security/keymint/aidl/default/Android.bp - third_party/android/platform/hardware/interfaces - Git at Google

 package {
     // See: http://go/android-license-faq
     // A large-scale-change added 'default_applicable_licenses' to import
     // all of the 'license_kinds' from "hardware_interfaces_license"
     // to get the below license kinds:
     //   SPDX-license-identifier-Apache-2.0
     default_applicable_licenses: ["hardware_interfaces_license"],
 }

 // The following target has an insecure implementation of KeyMint where the
 // trusted application (TA) code runs in-process alongside the HAL service
 // code.
 //
 // A real device is required to run the TA code in a secure environment, as
 // per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
 // isolated execution environment."
 cc_binary {
     name: "android.hardware.security.keymint-service",
     relative_install_path: "hw",
     init_rc: ["android.hardware.security.keymint-service.rc"],
     vintf_fragments: [
         "android.hardware.security.keymint-service.xml",
         "android.hardware.security.sharedsecret-service.xml",
         "android.hardware.security.secureclock-service.xml",
     ],
     vendor: true,
     cflags: [
         "-Wall",
         "-Wextra",
     ],
     defaults: [
         "keymint_use_latest_hal_aidl_ndk_shared",
     ],
     shared_libs: [
         "android.hardware.security.rkp-V3-ndk",
         "android.hardware.security.sharedsecret-V1-ndk",
         "android.hardware.security.secureclock-V1-ndk",
         "libbase",
         "libbinder_ndk",
         "libcppbor",
         "libcrypto",
         "libkeymaster_portable",
         "libkeymint",
         "liblog",
         "libpuresoftkeymasterdevice",
         "libutils",
     ],
     srcs: [
         "service.cpp",
     ],
     required: [
         "android.hardware.hardware_keystore.xml",
     ],
 }

 // The following target has an insecure implementation of KeyMint where the
 // trusted application (TA) code runs in-process alongside the HAL service
 // code.
 //
 // A real device is required to run the TA code in a secure environment, as
 // per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
 // isolated execution environment."
 rust_binary {
     name: "android.hardware.security.keymint-service.nonsecure",
     relative_install_path: "hw",
     vendor: true,
     init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
     vintf_fragments: [
         "android.hardware.security.keymint-service.xml",
         "android.hardware.security.sharedsecret-service.xml",
         "android.hardware.security.secureclock-service.xml",
     ],
     defaults: [
         "keymint_use_latest_hal_aidl_rust",
     ],
     srcs: [
         "main.rs",
     ],
     rustlibs: [
         "libandroid_logger",
         "libbinder_rs",
         "liblog_rust",
         "libkmr_hal",
         "libkmr_hal_nonsecure",
         "libkmr_ta_nonsecure",
     ],
     required: [
         "android.hardware.hardware_keystore.xml",
     ],
 }

 prebuilt_etc {
     name: "android.hardware.hardware_keystore.xml",
     sub_dir: "permissions",
     vendor: true,
     src: "android.hardware.hardware_keystore.xml",
 }

 rust_library {
     name: "libkmr_hal_nonsecure",
     crate_name: "kmr_hal_nonsecure",
     vendor_available: true,
     lints: "android",
     rustlibs: [
         "libbinder_rs",
         "libhex",
         "liblibc",
         "liblog_rust",
         "libkmr_hal",
         "libkmr_wire",
     ],
     srcs: ["hal/lib.rs"],

 }

 rust_library {
     name: "libkmr_ta_nonsecure",
     crate_name: "kmr_ta_nonsecure",
     vendor_available: true,
     host_supported: true,
     lints: "android",
     rustlibs: [
         "libhex",
         "liblibc",
         "liblog_rust",
         "libkmr_common",
         "libkmr_crypto_boring",
         "libkmr_ta",
         "libkmr_wire",
     ],
     srcs: ["ta/lib.rs"],
 }

 apex {
     name: "com.android.hardware.keymint.rust_nonsecure",
     manifest: "manifest.json",
     file_contexts: "file_contexts",
     key: "com.google.cf.apex.key",
     certificate: ":com.android.hardware.certificate",
     soc_specific: true,
     updatable: false,
     binaries: [
         "android.hardware.security.keymint-service.nonsecure",
     ],
     prebuilts: [
         "keymint_aidl_nonsecure_init_rc",
         "keymint_aidl_nonsecure_vintf",
         "android.hardware.hardware_keystore.xml", // permissions
     ],
 }

 prebuilt_etc {
     name: "keymint_aidl_nonsecure_init_rc",
     filename_from_src: true,
     vendor: true,
     src: ":gen-keymint_aidl_nonsecure_init_rc",
 }

 genrule {
     name: "gen-keymint_aidl_nonsecure_init_rc",
     srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
     out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
     cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
 }

 prebuilt_etc {
     name: "keymint_aidl_nonsecure_vintf",
     sub_dir: "vintf",
     vendor: true,
     srcs: [
         "android.hardware.security.keymint-service.xml",
         "android.hardware.security.sharedsecret-service.xml",
         "android.hardware.security.secureclock-service.xml",
     ],
 }
	package {
	// See: http://go/android-license-faq
	// A large-scale-change added 'default_applicable_licenses' to import
	// all of the 'license_kinds' from "hardware_interfaces_license"
	// to get the below license kinds:
	// SPDX-license-identifier-Apache-2.0
	default_applicable_licenses: ["hardware_interfaces_license"],
	}

