Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / b2e1d031007ca89d0bf8649e791a5e77ab6a61e8^! / . / keystore2 / src / keystore2_main.rs
commitb2e1d031007ca89d0bf8649e791a5e77ab6a61e8[log] [tgz]
authorMax Bires <jbires@google.com>Mon Feb 08 21:35:05 2021 -0800
committerMax Bires <jbires@google.com>Thu Feb 18 20:31:53 2021 -0800
tree33345dd42953fb8a8b579c03d9a6444dc0b2f27d
parente8b2700139b2f94225c50147e73b0e5a6e6f0504 [diff] [blame]
Start the remoteprovisioning service

This change implements the functionality needed to start the
remoteprovisioning service as well as connect the service to the actual
IRemotelyProvisioned component HAL service backends, if they are
available. Failure to find these backends will not panic the service, as
they are not mandatory even on devices launching with KS2 + KeyMint.

Test: m keystore2_test && adb sync && adb shell /data/nativetest/keystore2_test/keystore2_test

Change-Id: I98030a083f2227ba4790dc2fb2c2d2f2df6648fc

diff --git a/keystore2/src/keystore2_main.rs b/keystore2/src/keystore2_main.rs
index 30e3e22..9dc59a2 100644
--- a/keystore2/src/keystore2_main.rs
+++ b/keystore2/src/keystore2_main.rs

@@ -17,6 +17,7 @@
 use keystore2::apc::ApcManager;
 use keystore2::authorization::AuthorizationManager;
 use keystore2::globals::ENFORCEMENTS;
+use keystore2::remote_provisioning::RemoteProvisioningService;
 use keystore2::service::KeystoreService;
 use keystore2::user_manager::UserManager;
 use log::{error, info};
@@ -25,6 +26,7 @@
 static KS2_SERVICE_NAME: &str = "android.system.keystore2";
 static APC_SERVICE_NAME: &str = "android.security.apc";
 static AUTHORIZATION_SERVICE_NAME: &str = "android.security.authorization";
+static REMOTE_PROVISIONING_SERVICE_NAME: &str = "android.security.remoteprovisioning";
 static USER_MANAGER_SERVICE_NAME: &str = "android.security.usermanager";
 
 /// Keystore 2.0 takes one argument which is a path indicating its designated working directory.
@@ -98,6 +100,20 @@
         },
     );
 
+    // Devices with KS2 and KM 1.0 may not have any IRemotelyProvisionedComponent HALs at all. Do
+    // not panic if new_native_binder returns failure because it could not find the TEE HAL.
+    if let Ok(remote_provisioning_service) = RemoteProvisioningService::new_native_binder() {
+        binder::add_service(
+            REMOTE_PROVISIONING_SERVICE_NAME,
+            remote_provisioning_service.as_binder(),
+        )
+        .unwrap_or_else(|e| {
+            panic!(
+                "Failed to register service {} because of {:?}.",
+                REMOTE_PROVISIONING_SERVICE_NAME, e
+            );
+        });
+    }
     info!("Successfully registered Keystore 2.0 service.");
 
     info!("Joining thread pool now.");