Merge "[km] Add a new rust binary for non-secure KeyMint host" into main

    default_applicable_licenses: ["Android-Apache-2.0"],

}

rust_binary {

    name: "android.hardware.security.keymint-service.rust.trusty",

rust_defaults {

    name: "android.hardware.security.keymint-service.rust.trusty.default",

    relative_install_path: "hw",

    vendor: true,

    init_rc: ["android.hardware.security.keymint-service.rust.trusty.rc"],

    vintf_fragments: ["android.hardware.security.keymint-service.rust.trusty.xml"],

    srcs: [

        "src/keymint_hal_main.rs",

    ],

        "liblog_rust",

    ],

    prefer_rlib: true,

}

rust_binary {

    name: "android.hardware.security.keymint-service.rust.trusty",

    defaults: ["android.hardware.security.keymint-service.rust.trusty.default"],

    init_rc: ["android.hardware.security.keymint-service.rust.trusty.rc"],

    vintf_fragments: ["android.hardware.security.keymint-service.rust.trusty.xml"],

    required: [

        "android.hardware.hardware_keystore.xml",

    ],

}

rust_binary {

    name: "android.hardware.security.keymint-service.rust.trusty.nonsecure",

    defaults: ["android.hardware.security.keymint-service.rust.trusty.default"],

    features: ["nonsecure"],

    rustlibs: [

        "libkmr_hal_nonsecure",

    ],

}

use kmr_hal::{

    extract_rsp, keymint, rpc, secureclock, send_hal_info, sharedsecret, SerializedChannel,

};

use log::{error, info};

use log::{error, info, warn};

use std::{

    ffi::CString,

    ops::DerefMut,

        error!("{}", panic_info);

    }));

    if cfg!(feature = "nonsecure") {

        warn!("Non-secure Trusty KM HAL service is starting.");

    } else {

        info!("Trusty KM HAL service is starting.");

    }

    info!("Starting thread pool now.");

    binder::ProcessState::start_thread_pool();

        )?;

    let tipc_channel = Arc::new(Mutex::new(TipcChannel(connection)));

    #[cfg(feature = "nonsecure")]

    {

        // When the non-secure feature is enabled, retrieve root-of-trust information

        // (with the exception of the verified boot key hash) from Android properties, and

        // populate the TA with this information. On a real device, the bootloader should

        // provide this data to the TA directly.

        let boot_req = kmr_hal_nonsecure::get_boot_info();

        info!("boot/HAL->TA: boot info is {:?}", boot_req);

        kmr_hal::send_boot_info(tipc_channel.lock().unwrap().deref_mut(), boot_req)

            .map_err(|e| HalServiceError(format!("Failed to send boot info: {:?}", e)))?;

        // When the non-secure feature is enabled, also retrieve device ID information

        // (except for IMEI/MEID values) from Android properties and populate the TA with

        // this information. On a real device, a factory provisioning process would populate

        // this information.

        let attest_ids = kmr_hal_nonsecure::attestation_id_info();

        if let Err(e) =

            kmr_hal::send_attest_ids(tipc_channel.lock().unwrap().deref_mut(), attest_ids)

        {

            error!("Failed to send attestation ID info: {:?}", e);

        }

        info!("Successfully sent non-secure boot info and attestation IDs to the TA.");

    }

    // Register the Keymint service

    let km_service = keymint::Device::new_as_binder(tipc_channel.clone());

    let km_service_name = format!("{}/{}", KM_SERVICE_NAME, SERVICE_INSTANCE);