Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 4a518d2e1e05a78ffbd4dd3ddfb34aba1b721397 / . / security / keymint / aidl / default / Android.bp
blob: 22a46ed534d6a99cc44debedd0d548ce39e7909c [file] [log] [blame]
Bob Badourb224b362021-02-12 20:13:01 -0800[diff] [blame]1package {
2 // See: http://go/android-license-faq
3 // A large-scale-change added 'default_applicable_licenses' to import
4 // all of the 'license_kinds' from "hardware_interfaces_license"
5 // to get the below license kinds:
6 // SPDX-license-identifier-Apache-2.0
7 default_applicable_licenses: ["hardware_interfaces_license"],
8}
9
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame^]10vintf_fragment {
11 name: "android.hardware.security.keymint-service.xml",
12 src: "android.hardware.security.keymint-service.xml",
13 vendor: true,
14}
15
16vintf_fragment {
17 name: "android.hardware.security.sharedsecret-service.xml",
18 src: "android.hardware.security.sharedsecret-service.xml",
19 vendor: true,
20}
21
22vintf_fragment {
23 name: "android.hardware.security.secureclock-service.xml",
24 src: "android.hardware.security.secureclock-service.xml",
25 vendor: true,
26}
27
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]28// The following target has an insecure implementation of KeyMint where the
29// trusted application (TA) code runs in-process alongside the HAL service
30// code.
31//
32// A real device is required to run the TA code in a secure environment, as
33// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
34// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]35cc_binary {
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]36 name: "android.hardware.security.keymint-service",
37 relative_install_path: "hw",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]38 init_rc: ["android.hardware.security.keymint-service.rc"],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]39 vendor: true,
40 cflags: [
41 "-Wall",
42 "-Wextra",
43 ],
44 defaults: [
45 "keymint_use_latest_hal_aidl_ndk_shared",
46 ],
47 shared_libs: [
48 "android.hardware.security.rkp-V3-ndk",
49 "android.hardware.security.sharedsecret-V1-ndk",
50 "android.hardware.security.secureclock-V1-ndk",
51 "libbase",
52 "libbinder_ndk",
Shawn Willden98125922024-03-28 20:42:34 -0600[diff] [blame]53 "libcppbor",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]54 "libcrypto",
55 "libkeymaster_portable",
56 "libkeymint",
57 "liblog",
58 "libpuresoftkeymasterdevice",
59 "libutils",
60 ],
61 srcs: [
62 "service.cpp",
63 ],
64 required: [
65 "android.hardware.hardware_keystore.xml",
66 ],
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame^]67 vintf_fragment_modules: [
68 "android.hardware.security.keymint-service.xml",
69 "android.hardware.security.sharedsecret-service.xml",
70 "android.hardware.security.secureclock-service.xml",
71 ],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]72}
73
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]74// The following target has an insecure implementation of KeyMint where the
75// trusted application (TA) code runs in-process alongside the HAL service
76// code.
77//
78// A real device is required to run the TA code in a secure environment, as
79// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
80// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]81rust_binary {
82 name: "android.hardware.security.keymint-service.nonsecure",
83 relative_install_path: "hw",
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]84 vendor: true,
A. Cody Schuffelenddc6a8d2024-03-26 15:40:37 -0700[diff] [blame]85 init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
David Drysdale49255342021-11-22 14:32:31 +0000[diff] [blame]86 defaults: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]87 "keymint_use_latest_hal_aidl_rust",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]88 ],
89 srcs: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]90 "main.rs",
91 ],
92 rustlibs: [
93 "libandroid_logger",
94 "libbinder_rs",
95 "liblog_rust",
96 "libkmr_hal",
97 "libkmr_hal_nonsecure",
98 "libkmr_ta_nonsecure",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]99 ],
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]100 required: [
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]101 "android.hardware.hardware_keystore.xml",
102 ],
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame^]103 vintf_fragment_modules: [
104 "android.hardware.security.keymint-service.xml",
105 "android.hardware.security.sharedsecret-service.xml",
106 "android.hardware.security.secureclock-service.xml",
107 ],
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]108}
109
110prebuilt_etc {
111 name: "android.hardware.hardware_keystore.xml",
112 sub_dir: "permissions",
113 vendor: true,
114 src: "android.hardware.hardware_keystore.xml",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]115}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]116
117rust_library {
118 name: "libkmr_hal_nonsecure",
119 crate_name: "kmr_hal_nonsecure",
120 vendor_available: true,
121 lints: "android",
122 rustlibs: [
123 "libbinder_rs",
124 "libhex",
125 "liblibc",
126 "liblog_rust",
127 "libkmr_hal",
128 "libkmr_wire",
129 ],
130 srcs: ["hal/lib.rs"],
131
132}
133
134rust_library {
135 name: "libkmr_ta_nonsecure",
136 crate_name: "kmr_ta_nonsecure",
137 vendor_available: true,
138 host_supported: true,
139 lints: "android",
140 rustlibs: [
141 "libhex",
142 "liblibc",
143 "liblog_rust",
144 "libkmr_common",
145 "libkmr_crypto_boring",
146 "libkmr_ta",
147 "libkmr_wire",
148 ],
149 srcs: ["ta/lib.rs"],
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]150}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]151
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]152apex {
153 name: "com.android.hardware.keymint.rust_nonsecure",
154 manifest: "manifest.json",
155 file_contexts: "file_contexts",
156 key: "com.google.cf.apex.key",
157 certificate: ":com.android.hardware.certificate",
158 soc_specific: true,
159 updatable: false,
160 binaries: [
161 "android.hardware.security.keymint-service.nonsecure",
162 ],
163 prebuilts: [
164 "keymint_aidl_nonsecure_init_rc",
165 "keymint_aidl_nonsecure_vintf",
166 "android.hardware.hardware_keystore.xml", // permissions
167 ],
168}
169
170prebuilt_etc {
171 name: "keymint_aidl_nonsecure_init_rc",
172 filename_from_src: true,
173 vendor: true,
174 src: ":gen-keymint_aidl_nonsecure_init_rc",
175}
176
177genrule {
178 name: "gen-keymint_aidl_nonsecure_init_rc",
179 srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
180 out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
181 cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
182}
183
184prebuilt_etc {
185 name: "keymint_aidl_nonsecure_vintf",
186 sub_dir: "vintf",
187 vendor: true,
188 srcs: [
189 "android.hardware.security.keymint-service.xml",
190 "android.hardware.security.sharedsecret-service.xml",
191 "android.hardware.security.secureclock-service.xml",
192 ],
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]193}