1// 2// Copyright (C) 2022 The Android Open-Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15 16package { 17 default_applicable_licenses: ["Android-Apache-2.0"], 18} 19 20rust_defaults { 21 name: "android.hardware.security.keymint-service.rust.trusty.default", 22 relative_install_path: "hw", 23 srcs: [ 24 "src/keymint_hal_main.rs", 25 ], 26 rustlibs: [ 27 "libandroid_logger", 28 "libbinder_rs", 29 "libclap", 30 "libkmr_wire", 31 "libkmr_hal", 32 "libtrusty-rs", 33 "liblibc", 34 "liblog_rust", 35 ], 36 prefer_rlib: true, 37} 38 39// keymint hal binary for keymint in Trusty TEE (legacy approach not using apex) 40rust_binary { 41 name: "android.hardware.security.keymint-service.rust.trusty", 42 vendor: true, 43 defaults: ["android.hardware.security.keymint-service.rust.trusty.default"], 44 init_rc: ["android.hardware.security.keymint-service.rust.trusty.rc"], 45 vintf_fragments: ["android.hardware.security.keymint-service.rust.trusty.xml"], 46 required: ["android.hardware.hardware_keystore.xml"], 47} 48 49// Keymint hal service in vendor, enabled by vendor apex. 50// This service is disabled by default and does not package a VINTF fragment. 51// This service can be enabled at boot via vendor apex: 52// - at boot, mount a vendor apex for module `com.android.hardware.keymint` 53// - have the vendor apex init.rc file to start the service when the apex is selected 54// - have the vendor apex package the vintf fragment 55rust_binary { 56 name: "android.hardware.security.keymint-service.trusty_tee", 57 vendor: true, 58 defaults: ["android.hardware.security.keymint-service.rust.trusty.default"], 59 init_rc: ["android.hardware.security.keymint-service.trusty_tee.rc"], 60 features: select(soong_config_variable("trusty_system_vm", "placeholder_trusted_hal"), { 61 true: ["nonsecure"], 62 default: [], 63 }), 64 rustlibs: [ 65 "libkmr_hal_nonsecure", 66 ], 67} 68 69// Keymint hal service in system_ext, interacting with the Trusty Security VM. 70// This service is disabled by default and does not package a VINTF fragment. 71// This service can be enabled at boot via vendor apex: 72// - at boot, mount a vendor apex for module `com.android.hardware.keymint` 73// - have the vendor apex init.rc file to start the service when the apex is selected 74// - have the vendor apex package the vintf fragment 75rust_binary { 76 name: "android.hardware.security.keymint-service.trusty_system_vm", 77 system_ext_specific: true, 78 defaults: ["android.hardware.security.keymint-service.rust.trusty.default"], 79 init_rc: ["android.hardware.security.keymint-service.trusty_system_vm.rc"], 80 features: select(soong_config_variable("trusty_system_vm", "placeholder_trusted_hal"), { 81 true: ["nonsecure"], 82 default: [], 83 }), 84 rustlibs: [ 85 "libkmr_hal_nonsecure", 86 ], 87} 88 89// vintf fragment packaged in vendor apex 90prebuilt_etc { 91 name: "android.hardware.security.keymint-service.rust.trusty.xml", 92 sub_dir: "vintf", 93 vendor: true, 94 src: "android.hardware.security.keymint-service.rust.trusty.xml", 95} 96 97prebuilt_etc { 98 name: "android.hardware.security.keymint-service.trusty_system_vm.xml", 99 sub_dir: "vintf", 100 vendor: true, 101 src: "android.hardware.security.keymint-service.trusty_system_vm.xml", 102} 103