Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Android/trusty/trusty/user/app/authmgr/authmgr-fe/src/   (Android Betriebssystem Version 17©)  Datei vom 26.5.2026 mit Größe 7 kB image not shown  

Quelle  lib.rs

  Sprache: Rust
 

/*
 * Copyright (C) 2025 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


mod sys {
    include!(env!("BINDGEN_INC_FILE"));
}

mod accessor;
mod authorization;
mod error;

#[cfg(not(feature = "authmgrfe_fake_dice_chain"))]
mod dice_handover;

#[cfg(feature = "authmgrfe_fake_dice_chain")]
mod fake_dice_handover;
#[cfg(feature = "authmgrfe_fake_dice_chain")]
use fake_dice_handover as dice_handover;

use crate::authorization::{authenticate_pvm, get_authmgr_fe};
use crate::error::AuthMgrFeTrustyError;
use alloc::rc::Rc;
use dice_handover::get_dice_handover;
use hwbcc::srv::HwBccService;
use pvmdice::{PvmDice, PvmDiceThreadSafe};
use rpcbinder::RpcServer;
use service_manager::get_supported_vintf_services;
use std::sync::{Arc, Mutex};
use tipc::{service_dispatcher, Manager, PortCfg};
use tipc::{ClientIdentifier, Uuid};

pub use accessor::{AuthMgrAccessor, SecurityConfig};

#[cfg(feature = "authmgrfe_accessor_devicestate")]
const DEVICE_STATE_SERVICE_NAME: &str =
    "android.hardware.security.see.devicestate.IDeviceState/default";
#[cfg(feature = "authmgrfe_accessor_hwcrypto")]
const HWCRYPTO_SERVICE_NAME: &str = "android.hardware.security.see.hwcrypto.IHwCryptoKey/default";
#[cfg(feature = "authmgrfe_accessor_storage")]
const SECURE_STORAGE_SERVICE_NAME: &str =
    "android.hardware.security.see.storage.ISecureStorage/default";

const HWBCC_PORT: &str = "com.android.trusty.hwbcc";

const PORT_COUNT: usize = 1
    + if cfg!(feature = "authmgrfe_accessor_storage") { 1 } else { 0 }
    + if cfg!(feature = "authmgrfe_accessor_hwcrypto") { 1 } else { 0 }
    + if cfg!(feature = "authmgrfe_accessor_devicestate") { 1 } else { 0 };

const CONNECTION_COUNT: usize = 6;

const KEYMINT_UUID: Uuid =
    Uuid::new(0x5f902ace, 0x5e5c, 0x4cd8, [0xae, 0x54, 0x87, 0xb8, 0x8c, 0x22, 0xdd, 0xaf]);
const WV_UUID: Uuid =
    Uuid::new(0x19c7289c, 0x5004, 0x4a30, [0xb8, 0x5a, 0x2a, 0x22, 0xa7, 0x6e, 0x63, 0x27]);
const HWBCC_TEST_UUID: Uuid =
    Uuid::new(0x0e109d31, 0x8bbe, 0x47d6, [0xbb, 0x47, 0xe1, 0xdd, 0x08, 0x91, 0x0e, 0x16]);
const HWBCC_RUST_TEST_UUID: Uuid =
    Uuid::new(0x67925337, 0x2c03, 0x49ed, [0x92, 0x40, 0xd5, 0x1b, 0x6f, 0xea, 0x3e, 0x30]);

const PVMDICE_TEST_BUILD_ALLOWED_UUIDS: [Uuid; 4] =
    [KEYMINT_UUID, WV_UUID, HWBCC_TEST_UUID, HWBCC_RUST_TEST_UUID];

const PVMDICE_ALLOWED_UUIDS: [Uuid; 2] = [KEYMINT_UUID, WV_UUID];

fn get_pvmdice_allowed_uuids() -> &'static [Uuid] {
    if cfg!(TEST_BUILD) {
        &PVMDICE_TEST_BUILD_ALLOWED_UUIDS
    } else {
        &PVMDICE_ALLOWED_UUIDS
    }
}

type AuthMgrAccessorService = rpcbinder::RpcServer;

service_dispatcher! {
    pub enum AuthMgrFeDispatcher {
        AuthMgrAccessorService,
        HwBccService,
    }
}

fn add_accessor_to_authmgr_dispatcher(
    dispatcher: &mut AuthMgrFeDispatcher<PORT_COUNT>,
    service_name: &'static str,
    security_config: SecurityConfig,
) -> Result<(), AuthMgrFeTrustyError> {
    let accessor_server = RpcServer::new_per_session(move |client_id| {
        let uuid = match client_id {
            ClientIdentifier::UUID(uuid) => uuid,
            _ => {
                log::error!("Expected a Uuid as client id, got: {:?}", client_id);
                return None;
            }
        };
        Some(AuthMgrAccessor::new_binder(service_name, security_config.clone(), uuid).as_binder())
    });
    let serving_port = service_manager::service_name_to_trusty_port(service_name)?;

    log::info!("Adding {} to authmgr-fe dispatcher on port {}", service_name, &serving_port);

    let service_cfg = PortCfg::new(serving_port)?.allow_ta_connect();

    dispatcher.add_service(Rc::new(accessor_server), service_cfg)?;

