platform_system_security/keystore/Android.bp
David Zeuthen 59102f388f keystore: Pass verification token to credstore along with requested auth token.
This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.

Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.

Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Id6cb6812a31d968069b7d72bd2b39b512d38d241
2020-05-08 11:30:49 -04:00

331 lines
8.1 KiB
Text

cc_defaults {
name: "keystore_defaults",
cflags: [
"-Wall",
"-Werror",
"-Wextra",
"-Wunused",
],
sanitize: {
misc_undefined: [
"signed-integer-overflow",
"unsigned-integer-overflow",
"shift",
"integer-divide-by-zero",
"implicit-unsigned-integer-truncation",
// BUG: 123630767
//"implicit-signed-integer-truncation",
"implicit-integer-sign-change",
],
},
clang: true,
}
cc_binary {
name: "keystore",
defaults: ["keystore_defaults"],
srcs: [
"KeyStore.cpp",
"auth_token_table.cpp",
"blob.cpp",
"confirmation_manager.cpp",
"grant_store.cpp",
"key_config.proto",
"key_proto_handler.cpp",
"key_store_service.cpp",
"keyblob_utils.cpp",
"keymaster_enforcement.cpp",
"keymaster_worker.cpp",
"keystore_main.cpp",
"keystore_utils.cpp",
"legacy_keymaster_device_wrapper.cpp",
"operation.cpp",
"operation_config.proto",
"operation_proto_handler.cpp",
"permissions.cpp",
"user_state.cpp",
],
shared_libs: [
"android.hardware.confirmationui@1.0",
"android.hardware.keymaster@3.0",
"android.hardware.keymaster@4.0",
"android.hardware.keymaster@4.1",
"libbase",
"libbinder",
"libcrypto",
"libcutils",
"libhardware",
"libhidlbase",
"libkeymaster4support",
"libkeymaster4_1support",
"libkeymaster_messages",
"libkeymaster_portable",
"libkeystore-attestation-application-id",
"libkeystore_aidl",
"libkeystore_binder",
"libkeystore_parcelables",
"liblog",
"libprotobuf-cpp-lite",
"libselinux",
"libservices",
"libsoftkeymasterdevice",
"libutils",
],
init_rc: ["keystore.rc"],
aidl: {
include_dirs: ["frameworks/base/core/java/"],
},
product_variables: {
pdk: {
enabled: false,
},
debuggable: {
cflags: [
// Allow VTS tests running as root to have
// additional permissions.
"-DGRANT_ROOT_ALL_PERMISSIONS",
],
},
},
required: ["keystore_cli_v2"],
}
cc_binary {
name: "keystore_cli",
defaults: ["keystore_defaults"],
srcs: ["keystore_cli.cpp"],
shared_libs: [
"android.hardware.keymaster@4.0",
"libbinder",
"libcrypto",
"libcutils",
"libhidlbase",
"libkeystore_aidl", // for IKeyStoreService.asInterface()
"libkeystore_binder",
"libkeystore_parcelables",
"liblog",
"libutils",
],
}
cc_binary {
name: "keystore_cli_v2",
defaults: ["keystore_defaults"],
cflags: [
"-DKEYMASTER_NAME_TAGS",
"-Wno-unused-parameter",
],
srcs: ["keystore_cli_v2.cpp"],
shared_libs: [
"android.hardware.confirmationui@1.0",
"libbinder",
"android.hardware.keymaster@4.0",
"libchrome",
"libutils",
"libhidlbase",
"libkeymaster4support",
"libkeystore_aidl",
"libkeystore_binder",
"libkeystore_parcelables",
],
local_include_dirs: ["include"],
}
cc_library_shared {
name: "libkeystore_parcelables",
defaults: ["keystore_defaults"],
export_include_dirs: ["include"],
srcs: [
"KeymasterArguments.cpp",
"keystore_aidl_hidl_marshalling_utils.cpp",
"KeystoreResponse.cpp",
"OperationResult.cpp",
],
shared_libs: [
"android.hardware.keymaster@4.0",
"android.hardware.keymaster@4.1",
"libbinder",
"libhardware",
"libhidlbase",
"libkeymaster4support",
"libkeymaster4_1support",
"liblog",
"libprotobuf-cpp-lite",
"libutils",
