Remove vintf aidl and replace with binder
Aidl Instances can be gotten from the binder with
get_declared_instances.
Test: m keystore2 && m keystore2_unsafe_fuzzer
Change-Id: I36b4bdb8de6dd8abedf50d2026d1d841ce27c55d
diff --git a/keystore2/src/fuzzers/Android.bp b/keystore2/src/fuzzers/Android.bp
index 9a2d98d..4ac83e3 100644
--- a/keystore2/src/fuzzers/Android.bp
+++ b/keystore2/src/fuzzers/Android.bp
@@ -20,6 +20,7 @@
name: "keystore2_unsafe_fuzzer",
srcs: ["keystore2_unsafe_fuzzer.rs"],
rustlibs: [
+ "libbinder_rs",
"libkeystore2",
"libkeystore2_crypto_rust",
"libkeystore2_vintf_rust",
diff --git a/keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs b/keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs
index 1a385e7..3291190 100644
--- a/keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs
+++ b/keystore2/src/fuzzers/keystore2_unsafe_fuzzer.rs
@@ -17,6 +17,7 @@
#![feature(slice_internals)]
#![no_main]
+use binder::get_declared_instances;
use core::slice::memchr;
use keystore2::{legacy_blob::LegacyBlobLoader, utils::ui_opts_2_compat};
use keystore2_aaid::get_aaid;
@@ -28,7 +29,7 @@
hmac_sha256, parse_subject_from_certificate, Password, ZVec,
};
use keystore2_selinux::{check_access, getpidcon, setcon, Backend, Context, KeystoreKeyBackend};
-use keystore2_vintf::{get_aidl_instances, get_hidl_instances};
+use keystore2_vintf::get_hidl_instances;
use libfuzzer_sys::{arbitrary::Arbitrary, fuzz_target};
use std::{ffi::CString, sync::Arc};
@@ -97,7 +98,6 @@
},
GetAidlInstances {
aidl_package: &'a str,
- version: usize,
aidl_interface_name: &'a str,
},
GetAaid {
@@ -191,8 +191,11 @@
} => {
get_hidl_instances(hidl_package, major_version, minor_version, hidl_interface_name);
}
- FuzzCommand::GetAidlInstances { aidl_package, version, aidl_interface_name } => {
- get_aidl_instances(aidl_package, version, aidl_interface_name);
+ FuzzCommand::GetAidlInstances { aidl_package, aidl_interface_name } => {
+ get_declared_instances(
+ format!("{}.{}", aidl_package, aidl_interface_name).as_str(),
+ )
+ .unwrap();
}
FuzzCommand::GetAaid { aaid_uid } => {
let _res = get_aaid(aaid_uid);
diff --git a/keystore2/src/globals.rs b/keystore2/src/globals.rs
index bd60f04..8b26ceb 100644
--- a/keystore2/src/globals.rs
+++ b/keystore2/src/globals.rs
@@ -41,7 +41,7 @@
use android_security_compat::aidl::android::security::compat::IKeystoreCompatService::IKeystoreCompatService;
use anyhow::{Context, Result};
use binder::FromIBinder;
-use keystore2_vintf::get_aidl_instances;
+use binder::get_declared_instances;
use lazy_static::lazy_static;
use std::sync::{Arc, Mutex, RwLock};
use std::{cell::RefCell, sync::Once};
@@ -183,7 +183,7 @@
version: i32,
) -> Result<Option<(i32, String)>> {
let keymint_instances =
- get_aidl_instances("android.hardware.security.keymint", version as usize, "IKeyMintDevice");
+ get_declared_instances("android.hardware.security.keymint.IKeyMintDevice").unwrap();
let service_name = match *security_level {
SecurityLevel::TRUSTED_ENVIRONMENT => {
@@ -229,7 +229,7 @@
Ok(sl)
}
})
- .context(ks_err!())?;
+ .context(ks_err!("Get service name by version"))?;
let (keymint, hal_version) = if let Some((version, service_name)) = service_name {
let km: Strong<dyn IKeyMintDevice> =
@@ -334,7 +334,8 @@
if let Some((dev, hw_info, uuid)) = devices_map.dev_by_sec_level(security_level) {
Ok((dev, hw_info, uuid))
} else {
- let (dev, hw_info) = connect_keymint(security_level).context(ks_err!())?;
+ let (dev, hw_info) =
+ connect_keymint(security_level).context(ks_err!("Cannot connect to Keymint"))?;
devices_map.insert(*security_level, dev, hw_info);
// Unwrap must succeed because we just inserted it.
Ok(devices_map.dev_by_sec_level(security_level).unwrap())
@@ -368,7 +369,7 @@
/// to connect to the legacy wrapper.
fn connect_secureclock() -> Result<Strong<dyn ISecureClock>> {
let secureclock_instances =
- get_aidl_instances("android.hardware.security.secureclock", 1, "ISecureClock");
+ get_declared_instances("android.hardware.security.secureclock.ISecureClock").unwrap();
let secure_clock_available =
secureclock_instances.iter().any(|instance| *instance == "default");
@@ -419,7 +420,7 @@
/// Get the service name of a remotely provisioned component corresponding to given security level.
pub fn get_remotely_provisioned_component_name(security_level: &SecurityLevel) -> Result<String> {
let remotely_prov_instances =
- get_aidl_instances("android.hardware.security.keymint", 1, "IRemotelyProvisionedComponent");
+ get_declared_instances(REMOTE_PROVISIONING_HAL_SERVICE_NAME).unwrap();
match *security_level {
SecurityLevel::TRUSTED_ENVIRONMENT => {
diff --git a/keystore2/src/shared_secret_negotiation.rs b/keystore2/src/shared_secret_negotiation.rs
index 81644ec..739f4ba 100644
--- a/keystore2/src/shared_secret_negotiation.rs
+++ b/keystore2/src/shared_secret_negotiation.rs
@@ -23,7 +23,8 @@
};
use android_security_compat::aidl::android::security::compat::IKeystoreCompatService::IKeystoreCompatService;
use anyhow::Result;
-use keystore2_vintf::{get_aidl_instances, get_hidl_instances};
+use binder::get_declared_instances;
+use keystore2_vintf::get_hidl_instances;
use std::fmt::{self, Display, Formatter};
use std::time::Duration;
@@ -111,6 +112,8 @@
static KEYMASTER_INTERFACE_NAME: &str = "IKeymasterDevice";
static SHARED_SECRET_PACKAGE_NAME: &str = "android.hardware.security.sharedsecret";
static SHARED_SECRET_INTERFACE_NAME: &str = "ISharedSecret";
+static SHARED_SECRET_PACKAGE_AND_INTERFACE_NAME: &str =
+ "android.hardware.security.sharedsecret.ISharedSecret";
static COMPAT_PACKAGE_NAME: &str = "android.security.compat";
/// Lists participants.
@@ -141,7 +144,8 @@
.collect::<Vec<SharedSecretParticipant>>()
})
.chain({
- get_aidl_instances(SHARED_SECRET_PACKAGE_NAME, 1, SHARED_SECRET_INTERFACE_NAME)
+ get_declared_instances(SHARED_SECRET_PACKAGE_AND_INTERFACE_NAME)
+ .unwrap()
.into_iter()
.map(SharedSecretParticipant::Aidl)
.collect::<Vec<_>>()
diff --git a/keystore2/src/vintf/lib.rs b/keystore2/src/vintf/lib.rs
index 08384bd..5bb015f 100644
--- a/keystore2/src/vintf/lib.rs
+++ b/keystore2/src/vintf/lib.rs
@@ -27,10 +27,6 @@
minor_version: usize,
interface_name: &str,
) -> Vec<String>;
-
- /// Gets the instances of the given package, version, and interface tuple.
- /// Note that this is not a zero-cost shim: it will make copies of the strings.
- fn get_aidl_instances(package: &str, version: usize, interface_name: &str) -> Vec<String>;
}
}
diff --git a/keystore2/src/vintf/vintf.cpp b/keystore2/src/vintf/vintf.cpp
index a550b10..bf77f5e 100644
--- a/keystore2/src/vintf/vintf.cpp
+++ b/keystore2/src/vintf/vintf.cpp
@@ -34,11 +34,3 @@
static_cast<std::string>(interfaceName));
return convert(names);
}
-
-rust::Vec<rust::String> get_aidl_instances(rust::Str package, size_t version,
- rust::Str interfaceName) {
- const auto manifest = android::vintf::VintfObject::GetDeviceHalManifest();
- const auto names = manifest->getAidlInstances(static_cast<std::string>(package), version,
- static_cast<std::string>(interfaceName));
- return convert(names);
-}
diff --git a/keystore2/src/vintf/vintf.hpp b/keystore2/src/vintf/vintf.hpp
index c4a7ef6..ef1e788 100644
--- a/keystore2/src/vintf/vintf.hpp
+++ b/keystore2/src/vintf/vintf.hpp
@@ -20,5 +20,3 @@
rust::Vec<rust::String> get_hidl_instances(rust::Str package, size_t major_version,
size_t minor_version, rust::Str interfaceName);
-rust::Vec<rust::String> get_aidl_instances(rust::Str package, size_t version,
- rust::Str interfaceName);