diff options
-rw-r--r-- | keystore2/Android.bp | 1 | ||||
-rw-r--r-- | keystore2/TEST_MAPPING | 3 | ||||
-rw-r--r-- | keystore2/rkpd_client/Android.bp | 51 | ||||
-rw-r--r-- | keystore2/rkpd_client/src/lib.rs (renamed from keystore2/src/rkpd_client.rs) | 0 | ||||
-rw-r--r-- | keystore2/src/error.rs | 2 | ||||
-rw-r--r-- | keystore2/src/lib.rs | 1 | ||||
-rw-r--r-- | keystore2/src/remote_provisioning.rs | 2 | ||||
-rw-r--r-- | keystore2/src/security_level.rs | 4 |
8 files changed, 59 insertions, 5 deletions
diff --git a/keystore2/Android.bp b/keystore2/Android.bp index e59b6f24..c378b426 100644 --- a/keystore2/Android.bp +++ b/keystore2/Android.bp @@ -58,6 +58,7 @@ rust_defaults { "liblog_rust", "libmessage_macro", "librand", + "librkpd_client", "librustutils", "libserde", "libserde_cbor", diff --git a/keystore2/TEST_MAPPING b/keystore2/TEST_MAPPING index 1038bead..57ce78cc 100644 --- a/keystore2/TEST_MAPPING +++ b/keystore2/TEST_MAPPING @@ -35,6 +35,9 @@ "name": "keystore2_client_tests" }, { + "name": "librkpd_client.test" + }, + { "name": "libwatchdog_rs.test" } ] diff --git a/keystore2/rkpd_client/Android.bp b/keystore2/rkpd_client/Android.bp new file mode 100644 index 00000000..1de333f3 --- /dev/null +++ b/keystore2/rkpd_client/Android.bp @@ -0,0 +1,51 @@ +// Copyright 2023, The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package { + // See: http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // all of the 'license_kinds' from "system_security_license" + // to get the below license kinds: + // SPDX-license-identifier-Apache-2.0 + default_applicable_licenses: ["system_security_license"], +} + +rust_defaults { + name: "librkpd_client_defaults", + crate_name: "rkpd_client", + srcs: ["src/lib.rs"], + rustlibs: [ + "android.security.rkp_aidl-rust", + "libanyhow", + "libbinder_rs", + "liblog_rust", + "libmessage_macro", + "libthiserror", + "libtokio", + ], +} + +rust_library { + name: "librkpd_client", + defaults: ["librkpd_client_defaults"], +} + +rust_test { + name: "librkpd_client.test", + defaults: ["librkpd_client_defaults"], + test_suites: ["general-tests"], + rustlibs: [ + "librand", + ], +} diff --git a/keystore2/src/rkpd_client.rs b/keystore2/rkpd_client/src/lib.rs index d8a5276c..d8a5276c 100644 --- a/keystore2/src/rkpd_client.rs +++ b/keystore2/rkpd_client/src/lib.rs diff --git a/keystore2/src/error.rs b/keystore2/src/error.rs index ac5ba4c3..b4c57fbd 100644 --- a/keystore2/src/error.rs +++ b/keystore2/src/error.rs @@ -27,7 +27,6 @@ //! Keystore functions should use `anyhow::Result` to return error conditions, and context should //! be added every time an error is forwarded. -use crate::rkpd_client::Error as RkpdError; pub use android_hardware_security_keymint::aidl::android::hardware::security::keymint::ErrorCode::ErrorCode; use android_security_rkp_aidl::aidl::android::security::rkp::IGetKeyCallback::ErrorCode::ErrorCode as GetKeyErrorCode; pub use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode; @@ -35,6 +34,7 @@ use android_system_keystore2::binder::{ ExceptionCode, Result as BinderResult, Status as BinderStatus, StatusCode, }; use keystore2_selinux as selinux; +use rkpd_client::Error as RkpdError; use std::cmp::PartialEq; use std::ffi::CString; diff --git a/keystore2/src/lib.rs b/keystore2/src/lib.rs index e51a3195..c0eecd89 100644 --- a/keystore2/src/lib.rs +++ b/keystore2/src/lib.rs @@ -37,7 +37,6 @@ pub mod operation; pub mod permission; pub mod raw_device; pub mod remote_provisioning; -pub mod rkpd_client; pub mod security_level; pub mod service; pub mod shared_secret_negotiation; diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index 14c61fb0..a386d969 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -35,9 +35,9 @@ use crate::error::wrapped_rkpd_error_to_ks_error; use crate::globals::get_remotely_provisioned_component_name; use crate::ks_err; use crate::metrics_store::log_rkp_error_stats; -use crate::rkpd_client::get_rkpd_attestation_key; use crate::watchdog_helper::watchdog as wd; use android_security_metrics::aidl::android::security::metrics::RkpError::RkpError as MetricsRkpError; +use rkpd_client::get_rkpd_attestation_key; /// Contains helper functions to check if remote provisioning is enabled on the system and, if so, /// to assign and retrieve attestation keys and certificate chains. diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs index f2b332b0..7a27452a 100644 --- a/keystore2/src/security_level.rs +++ b/keystore2/src/security_level.rs @@ -30,7 +30,6 @@ use crate::key_parameter::KeyParameterValue as KsKeyParamValue; use crate::ks_err; use crate::metrics_store::log_key_creation_event_stats; use crate::remote_provisioning::RemProvState; -use crate::rkpd_client::store_rkpd_attestation_key; use crate::super_key::{KeyBlob, SuperKeyManager}; use crate::utils::{ check_device_attestation_permissions, check_key_permission, @@ -64,6 +63,7 @@ use android_system_keystore2::aidl::android::system::keystore2::{ KeyMetadata::KeyMetadata, KeyParameters::KeyParameters, ResponseCode::ResponseCode, }; use anyhow::{anyhow, Context, Result}; +use rkpd_client::store_rkpd_attestation_key; use std::convert::TryInto; use std::time::SystemTime; @@ -1073,13 +1073,13 @@ mod tests { use super::*; use crate::error::map_km_error; use crate::globals::get_keymint_device; - use crate::rkpd_client::{get_rkpd_attestation_key, store_rkpd_attestation_key}; use crate::utils::upgrade_keyblob_if_required_with; use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{ Algorithm::Algorithm, AttestationKey::AttestationKey, KeyParameter::KeyParameter, KeyParameterValue::KeyParameterValue, Tag::Tag, }; use keystore2_crypto::parse_subject_from_certificate; + use rkpd_client::get_rkpd_attestation_key; #[test] // This is a helper for a manual test. We want to check that after a system upgrade RKPD |