Split compos_key_service.
Split the code that implements the service from the code that starts
it as a binder service. This is preparation for also allowing it to be
started in a VM.
Bug: 193603140
Test: Run compos_key_host, connect to it via compos_key_cmd
Change-Id: I8f223ef19c9490dc349e1f677f670eedcf09dead
diff --git a/compos/src/compos_key_service.rs b/compos/src/compos_key_service.rs
index 993ef20..6b62e0f 100644
--- a/compos/src/compos_key_service.rs
+++ b/compos/src/compos_key_service.rs
@@ -27,22 +27,17 @@
};
use anyhow::{anyhow, Context, Result};
use compos_aidl_interface::aidl::com::android::compos::{
- CompOsKeyData::CompOsKeyData,
- ICompOsKeyService::{BnCompOsKeyService, ICompOsKeyService},
+ CompOsKeyData::CompOsKeyData, ICompOsKeyService::ICompOsKeyService,
};
use compos_aidl_interface::binder::{
- self, add_service, get_interface, BinderFeatures, ExceptionCode, Interface, ProcessState,
- Status, Strong,
+ self, get_interface, ExceptionCode, Interface, Status, Strong,
};
-use log::{info, warn, Level};
+use log::warn;
use ring::rand::{SecureRandom, SystemRandom};
use ring::signature;
use scopeguard::ScopeGuard;
use std::ffi::CString;
-const LOG_TAG: &str = "CompOsKeyService";
-const OUR_SERVICE_NAME: &str = "android.system.composkeyservice";
-
const KEYSTORE_SERVICE_NAME: &str = "android.system.keystore2.IKeystoreService/default";
const COMPOS_NAMESPACE: i64 = 101;
const PURPOSE_SIGN: KeyParameter =
@@ -65,7 +60,7 @@
const KEY_DESCRIPTOR: KeyDescriptor =
KeyDescriptor { domain: Domain::BLOB, nspace: COMPOS_NAMESPACE, alias: None, blob: None };
-struct CompOsKeyService {
+pub struct CompOsKeyService {
random: SystemRandom,
security_level: Strong<dyn IKeystoreSecurityLevel>,
}
@@ -99,13 +94,16 @@
}
impl CompOsKeyService {
- fn new(keystore_service: &Strong<dyn IKeystoreService>) -> Self {
- Self {
+ pub fn new() -> Result<Self> {
+ let keystore_service = get_interface::<dyn IKeystoreService>(KEYSTORE_SERVICE_NAME)
+ .context("No Keystore service")?;
+
+ Ok(Self {
random: SystemRandom::new(),
security_level: keystore_service
.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT)
- .unwrap(),
- }
+ .context("Getting SecurityLevel failed")?,
+ })
}
fn do_generate(&self) -> Result<CompOsKeyData> {
@@ -165,24 +163,3 @@
signature.ok_or_else(|| anyhow!("No signature returned"))
}
}
-
-fn main() -> Result<()> {
- android_logger::init_once(
- android_logger::Config::default().with_tag(LOG_TAG).with_min_level(Level::Trace),
- );
-
- // We need to start the thread pool for Binder to work properly.
- ProcessState::start_thread_pool();
-
- let keystore_service = get_interface::<dyn IKeystoreService>(KEYSTORE_SERVICE_NAME)
- .context("No Keystore service")?;
- let service = CompOsKeyService::new(&keystore_service);
- let service = BnCompOsKeyService::new_binder(service, BinderFeatures::default());
-
- add_service(OUR_SERVICE_NAME, service.as_binder()).context("Adding service failed")?;
- info!("It's alive!");
-
- ProcessState::join_thread_pool();
-
- Ok(())
-}