AuthGraph: move code into library
Use the core library's new service implementation, which wraps a
channel to the TA.
In this nonsecure case, the TA is local in-process, so use the core
library's AuthGraphTa, and implement the SerializedChannel as just
a direct invocation of the TA.
Move this code into a _nonsecure library, so the main.rs just has
the code needed to start the executable and register the service.
Test: VtsAidlAuthGraphSessionTest
Bug: 284470121
Change-Id: I738d3876872a8cd248f0ebec708676d1173b6e37
diff --git a/security/authgraph/default/src/lib.rs b/security/authgraph/default/src/lib.rs
new file mode 100644
index 0000000..4cd0cb7
--- /dev/null
+++ b/security/authgraph/default/src/lib.rs
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Common functionality for non-secure/testing instance of AuthGraph.
+
+use authgraph_boringssl as boring;
+use authgraph_core::{
+ key::MillisecondsSinceEpoch,
+ ta::{AuthGraphTa, Role},
+ traits,
+};
+use authgraph_hal::channel::SerializedChannel;
+use std::sync::{Arc, Mutex};
+use std::time::Instant;
+
+/// Monotonic clock with an epoch that starts at the point of construction.
+/// (This makes it unsuitable for use outside of testing, because the epoch
+/// will not match that of any other component.)
+pub struct StdClock(Instant);
+
+impl Default for StdClock {
+ fn default() -> Self {
+ Self(Instant::now())
+ }
+}
+
+impl traits::MonotonicClock for StdClock {
+ fn now(&self) -> MillisecondsSinceEpoch {
+ let millis: i64 = self
+ .0
+ .elapsed()
+ .as_millis()
+ .try_into()
+ .expect("failed to fit timestamp in i64");
+ MillisecondsSinceEpoch(millis)
+ }
+}
+
+/// Implementation of the AuthGraph TA that runs locally in-process (and which is therefore
+/// insecure).
+pub struct LocalTa {
+ ta: Arc<Mutex<AuthGraphTa>>,
+}
+
+impl LocalTa {
+ /// Create a new instance.
+ pub fn new() -> Self {
+ Self {
+ ta: Arc::new(Mutex::new(AuthGraphTa::new(
+ boring::trait_impls(
+ Box::<boring::test_device::AgDevice>::default(),
+ Some(Box::new(StdClock::default())),
+ ),
+ Role::Both,
+ ))),
+ }
+ }
+}
+
+/// Pretend to be a serialized channel to the TA, but actually just directly invoke the TA with
+/// incoming requests.
+impl SerializedChannel for LocalTa {
+ const MAX_SIZE: usize = usize::MAX;
+
+ fn execute(&mut self, req_data: &[u8]) -> binder::Result<Vec<u8>> {
+ Ok(self.ta.lock().unwrap().process(req_data))
+ }
+}