Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 31406c58bd109f5b12745f169be7c45871cd9a29 / . / security / keymint / aidl / default / Android.bp
blob: 01971418584d55979752a5e5ffef5776ac5e3e73 [file] [log] [blame]
Bob Badourb224b362021-02-12 20:13:01 -0800[diff] [blame]1package {
2 // See: http://go/android-license-faq
3 // A large-scale-change added 'default_applicable_licenses' to import
4 // all of the 'license_kinds' from "hardware_interfaces_license"
5 // to get the below license kinds:
6 // SPDX-license-identifier-Apache-2.0
7 default_applicable_licenses: ["hardware_interfaces_license"],
8}
9
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]10vintf_fragment {
11 name: "android.hardware.security.keymint-service.xml",
12 src: "android.hardware.security.keymint-service.xml",
13 vendor: true,
14}
15
16vintf_fragment {
17 name: "android.hardware.security.sharedsecret-service.xml",
18 src: "android.hardware.security.sharedsecret-service.xml",
19 vendor: true,
20}
21
22vintf_fragment {
23 name: "android.hardware.security.secureclock-service.xml",
24 src: "android.hardware.security.secureclock-service.xml",
25 vendor: true,
26}
27
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]28// The following target has an insecure implementation of KeyMint where the
29// trusted application (TA) code runs in-process alongside the HAL service
30// code.
31//
32// A real device is required to run the TA code in a secure environment, as
33// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
34// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]35cc_binary {
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]36 name: "android.hardware.security.keymint-service",
37 relative_install_path: "hw",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]38 init_rc: ["android.hardware.security.keymint-service.rc"],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]39 vendor: true,
40 cflags: [
41 "-Wall",
42 "-Wextra",
43 ],
44 defaults: [
45 "keymint_use_latest_hal_aidl_ndk_shared",
46 ],
47 shared_libs: [
48 "android.hardware.security.rkp-V3-ndk",
49 "android.hardware.security.sharedsecret-V1-ndk",
50 "android.hardware.security.secureclock-V1-ndk",
51 "libbase",
52 "libbinder_ndk",
Shawn Willden98125922024-03-28 20:42:34 -0600[diff] [blame]53 "libcppbor",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]54 "libcrypto",
55 "libkeymaster_portable",
56 "libkeymint",
57 "liblog",
58 "libpuresoftkeymasterdevice",
59 "libutils",
60 ],
61 srcs: [
62 "service.cpp",
63 ],
64 required: [
65 "android.hardware.hardware_keystore.xml",
66 ],
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]67 vintf_fragment_modules: [
68 "android.hardware.security.keymint-service.xml",
69 "android.hardware.security.sharedsecret-service.xml",
70 "android.hardware.security.secureclock-service.xml",
71 ],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]72}
73
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]74// The following target has an insecure implementation of KeyMint where the
75// trusted application (TA) code runs in-process alongside the HAL service
76// code.
77//
78// A real device is required to run the TA code in a secure environment, as
79// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
80// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]81rust_binary {
82 name: "android.hardware.security.keymint-service.nonsecure",
83 relative_install_path: "hw",
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]84 vendor: true,
A. Cody Schuffelenddc6a8d2024-03-26 15:40:37 -0700[diff] [blame]85 init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
David Drysdale49255342021-11-22 14:32:31 +0000[diff] [blame]86 defaults: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]87 "keymint_use_latest_hal_aidl_rust",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]88 ],
89 srcs: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]90 "main.rs",
91 ],
92 rustlibs: [
93 "libandroid_logger",
94 "libbinder_rs",
95 "liblog_rust",
96 "libkmr_hal",
97 "libkmr_hal_nonsecure",
98 "libkmr_ta_nonsecure",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]99 ],
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]100 vintf_fragment_modules: [
101 "android.hardware.security.keymint-service.xml",
102 "android.hardware.security.sharedsecret-service.xml",
103 "android.hardware.security.secureclock-service.xml",
104 ],
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]105}
106
David Drysdale7dcdd5b2024-11-28 11:50:55 +0000[diff] [blame]107// The following target declares the latest version of KeyMint.
