Dice Policy Aware authentication: Rust library
Dice policies are to be used by pVMs to seal the secrets in
Secretkeeper. The policies are such that only pVM with certain dice
chains can access the secrets. The constraints will be set by pVM (see
`constraint_spec` argument).
This patch introduces libdice_policy required for managing dice
policies. In particular, we write fn - `from_dice_chain()` which can be
used by client to construct appropriate policy out of dice chains.
Also includes unit tests.
Note on Trunkstable feature flagging: This patch creates a library, but
the lib is not used by any module/target that is included on device &
hence is no-op as far as feature flagging is concerned.
Test: atest libdice_policy.test
Bug: 291233378
Bug: 291238565
Change-Id: I32b78cefd77a9fd1f62800fd15569aea912f60bd
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 3bc7aba..171389b 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -28,6 +28,9 @@
},
{
"name": "initrd_bootconfig.test"
+ },
+ {
+ "name": "libdice_policy.test"
}
],
"avf-postsubmit": [