Blame - security/keymint/aidl/default/Android.bp - android_hardware_interfaces

blob: fbb61401b93e87e6aca9566eda7edaf86b659fb0 [file] [log] [blame]

Bob Badour	b224b36	2021-02-12 20:13:01 -0800	[diff] [blame]	1	package {
				2	// See: http://go/android-license-faq
				3	// A large-scale-change added 'default_applicable_licenses' to import
				4	// all of the 'license_kinds' from "hardware_interfaces_license"
				5	// to get the below license kinds:
				6	// SPDX-license-identifier-Apache-2.0
				7	default_applicable_licenses: ["hardware_interfaces_license"],
				8	}
				9
David Drysdale	33a132f	2024-03-06 15:40:45 +0000	[diff] [blame]	10	// The following target has an insecure implementation of KeyMint where the
				11	// trusted application (TA) code runs in-process alongside the HAL service
				12	// code.
				13	//
				14	// A real device is required to run the TA code in a secure environment, as
				15	// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
				16	// isolated execution environment."
David Drysdale	764199f	2024-03-07 09:42:48 +0000	[diff] [blame]	17	cc_binary {
Shawn Willden	08a7e43	2020-12-11 13:05:27 +0000	[diff] [blame]	18	name: "android.hardware.security.keymint-service",
				19	relative_install_path: "hw",
David Drysdale	764199f	2024-03-07 09:42:48 +0000	[diff] [blame]	20	init_rc: ["android.hardware.security.keymint-service.rc"],
Greg Kaiser	3892274	2024-08-30 14:07:37 +0000	[diff] [blame]	21	vintf_fragments: [
				22	"android.hardware.security.keymint-service.xml",
				23	"android.hardware.security.sharedsecret-service.xml",
				24	"android.hardware.security.secureclock-service.xml",
				25	],
David Drysdale	764199f	2024-03-07 09:42:48 +0000	[diff] [blame]	26	vendor: true,
				27	cflags: [
				28	"-Wall",
				29	"-Wextra",
				30	],
				31	defaults: [
				32	"keymint_use_latest_hal_aidl_ndk_shared",
				33	],
				34	shared_libs: [
				35	"android.hardware.security.rkp-V3-ndk",
				36	"android.hardware.security.sharedsecret-V1-ndk",
				37	"android.hardware.security.secureclock-V1-ndk",
				38	"libbase",
				39	"libbinder_ndk",
Shawn Willden	9812592	2024-03-28 20:42:34 -0600	[diff] [blame]	40	"libcppbor",
David Drysdale	764199f	2024-03-07 09:42:48 +0000	[diff] [blame]	41	"libcrypto",
				42	"libkeymaster_portable",
				43	"libkeymint",
				44	"liblog",
				45	"libpuresoftkeymasterdevice",
				46	"libutils",
				47	],
				48	srcs: [
				49	"service.cpp",
				50	],
				51	required: [
				52	"android.hardware.hardware_keystore.xml",
				53	],
				54	}
				55
David Drysdale	33a132f	2024-03-06 15:40:45 +0000	[diff] [blame]	56	// The following target has an insecure implementation of KeyMint where the
				57	// trusted application (TA) code runs in-process alongside the HAL service
				58	// code.
				59	//
				60	// A real device is required to run the TA code in a secure environment, as
				61	// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
				62	// isolated execution environment."
