8898d2ec57
Add `ISecretkeeper::getAuthGraphKe()` method to the Secretkeeper HAL. Align the AIDL targets between AuthGraph and Secretkeeper, and add some defaults that automatically link to the current version of the Secretkeeper AIDL targets. Move the non-secure implementation of AuthGraph to run the TA in a separate thread. Alter the nonsecure implementation of Secretkeeper so that it no longer directly implements Secretkeeper functionality, but instead re-uses common code from the Secretkeeper reference implementation. This involves re-using the common implementation of the HAL service (from `authgraph_hal`), but also involves using the reference implementation of the the TA code that would normally run in a separate secure environment. The latter code expects to run in a single-threaded environment, so run it in a single local thread. Note that the negotiated session keys emitted by AuthGraph are not yet used by Secretkeeper (coming in a subsequent CL). Extend the Secretkeeper VTS tests to invoke the AuthGraph VTS inner tests on the returned IAuthGraphKeyExchange instance, exercising the instance as an AuthGraph sink. Bug: 291228560 Test: VtsSecretkeeperTargetTest Change-Id: Ia2c97976edc4530b2c902d95a74f3c340d342174
88 lines
2.6 KiB
Text
88 lines
2.6 KiB
Text
// Copyright (C) 2023 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package {
|
|
// See: http://go/android-license-faq
|
|
// A large-scale-change added 'default_applicable_licenses' to import
|
|
// all of the 'license_kinds' from "hardware_interfaces_license"
|
|
// to get the below license kinds:
|
|
// SPDX-license-identifier-Apache-2.0
|
|
default_applicable_licenses: ["hardware_interfaces_license"],
|
|
}
|
|
|
|
aidl_interface {
|
|
name: "android.hardware.security.authgraph",
|
|
vendor_available: true,
|
|
srcs: [
|
|
"android/hardware/security/authgraph/*.aidl",
|
|
],
|
|
stability: "vintf",
|
|
frozen: false,
|
|
backend: {
|
|
java: {
|
|
platform_apis: true,
|
|
},
|
|
ndk: {
|
|
enabled: true,
|
|
},
|
|
rust: {
|
|
enabled: true,
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.virt",
|
|
],
|
|
},
|
|
},
|
|
}
|
|
|
|
// cc_defaults that includes the latest Authgraph AIDL library.
|
|
// Modules that depend on Authgraph directly can include this cc_defaults to avoid
|
|
// managing dependency versions explicitly.
|
|
cc_defaults {
|
|
name: "authgraph_use_latest_hal_aidl_ndk_static",
|
|
static_libs: [
|
|
"android.hardware.security.authgraph-V1-ndk",
|
|
],
|
|
}
|
|
|
|
cc_defaults {
|
|
name: "authgraph_use_latest_hal_aidl_ndk_shared",
|
|
shared_libs: [
|
|
"android.hardware.security.authgraph-V1-ndk",
|
|
],
|
|
}
|
|
|
|
cc_defaults {
|
|
name: "authgraph_use_latest_hal_aidl_cpp_static",
|
|
static_libs: [
|
|
"android.hardware.security.authgraph-V1-cpp",
|
|
],
|
|
}
|
|
|
|
cc_defaults {
|
|
name: "authgraph_use_latest_hal_aidl_cpp_shared",
|
|
shared_libs: [
|
|
"android.hardware.security.authgraph-V1-cpp",
|
|
],
|
|
}
|
|
|
|
// A rust_defaults that includes the latest Authgraph AIDL library.
|
|
// Modules that depend on Authgraph directly can include this rust_defaults to avoid
|
|
// managing dependency versions explicitly.
|
|
rust_defaults {
|
|
name: "authgraph_use_latest_hal_aidl_rust",
|
|
rustlibs: [
|
|
"android.hardware.security.authgraph-V1-rust",
|
|
],
|
|
}
|