Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / af23f37935a1e1a79d3798983724e277bd23e28c / . / security / keymint / aidl / default / Android.bp
blob: ff2393c0fb61e45207ae51189d4de7a624aa82e6 [file] [log] [blame]
Bob Badourb224b362021-02-12 20:13:01 -0800[diff] [blame]1package {
2 // See: http://go/android-license-faq
3 // A large-scale-change added 'default_applicable_licenses' to import
4 // all of the 'license_kinds' from "hardware_interfaces_license"
5 // to get the below license kinds:
6 // SPDX-license-identifier-Apache-2.0
7 default_applicable_licenses: ["hardware_interfaces_license"],
8}
9
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]10vintf_fragment {
11 name: "android.hardware.security.keymint-service.xml",
12 src: "android.hardware.security.keymint-service.xml",
13 vendor: true,
14}
15
16vintf_fragment {
17 name: "android.hardware.security.sharedsecret-service.xml",
18 src: "android.hardware.security.sharedsecret-service.xml",
19 vendor: true,
20}
21
22vintf_fragment {
23 name: "android.hardware.security.secureclock-service.xml",
24 src: "android.hardware.security.secureclock-service.xml",
25 vendor: true,
26}
27
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]28// The following target has an insecure implementation of KeyMint where the
29// trusted application (TA) code runs in-process alongside the HAL service
30// code.
31//
32// A real device is required to run the TA code in a secure environment, as
33// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
34// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]35cc_binary {
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]36 name: "android.hardware.security.keymint-service",
37 relative_install_path: "hw",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]38 init_rc: ["android.hardware.security.keymint-service.rc"],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]39 vendor: true,
40 cflags: [
41 "-Wall",
42 "-Wextra",
43 ],
44 defaults: [
45 "keymint_use_latest_hal_aidl_ndk_shared",
46 ],
47 shared_libs: [
48 "android.hardware.security.rkp-V3-ndk",
49 "android.hardware.security.sharedsecret-V1-ndk",
50 "android.hardware.security.secureclock-V1-ndk",
51 "libbase",
52 "libbinder_ndk",
Shawn Willden98125922024-03-28 20:42:34 -0600[diff] [blame]53 "libcppbor",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]54 "libcrypto",
55 "libkeymaster_portable",
56 "libkeymint",
57 "liblog",
58 "libpuresoftkeymasterdevice",
59 "libutils",
60 ],
61 srcs: [
62 "service.cpp",
63 ],
64 required: [
65 "android.hardware.hardware_keystore.xml",
66 ],
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]67 vintf_fragment_modules: [
68 "android.hardware.security.keymint-service.xml",
69 "android.hardware.security.sharedsecret-service.xml",
70 "android.hardware.security.secureclock-service.xml",
71 ],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]72}
73
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]74// The following target has an insecure implementation of KeyMint where the
75// trusted application (TA) code runs in-process alongside the HAL service
76// code.
77//
78// A real device is required to run the TA code in a secure environment, as
79// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
80// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]81rust_binary {
82 name: "android.hardware.security.keymint-service.nonsecure",
83 relative_install_path: "hw",
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]84 vendor: true,
A. Cody Schuffelenddc6a8d2024-03-26 15:40:37 -0700[diff] [blame]85 init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
David Drysdale49255342021-11-22 14:32:31 +0000[diff] [blame]86 defaults: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]87 "keymint_use_latest_hal_aidl_rust",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]88 ],
89 srcs: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]90 "main.rs",
91 ],
92 rustlibs: [
93 "libandroid_logger",
94 "libbinder_rs",
95 "liblog_rust",
96 "libkmr_hal",
97 "libkmr_hal_nonsecure",
98 "libkmr_ta_nonsecure",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]99 ],
Kiyoung Kim4a518d22024-09-03 13:44:23 +0900[diff] [blame]100 vintf_fragment_modules: [
101 "android.hardware.security.keymint-service.xml",
102 "android.hardware.security.sharedsecret-service.xml",
103 "android.hardware.security.secureclock-service.xml",
104 ],
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]105}
106
107prebuilt_etc {
108 name: "android.hardware.hardware_keystore.xml",
109 sub_dir: "permissions",
110 vendor: true,
111 src: "android.hardware.hardware_keystore.xml",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]112}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]113
David Drysdaleaf23f372024-11-11 10:39:19 +0000[diff] [blame^]114prebuilt_etc {
115 name: "android.hardware.hardware_keystore_V3.xml",
116 sub_dir: "permissions",
117 vendor: true,
118 src: "android.hardware.hardware_keystore_V3.xml",
119}
120
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]121rust_library {
122 name: "libkmr_hal_nonsecure",
123 crate_name: "kmr_hal_nonsecure",
124 vendor_available: true,
125 lints: "android",
126 rustlibs: [
127 "libbinder_rs",
128 "libhex",
129 "liblibc",
130 "liblog_rust",
131 "libkmr_hal",
132 "libkmr_wire",
133 ],
134 srcs: ["hal/lib.rs"],
135
136}
137
138rust_library {
139 name: "libkmr_ta_nonsecure",
140 crate_name: "kmr_ta_nonsecure",
141 vendor_available: true,
142 host_supported: true,
143 lints: "android",
144 rustlibs: [
145 "libhex",
146 "liblibc",
147 "liblog_rust",
148 "libkmr_common",
149 "libkmr_crypto_boring",
150 "libkmr_ta",
151 "libkmr_wire",
152 ],
153 srcs: ["ta/lib.rs"],
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]154}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]155
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]156apex {
157 name: "com.android.hardware.keymint.rust_nonsecure",
158 manifest: "manifest.json",
159 file_contexts: "file_contexts",
160 key: "com.google.cf.apex.key",
161 certificate: ":com.android.hardware.certificate",
162 soc_specific: true,
163 updatable: false,
164 binaries: [
165 "android.hardware.security.keymint-service.nonsecure",
166 ],
167 prebuilts: [
168 "keymint_aidl_nonsecure_init_rc",
169 "keymint_aidl_nonsecure_vintf",
170 "android.hardware.hardware_keystore.xml", // permissions
171 ],
172}
173
174prebuilt_etc {
175 name: "keymint_aidl_nonsecure_init_rc",
176 filename_from_src: true,
177 vendor: true,
178 src: ":gen-keymint_aidl_nonsecure_init_rc",
179}
180
181genrule {
182 name: "gen-keymint_aidl_nonsecure_init_rc",
183 srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
184 out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
185 cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
186}
187
188prebuilt_etc {
189 name: "keymint_aidl_nonsecure_vintf",
190 sub_dir: "vintf",
191 vendor: true,
192 srcs: [
193 "android.hardware.security.keymint-service.xml",
194 "android.hardware.security.sharedsecret-service.xml",
195 "android.hardware.security.secureclock-service.xml",
196 ],
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]197}