David Drysdale	764199f	2024-03-07 09:42:48 +0000	[diff] [blame]	63	rust_binary {
				64	name: "android.hardware.security.keymint-service.nonsecure",
				65	relative_install_path: "hw",
David Drysdale	30196cf	2023-12-02 19:24:15 +0000	[diff] [blame]	66	vendor: true,
A. Cody Schuffelen	ddc6a8d	2024-03-26 15:40:37 -0700	[diff] [blame]	67	init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
Greg Kaiser	3892274	2024-08-30 14:07:37 +0000	[diff] [blame]	68	vintf_fragments: [
				69	"android.hardware.security.keymint-service.xml",
				70	"android.hardware.security.sharedsecret-service.xml",
				71	"android.hardware.security.secureclock-service.xml",
				72	],
David Drysdale	4925534	2021-11-22 14:32:31 +0000	[diff] [blame]	73	defaults: [
David Drysdale	30196cf	2023-12-02 19:24:15 +0000	[diff] [blame]	74	"keymint_use_latest_hal_aidl_rust",
Shawn Willden	08a7e43	2020-12-11 13:05:27 +0000	[diff] [blame]	75	],
				76	srcs: [
David Drysdale	30196cf	2023-12-02 19:24:15 +0000	[diff] [blame]	77	"main.rs",
				78	],
				79	rustlibs: [
				80	"libandroid_logger",
				81	"libbinder_rs",
				82	"liblog_rust",
				83	"libkmr_hal",
				84	"libkmr_hal_nonsecure",
				85	"libkmr_ta_nonsecure",
Shawn Willden	08a7e43	2020-12-11 13:05:27 +0000	[diff] [blame]	86	],
David Zeuthen	7f8ccb5	2021-03-10 14:40:17 -0500	[diff] [blame]	87	required: [
David Zeuthen	7f8ccb5	2021-03-10 14:40:17 -0500	[diff] [blame]	88	"android.hardware.hardware_keystore.xml",
				89	],
				90	}
				91
				92	prebuilt_etc {
				93	name: "android.hardware.hardware_keystore.xml",
				94	sub_dir: "permissions",
				95	vendor: true,
				96	src: "android.hardware.hardware_keystore.xml",
Shawn Willden	08a7e43	2020-12-11 13:05:27 +0000	[diff] [blame]	97	}
David Drysdale	30196cf	2023-12-02 19:24:15 +0000	[diff] [blame]	98
				99	rust_library {
				100	name: "libkmr_hal_nonsecure",
				101	crate_name: "kmr_hal_nonsecure",
				102	vendor_available: true,
				103	lints: "android",
				104	rustlibs: [
				105	"libbinder_rs",
				106	"libhex",
				107	"liblibc",
				108	"liblog_rust",
				109	"libkmr_hal",
				110	"libkmr_wire",
				111	],
				112	srcs: ["hal/lib.rs"],
				113
				114	}
				115
				116	rust_library {
				117	name: "libkmr_ta_nonsecure",
				118	crate_name: "kmr_ta_nonsecure",
				119	vendor_available: true,
				120	host_supported: true,
				121	lints: "android",
				122	rustlibs: [
				123	"libhex",
				124	"liblibc",
				125	"liblog_rust",
				126	"libkmr_common",
				127	"libkmr_crypto_boring",
				128	"libkmr_ta",
				129	"libkmr_wire",
				130	],
				131	srcs: ["ta/lib.rs"],
A. Cody Schuffelen	895ba8b	2024-03-27 11:43:28 -0700	[diff] [blame]	132	}
David Drysdale	30196cf	2023-12-02 19:24:15 +0000	[diff] [blame]	133
A. Cody Schuffelen	895ba8b	2024-03-27 11:43:28 -0700	[diff] [blame]	134	apex {
				135	name: "com.android.hardware.keymint.rust_nonsecure",
				136	manifest: "manifest.json",
				137	file_contexts: "file_contexts",
				138	key: "com.google.cf.apex.key",
				139	certificate: ":com.android.hardware.certificate",
				140	soc_specific: true,
				141	updatable: false,
				142	binaries: [
				143	"android.hardware.security.keymint-service.nonsecure",
				144	],
				145	prebuilts: [
				146	"keymint_aidl_nonsecure_init_rc",
				147	"keymint_aidl_nonsecure_vintf",
				148	"android.hardware.hardware_keystore.xml", // permissions
				149	],
				150	}
				151
				152	prebuilt_etc {
				153	name: "keymint_aidl_nonsecure_init_rc",
				154	filename_from_src: true,
				155	vendor: true,
				156	src: ":gen-keymint_aidl_nonsecure_init_rc",
				157	}
				158
				159	genrule {
				160	name: "gen-keymint_aidl_nonsecure_init_rc",
				161	srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
				162	out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
				163	cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
				164	}
				165
				166	prebuilt_etc {
				167	name: "keymint_aidl_nonsecure_vintf",
				168	sub_dir: "vintf",
				169	vendor: true,
				170	srcs: [
				171	"android.hardware.security.keymint-service.xml",
				172	"android.hardware.security.sharedsecret-service.xml",
				173	"android.hardware.security.secureclock-service.xml",
				174	],
David Drysdale	30196cf	2023-12-02 19:24:15 +0000	[diff] [blame]	175	}