Commit graph

8 commits

Author SHA1 Message Date
Alice Wang
e79bbf9cf8 Revert^4 "[avf][rkp] Allow virtualizationservice to register RKP HAL"
Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK

Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22

Changes from the reverted cl aosp/2812455:
 - The AIDL service type has been renamed from avf_* to hal_* to be
   consistent with the others.

 - The new AIDL service type, hal_remotelyprovisionedcomponent_avf_service,
   for the IRPC/avf service, has been set up with the server/client model
   for AIDL Hal. The virtualizationservice is declared as server and
   RKPD is declared as client to access the service instead of raw
   service permission setup as in the reverted cl. This is aligned
   with the AIDL Hal configuration recommendation.

 - Since the existing type for IRPC hal_remotelyprovisionedcomponent is
   already associated with keymint server/client and has specific
   permission requirements, and some of the keymint clients might not
   need the AVF Hal. We decided to create a new AIDL service type
   instead of reusing the exisiting keymint service type.

Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK

Bug: 312427637
Bug: 310744536
Bug: 299257581
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: Id37764b5f98e3c30c0c63601560697cf1c02c0ad
2023-11-22 08:21:27 +00:00
Alan Stokes
18bcf12fbb Revert "Revert^2 "[avf][rkp] Allow virtualizationservice to regi..."
Revert submission 2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT

Reason for revert: SELinux denials: b/310744536

Reverted changes: /q/submissionid:2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT

Change-Id: I88b5f03dccb1b4ab906afde7d66853e816cce7f1
2023-11-14 01:40:53 +00:00
Alice Wang
0407c993d8 Revert^2 "[avf][rkp] Allow virtualizationservice to register RKP HAL"
Revert submission 2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ

Reason for revert: This change relands the topic
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
The SELinux denial has been fixed in system/sepolicy

Reverted changes: /q/submissionid:2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ

Bug: 308596709
Bug: 274881098
Change-Id: Ib23ac4680b0f37b760bff043e1f42ce61a58c3e2
2023-10-31 20:06:23 +00:00
Vikram Gaur
01390087b1 Add set property permissions to RKPD application.
Test: atest RkpdAppGoogleIntegrationTests
Change-Id: Ib1680319f7299b27aab2cc36cc917a8da35ec216
2023-03-16 18:05:10 +00:00
Tri Vo
7b9b6a04ed Add rkpdapp access to remote_prov_prop
Test: presubmit
Change-Id: I7f4593e580f9d762a38b6e1b3e9db7c74e3eb984
2023-01-12 09:50:28 -08:00
Vikram Gaur
91f5c53adf Fix permission issue for widevine mediaservices.
Widevine provisioning was causing SELinux policy issues since we need to
provision Widevine through MediaDrm framework.

Test: presubmits
Change-Id: Ia9d070309e84599ed614bbf5ba35eed558f4d463
2022-12-15 17:14:04 +00:00
Vikram Gaur
592b345626 Provide network permissions to RKPD app.
Test: TH
Change-Id: I5f721f5b3066ea95780487286a03b7028f11a3d5
2022-12-01 18:54:08 +00:00
Seth Moore
71fa94edae Add new appdomain for RKPD mainline app
This app talks to the remote provisioning HALs, and therefore requires
access to the tee_device domain.

Bug: 254112668
Test: Manually verify rkpd can run and find remote provisioning hals
Change-Id: I876b0890f3d4e8956406d73e956084b99488ce56
2022-11-16 12:55:31 -08:00