Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6f9971f0 authored by Armelle Laine's avatar Armelle Laine Committed by Android Build Cherrypicker Worker
Browse files

security: see: hdcp: add HDCP Auth Control interface 

Bug: 380193246
Test: atest VtsAidlHdcpNonExistentTest
Merged-In: I479621a51cd177e9bda0b551c5088f6c7e72e88f
Change-Id: I479621a51cd177e9bda0b551c5088f6c7e72e88f
parent e183f795

compatibility_matrices/exclude/fcm_exclude.cpp

+1 −0
Original line number Diff line number Diff line
@@ -169,6 +169,7 @@ bool ShouldCheckMissingAidlHalsInFcm(const std::string& packageAndVersion) { 
            "android.hardware.audio.core.sounddose@3",

            // This is only used by a trusty VM

            "android.hardware.security.see.authmgr@1",

            "android.hardware.security.see.hdcp@1",



            // Deprecated HALs.

            "android.hardware.audio.sounddose@3",

drm/Android.bp

0 → 100644
+5 −0
Original line number Diff line number Diff line 
dirgroup {

    name: "trusty_dirgroup_hardware_interfaces_drm",

    dirs: ["."],

    visibility: ["//trusty/vendor/google/aosp/scripts"],

}

drm/aidl/Android.bp

+3 −0
Original line number Diff line number Diff line
@@ -26,6 +26,9 @@ aidl_interface { 
        ndk: {

            min_sdk_version: "34",

        },

        rust: {

            enabled: true,

        },

    },

    double_loadable: true,

    versions_with_info: [

security/see/hdcp/README.md

0 → 100644
+65 −0
Original line number Diff line number Diff line 
# IHDCPAuthControl as a Trusted HAL service



IHDCPAuthControl is expected to be a service implemented in a TEE.

We provide a default reference implementation and its integration in Trusty

as an example.



The VTS test for a Trusted HAL service ought to run in the VM.

We provide an integration of the VTS test in a Trusty VM,

and later in a Microdroid VM (b/380632474).



This interface shall not be exposed to the host and thus shall be part of

the list of excluded interfaces from

[compatibility_matrices/exclude/fcm_exclude.cpp](../../../compatibility_matrices/exclude/fcm_exclude.cpp)



## 1. Mock Implementation



The mock implementation under default/src/lib.rs is expected to be integrated in a

TEE. For AOSP testing we offer two virtual device testing options:



- Cuttlefish AVD, where the reference implementation is integrated in an AVF VM, emulating a TEE.

- Trusty QEMU AVD, where the reference implementation is integrated in a Trusty TEE image (executed in secure world)



### 1.1. Cuttlefish: Integrate in an AVF HAL pVM (Trusty)



In Cuttlefish, we emulate a TEE with an AVF Trusty pVM.

The VM2TZ IPC is emulated with a vsock port forward utility (b/379582767).



Until vsock port forwarding is supported, the trusty_test_vm is used temporarily.

(VTS tests and HAL implementation will be in same pVM).



TODO: complete when trusty_hal_vm is created



In order to add the mock HdcpAuthControlService to the trusty_test_vm, make sure

that `hardware/interfaces/security/see/hdcp/default` is added to the

trusty_test_vm makefile, by adding it to

[trusty/device/x86/generic-x86_64/project/generic-x86_64-inc.mk](../../../../../trusty/device/x86/generic-x86_64/project/generic-x86_64-inc.mk)



### 1.2. Trusty QEMU AVD: Integrate as a TA in Trusty TEE



In order to add the mock HdcpAuthControlService to the Trusty TEE, make sure

that `hardware/interfaces/security/see/hdcp/default` is added to

[trusty/device/arm/generic-arm64/project/generic-arm-inc.mk](../../../../../trusty/device/arm/generic-arm64/project/generic-arm-inc.mk)





## 2. VTS Tests



IHdcpAuthControl service is expected to only be exposed to AVF pVM.



The VTS tests shall verify:



- IHdcpAuthControl cannot be accessed from the Android Host:



   see [aidl/vts/src/host_test.rs](aidl/vts/host_test.rs)



- IHdcpAuthControl can be accessed from an AVF pVM:



   see [aidl/vts/src/vm_test.rs](aidl/vts/src/vm_test.rs)

   see [aidl/vts/AndroidTest.xml](aidl/vts/AndroidTest.xml)





To integrate the VTS test in the trusty_test_vm:



1.

1. add the test to [hardware/interfaces/security/see/usertests-rust-inc.mk](../usertests-rust-inc.mk)

security/see/hdcp/aidl/Android.bp

0 → 100644
+57 −0
Original line number Diff line number Diff line 
// Copyright (C) 2024 The Android Open Source Project

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//      http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.



package {

    default_team: "trendy_team_trusty",

    default_applicable_licenses: ["Android-Apache-2.0"],

}



aidl_interface {

    name: "android.hardware.security.see.hdcp",

    vendor_available: true,

    srcs: ["android/hardware/security/see/hdcp/*.aidl"],

    imports: [

        "android.hardware.drm.common-V1",

    ],

    stability: "vintf",

    frozen: false,

    backend: {

        java: {

            enabled: false,

        },

        cpp: {

            enabled: false,

        },

        ndk: {

            min_sdk_version: "34",

        },

        rust: {

            enabled: true,

            gen_mockall: true,

            additional_rustlibs: [

                "libmockall",

            ],

        },

    },

}



// A rust_defaults that includes the latest hdcp AIDL library.

// Modules that depend on hdcp directly can include this rust_defaults to avoid

// managing dependency versions explicitly.

rust_defaults {

    name: "hdcp_use_latest_hal_aidl_rust",

    rustlibs: [

        "android.hardware.security.see.hdcp-V1-rust",

    ],

}