Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / cf0a2dd5b005fa9353f11e59839cf374bddd1e8b / . / security / keymint / aidl / default / Android.bp
blob: b1679aefdf24a2f6603a40b923e0aad05ca3e2c0 [file] [log] [blame]
Bob Badourb224b362021-02-12 20:13:01 -0800[diff] [blame]1package {
2 // See: http://go/android-license-faq
3 // A large-scale-change added 'default_applicable_licenses' to import
4 // all of the 'license_kinds' from "hardware_interfaces_license"
5 // to get the below license kinds:
6 // SPDX-license-identifier-Apache-2.0
7 default_applicable_licenses: ["hardware_interfaces_license"],
8}
9
Kiyoung Kimcf0a2dd2024-08-12 15:30:48 +0900[diff] [blame^]10vintf_fragment {
11 name: "android.hardware.security.keymint-service.xml",
12 src: "android.hardware.security.keymint-service.xml",
13 vendor: true,
14 no_full_install: true,
15}
16
17vintf_fragment {
18 name: "android.hardware.security.sharedsecret-service.xml",
19 src: "android.hardware.security.sharedsecret-service.xml",
20 vendor: true,
21 no_full_install: true,
22}
23
24vintf_fragment {
25 name: "android.hardware.security.secureclock-service.xml",
26 src: "android.hardware.security.secureclock-service.xml",
27 vendor: true,
28 no_full_install: true,
29}
30
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]31// The following target has an insecure implementation of KeyMint where the
32// trusted application (TA) code runs in-process alongside the HAL service
33// code.
34//
35// A real device is required to run the TA code in a secure environment, as
36// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
37// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]38cc_binary {
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]39 name: "android.hardware.security.keymint-service",
40 relative_install_path: "hw",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]41 init_rc: ["android.hardware.security.keymint-service.rc"],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]42 vendor: true,
43 cflags: [
44 "-Wall",
45 "-Wextra",
46 ],
47 defaults: [
48 "keymint_use_latest_hal_aidl_ndk_shared",
49 ],
50 shared_libs: [
51 "android.hardware.security.rkp-V3-ndk",
52 "android.hardware.security.sharedsecret-V1-ndk",
53 "android.hardware.security.secureclock-V1-ndk",
54 "libbase",
55 "libbinder_ndk",
Shawn Willden98125922024-03-28 20:42:34 -0600[diff] [blame]56 "libcppbor",
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]57 "libcrypto",
58 "libkeymaster_portable",
59 "libkeymint",
60 "liblog",
61 "libpuresoftkeymasterdevice",
62 "libutils",
63 ],
64 srcs: [
65 "service.cpp",
66 ],
67 required: [
68 "android.hardware.hardware_keystore.xml",
69 ],
Kiyoung Kimcf0a2dd2024-08-12 15:30:48 +0900[diff] [blame^]70 vintf_fragment_modules: [
71 "android.hardware.security.keymint-service.xml",
72 "android.hardware.security.sharedsecret-service.xml",
73 "android.hardware.security.secureclock-service.xml",
74 ],
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]75}
76
David Drysdale33a132f2024-03-06 15:40:45 +0000[diff] [blame]77// The following target has an insecure implementation of KeyMint where the
78// trusted application (TA) code runs in-process alongside the HAL service
79// code.
80//
81// A real device is required to run the TA code in a secure environment, as
82// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
83// isolated execution environment."
David Drysdale764199f2024-03-07 09:42:48 +0000[diff] [blame]84rust_binary {
85 name: "android.hardware.security.keymint-service.nonsecure",
86 relative_install_path: "hw",
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]87 vendor: true,
A. Cody Schuffelenddc6a8d2024-03-26 15:40:37 -0700[diff] [blame]88 init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
David Drysdale49255342021-11-22 14:32:31 +0000[diff] [blame]89 defaults: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]90 "keymint_use_latest_hal_aidl_rust",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]91 ],
92 srcs: [
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]93 "main.rs",
94 ],
95 rustlibs: [
96 "libandroid_logger",
97 "libbinder_rs",
98 "liblog_rust",
99 "libkmr_hal",
100 "libkmr_hal_nonsecure",
101 "libkmr_ta_nonsecure",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]102 ],
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]103 required: [
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]104 "android.hardware.hardware_keystore.xml",
105 ],
Kiyoung Kimcf0a2dd2024-08-12 15:30:48 +0900[diff] [blame^]106 vintf_fragment_modules: [
107 "android.hardware.security.keymint-service.xml",
108 "android.hardware.security.sharedsecret-service.xml",
109 "android.hardware.security.secureclock-service.xml",
110 ],
David Zeuthen7f8ccb52021-03-10 14:40:17 -0500[diff] [blame]111}
112
113prebuilt_etc {
114 name: "android.hardware.hardware_keystore.xml",
115 sub_dir: "permissions",
116 vendor: true,
117 src: "android.hardware.hardware_keystore.xml",
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]118}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]119
120rust_library {
121 name: "libkmr_hal_nonsecure",
122 crate_name: "kmr_hal_nonsecure",
123 vendor_available: true,
124 lints: "android",
125 rustlibs: [
126 "libbinder_rs",
127 "libhex",
128 "liblibc",
129 "liblog_rust",
130 "libkmr_hal",
131 "libkmr_wire",
132 ],
133 srcs: ["hal/lib.rs"],
134
135}
136
137rust_library {
138 name: "libkmr_ta_nonsecure",
139 crate_name: "kmr_ta_nonsecure",
140 vendor_available: true,
141 host_supported: true,
142 lints: "android",
143 rustlibs: [
144 "libhex",
145 "liblibc",
146 "liblog_rust",
147 "libkmr_common",
148 "libkmr_crypto_boring",
149 "libkmr_ta",
150 "libkmr_wire",
151 ],
152 srcs: ["ta/lib.rs"],
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]153}
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]154
A. Cody Schuffelen895ba8b2024-03-27 11:43:28 -0700[diff] [blame]155apex {
156 name: "com.android.hardware.keymint.rust_nonsecure",
157 manifest: "manifest.json",
158 file_contexts: "file_contexts",
159 key: "com.google.cf.apex.key",
160 certificate: ":com.android.hardware.certificate",
161 soc_specific: true,
162 updatable: false,
163 binaries: [
164 "android.hardware.security.keymint-service.nonsecure",
165 ],
166 prebuilts: [
167 "keymint_aidl_nonsecure_init_rc",
168 "keymint_aidl_nonsecure_vintf",
169 "android.hardware.hardware_keystore.xml", // permissions
170 ],
171}
172
173prebuilt_etc {
174 name: "keymint_aidl_nonsecure_init_rc",
175 filename_from_src: true,
176 vendor: true,
177 src: ":gen-keymint_aidl_nonsecure_init_rc",
178}
179
180genrule {
181 name: "gen-keymint_aidl_nonsecure_init_rc",
182 srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
183 out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
184 cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
185}
186
187prebuilt_etc {
188 name: "keymint_aidl_nonsecure_vintf",
189 sub_dir: "vintf",
190 vendor: true,
191 srcs: [
192 "android.hardware.security.keymint-service.xml",
193 "android.hardware.security.sharedsecret-service.xml",
194 "android.hardware.security.secureclock-service.xml",
195 ],
David Drysdale30196cf2023-12-02 19:24:15 +0000[diff] [blame]196}