Merge "Resume on Reboot default implementation"

// limitations under the License.

//

cc_library_static {

    name: "librebootescrowdefaultimpl",

    vendor: true,

    shared_libs: [

        "libbase",

        "libbinder_ndk",

        "vintf-rebootescrow-ndk_platform",

    ],

    export_include_dirs: ["include"],

    srcs: [

        "RebootEscrow.cpp",

    ],

    visibility: [

        ":__subpackages__",

    ],

}

cc_binary {

    name: "android.hardware.rebootescrow-service.default",

    init_rc: ["rebootescrow-default.rc"],

    relative_install_path: "hw",

    vintf_fragments: ["rebootescrow-default.xml"],

    vendor: true,

    srcs: [

        "service.cpp",

    ],

    cflags: [

        "-Wall",

        "-Werror",

    ],

    shared_libs: [

        "libbase",

        "libbinder_ndk",

        "vintf-rebootescrow-ndk_platform",

    ],

    static_libs: [

        "libhadamardutils",

        "librebootescrowdefaultimpl",

    ],

}

cc_library_static {

    name: "libhadamardutils",

    vendor_available: true,

/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#include <android-base/file.h>

#include <android-base/logging.h>

#include <android-base/unique_fd.h>

#include "HadamardUtils.h"

#include "rebootescrow-impl/RebootEscrow.h"

namespace aidl {

namespace android {

namespace hardware {

namespace rebootescrow {

using ::android::base::unique_fd;

ndk::ScopedAStatus RebootEscrow::storeKey(const std::vector<int8_t>& kek) {

    int rawFd = TEMP_FAILURE_RETRY(::open(REBOOT_ESCROW_DEVICE, O_WRONLY | O_NOFOLLOW | O_CLOEXEC));

    unique_fd fd(rawFd);

    if (fd.get() < 0) {

        LOG(WARNING) << "Could not open reboot escrow device";

        return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));

    }

    std::vector<uint8_t> ukek(kek.begin(), kek.end());

    auto encoded = hadamard::EncodeKey(ukek);

    if (!::android::base::WriteFully(fd, encoded.data(), encoded.size())) {

        LOG(WARNING) << "Could not write data fully to character device";

        return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));

    }

    return ndk::ScopedAStatus::ok();

}

ndk::ScopedAStatus RebootEscrow::retrieveKey(std::vector<int8_t>* _aidl_return) {

    int rawFd = TEMP_FAILURE_RETRY(::open(REBOOT_ESCROW_DEVICE, O_RDONLY | O_NOFOLLOW | O_CLOEXEC));

    unique_fd fd(rawFd);

    if (fd.get() < 0) {

        LOG(WARNING) << "Could not open reboot escrow device";

        return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));

    }

    std::string encodedString;

    if (!::android::base::ReadFdToString(fd, &encodedString)) {

        LOG(WARNING) << "Could not read device to string";

        return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));

    }

    std::vector<uint8_t> encodedBytes(encodedString.begin(), encodedString.end());

    auto keyBytes = hadamard::DecodeKey(encodedBytes);

    std::vector<int8_t> signedKeyBytes(keyBytes.begin(), keyBytes.end());

    *_aidl_return = signedKeyBytes;

    return ndk::ScopedAStatus::ok();

}

}  // namespace rebootescrow

}  // namespace hardware

}  // namespace android

}  // namespace aidl

/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once

#include <aidl/android/hardware/rebootescrow/BnRebootEscrow.h>

namespace aidl {

namespace android {

namespace hardware {

namespace rebootescrow {

static const char* REBOOT_ESCROW_DEVICE = "/dev/access-kregistry";

class RebootEscrow : public BnRebootEscrow {

    ndk::ScopedAStatus storeKey(const std::vector<int8_t>& kek) override;

    ndk::ScopedAStatus retrieveKey(std::vector<int8_t>* _aidl_return) override;

};

}  // namespace rebootescrow

}  // namespace hardware

}  // namespace android

}  // namespace aidl

service vendor.rebootescrow-default /vendor/bin/hw/android.hardware.rebootescrow-service.default

    interface aidl android.hardware.rebootescrow.IRebootEscrow/default

    class hal

    user system

    group system

on boot

    chmod 770 /dev/access-kregistry

    chown system system /dev/access-kregistry

<manifest version="1.0" type="device">

    <hal format="aidl">

        <name>android.hardware.rebootescrow</name>

        <fqname>IRebootEscrow/default</fqname>

    </hal>

</manifest>