Dice Policy Aware authentication: Rust library

Dice policies are to be used by pVMs to seal the secrets in
Secretkeeper. The policies are such that only pVM with certain dice
chains can access the secrets. The constraints will be set by pVM (see
`constraint_spec` argument).

This patch introduces libdice_policy required for managing dice
policies. In particular, we write fn - `from_dice_chain()` which can be
used by client to construct appropriate policy out of dice chains.

Also includes unit tests.

Note on Trunkstable feature flagging: This patch creates a library, but
the lib is not used by any module/target that is included on device &
hence is no-op as far as feature flagging is concerned.

Test: atest libdice_policy.test
Bug: 291233378
Bug: 291238565
Change-Id: I32b78cefd77a9fd1f62800fd15569aea912f60bd
4 files changed
tree: a5689dde0a658855f99de070b199247e9a1561b0
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. javalib/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. service_vm/
  17. tests/
  18. virtualizationmanager/
  19. virtualizationservice/
  20. vm/
  21. vm_payload/
  22. vmbase/
  23. vmclient/
  24. zipfuse/
  25. .clang-format
  26. .gitignore
  27. Android.bp
  28. OWNERS
  29. PREUPLOAD.cfg
  30. README.md
  31. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

How-Tos: