Merge "Use binder to get AIDL descriptor in Rust"
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index 79b938c..a47c2c2 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -31,6 +31,7 @@
     ],
 
     rustlibs: [
+        "android.hardware.security.rkp-V3-rust",
         "android.hardware.security.secureclock-V1-rust",
         "android.hardware.security.sharedsecret-V1-rust",
         "android.os.permissions_aidl-rust",
diff --git a/keystore2/src/globals.rs b/keystore2/src/globals.rs
index 10d6f46..0f899ed 100644
--- a/keystore2/src/globals.rs
+++ b/keystore2/src/globals.rs
@@ -16,8 +16,9 @@
 //! database connections and connections to services that Keystore needs
 //! to talk to.
 
-use crate::ks_err;
 use crate::gc::Gc;
+use crate::km_compat::{BacklevelKeyMintWrapper, KeyMintV1};
+use crate::ks_err;
 use crate::legacy_blob::LegacyBlobLoader;
 use crate::legacy_importer::LegacyImporter;
 use crate::super_key::SuperKeyManager;
@@ -28,20 +29,23 @@
     database::Uuid,
     error::{map_binder_status, map_binder_status_code, Error, ErrorCode},
 };
-use crate::km_compat::{KeyMintV1, BacklevelKeyMintWrapper};
 use crate::{enforcements::Enforcements, error::map_km_error};
 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
     IKeyMintDevice::BpKeyMintDevice, IKeyMintDevice::IKeyMintDevice,
     KeyMintHardwareInfo::KeyMintHardwareInfo, SecurityLevel::SecurityLevel,
 };
-use android_hardware_security_secureclock::aidl::android::hardware::security::secureclock::{
-    ISecureClock::ISecureClock,
-};
 use android_hardware_security_keymint::binder::{StatusCode, Strong};
+use android_hardware_security_rkp::aidl::android::hardware::security::keymint::{
+    IRemotelyProvisionedComponent::BpRemotelyProvisionedComponent,
+    IRemotelyProvisionedComponent::IRemotelyProvisionedComponent,
+};
+use android_hardware_security_secureclock::aidl::android::hardware::security::secureclock::{
+    ISecureClock::BpSecureClock, ISecureClock::ISecureClock,
+};
 use android_security_compat::aidl::android::security::compat::IKeystoreCompatService::IKeystoreCompatService;
 use anyhow::{Context, Result};
-use binder::FromIBinder;
 use binder::get_declared_instances;
+use binder::FromIBinder;
 use lazy_static::lazy_static;
 use std::sync::{Arc, Mutex, RwLock};
 use std::{cell::RefCell, sync::Once};
@@ -174,8 +178,8 @@
 }
 
 /// Determine the service name for a KeyMint device of the given security level
-/// which implements at least the specified version of the `IKeyMintDevice`
-/// interface.
+/// gotten by binder service from the device and determining what services
+/// are available.
 fn keymint_service_name(security_level: &SecurityLevel) -> Result<Option<String>> {
     let keymint_descriptor: &str = <BpKeyMintDevice as IKeyMintDevice>::get_descriptor();
     let keymint_instances = get_declared_instances(keymint_descriptor).unwrap();
@@ -212,10 +216,10 @@
 fn connect_keymint(
     security_level: &SecurityLevel,
 ) -> Result<(Strong<dyn IKeyMintDevice>, KeyMintHardwareInfo)> {
-    // Connects to binder to get the current keymint interface and
-    // based on the security level returns a service name to connect
-    // to.
-    let service_name = keymint_service_name(security_level).context(ks_err!("Get service name"))?;
+    // Show the keymint interface that is registered in the binder
+    // service and use the security level to get the service name.
+    let service_name = keymint_service_name(security_level)
+        .context(ks_err!("Get service name from binder service"))?;
 
     let (keymint, hal_version) = if let Some(service_name) = service_name {
         let km: Strong<dyn IKeyMintDevice> =
@@ -359,19 +363,17 @@
     KEY_MINT_DEVICES.lock().unwrap().devices()
 }
 
-static TIME_STAMP_SERVICE_NAME: &str = "android.hardware.security.secureclock.ISecureClock";
-
 /// Make a new connection to a secure clock service.
 /// If no native SecureClock device can be found brings up the compatibility service and attempts
 /// to connect to the legacy wrapper.
 fn connect_secureclock() -> Result<Strong<dyn ISecureClock>> {
-    let secureclock_instances =
-        get_declared_instances("android.hardware.security.secureclock.ISecureClock").unwrap();
+    let secure_clock_descriptor: &str = <BpSecureClock as ISecureClock>::get_descriptor();
+    let secureclock_instances = get_declared_instances(secure_clock_descriptor).unwrap();
 
     let secure_clock_available =
         secureclock_instances.iter().any(|instance| *instance == "default");
 
