Package the rust_nonsecure keymint default HAL in an APEX
This will make it easier to swap in and out with the Cuttlefish remote
implementation.
Bug: 331474817
Test: m com.android.hardware.keymint.rust_nonsecure
Change-Id: I0e9a350b62a90ef6126db109195e19b4181d0cf8
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index c707845..1d23a34 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -115,5 +115,47 @@
"libkmr_wire",
],
srcs: ["ta/lib.rs"],
+}
+apex {
+ name: "com.android.hardware.keymint.rust_nonsecure",
+ manifest: "manifest.json",
+ file_contexts: "file_contexts",
+ key: "com.google.cf.apex.key",
+ certificate: ":com.android.hardware.certificate",
+ soc_specific: true,
+ updatable: false,
+ binaries: [
+ "android.hardware.security.keymint-service.nonsecure",
+ ],
+ prebuilts: [
+ "keymint_aidl_nonsecure_init_rc",
+ "keymint_aidl_nonsecure_vintf",
+ "android.hardware.hardware_keystore.xml", // permissions
+ ],
+}
+
+prebuilt_etc {
+ name: "keymint_aidl_nonsecure_init_rc",
+ filename_from_src: true,
+ vendor: true,
+ src: ":gen-keymint_aidl_nonsecure_init_rc",
+}
+
+genrule {
+ name: "gen-keymint_aidl_nonsecure_init_rc",
+ srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
+ out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
+ cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
+}
+
+prebuilt_etc {
+ name: "keymint_aidl_nonsecure_vintf",
+ sub_dir: "vintf",
+ vendor: true,
+ srcs: [
+ "android.hardware.security.keymint-service.xml",
+ "android.hardware.security.sharedsecret-service.xml",
+ "android.hardware.security.secureclock-service.xml",
+ ],
}