"libkeystore-attestation-application-id",
],
export_shared_lib_headers: [
"android.hardware.keymaster@4.0",
"android.hardware.keymaster@4.1",
"libbinder",
"libhidlbase",
"libkeymaster4_1support",
],
}
// Library for keystore clients
cc_library_shared {
name: "libkeystore_binder",
defaults: ["keystore_defaults"],
srcs: [
"keyblob_utils.cpp",
"keystore_client.proto",
"keystore_client_impl.cpp",
"keystore_get.cpp",
],
shared_libs: [
"android.hardware.keymaster@4.0",
"libbinder",
"libhidlbase",
"libkeymaster4support",
"libkeystore_aidl",
"libkeystore_parcelables",
"liblog",
"libprotobuf-cpp-lite",
"libutils",
],
proto: {
type: "lite",
export_proto_headers: true,
},
aidl: {
export_aidl_headers: true,
include_dirs: ["frameworks/base/core/java/"],
},
export_include_dirs: ["include"],
export_shared_lib_headers: [
"android.hardware.keymaster@4.0",
"libbinder",
"libhidlbase",
"libkeystore_aidl",
"libkeystore_parcelables",
],
}
// Library used by both keystore and credstore for generating the ASN.1 stored
// in Tag::ATTESTATION_APPLICATION_ID
cc_library_shared {
name: "libkeystore-attestation-application-id",
defaults: ["keystore_defaults"],
srcs: [
":IKeyAttestationApplicationIdProvider.aidl",
"keystore_attestation_id.cpp",
"KeyAttestationApplicationId.cpp",
"KeyAttestationPackageInfo.cpp",
"Signature.cpp",
],
shared_libs: [
"libbase",
"libbinder",
"libhidlbase",
"liblog",
"libutils",
"libcrypto",
],
export_include_dirs: ["include"],
}
// Library for keystore clients using the WiFi HIDL interface
cc_library_shared {
name: "libkeystore-wifi-hidl",
defaults: ["keystore_defaults"],
srcs: ["keystore_get_wifi_hidl.cpp"],
shared_libs: [
"android.system.wifi.keystore@1.0",
"libbase",
"libhidlbase",
"liblog",
"libutils",
],
export_include_dirs: ["include"],
vendor: true,
}
// Library for unit tests
cc_library_static {
name: "libkeystore_test",
defaults: ["keystore_defaults"],
srcs: [
"auth_token_table.cpp",
"blob.cpp",
],
cflags: [ "-O0", ],
static_libs: ["libgtest_main"],
shared_libs: [
"android.hardware.keymaster@4.0",
"libbinder",
"libcrypto",
"libhidlbase",
"libkeymaster4support",
"libkeystore-attestation-application-id",
"libutils",
"libkeystore_aidl",
"libkeystore_parcelables",
],
export_shared_lib_headers: [
"android.hardware.keymaster@4.0",
"libhidlbase",
"libkeymaster4support",
],
aidl: {
include_dirs: ["frameworks/base/core/java/"],
},
export_include_dirs: ["include"],
}
filegroup {
name: "keystore_aidl",
srcs: [
"binder/android/security/IConfirmationPromptCallback.aidl",
"binder/android/security/keystore/ICredstoreTokenCallback.aidl",
"binder/android/security/keystore/IKeystoreCertificateChainCallback.aidl",
"binder/android/security/keystore/IKeystoreExportKeyCallback.aidl",
"binder/android/security/keystore/IKeystoreKeyCharacteristicsCallback.aidl",
"binder/android/security/keystore/IKeystoreOperationResultCallback.aidl",
"binder/android/security/keystore/IKeystoreResponseCallback.aidl",
"binder/android/security/keystore/IKeystoreService.aidl",
],
path: "binder",
}
cc_library_shared {
name: "libkeystore_aidl",
srcs: [":keystore_aidl"],
aidl: {
export_aidl_headers: true,
include_dirs: [
"system/security/keystore/binder",
],
},
shared_libs: [
"libbinder",
"libcutils",
"libhardware",
"libhidlbase",
"libkeystore_parcelables",
"liblog",
"libselinux",
"libutils",
],
export_shared_lib_headers: [
"libbinder",
"libkeystore_parcelables",
],
}