-    let default_time_stamp_service_name = format!("{}/default", TIME_STAMP_SERVICE_NAME);
+    let default_time_stamp_service_name = format!("{}/default", secure_clock_descriptor);
 
     let secureclock = if secure_clock_available {
         map_binder_status_code(binder::get_interface(&default_time_stamp_service_name))
@@ -411,25 +413,23 @@
     }
 }
 
-static REMOTE_PROVISIONING_HAL_SERVICE_NAME: &str =
-    "android.hardware.security.keymint.IRemotelyProvisionedComponent";
-
 /// Get the service name of a remotely provisioned component corresponding to given security level.
 pub fn get_remotely_provisioned_component_name(security_level: &SecurityLevel) -> Result<String> {
-    let remotely_prov_instances =
-        get_declared_instances(REMOTE_PROVISIONING_HAL_SERVICE_NAME).unwrap();
+    let remote_prov_descriptor: &str =
+        <BpRemotelyProvisionedComponent as IRemotelyProvisionedComponent>::get_descriptor();
+    let remotely_prov_instances = get_declared_instances(remote_prov_descriptor).unwrap();
 
     match *security_level {
         SecurityLevel::TRUSTED_ENVIRONMENT => {
             if remotely_prov_instances.iter().any(|instance| *instance == "default") {
-                Some(format!("{}/default", REMOTE_PROVISIONING_HAL_SERVICE_NAME))
+                Some(format!("{}/default", remote_prov_descriptor))
             } else {
                 None
             }
         }
         SecurityLevel::STRONGBOX => {
             if remotely_prov_instances.iter().any(|instance| *instance == "strongbox") {
-                Some(format!("{}/strongbox", REMOTE_PROVISIONING_HAL_SERVICE_NAME))
+                Some(format!("{}/strongbox", remote_prov_descriptor))
             } else {
                 None
             }
diff --git a/keystore2/src/shared_secret_negotiation.rs b/keystore2/src/shared_secret_negotiation.rs
index 1941419..ff0ddf8 100644
--- a/keystore2/src/shared_secret_negotiation.rs
+++ b/keystore2/src/shared_secret_negotiation.rs
@@ -19,7 +19,8 @@
 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::SecurityLevel::SecurityLevel;
 use android_hardware_security_keymint::binder::Strong;
 use android_hardware_security_sharedsecret::aidl::android::hardware::security::sharedsecret::{
-    ISharedSecret::ISharedSecret, SharedSecretParameters::SharedSecretParameters,
+    ISharedSecret::BpSharedSecret, ISharedSecret::ISharedSecret,
+    SharedSecretParameters::SharedSecretParameters,
 };
 use android_security_compat::aidl::android::security::compat::IKeystoreCompatService::IKeystoreCompatService;
 use anyhow::Result;
@@ -63,11 +64,9 @@
 impl Display for SharedSecretParticipant {
     fn fmt(&self, f: &mut Formatter) -> fmt::Result {
         match self {
-            Self::Aidl(instance) => write!(
-                f,
-                "{}.{}/{}",
-                SHARED_SECRET_PACKAGE_NAME, SHARED_SECRET_INTERFACE_NAME, instance
-            ),
+            Self::Aidl(instance) => {
+                write!(f, "{}/{}", <BpSharedSecret as ISharedSecret>::get_descriptor(), instance)
+            }
             Self::Hidl { is_strongbox, version: (ma, mi) } => write!(
                 f,
                 "{}@V{}.{}::{}/{}",
@@ -110,10 +109,6 @@
 
 static KEYMASTER_PACKAGE_NAME: &str = "android.hardware.keymaster";
 static KEYMASTER_INTERFACE_NAME: &str = "IKeymasterDevice";
-static SHARED_SECRET_PACKAGE_NAME: &str = "android.hardware.security.sharedsecret";
-static SHARED_SECRET_INTERFACE_NAME: &str = "ISharedSecret";
-static SHARED_SECRET_PACKAGE_AND_INTERFACE_NAME: &str =
-    "android.hardware.security.sharedsecret.ISharedSecret";
 static COMPAT_PACKAGE_NAME: &str = "android.security.compat";
 
 /// Lists participants.
@@ -144,7 +139,7 @@
                 .collect::<Vec<SharedSecretParticipant>>()
         })
         .chain({
-            get_declared_instances(SHARED_SECRET_PACKAGE_AND_INTERFACE_NAME)
+            get_declared_instances(<BpSharedSecret as ISharedSecret>::get_descriptor())
                 .unwrap()
                 .into_iter()
                 .map(SharedSecretParticipant::Aidl)
@@ -166,8 +161,9 @@
                 match e {
                     SharedSecretParticipant::Aidl(instance_name) => {
                         let service_name = format!(
-                            "{}.{}/{}",
-                            SHARED_SECRET_PACKAGE_NAME, SHARED_SECRET_INTERFACE_NAME, instance_name
+                            "{}/{}",
+                            <BpSharedSecret as ISharedSecret>::get_descriptor(),
+                            instance_name
                         );
                         match map_binder_status_code(binder::get_interface(&service_name)) {
                             Err(e) => {