Reinstate C++ KeyMint impl as default
This is a partial revert of aosp/2856649, changeID
Ia450e9a8f2dc530f79e8d74d7ce65f7d67ea129f, because it turns out
that there are Wear devices that are using the default implementation
(but which are not covered by TreeHugger/presubmit).
It restores the C++ implementation for KeyMint as
android.hardware.security.keymint-service, but preserves the Rust
libraries that were moved here in that CL as a subsequent CL
(aosp/2852598) means that Cuttlefish now uses the libraries here.
Test: VtsAidlKeyMintTargetTest on Cuttlefish
Bug: 328251011
Bug: 314513765
Change-Id: Id6f3491144588e418cd6e18e51262fe839bfdf39
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index d815ff7..122a421 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -7,9 +7,48 @@
default_applicable_licenses: ["hardware_interfaces_license"],
}
-rust_binary {
+cc_binary {
name: "android.hardware.security.keymint-service",
relative_install_path: "hw",
+ init_rc: ["android.hardware.security.keymint-service.rc"],
+ vintf_fragments: [
+ "android.hardware.security.keymint-service.xml",
+ "android.hardware.security.sharedsecret-service.xml",
+ "android.hardware.security.secureclock-service.xml",
+ ],
+ vendor: true,
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ ],
+ defaults: [
+ "keymint_use_latest_hal_aidl_ndk_shared",
+ ],
+ shared_libs: [
+ "android.hardware.security.rkp-V3-ndk",
+ "android.hardware.security.sharedsecret-V1-ndk",
+ "android.hardware.security.secureclock-V1-ndk",
+ "libbase",
+ "libbinder_ndk",
+ "libcppbor_external",
+ "libcrypto",
+ "libkeymaster_portable",
+ "libkeymint",
+ "liblog",
+ "libpuresoftkeymasterdevice",
+ "libutils",
+ ],
+ srcs: [
+ "service.cpp",
+ ],
+ required: [
+ "android.hardware.hardware_keystore.xml",
+ ],
+}
+
+rust_binary {
+ name: "android.hardware.security.keymint-service.nonsecure",
+ relative_install_path: "hw",
vendor: true,
init_rc: ["android.hardware.security.keymint-service.rc"],
vintf_fragments: [
diff --git a/security/keymint/aidl/default/service.cpp b/security/keymint/aidl/default/service.cpp
new file mode 100644
index 0000000..10cbf07
--- /dev/null
+++ b/security/keymint/aidl/default/service.cpp
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2020, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "android.hardware.security.keymint-service"
+
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+
+#include <AndroidKeyMintDevice.h>
+#include <AndroidRemotelyProvisionedComponentDevice.h>
+#include <AndroidSecureClock.h>
+#include <AndroidSharedSecret.h>
+#include <keymaster/soft_keymaster_logger.h>
+
+using aidl::android::hardware::security::keymint::AndroidKeyMintDevice;
+using aidl::android::hardware::security::keymint::AndroidRemotelyProvisionedComponentDevice;
+using aidl::android::hardware::security::keymint::SecurityLevel;
+using aidl::android::hardware::security::secureclock::AndroidSecureClock;
+using aidl::android::hardware::security::sharedsecret::AndroidSharedSecret;
+
+template <typename T, class... Args>
+std::shared_ptr<T> addService(Args&&... args) {
+ std::shared_ptr<T> ser = ndk::SharedRefBase::make<T>(std::forward<Args>(args)...);
+ auto instanceName = std::string(T::descriptor) + "/default";
+ LOG(INFO) << "adding keymint service instance: " << instanceName;
+ binder_status_t status =
+ AServiceManager_addService(ser->asBinder().get(), instanceName.c_str());
+ CHECK_EQ(status, STATUS_OK);
+ return ser;
+}
+
+int main() {
+ // The global logger object required by keymaster's logging macros in keymaster/logger.h.
+ keymaster::SoftKeymasterLogger km_logger;
+ // Zero threads seems like a useless pool, but below we'll join this thread to it, increasing
+ // the pool size to 1.
+ ABinderProcess_setThreadPoolMaxThreadCount(0);
+ // Add Keymint Service
+ std::shared_ptr<AndroidKeyMintDevice> keyMint =
+ addService<AndroidKeyMintDevice>(SecurityLevel::SOFTWARE);
+ // Add Secure Clock Service
+ addService<AndroidSecureClock>(keyMint);
+ // Add Shared Secret Service
+ addService<AndroidSharedSecret>(keyMint);
+ // Add Remotely Provisioned Component Service
+ addService<AndroidRemotelyProvisionedComponentDevice>(keyMint);
+ ABinderProcess_joinThreadPool();
+ return EXIT_FAILURE; // should not reach
+}