1package {
2    // See: http://go/android-license-faq
3    // A large-scale-change added 'default_applicable_licenses' to import
4    // all of the 'license_kinds' from "hardware_interfaces_license"
5    // to get the below license kinds:
6    //   SPDX-license-identifier-Apache-2.0
7    default_applicable_licenses: ["hardware_interfaces_license"],
8}
9
10// The following target has an insecure implementation of KeyMint where the
11// trusted application (TA) code runs in-process alongside the HAL service
12// code.
13//
14// A real device is required to run the TA code in a secure environment, as
15// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
16// isolated execution environment."
17cc_binary {
18    name: "android.hardware.security.keymint-service",
19    relative_install_path: "hw",
20    init_rc: ["android.hardware.security.keymint-service.rc"],
21    vintf_fragments: [
22        "android.hardware.security.keymint-service.xml",
23        "android.hardware.security.sharedsecret-service.xml",
24        "android.hardware.security.secureclock-service.xml",
25    ],
26    vendor: true,
27    cflags: [
28        "-Wall",
29        "-Wextra",
30    ],
31    defaults: [
32        "keymint_use_latest_hal_aidl_ndk_shared",
33    ],
34    shared_libs: [
35        "android.hardware.security.rkp-V3-ndk",
36        "android.hardware.security.sharedsecret-V1-ndk",
37        "android.hardware.security.secureclock-V1-ndk",
38        "libbase",
39        "libbinder_ndk",
40        "libcppbor",
41        "libcrypto",
42        "libkeymaster_portable",
43        "libkeymint",
44        "liblog",
45        "libpuresoftkeymasterdevice",
46        "libutils",
47    ],
48    srcs: [
49        "service.cpp",
50    ],
51    required: [
52        "android.hardware.hardware_keystore.xml",
53    ],
54}
55
56// The following target has an insecure implementation of KeyMint where the
57// trusted application (TA) code runs in-process alongside the HAL service
58// code.
59//
60// A real device is required to run the TA code in a secure environment, as
61// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
62// isolated execution environment."
63rust_binary {
64    name: "android.hardware.security.keymint-service.nonsecure",
65    relative_install_path: "hw",
66    vendor: true,
67    init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
68    vintf_fragments: [
69        "android.hardware.security.keymint-service.xml",
70        "android.hardware.security.sharedsecret-service.xml",
71        "android.hardware.security.secureclock-service.xml",
72    ],
73    defaults: [
74        "keymint_use_latest_hal_aidl_rust",
75    ],
76    srcs: [
77        "main.rs",
78    ],
79    rustlibs: [
80        "libandroid_logger",
81        "libbinder_rs",
82        "liblog_rust",
83        "libkmr_hal",
84        "libkmr_hal_nonsecure",
85        "libkmr_ta_nonsecure",
86    ],
87    required: [
88        "android.hardware.hardware_keystore.xml",
89    ],
90}
91
92prebuilt_etc {
93    name: "android.hardware.hardware_keystore.xml",
94    sub_dir: "permissions",
95    vendor: true,
96    src: "android.hardware.hardware_keystore.xml",
97}
98
99rust_library {
100    name: "libkmr_hal_nonsecure",
101    crate_name: "kmr_hal_nonsecure",
102    vendor_available: true,
103    lints: "android",
104    rustlibs: [
105        "libbinder_rs",
106        "libhex",
107        "liblibc",
108        "liblog_rust",
109        "libkmr_hal",
110        "libkmr_wire",
111    ],
112    srcs: ["hal/lib.rs"],
113
114}
115
116rust_library {
117    name: "libkmr_ta_nonsecure",
118    crate_name: "kmr_ta_nonsecure",
119    vendor_available: true,
120    host_supported: true,
121    lints: "android",
122    rustlibs: [
123        "libhex",
124        "liblibc",
125        "liblog_rust",
126        "libkmr_common",
127        "libkmr_crypto_boring",
128        "libkmr_ta",
129        "libkmr_wire",
130    ],
131    srcs: ["ta/lib.rs"],
132}
133
134apex {
135    name: "com.android.hardware.keymint.rust_nonsecure",
136    manifest: "manifest.json",
137    file_contexts: "file_contexts",
138    key: "com.google.cf.apex.key",
139    certificate: ":com.android.hardware.certificate",
140    soc_specific: true,
141    updatable: false,
142    binaries: [
143        "android.hardware.security.keymint-service.nonsecure",
144    ],
145    prebuilts: [
146        "keymint_aidl_nonsecure_init_rc",
147        "keymint_aidl_nonsecure_vintf",
148        "android.hardware.hardware_keystore.xml", // permissions
149    ],
150}
151
152prebuilt_etc {
153    name: "keymint_aidl_nonsecure_init_rc",
154    filename_from_src: true,
155    vendor: true,
156    src: ":gen-keymint_aidl_nonsecure_init_rc",
157}
158
159genrule {
160    name: "gen-keymint_aidl_nonsecure_init_rc",
161    srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
162    out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
163    cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
164}
165
166prebuilt_etc {
167    name: "keymint_aidl_nonsecure_vintf",
168    sub_dir: "vintf",
169    vendor: true,
170    srcs: [
171        "android.hardware.security.keymint-service.xml",
172        "android.hardware.security.sharedsecret-service.xml",
173        "android.hardware.security.secureclock-service.xml",
174    ],
175}
176