hwcryptohal: Service delegator fixes (c9ca2b8c) · Commits · e / os / android_hardware_interfaces

security/see/hwcrypto/aidl/vts/functional/lib.rs

+0 −50

Original line number	Diff line number	Diff line
		@@ -17,61 +17,11 @@
		//! VTS test library for HwCrypto functionality.
		//! It provides the base clases necessaries to write HwCrypto VTS tests

		#[cfg(target_arch = "x86_64")]
		use anyhow::Context;
		use anyhow::Result;
		#[cfg(target_arch = "x86_64")]
		use binder::{ExceptionCode, FromIBinder, IntoBinderResult, ParcelFileDescriptor};
		#[cfg(target_arch = "x86_64")]
		use rpcbinder::RpcSession;
		#[cfg(target_arch = "x86_64")]
		use vsock::VsockStream;
		#[cfg(target_arch = "x86_64")]
		use std::os::fd::{FromRawFd, IntoRawFd};
		#[cfg(target_arch = "x86_64")]
		use std::fs::File;
		#[cfg(target_arch = "x86_64")]
		use std::io::Read;
		#[cfg(target_arch = "x86_64")]
		use rustutils::system_properties;
		#[cfg(target_arch = "aarch64")]
		use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::BpHwCryptoKey;
		use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::IHwCryptoKey;

		#[cfg(target_arch = "x86_64")]
		const HWCRYPTO_SERVICE_PORT: u32 = 4;

		/// Local function to connect to service
		#[cfg(target_arch = "x86_64")]
		pub fn connect_service<T: FromIBinder + ?Sized>(
		cid: u32,
		port: u32,
		) -> Result<binder::Strong<T>, binder::StatusCode> {
		RpcSession::new().setup_preconnected_client(\|\| {
		let mut stream = VsockStream::connect_with_cid_port(cid, port).ok()?;
		let mut buffer = [0];
		let _ = stream.read(&mut buffer);
		// SAFETY: ownership is transferred from stream to f
		let f = unsafe { File::from_raw_fd(stream.into_raw_fd()) };
		Some(ParcelFileDescriptor::new(f).into_raw_fd())
		})
		}

		/// Get a HwCryptoKey binder service object using a direct vsock connection
		#[cfg(target_arch = "x86_64")]
		pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {
		let cid = system_properties::read("trusty.test_vm.vm_cid")
		.context("couldn't get vm cid")
		.or_binder_exception(ExceptionCode::ILLEGAL_STATE)?
		.ok_or(ExceptionCode::ILLEGAL_STATE)?
		.parse::<u32>()
		.context("couldn't parse vm cid")
		.or_binder_exception(ExceptionCode::ILLEGAL_ARGUMENT)?;
		Ok(connect_service(cid, HWCRYPTO_SERVICE_PORT)?)
		}

		/// Get a HwCryptoKey binder service object using the service manager
		#[cfg(target_arch = "aarch64")]
		pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {
		let interface_name = <BpHwCryptoKey as IHwCryptoKey>::get_descriptor().to_owned() + "/default";
		Ok(binder::get_interface(&interface_name)?)

security/see/hwcrypto/default/hwcryptokeyimpl.h

+18 −14

Original line number	Diff line number	Diff line
		@@ -46,30 +46,33 @@ class HwCryptoKey : public ndk_hwcrypto::BnHwCryptoKey {

		ndk::ScopedAStatus deriveCurrentDicePolicyBoundKey(
		const ndk_hwcrypto::IHwCryptoKey::DiceBoundDerivationKey& derivationKey,
		ndk_hwcrypto::IHwCryptoKey::DiceCurrentBoundKeyResult* aidl_return);
		ndk_hwcrypto::IHwCryptoKey::DiceCurrentBoundKeyResult* aidl_return) override;

		ndk::ScopedAStatus deriveDicePolicyBoundKey(
		const ndk_hwcrypto::IHwCryptoKey::DiceBoundDerivationKey& derivationKey,
		const ::std::vector<uint8_t>& dicePolicyForKeyVersion,
		ndk_hwcrypto::IHwCryptoKey::DiceBoundKeyResult* aidl_return);
		ndk_hwcrypto::IHwCryptoKey::DiceBoundKeyResult* aidl_return) override;
		ndk::ScopedAStatus deriveKey(const ndk_hwcrypto::IHwCryptoKey::DerivedKeyParameters& parameters,
		ndk_hwcrypto::IHwCryptoKey::DerivedKey* aidl_return);
		ndk_hwcrypto::IHwCryptoKey::DerivedKey* aidl_return) override;

		ndk::ScopedAStatus getHwCryptoOperations(
		std::shared_ptr<ndk_hwcrypto::IHwCryptoOperations>* aidl_return);
		std::shared_ptr<ndk_hwcrypto::IHwCryptoOperations>* aidl_return) override;

		ndk::ScopedAStatus importClearKey(const ndk_hwcrypto::types::ExplicitKeyMaterial& keyMaterial,
		ndk::ScopedAStatus importClearKey(
		const ndk_hwcrypto::types::ExplicitKeyMaterial& keyMaterial,
		const ndk_hwcrypto::KeyPolicy& newKeyPolicy,
		std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);
		std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;

		ndk::ScopedAStatus getCurrentDicePolicy(std::vector<uint8_t>* aidl_return);
		ndk::ScopedAStatus getCurrentDicePolicy(std::vector<uint8_t>* aidl_return) override;

		ndk::ScopedAStatus keyTokenImport(const ndk_hwcrypto::types::OpaqueKeyToken& requestedKey,
		ndk::ScopedAStatus keyTokenImport(
		const ndk_hwcrypto::types::OpaqueKeyToken& requestedKey,
		const ::std::vector<uint8_t>& sealingDicePolicy,
		std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);
		std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;

		ndk::ScopedAStatus getKeyslotData(ndk_hwcrypto::IHwCryptoKey::KeySlot slotId,
		std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);
		ndk::ScopedAStatus getKeyslotData(
		ndk_hwcrypto::IHwCryptoKey::KeySlot slotId,
		std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;
		};

		template <typename LHP, typename RHP>
		@@ -79,9 +82,10 @@ LHP convertKeyPolicy(const RHP& policyToConvert) {
		policy.keyLifetime = static_cast<decltype(policy.keyLifetime)>(policyToConvert.keyLifetime);
		policy.keyType = static_cast<decltype(policy.keyType)>(policyToConvert.keyType);
		policy.keyManagementKey = policyToConvert.keyManagementKey;
		policy.keyPermissions.reserve(policyToConvert.keyPermissions.size());
		for (auto permission : policyToConvert.keyPermissions) {
		policy.keyPermissions.push_back(
		std::move(reinterpret_cast<decltype(policy.keyPermissions[0])>(permission)));
		std::move(static_cast<decltype(policy.keyPermissions)::value_type>(permission)));
		}
		return policy;
		}