Add native code for cert munging.
Compsvc returns a self-signed cert (from Keystore), but we only want
the public key. Extracting this in Rust is non-trivial, so instead we
use existing support in BoringSSL in native code. (The details are
copied from compos_key_cmd.cpp, which in turn were copied from the
now-deleted FakeCompOS in odsign.)
We could alternatively do this in compsvc itself, but I was slightly
more reluctant to introduce native code there.
Bug: 186126194
Test: Run composd_cmd twice, check it accepts the key pair it generated.
Change-Id: I3faab9a7ada149d7f2776c2fb4d2656837c95e6f
diff --git a/compos/composd/native/Android.bp b/compos/composd/native/Android.bp
new file mode 100644
index 0000000..ad0afd9
--- /dev/null
+++ b/compos/composd/native/Android.bp
@@ -0,0 +1,42 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_library {
+ name: "libcomposd_native_rust",
+ crate_name: "composd_native",
+ srcs: ["lib.rs"],
+ rustlibs: [
+ "libcxx",
+ ],
+ static_libs: [
+ "libcomposd_native_cpp",
+ ],
+ shared_libs: ["libcrypto"],
+ apex_available: ["com.android.compos"],
+}
+
+cc_library_static {
+ name: "libcomposd_native_cpp",
+ srcs: ["composd_native.cpp"],
+ shared_libs: ["libcrypto"],
+ generated_headers: ["composd_native_header"],
+ generated_sources: ["composd_native_code"],
+ apex_available: ["com.android.compos"],
+}
+
+genrule {
+ name: "composd_native_code",
+ tools: ["cxxbridge"],
+ cmd: "$(location cxxbridge) $(in) >> $(out)",
+ srcs: ["lib.rs"],
+ out: ["composd_native_cxx_generated.cc"],
+}
+
+genrule {
+ name: "composd_native_header",
+ tools: ["cxxbridge"],
+ cmd: "$(location cxxbridge) $(in) --header >> $(out)",
+ srcs: ["lib.rs"],
+ out: ["lib.rs.h"],
+}