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]108prebuilt_etc {
109 name: "android.hardware.hardware_keystore.xml",
110 sub_dir: "permissions",
111 vendor: true,
112 src: "android.hardware.hardware_keystore.xml",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]113}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]114
David Drysdale7dcdd5b2024-11-28 11:50:55 +0000[diff] [blame]115// The following targets (and underlying XML files) declare specific
116// versions of KeyMint. Vendors should use the version that matches the
117// version of the KeyMint HAL that the device implements.
118
119prebuilt_etc {
120 name: "android.hardware.hardware_keystore_V1.xml",
121 sub_dir: "permissions",
122 vendor: true,
123 src: "android.hardware.hardware_keystore_V1.xml",
124}
125
126prebuilt_etc {
127 name: "android.hardware.hardware_keystore_V2.xml",
128 sub_dir: "permissions",
129 vendor: true,
130 src: "android.hardware.hardware_keystore_V2.xml",
131}
132
David Drysdaleaf23f372024-11-11 10:39:19 +0000[diff] [blame]133prebuilt_etc {
134 name: "android.hardware.hardware_keystore_V3.xml",
135 sub_dir: "permissions",
136 vendor: true,
137 src: "android.hardware.hardware_keystore_V3.xml",
138}
139
Todd Frederickfd051de2024-11-27 22:59:04 +0000[diff] [blame]140prebuilt_etc {
141 name: "android.hardware.hardware_keystore_V4.xml",
142 sub_dir: "permissions",
143 vendor: true,
144 src: "android.hardware.hardware_keystore_V4.xml",
145}
146
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]147rust_library {
148 name: "libkmr_hal_nonsecure",
149 crate_name: "kmr_hal_nonsecure",
150 vendor_available: true,
151 lints: "android",
152 rustlibs: [
153 "libbinder_rs",
154 "libhex",
155 "liblibc",
156 "liblog_rust",
157 "libkmr_hal",
158 "libkmr_wire",
159 ],
160 srcs: ["hal/lib.rs"],
161
162}
163
164rust_library {
165 name: "libkmr_ta_nonsecure",
166 crate_name: "kmr_ta_nonsecure",
167 vendor_available: true,
168 host_supported: true,
169 lints: "android",
170 rustlibs: [
171 "libhex",
172 "liblibc",
173 "liblog_rust",
174 "libkmr_common",
175 "libkmr_crypto_boring",
176 "libkmr_ta",
177 "libkmr_wire",
178 ],
179 srcs: ["ta/lib.rs"],
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]180}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]181
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]182apex {
183 name: "com.android.hardware.keymint.rust_nonsecure",
184 manifest: "manifest.json",
185 file_contexts: "file_contexts",
186 key: "com.google.cf.apex.key",
187 certificate: ":com.android.hardware.certificate",
188 soc_specific: true,
189 updatable: false,
190 binaries: [
191 "android.hardware.security.keymint-service.nonsecure",
192 ],
193 prebuilts: [
194 "keymint_aidl_nonsecure_init_rc",
195 "keymint_aidl_nonsecure_vintf",
196 "android.hardware.hardware_keystore.xml", // permissions
197 ],
198}
199
200prebuilt_etc {
201 name: "keymint_aidl_nonsecure_init_rc",
202 filename_from_src: true,
203 vendor: true,
204 src: ":gen-keymint_aidl_nonsecure_init_rc",
205}
206
207genrule {
208 name: "gen-keymint_aidl_nonsecure_init_rc",
209 srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
210 out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
211 cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
212}
213
214prebuilt_etc {
215 name: "keymint_aidl_nonsecure_vintf",
216 sub_dir: "vintf",
217 vendor: true,
218 srcs: [
219 "android.hardware.security.keymint-service.xml",
220 "android.hardware.security.sharedsecret-service.xml",
221 "android.hardware.security.secureclock-service.xml",
222 ],
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]223}