commit 61eebeda1a14e9c056f370fa768a2d4bcd19ff63
author Jiyong Park <jiyong@google.com> Tue Dec 20 19:24:48 2022 +0900
committer Jiyong Park <jiyong@google.com> Tue Dec 20 19:24:48 2022 +0900
tree 261f44d071ddab6cd0d963d4423d154fb89999b9
parent 2df4d3f7bab86edf47b19b453d9504a016bdba36

Add prng_seeder

The daemon has the exclusive access to /dev/hw_random which is the true
source of the entrophy and provides a socket (/dev/prng_seeder/socket)
to other processes for providing random numbers.

Bug: 247781653
Test: same as aosp/I0a7e339115a2cf6b819730dcf5f8b189a339c57d
    * Verify prng_seeder daemon is running and has the
      correct label (via ps -Z)
    * Verify prng_seeder socket present and has correct
      label (via ls -Z)
    * Verify no SELinux denials
    * strace a libcrypto process and verify it reads seeding
      data from prng_seeder (e.g. strace bssl rand -hex 1024)
    * strace seeder daemon to observe incoming connections
      (e.g. strace -f -p `pgrep prng_seeder`)
Change-Id: I5061d2a2bab649bcbcc1537952dd01e4a39f7bf0

microdroid/Android.bp

diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 2b8e03f..8cc8daf 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -89,6 +89,8 @@
         "liblzma", // used by init_second_stage
 
         "libvm_payload", // used by payload to interact with microdroid manager
+
+        "prng_seeder",
     ] + microdroid_shell_and_utilities,
     multilib: {
         common: {