	// The following target has an insecure implementation of KeyMint where the
	// trusted application (TA) code runs in-process alongside the HAL service
	// code.
	//
	// A real device is required to run the TA code in a secure environment, as
	// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
	// isolated execution environment."
	cc_binary {
	name: "android.hardware.security.keymint-service",
	relative_install_path: "hw",
	init_rc: ["android.hardware.security.keymint-service.rc"],
	vintf_fragments: [
	"android.hardware.security.keymint-service.xml",
	"android.hardware.security.sharedsecret-service.xml",
	"android.hardware.security.secureclock-service.xml",
	],
	vendor: true,
	cflags: [
	"-Wall",
	"-Wextra",
	],
	defaults: [
	"keymint_use_latest_hal_aidl_ndk_shared",
	],
	shared_libs: [
	"android.hardware.security.rkp-V3-ndk",
	"android.hardware.security.sharedsecret-V1-ndk",
	"android.hardware.security.secureclock-V1-ndk",
	"libbase",
	"libbinder_ndk",
	"libcppbor",
	"libcrypto",
	"libkeymaster_portable",
	"libkeymint",
	"liblog",
	"libpuresoftkeymasterdevice",
	"libutils",
	],
	srcs: [
	"service.cpp",
	],
	required: [
	"android.hardware.hardware_keystore.xml",
	],
	}

	// The following target has an insecure implementation of KeyMint where the
	// trusted application (TA) code runs in-process alongside the HAL service
	// code.
	//
	// A real device is required to run the TA code in a secure environment, as
	// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
	// isolated execution environment."
	rust_binary {
	name: "android.hardware.security.keymint-service.nonsecure",
	relative_install_path: "hw",
	vendor: true,
	init_rc: ["android.hardware.security.keymint-service.nonsecure.rc"],
	vintf_fragments: [
	"android.hardware.security.keymint-service.xml",
	"android.hardware.security.sharedsecret-service.xml",
	"android.hardware.security.secureclock-service.xml",
	],
	defaults: [
	"keymint_use_latest_hal_aidl_rust",
	],
	srcs: [
	"main.rs",
	],
	rustlibs: [
	"libandroid_logger",
	"libbinder_rs",
	"liblog_rust",
	"libkmr_hal",
	"libkmr_hal_nonsecure",
	"libkmr_ta_nonsecure",
	],
	required: [
	"android.hardware.hardware_keystore.xml",
	],
	}

	prebuilt_etc {
	name: "android.hardware.hardware_keystore.xml",
	sub_dir: "permissions",
	vendor: true,
	src: "android.hardware.hardware_keystore.xml",
	}

	rust_library {
	name: "libkmr_hal_nonsecure",
	crate_name: "kmr_hal_nonsecure",
	vendor_available: true,
	lints: "android",
	rustlibs: [
	"libbinder_rs",
	"libhex",
	"liblibc",
	"liblog_rust",
	"libkmr_hal",
	"libkmr_wire",
	],
	srcs: ["hal/lib.rs"],

	}

	rust_library {
	name: "libkmr_ta_nonsecure",
	crate_name: "kmr_ta_nonsecure",
	vendor_available: true,
	host_supported: true,
	lints: "android",
	rustlibs: [
	"libhex",
	"liblibc",
	"liblog_rust",
	"libkmr_common",
	"libkmr_crypto_boring",
	"libkmr_ta",
	"libkmr_wire",
	],
	srcs: ["ta/lib.rs"],
	}

	apex {
	name: "com.android.hardware.keymint.rust_nonsecure",
	manifest: "manifest.json",
	file_contexts: "file_contexts",
	key: "com.google.cf.apex.key",
	certificate: ":com.android.hardware.certificate",
	soc_specific: true,
	updatable: false,
	binaries: [
	"android.hardware.security.keymint-service.nonsecure",
	],
	prebuilts: [
	"keymint_aidl_nonsecure_init_rc",
	"keymint_aidl_nonsecure_vintf",
	"android.hardware.hardware_keystore.xml", // permissions
	],
	}

	prebuilt_etc {
	name: "keymint_aidl_nonsecure_init_rc",
	filename_from_src: true,
	vendor: true,
	src: ":gen-keymint_aidl_nonsecure_init_rc",
	}

	genrule {
	name: "gen-keymint_aidl_nonsecure_init_rc",
	srcs: ["android.hardware.security.keymint-service.nonsecure.rc"],
	out: ["android.hardware.security.keymint-service.nonsecure.apex.rc"],
	cmd: "sed -E 's%/vendor/bin/%/apex/com.android.hardware.keymint/bin/%' $(in) > $(out)",
	}

	prebuilt_etc {
	name: "keymint_aidl_nonsecure_vintf",
	sub_dir: "vintf",
	vendor: true,
	srcs: [
	"android.hardware.security.keymint-service.xml",
	"android.hardware.security.sharedsecret-service.xml",
	"android.hardware.security.secureclock-service.xml",
	],
	}