Add vold and keymint related services
These are for encrypting /data partition. Also vintf related xmls are
added for the services.
Bug: 185767624
Bug: 188013319
Test: boot microdroid
Change-Id: Ie511e2b4f3565fef181cc57588c2e107182f1961
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 30fec88..894a1ec 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -69,14 +69,25 @@
"apexd",
"debuggerd",
+ "e2fsck",
+ "keystore2",
"linker",
"linkerconfig",
"servicemanager",
"tombstoned",
+ "tune2fs",
+ "vdc",
+ "vold",
+ "wait_for_keymaster",
"cgroups.json",
"public.libraries.android.txt",
+ // TODO(b/185767624): remove hidl after full keymint support
+ "hwservicemanager",
+
"plat_sepolicy_and_mapping.sha256",
+ "microdroid_compatibility_matrix",
+ "microdroid_manifest",
] + microdroid_shell_and_utilities,
multilib: {
common: {
@@ -145,9 +156,12 @@
name: "microdroid_vendor",
use_avb: true,
deps: [
+ "android.hardware.security.keymint-service",
"microdroid_fstab",
"microdroid_precompiled_sepolicy",
"microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
+ "microdroid_vendor_manifest",
+ "microdroid_vendor_compatibility_matrix",
],
multilib: {
common: {
@@ -428,3 +442,35 @@
name: "microdroid_payload.json",
src: "microdroid_payload.json",
}
+
+prebuilt_etc {
+ name: "microdroid_vendor_manifest",
+ src: "microdroid_vendor_manifest.xml",
+ filename: "manifest.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "microdroid_vendor_compatibility_matrix",
+ src: "microdroid_vendor_compatibility_matrix.xml",
+ filename: "compatibility_matrix.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "microdroid_compatibility_matrix",
+ src: "microdroid_compatibility_matrix.xml",
+ filename: "compatibility_matrix.current.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "microdroid_manifest",
+ src: "microdroid_manifest.xml",
+ filename: "manifest.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
diff --git a/microdroid/init.rc b/microdroid/init.rc
index 50f7389..68024e5 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -48,6 +48,9 @@
start servicemanager
+ # TODO(b/185767624): remove hidl after full keymint support
+ start hwservicemanager
+
start adbd
# TODO(b/186396070) microdroid_manager starts zipfuse if necessary
diff --git a/microdroid/microdroid_compatibility_matrix.xml b/microdroid/microdroid_compatibility_matrix.xml
new file mode 100644
index 0000000..7293d22
--- /dev/null
+++ b/microdroid/microdroid_compatibility_matrix.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<compatibility-matrix version="1.0" type="framework">
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.keymint</name>
+ <version>1</version>
+ <interface>
+ <name>IKeyMintDevice</name>
+ <instance>default</instance>
+ <instance>strongbox</instance>
+ </interface>
+ </hal>
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.keymint</name>
+ <interface>
+ <name>IRemotelyProvisionedComponent</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.secureclock</name>
+ <version>1</version>
+ <interface>
+ <name>ISecureClock</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.sharedsecret</name>
+ <version>1</version>
+ <interface>
+ <name>ISharedSecret</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/microdroid/microdroid_manifest.xml b/microdroid/microdroid_manifest.xml
new file mode 100644
index 0000000..28a374f
--- /dev/null
+++ b/microdroid/microdroid_manifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<manifest version="1.0" type="framework">
+ <!--TODO(b/185767624): remove hidl after full keymint support-->
+ <hal format="hidl">
+ <name>android.hidl.manager</name>
+ <transport>hwbinder</transport>
+ <version>1.2</version>
+ <interface>
+ <name>IServiceManager</name>
+ <instance>default</instance>
+ </interface>
+ <fqname>@1.2::IServiceManager/default</fqname>
+ </hal>
+ <hal format="hidl">
+ <name>android.hidl.token</name>
+ <transport>hwbinder</transport>
+ <version>1.0</version>
+ <interface>
+ <name>ITokenManager</name>
+ <instance>default</instance>
+ </interface>
+ <fqname>@1.0::ITokenManager/default</fqname>
+ </hal>
+</manifest>
diff --git a/microdroid/microdroid_payload.json b/microdroid/microdroid_payload.json
index ec4ff17..7af0452 100644
--- a/microdroid/microdroid_payload.json
+++ b/microdroid/microdroid_payload.json
@@ -1,6 +1,8 @@
{
"system_apexes": [
"com.android.adbd",
+ "com.android.i18n",
+ "com.android.os.statsd",
"com.android.sdkext"
],
"apk": {
diff --git a/microdroid/microdroid_vendor_compatibility_matrix.xml b/microdroid/microdroid_vendor_compatibility_matrix.xml
new file mode 100644
index 0000000..efa1c98
--- /dev/null
+++ b/microdroid/microdroid_vendor_compatibility_matrix.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<compatibility-matrix version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.system.keystore2</name>
+ <interface>
+ <name>IKeystoreService</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <!--TODO(b/185767624): remove hidl after full keymint support-->
+ <hal format="hidl" optional="true">
+ <name>android.hidl.manager</name>
+ <version>1.0</version>
+ <interface>
+ <name>IServiceManager</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="hidl" optional="true">
+ <name>android.hidl.token</name>
+ <version>1.0</version>
+ <interface>
+ <name>ITokenManager</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/microdroid/microdroid_vendor_file_contexts b/microdroid/microdroid_vendor_file_contexts
index 7405f1a..71b4fcd 100644
--- a/microdroid/microdroid_vendor_file_contexts
+++ b/microdroid/microdroid_vendor_file_contexts
@@ -34,3 +34,5 @@
/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
+
+/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
diff --git a/microdroid/microdroid_vendor_manifest.xml b/microdroid/microdroid_vendor_manifest.xml
new file mode 100644
index 0000000..a48e695
--- /dev/null
+++ b/microdroid/microdroid_vendor_manifest.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<manifest version="1.0" type="device" />