commit f5d0f33f507ad14bba53b83ccf642ae16e8edf00
author Alice Wang <aliceywang@google.com> Thu Feb 09 15:59:45 2023 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Feb 09 15:59:45 2023 +0000
tree f34ab35e01485150c6f28eca03cd81646b15d1a2
parent a3f06afe4adffc55b2380f93bfbeb3a6c680422e
parent 87a3a662c8c36f3e2a6da07eec5eb1c771d45330

Merge "[dice] Remove unused module proxy_node_hal"

diced/src/lib.rs

diff --git a/diced/src/lib.rs b/diced/src/lib.rs
index 648ad3b..b41111a 100644
--- a/diced/src/lib.rs
+++ b/diced/src/lib.rs
@@ -16,9 +16,7 @@
 
 mod error;
 mod permission;
-mod proxy_node_hal;
 
-pub use crate::proxy_node_hal::ProxyNodeHal;
 use android_hardware_security_dice::aidl::android::hardware::security::dice::{
     Bcc::Bcc, BccHandover::BccHandover, Config::Config as BinderConfig,
     InputValues::InputValues as BinderInputValues, Mode::Mode, Signature::Signature,

diced/src/proxy_node_hal.rs

diff --git a/diced/src/proxy_node_hal.rs b/diced/src/proxy_node_hal.rs
deleted file mode 100644
index 8d883d2..0000000
--- a/diced/src/proxy_node_hal.rs
+++ /dev/null
@@ -1,119 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! A proxy dice node delegates all accesses to CDI_attest and CDI_seal to a parent
-//! node, here an implementation of android.hardware.security.dice.IDiceDevice.
-
-#![allow(dead_code)]
-
-use crate::DiceNodeImpl;
-use android_hardware_security_dice::aidl::android::hardware::security::dice::{
-    Bcc::Bcc, BccHandover::BccHandover, IDiceDevice::IDiceDevice,
-    InputValues::InputValues as BinderInputValues, Signature::Signature,
-};
-use anyhow::{Context, Result};
-use binder::Strong;
-use std::collections::HashMap;
-use std::sync::RwLock;
-
-/// The ProxyNodeHal implements a IDiceNode backend delegating crypto operations
-/// to the corresponding HAL.
-pub struct ProxyNodeHal {
-    parent: Strong<dyn IDiceDevice>,
-    demotion_db: RwLock<HashMap<BinderInputValues, Vec<BinderInputValues>>>,
-}
-
-impl ProxyNodeHal {
-    /// Creates a new proxy node with a reference to the parent service.
-    pub fn new(parent: Strong<dyn IDiceDevice>) -> Result<Self> {
-        Ok(ProxyNodeHal { parent, demotion_db: Default::default() })
-    }
-
-    fn get_effective_input_values(
-        &self,
-        client: BinderInputValues,
-        input_values: &[BinderInputValues],
-    ) -> Vec<BinderInputValues> {
-        let demotion_db = self.demotion_db.read().unwrap();
-
-        let client_arr = [client];
-
-        demotion_db
-            .get(&client_arr[0])
-            .map(|v| v.iter())
-            .unwrap_or_else(|| client_arr.iter())
-            .chain(input_values.iter())
-            .cloned()
-            .collect()
-    }
-}
-
-impl DiceNodeImpl for ProxyNodeHal {
-    fn sign(
-        &self,
-        client: BinderInputValues,
-        input_values: &[BinderInputValues],
-        message: &[u8],
-    ) -> Result<Signature> {
-        self.parent
-            .sign(&self.get_effective_input_values(client, input_values), message)
-            .context("In ProxyNodeHal::sign:")
-    }
-
-    fn get_attestation_chain(
-        &self,
-        client: BinderInputValues,
-        input_values: &[BinderInputValues],
-    ) -> Result<Bcc> {
-        self.parent
-            .getAttestationChain(&self.get_effective_input_values(client, input_values))
-            .context("In ProxyNodeHal::get_attestation_chain:")
-    }
-
-    fn derive(
-        &self,
-        client: BinderInputValues,
-        input_values: &[BinderInputValues],
-    ) -> Result<BccHandover> {
-        self.parent
-            .derive(&self.get_effective_input_values(client, input_values))
-            .context("In ProxyNodeHal::derive:")
-    }
-
-    fn demote(&self, client: BinderInputValues, input_values: &[BinderInputValues]) -> Result<()> {
-        let mut demotion_db = self.demotion_db.write().unwrap();
-
-        let client_arr = [client];
-
-        // The following statement consults demotion database which yields an optional demotion
-        // path. It then constructs an iterator over the following elements, then clones and
-        // collects them into a new vector:
-        // [ demotion path | client ], input_values
-        let new_path: Vec<BinderInputValues> = demotion_db
-            .get(&client_arr[0])
-            .map(|v| v.iter())
-            .unwrap_or_else(|| client_arr.iter())
-            .chain(input_values)
-            .cloned()
-            .collect();
-
-        let [client] = client_arr;
-        demotion_db.insert(client, new_path);
-        Ok(())
-    }
-
-    fn demote_self(&self, input_values: &[BinderInputValues]) -> Result<()> {
-        self.parent.demote(input_values).context("In ProxyNodeHal::demote_self:")
-    }
-}