Merge "insecure keymint: in-process initialization ordering" into main am: 75b081da

    // Create a TA in-process, which acts as a local channel for communication.

    let channel = Arc::new(Mutex::new(LocalTa::new()));

    // Let the TA know information about the boot environment. In a real device this

    // is communicated directly from the bootloader to the TA, but here we retrieve

    // the information from system properties and send from the HAL service.

    let boot_req = get_boot_info();

    debug!("boot/HAL->TA: boot info is {:?}", boot_req);

    kmr_hal::send_boot_info(channel.lock().unwrap().deref_mut(), boot_req)

        .map_err(|e| HalServiceError(format!("Failed to send boot info: {:?}", e)))?;

    // Let the TA know information about the userspace environment.

    if let Err(e) = kmr_hal::send_hal_info(channel.lock().unwrap().deref_mut()) {

        error!("Failed to send HAL info: {:?}", e);

    }

    // Let the TA know about attestation IDs. (In a real device these would be pre-provisioned into

    // the TA.)

    let attest_ids = attestation_id_info();

    if let Err(e) = kmr_hal::send_attest_ids(channel.lock().unwrap().deref_mut(), attest_ids) {

        error!("Failed to send attestation ID info: {:?}", e);

    }

    let secret_service = kmr_hal::sharedsecret::Device::new_as_binder(channel.clone());

    let service_name = format!("{}/{}", SECRET_SERVICE_NAME, SERVICE_INSTANCE);

    binder::add_service(&service_name, secret_service.as_binder()).map_err(|e| {

        HalServiceError(format!(

            "Failed to register service {} because of {:?}.",

            service_name, e

        ))

    })?;

    let km_service = kmr_hal::keymint::Device::new_as_binder(channel.clone());

    let service_name = format!("{}/{}", KM_SERVICE_NAME, SERVICE_INSTANCE);

    binder::add_service(&service_name, km_service.as_binder()).map_err(|e| {

        ))

    })?;

    let secret_service = kmr_hal::sharedsecret::Device::new_as_binder(channel.clone());

    let service_name = format!("{}/{}", SECRET_SERVICE_NAME, SERVICE_INSTANCE);

    binder::add_service(&service_name, secret_service.as_binder()).map_err(|e| {

        HalServiceError(format!(

            "Failed to register service {} because of {:?}.",

            service_name, e

        ))

    })?;

    info!("Successfully registered KeyMint HAL services.");

    // Let the TA know information about the boot environment. In a real device this

    // is communicated directly from the bootloader to the TA, but here we retrieve

    // the information from system properties and send from the HAL service.

    let boot_req = get_boot_info();

    debug!("boot/HAL->TA: boot info is {:?}", boot_req);

    kmr_hal::send_boot_info(channel.lock().unwrap().deref_mut(), boot_req)

        .map_err(|e| HalServiceError(format!("Failed to send boot info: {:?}", e)))?;

    // Let the TA know information about the userspace environment.

    if let Err(e) = kmr_hal::send_hal_info(channel.lock().unwrap().deref_mut()) {

        error!("Failed to send HAL info: {:?}", e);

    }

    // Let the TA know about attestation IDs. (In a real device these would be pre-provisioned into

    // the TA.)

    let attest_ids = attestation_id_info();

    if let Err(e) = kmr_hal::send_attest_ids(channel.lock().unwrap().deref_mut(), attest_ids) {

        error!("Failed to send attestation ID info: {:?}", e);

    }

    info!("Successfully registered KeyMint HAL services.");

    binder::ProcessState::join_thread_pool();

    info!("KeyMint HAL service is terminating."); // should not reach here