Add authgraph HAL APEX Bug: 309463258 Test: VtsAidlAuthGraphSessionTest Change-Id: I5ac32a6e5d70321f31321b613a982020bf51db68

commit: 9f3f37f28801ef26c3c15fdfe8906ca218a5983a [log] [tgz]
author: Jooyung Han <jooyung@google.com> Tue Nov 21 17:00:18 2023 +0900
committer: Jooyung Han <jooyung@google.com> Tue Nov 21 17:14:33 2023 +0900
tree: 469560eeb08bcec9e5d10ab42016c43a7f74c7fb
parent: d411e0aa8f1e648bbb1f8092a9be67277dd50b9c [diff]
diff --git a/security/authgraph/default/Android.bp b/security/authgraph/default/Android.bp
index c481075..7894477 100644
--- a/security/authgraph/default/Android.bp
+++ b/security/authgraph/default/Android.bp

@@ -46,11 +46,11 @@
     name: "android.hardware.security.authgraph-service.nonsecure",
     relative_install_path: "hw",
     vendor: true,
-    init_rc: ["authgraph.rc"],
-    vintf_fragments: ["authgraph.xml"],
+    installable: false, // install com.android.hardware.security.authgraph
     defaults: [
         "authgraph_use_latest_hal_aidl_rust",
     ],
+    prefer_rlib: true,
     rustlibs: [
         "libandroid_logger",
         "libauthgraph_hal",
@@ -80,3 +80,34 @@
         ],
     },
 }
+
+prebuilt_etc {
+    name: "authgraph.xml",
+    src: "authgraph.xml",
+    sub_dir: "vintf",
+    installable: false,
+}
+
+prebuilt_etc {
+    name: "authgraph.rc",
+    src: "authgraph.rc",
+    installable: false,
+}
+
+apex {
+    name: "com.android.hardware.security.authgraph",
+    manifest: "apex_manifest.json",
+    file_contexts: "apex_file_contexts",
+    key: "com.android.hardware.key",
+    certificate: ":com.android.hardware.certificate",
+    vendor: true,
+    updatable: false,
+
+    binaries: [
+        "android.hardware.security.authgraph-service.nonsecure",
+    ],
+    prebuilts: [
+        "authgraph.rc",
+        "authgraph.xml",
+    ],
+}

diff --git a/security/authgraph/default/apex_file_contexts b/security/authgraph/default/apex_file_contexts
new file mode 100644
index 0000000..9a54613
--- /dev/null
+++ b/security/authgraph/default/apex_file_contexts

@@ -0,0 +1,3 @@
+(/.*)?                                          u:object_r:vendor_file:s0
+/etc(/.*)?                                      u:object_r:vendor_configs_file:s0
+/bin/hw/android\.hardware\.security\.authgraph-service\.nonsecure  u:object_r:hal_authgraph_default_exec:s0

diff --git a/security/authgraph/default/apex_manifest.json b/security/authgraph/default/apex_manifest.json
new file mode 100644
index 0000000..0723846
--- /dev/null
+++ b/security/authgraph/default/apex_manifest.json

@@ -0,0 +1,4 @@
+{
+    "name": "com.android.hardware.security.authgraph",
+    "version": 1
+}
\ No newline at end of file

diff --git a/security/authgraph/default/authgraph.rc b/security/authgraph/default/authgraph.rc
index 0222994..2d07542 100644
--- a/security/authgraph/default/authgraph.rc
+++ b/security/authgraph/default/authgraph.rc

@@ -1,4 +1,4 @@
-service vendor.authgraph /vendor/bin/hw/android.hardware.security.authgraph-service.nonsecure
+service vendor.authgraph /apex/com.android.hardware.security.authgraph/bin/hw/android.hardware.security.authgraph-service.nonsecure
     interface aidl android.hardware.security.authgraph.IAuthGraph/nonsecure
     class hal
     user nobody
commit	9f3f37f28801ef26c3c15fdfe8906ca218a5983a	[log] [tgz]
author	Jooyung Han <jooyung@google.com>	Tue Nov 21 17:00:18 2023 +0900
committer	Jooyung Han <jooyung@google.com>	Tue Nov 21 17:14:33 2023 +0900
tree	469560eeb08bcec9e5d10ab42016c43a7f74c7fb
parent	d411e0aa8f1e648bbb1f8092a9be67277dd50b9c [diff]