xml b/security/see/hwcrypto/aidl/vts/functional/AndroidTestSystem.xml
similarity index 92%
rename from security/see/hwcrypto/aidl/vts/functional/AndroidTest.xml
rename to security/see/hwcrypto/aidl/vts/functional/AndroidTestSystem.xml
index 73290cf..649be23 100644
--- a/security/see/hwcrypto/aidl/vts/functional/AndroidTest.xml
+++ b/security/see/hwcrypto/aidl/vts/functional/AndroidTestSystem.xml
@@ -27,8 +27,8 @@
<option name="push-file" key="trusty-wait-ready.sh" value="/data/local/tmp/trusty_test_vm/trusty-wait-ready.sh" />
<option name="push-file" key="wait_hw_crypto" value="/data/local/tmp/trusty_test_vm/wait_hw_crypto" />
<option name="push-file" key="trusty-test_vm-config.json" value="/data/local/tmp/trusty_test_vm/trusty-test_vm-config.json" />
- <option name="push-file" key="trusty_test_vm_elf" value="/data/local/tmp/trusty_test_vm/trusty_test_vm_elf" />
- <option name="push-file" key="VtsAidlHwCryptoConnTest" value="/data/local/tmp/VtsAidlHwCryptoConnTest" />
+ <option name="push-file" key="trusty_test_vm.elf" value="/data/local/tmp/trusty_test_vm/trusty_test_vm.elf" />
+ <option name="push-file" key="VtsAidlHwCryptoConnTestSystem" value="/data/local/tmp/VtsAidlHwCryptoConnTestSystem" />
</target_preparer>
<target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
<option name="throw-if-cmd-fail" value="true" />
@@ -47,7 +47,7 @@
<test class="com.android.tradefed.testtype.rust.RustBinaryTest" >
<option name="test-device-path" value="/data/local/tmp" />
- <option name="module-name" value="VtsAidlHwCryptoConnTest" />
+ <option name="module-name" value="VtsAidlHwCryptoConnTestSystem" />
<!-- Rust tests are run in parallel by default. Run these ones
single-threaded, so that one test's secrets don't affect
the behaviour of a different test. -->
diff --git a/security/see/hwcrypto/aidl/vts/functional/lib.rs b/security/see/hwcrypto/aidl/vts/functional/lib.rs
index e14ac83..81ae3fa 100644
--- a/security/see/hwcrypto/aidl/vts/functional/lib.rs
+++ b/security/see/hwcrypto/aidl/vts/functional/lib.rs
@@ -17,19 +17,32 @@
//! VTS test library for HwCrypto functionality.
//! It provides the base clases necessaries to write HwCrypto VTS tests
-use anyhow::{Context, Result};
+#[cfg(target_arch = "x86_64")]
+use anyhow::Context;
+use anyhow::Result;
+#[cfg(target_arch = "x86_64")]
use binder::{ExceptionCode, FromIBinder, IntoBinderResult, ParcelFileDescriptor};
+#[cfg(target_arch = "x86_64")]
use rpcbinder::RpcSession;
+#[cfg(target_arch = "x86_64")]
use vsock::VsockStream;
+#[cfg(target_arch = "x86_64")]
use std::os::fd::{FromRawFd, IntoRawFd};
+#[cfg(target_arch = "x86_64")]
use std::fs::File;
+#[cfg(target_arch = "x86_64")]
use std::io::Read;
+#[cfg(target_arch = "x86_64")]
use rustutils::system_properties;
+#[cfg(target_arch = "aarch64")]
+use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::BpHwCryptoKey;
use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::IHwCryptoKey;
+#[cfg(target_arch = "x86_64")]
const HWCRYPTO_SERVICE_PORT: u32 = 4;
/// Local function to connect to service
+#[cfg(target_arch = "x86_64")]
pub fn connect_service<T: FromIBinder + ?Sized>(
cid: u32,
port: u32,
@@ -44,7 +57,8 @@
})
}
-/// Get a HwCryptoKey binder service object
+/// Get a HwCryptoKey binder service object using a direct vsock connection
+#[cfg(target_arch = "x86_64")]
pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {
let cid = system_properties::read("trusty.test_vm.vm_cid")
.context("couldn't get vm cid")
@@ -55,3 +69,10 @@
.or_binder_exception(ExceptionCode::ILLEGAL_ARGUMENT)?;
Ok(connect_service(cid, HWCRYPTO_SERVICE_PORT)?)
}
+
+/// Get a HwCryptoKey binder service object using the service manager
+#[cfg(target_arch = "aarch64")]
+pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {
+ let interface_name = <BpHwCryptoKey as IHwCryptoKey>::get_descriptor().to_owned() + "/default";
+ Ok(binder::get_interface(&interface_name)?)
+}
diff --git a/security/see/hwcrypto/aidl/vts/functional/wait_service.rs b/security/see/hwcrypto/aidl/vts/functional/wait_service.rs
deleted file mode 100644
index 13cbcb1..0000000
--- a/security/see/hwcrypto/aidl/vts/functional/wait_service.rs
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2025, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! Small utility to wait for hwcrypto service to be up
-
-use anyhow::{/*Context,*/ Result};
-use clap::Parser;
-use log::info;
-use std::{thread, time};
-
-#[derive(Parser)]
-/// Collection of CLI for trusty_security_vm_launcher
-pub struct Args {
- /// Number of repetitions for the wait
- #[arg(long, default_value_t = 20)]
- number_repetitions: u32,
-
- /// Delay between repetitiond
- #[arg(long, default_value_t = 2)]
- delay_between_repetitions: u32,
-}
-
-fn main() -> Result<()> {
- let args = Args::parse();
-
- info!("Waiting for hwcrypto service");
- let delay = time::Duration::new(args.delay_between_repetitions.into(), 0);
- for _ in 0..args.number_repetitions {
- let hw_crypto_key = hwcryptohal_vts_test::get_hwcryptokey();
- if hw_crypto_key.is_ok() {
- break;
- }
- thread::sleep(delay);
- }
- Ok(())
-}