    Ok(())
}

fn add_accessors_to_dispatcher(
    dispatcher: &mut AuthMgrFeDispatcher<PORT_COUNT>,
    pvmdice: Arc<Mutex<PvmDice>>,
) -> Result<(), AuthMgrFeTrustyError> {
    let authmgr = Arc::new(Mutex::new(get_authmgr_fe()?));
    if cfg!(feature = "authmgrfe_lazy_phase_1") {
        log::info!(
            "authmgr protocol phase 1 deferred because lazy pVM authentication was configured."
        );
    } else {
        authenticate_pvm(&mut authmgr.lock().unwrap(), &pvmdice.lock().unwrap())?;
    }

    let trusted_hal_service_names = [
        #[cfg(feature = "authmgrfe_accessor_devicestate")]
        DEVICE_STATE_SERVICE_NAME,
        #[cfg(feature = "authmgrfe_accessor_hwcrypto")]
        HWCRYPTO_SERVICE_NAME,
        #[cfg(feature = "authmgrfe_accessor_storage")]
        SECURE_STORAGE_SERVICE_NAME,
    ];

    get_supported_vintf_services()
        .iter()
        .filter(|&service_name| trusted_hal_service_names.contains(service_name))
        .try_for_each(|&service_name| {
            add_accessor_to_authmgr_dispatcher(
                dispatcher,
                service_name,
                SecurityConfig::Secure {
                    authmgr: Arc::clone(&authmgr),
                    pvmdice: Arc::clone(&pvmdice),
                },
            )
        })?;

    Ok(())
}

pub fn init_and_start_loop() -> Result<(), AuthMgrFeTrustyError> {
    let mut dispatcher = AuthMgrFeDispatcher::<PORT_COUNT>::new()?;

    let handover = get_dice_handover();
    log::info!(
        "Initializing hwbcc server with PvmDice using handover of size: {} bytes.",
        handover.len()
    );

    let pvmdice = Arc::new(Mutex::new(PvmDice::try_new(&handover)?));
    let pvmdice_service = HwBccService::new(Rc::new(PvmDiceThreadSafe::new(Arc::clone(&pvmdice))));

    let pvmdice_port_cfg =
        PortCfg::new(HWBCC_PORT)?.allow_ta_connect().allowed_uuids(get_pvmdice_allowed_uuids());

    dispatcher.add_service(Rc::new(pvmdice_service), pvmdice_port_cfg)?;

    if cfg!(any(
        feature = "authmgrfe_accessor_storage",
        feature = "authmgrfe_accessor_hwcrypto",
        feature = "authmgrfe_accessor_devicestate"
    )) {
        add_accessors_to_dispatcher(&mut dispatcher, pvmdice)?;
    }

    log::info!("Starting authmgr-fe event loop");

    // We provide a buffer because this Manager is handling buffered and unbuffered services.
    // On construction, the Manager will check if the buffer is sufficient for the configured
    // services.
    Ok(Manager::<_, _, PORT_COUNT, CONNECTION_COUNT>::new_with_dispatcher(dispatcher, [0u84096])?
        .run_event_loop()?)
}

#[cfg(any(
    feature = "authmgrfe_accessor_devicestate",
    feature = "authmgrfe_accessor_hwcrypto",
    feature = "authmgrfe_accessor_devicestate"
))]
#[cfg(test)]
mod authgmgr_fe_tests {
    use super::*;
    use binder::IBinder;
    use service_manager::*;
    use test::*;
    #[cfg(feature = "authmgrfe_accessor_storage")]
    use android_hardware_security_see_storage::aidl::android::hardware::security::see::storage::ISecureStorage::ISecureStorage;
    #[cfg(feature = "authmgrfe_accessor_hwcrypto")]
    use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::IHwCryptoKey;

    #[cfg(feature = "authmgrfe_accessor_hwcrypto")]
    #[test]
    fn test_get_hwcrypto_binder() {
        let hwcrypto: binder::Strong<dyn IHwCryptoKey> =
            assert_ok!(wait_for_interface(HWCRYPTO_SERVICE_NAME));

        assert_ok!(hwcrypto.as_binder().ping_binder());
    }

    #[cfg(feature = "authmgrfe_accessor_storage")]
    #[test]
    fn test_get_secure_storage_binder() {
        let ss: binder::Strong<dyn ISecureStorage> =
            assert_ok!(wait_for_interface(SECURE_STORAGE_SERVICE_NAME));

        assert_ok!(ss.as_binder().ping_binder());
    }
}

#[cfg(test)]
mod tests {
    test::init!();
}

Messung V0.5 in Prozent
C=91 H=94 G=92

¤ Dauer der Verarbeitung: 0.11 Sekunden  (vorverarbeitet am  2026-06-27) ¤

*© Formatika GbR, Deutschland






Wurzel

Suchen

PVS Prover

Isabelle Prover

NIST Cobol Testsuite

Cephes Mathematical Library

Vienna Development Method

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.