platform_system_core/trusty/confirmationui
Kalesh Singh 623d140cc0 trusty: Remove explicit page-alignment of mmap and dmabuf allocations
bionic hard codes the PAGE_SIZE macro as 4096. This is going away as
Android begins to support larger page sizes.

trusty uses PAGE_SIZE to round up the allocation size of the DMA
buffers and mmap sizes. This is not explicitly needed since the kernel
will always give you a page-aligned and page-sized multiple allocation
when allocating a dmabuf or mmap-ing.

Remove this PAGE_SIZE usage from TrustyApp, app_fuzzer, coverage,
line-coverage, modulewrapper.

Bug: 294914413
Test: Boot test on 16k device
Change-Id: Iad922e0a152cb80db2e59e696d7556602fd17d67
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
2023-10-12 13:50:31 -07:00
..
fuzz confirmationui:fuzzer: update contact details 2023-05-16 09:05:29 +01:00
include Changes to adapt confirmationui AIDL spec. 2022-10-13 15:17:34 +00:00
.clang-format
Android.bp Adding fuzzer for trusty-confirmationui service. 2022-10-24 19:22:07 +00:00
android.hardware.confirmationui-service.trusty.rc Changes to adapt confirmationui AIDL spec. 2022-10-13 15:17:34 +00:00
android.hardware.confirmationui-service.trusty.xml Changes to adapt confirmationui AIDL spec. 2022-10-13 15:17:34 +00:00
fuzzer.cpp Adding fuzzer for trusty-confirmationui service. 2022-10-24 19:22:07 +00:00
NotSoSecureInput.cpp
README
service.cpp Replaced -1 with EXIT_FAILURE and validated confirmationui service 2022-10-24 19:25:35 +00:00
TrustyApp.cpp trusty: Remove explicit page-alignment of mmap and dmabuf allocations 2023-10-12 13:50:31 -07:00
TrustyApp.h trusty: Export ConfirmationUI helper classes 2021-02-23 11:31:35 -08:00
TrustyConfirmationUI.cpp Changes to adapt confirmationui AIDL spec. 2022-10-13 15:17:34 +00:00
TrustyConfirmationUI.h Changes to adapt confirmationui AIDL spec. 2022-10-13 15:17:34 +00:00

## Secure UI Architecture

To implement confirmationui a secure UI architecture is required. This entails a way
to display the confirmation dialog driven by a reduced trusted computing base, typically
a trusted execution environment (TEE), without having to rely on Linux and the Android
system for integrity and authenticity of input events. This implementation provides
neither. But it provides most of the functionlity required to run a full Android Protected
Confirmation feature when integrated into a secure UI architecture.

## Secure input (NotSoSecureInput)

This implementation does not provide any security guaranties.
The input method (NotSoSecureInput) runs a cryptographic protocols that is
sufficiently secure IFF the end point is implemented on a trustworthy
secure input device. But since the endpoint is currently in the HAL
service itself this implementation is not secure.

NOTE that a secure input device end point needs a good source of entropy
for generating nonces. The current implementation (NotSoSecureInput.cpp#generateNonce)
uses a constant nonce.