Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 8883c4f46333e7db8990ed3ae197841e3538b161 / . / security / keymint / aidl / default / Android.bp
blob: 0f008ce52bf483a3c48907ad190519ecb2682b21 [file] [log] [blame]
Bob Badourb224b362021-02-12 20:13:01 -0800[diff] [blame]1package {
2 // See: http://go/android-license-faq
3 // A large-scale-change added 'default_applicable_licenses' to import
4 // all of the 'license_kinds' from "hardware_interfaces_license"
5 // to get the below license kinds:
6 // SPDX-license-identifier-Apache-2.0
7 default_applicable_licenses: ["hardware_interfaces_license"],
8}
9
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]10vintf_fragment {
11 name: "android.hardware.security.keymint-service.xml",
12 src: "android.hardware.security.keymint-service.xml",
13 vendor: true,
14}
15
16vintf_fragment {
17 name: "android.hardware.security.sharedsecret-service.xml",
18 src: "android.hardware.security.sharedsecret-service.xml",
19 vendor: true,
20}
21
22vintf_fragment {
23 name: "android.hardware.security.secureclock-service.xml",
24 src: "android.hardware.security.secureclock-service.xml",
25 vendor: true,
26}
27
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]28// The following target has an insecure implementation of KeyMint where the
29// trusted application (TA) code runs in-process alongside the HAL service
30// code.
31//
32// A real device is required to run the TA code in a secure environment, as
33// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
34// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]35cc_binary {
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]36 name: "android.hardware.security.keymint-service",
37 relative_install_path: "hw",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]38 init_rc: ["android.hardware.security.keymint-service.rc"],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]39 vendor: true,
40 cflags: [
41 "-Wall",
42 "-Wextra",
43 ],
44 defaults: [
45 "keymint_use_latest_hal_aidl_ndk_shared",
46 ],
47 shared_libs: [
48 "android.hardware.security.rkp-V3-ndk",
49 "android.hardware.security.sharedsecret-V1-ndk",
50 "android.hardware.security.secureclock-V1-ndk",
51 "libbase",
52 "libbinder_ndk",
Shawn Willden98125922024-03-28 20:42:34 -0600[diff] [blame]53 "libcppbor",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]54 "libcrypto",
55 "libkeymaster_portable",
56 "libkeymint",
57 "liblog",
58 "libpuresoftkeymasterdevice",
59 "libutils",
60 ],
61 srcs: [
62 "service.cpp",
63 ],
64 required: [
65 "android.hardware.hardware_keystore.xml",
66 ],
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]67 vintf_fragment_modules: [
68 "android.hardware.security.keymint-service.xml",
69 "android.hardware.security.sharedsecret-service.xml",
70 "android.hardware.security.secureclock-service.xml",
71 ],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]72}
73
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]74// The following target has an insecure implementation of KeyMint where the
75// trusted application (TA) code runs in-process alongside the HAL service
76// code.
77//
78// A real device is required to run the TA code in a secure environment, as
79// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
80// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]81rust_binary {
82 name: "android.hardware.security.keymint-service.nonsecure",
83 relative_install_path: "hw",
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]84 vendor: true,
A. Cody Schuffelenddc6a8d2024-03-26 15:40:37 -0700[diff] [blame]85 init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
David Drysdale49255342021-11-22 14:32:31 +0000[diff] [blame]86 defaults: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]87 "keymint_use_latest_hal_aidl_rust",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]88 ],
89 srcs: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]90 "main.rs",
91 ],
92 rustlibs: [
93 "libandroid_logger",
94 "libbinder_rs",
95 "liblog_rust",
96 "libkmr_hal",
97 "libkmr_hal_nonsecure",
98 "libkmr_ta_nonsecure",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]99 ],
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]100 vintf_fragment_modules: [
101 "android.hardware.security.keymint-service.xml",
102 "android.hardware.security.sharedsecret-service.xml",
103 "android.hardware.security.secureclock-service.xml",
104 ],
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]105}
106
107prebuilt_etc {
108 name: "android.hardware.hardware_keystore.xml",
109 sub_dir: "permissions",
110 vendor: true,
111 src: "android.hardware.hardware_keystore.xml",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]112}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]113
David Drysdaleaf23f372024-11-11 10:39:19 +0000[diff] [blame]114prebuilt_etc {
115 name: "android.hardware.hardware_keystore_V3.xml",
116 sub_dir: "permissions",
117 vendor: true,
118 src: "android.hardware.hardware_keystore_V3.xml",
119}
120
Todd Frederickfd051de2024-11-27 22:59:04 +0000[diff] [blame]121prebuilt_etc {
122 name: "android.hardware.hardware_keystore_V4.xml",
123 sub_dir: "permissions",
124 vendor: true,
125 src: "android.hardware.hardware_keystore_V4.xml",
126}
127
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]128rust_library {
129 name: "libkmr_hal_nonsecure",
130 crate_name: "kmr_hal_nonsecure",
131 vendor_available: true,
132 lints: "android",
133 rustlibs: [
134 "libbinder_rs",
135 "libhex",
136 "liblibc",
137 "liblog_rust",
138 "libkmr_hal",
139 "libkmr_wire",
140 ],
141 srcs: ["hal/lib.rs"],
142
143}
144
145rust_library {
146 name: "libkmr_ta_nonsecure",
147 crate_name: "kmr_ta_nonsecure",
148 vendor_available: true,
149 host_supported: true,
150 lints: "android",
151 rustlibs: [
152 "libhex",
153 "liblibc",
154 "liblog_rust",
155 "libkmr_common",
156 "libkmr_crypto_boring",
157 "libkmr_ta",
158 "libkmr_wire",
159 ],
160 srcs: ["ta/lib.rs"],
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]161}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]162
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]163apex {
164 name: "com.android.hardware.keymint.rust_nonsecure",
165 manifest: "manifest.json",
166 file_contexts: "file_contexts",
167 key: "com.google.cf.apex.key",
168 certificate: ":com.android.hardware.certificate",
169 soc_specific: true,
170 updatable: false,
171 binaries: [
172 "android.hardware.security.keymint-service.nonsecure",
173 ],
174 prebuilts: [
175 "keymint_aidl_nonsecure_init_rc",
176 "keymint_aidl_nonsecure_vintf",
177 "android.hardware.hardware_keystore.xml", // permissions
178 ],
179}
180
181prebuilt_etc {
182 name: "keymint_aidl_nonsecure_init_rc",
183 filename_from_src: true,
184 vendor: true,
185 src: ":gen-keymint_aidl_nonsecure_init_rc",
186}
187
188genrule {
189 name: "gen-keymint_aidl_nonsecure_init_rc",
190 srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
191 out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
192 cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
193}
194
195prebuilt_etc {
196 name: "keymint_aidl_nonsecure_vintf",
197 sub_dir: "vintf",
198 vendor: true,
199 srcs: [
200 "android.hardware.security.keymint-service.xml",
201 "android.hardware.security.sharedsecret-service.xml",
202 "android.hardware.security.secureclock-service.xml",
203 ],
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]204}