Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 99652dc7b20d27be7c61c625461ba216ba3ec7b5^! / . / diced / src / diced_main.rs
commit99652dc7b20d27be7c61c625461ba216ba3ec7b5[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Wed Oct 20 15:59:33 2021 -0700
committerJanis Danisevskis <jdanis@google.com>Fri Jan 07 12:05:56 2022 -0800
tree885ad65c1c7720b1049fcaf5e4228847ac920037
parent2ded9cb10d9f38d1dd06afff9ef25941df64e1cc [diff] [blame]
Diced: Add dice maintenance implementation

The maintenace interface allows a privileged client to demote diced to
permanently assume the identity of a child.

Test: WIP
Bug: 198197213
Change-Id: I6626d176204564d99f504a2c3b6a75c85e140d80

diff --git a/diced/src/diced_main.rs b/diced/src/diced_main.rs
index bc6e762..c6a5b68 100644
--- a/diced/src/diced_main.rs
+++ b/diced/src/diced_main.rs

@@ -14,13 +14,13 @@
 
 //! Main entry point for diced, the friendly neighborhood DICE service.
 
-use diced::dice::CDI_SIZE;
-use diced::DiceNode;
-use diced::ResidentNode;
+use diced::{DiceMaintenance, DiceNode, ResidentNode};
+use std::convert::TryInto;
 use std::panic;
 use std::sync::Arc;
 
-static DICE_SERVICE_NAME: &str = "android.security.dice";
+static DICE_NODE_SERVICE_NAME: &str = "android.security.dice.IDiceNode";
+static DICE_MAINTENANCE_SERVICE_NAME: &str = "android.security.dice.IDiceMaintenance";
 
 fn main() {
     android_logger::init_once(
@@ -34,17 +34,30 @@
     // Saying hi.
     log::info!("Diced, your friendly neighborhood DICE service, is starting.");
 
+    let (cdi_attest, cdi_seal, bcc) = diced_sample_inputs::make_sample_bcc_and_cdis()
+        .expect("Failed to create sample dice artifacts.");
+
     let node_impl = Arc::new(
-        ResidentNode::new(&[0u8; CDI_SIZE], &[1u8; CDI_SIZE], vec![])
-            .expect("Failed to construct a resident node."),
+        ResidentNode::new(
+            cdi_attest[..].try_into().expect("Failed to convert cdi_attest into array ref."),
+            cdi_seal[..].try_into().expect("Failed to convert cdi_seal into array ref."),
+            bcc,
+        )
+        .expect("Failed to construct a resident node."),
     );
 
-    let node =
-        DiceNode::new_as_binder(node_impl).expect("Failed to create IDiceNode service instance.");
+    let node = DiceNode::new_as_binder(node_impl.clone())
+        .expect("Failed to create IDiceNode service instance.");
 
-    binder::add_service(DICE_SERVICE_NAME, node.as_binder())
+    let maintenance = DiceMaintenance::new_as_binder(node_impl)
+        .expect("Failed to create IDiceMaintenance service instance.");
+
+    binder::add_service(DICE_NODE_SERVICE_NAME, node.as_binder())
         .expect("Failed to register IDiceNode Service");
 
+    binder::add_service(DICE_MAINTENANCE_SERVICE_NAME, maintenance.as_binder())
+        .expect("Failed to register IDiceMaintenance Service");
+
     log::info!("Joining thread pool now.");
     binder::ProcessState::join_thread_pool();
 }