commit | 71b4f83234fecd1397e794f8fe46e891430be594 | [log] [tgz] |
---|---|---|
author | Shikha Panwar <shikhapanwar@google.com> | Mon Aug 21 17:43:09 2023 +0000 |
committer | Shikha Panwar <shikhapanwar@google.com> | Wed Sep 06 18:52:55 2023 +0000 |
tree | a5689dde0a658855f99de070b199247e9a1561b0 | |
parent | 05ad73e0b40d9e423d85467572c175f62a01e5ee [diff] |
Dice Policy Aware authentication: Rust library Dice policies are to be used by pVMs to seal the secrets in Secretkeeper. The policies are such that only pVM with certain dice chains can access the secrets. The constraints will be set by pVM (see `constraint_spec` argument). This patch introduces libdice_policy required for managing dice policies. In particular, we write fn - `from_dice_chain()` which can be used by client to construct appropriate policy out of dice chains. Also includes unit tests. Note on Trunkstable feature flagging: This patch creates a library, but the lib is not used by any module/target that is included on device & hence is no-op as far as feature flagging is concerned. Test: atest libdice_policy.test Bug: 291233378 Bug: 291238565 Change-Id: I32b78cefd77a9fd1f62800fd15569aea912f60bd
Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.
Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.
If you want a quick start, see the getting started guideline and follow the steps there.
For in-depth explanations about individual topics and components, visit the following links.
AVF components:
How-Tos: