1 /*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "javacard.strongbox-service"
18
19 #include <aidl/android/hardware/security/keymint/SecurityLevel.h>
20
21 #include <android-base/logging.h>
22 #include <android-base/properties.h>
23 #include <android/binder_manager.h>
24 #include <android/binder_process.h>
25
26 #include "JavacardKeyMintDevice.h"
27 #include "JavacardRemotelyProvisionedComponentDevice.h"
28 #include "JavacardSecureElement.h"
29 #include "JavacardSharedSecret.h"
30 #include "OmapiTransport.h"
31 #include "SocketTransport.h"
32 #include "keymint_utils.h"
33
34 using aidl::android::hardware::security::keymint::JavacardKeyMintDevice;
35 using aidl::android::hardware::security::keymint::JavacardRemotelyProvisionedComponentDevice;
36 using aidl::android::hardware::security::keymint::SecurityLevel;
37 using aidl::android::hardware::security::sharedsecret::JavacardSharedSecret;
38 using keymint::javacard::getOsPatchlevel;
39 using keymint::javacard::getOsVersion;
40 using keymint::javacard::getVendorPatchlevel;
41 using keymint::javacard::ITransport;
42 using keymint::javacard::JavacardSecureElement;
43 using keymint::javacard::OmapiTransport;
44 using keymint::javacard::SocketTransport;
45
46 #define PROP_BUILD_QEMU "ro.kernel.qemu"
47 #define PROP_BUILD_FINGERPRINT "ro.build.fingerprint"
48 // Cuttlefish build fingerprint substring.
49 #define CUTTLEFISH_FINGERPRINT_SS "aosp_cf_"
50
addService(Args &&...args)51 template <typename T, class... Args> std::shared_ptr<T> addService(Args&&... args) {
52 std::shared_ptr<T> ser = ndk::SharedRefBase::make<T>(std::forward<Args>(args)...);
53 auto instanceName = std::string(T::descriptor) + "/strongbox";
54 LOG(INFO) << "adding javacard strongbox service instance: " << instanceName;
55 binder_status_t status =
56 AServiceManager_addService(ser->asBinder().get(), instanceName.c_str());
57 CHECK(status == STATUS_OK);
58 return ser;
59 }
60
getTransportInstance()61 std::shared_ptr<ITransport> getTransportInstance() {
62 bool isEmulator = false;
63 // Check if the current build is for emulator or device.
64 isEmulator = android::base::GetBoolProperty(PROP_BUILD_QEMU, false);
65 if (!isEmulator) {
66 std::string fingerprint = android::base::GetProperty(PROP_BUILD_FINGERPRINT, "");
67 if (!fingerprint.empty()) {
68 if (fingerprint.find(CUTTLEFISH_FINGERPRINT_SS, 0) != std::string::npos) {
69 isEmulator = true;
70 }
71 }
72 }
73
74 if (!isEmulator) {
75 return std::make_shared<OmapiTransport>();
76 } else {
77 return std::make_shared<SocketTransport>();
78 }
79 }
80
main()81 int main() {
82 ABinderProcess_setThreadPoolMaxThreadCount(0);
83 // Javacard Secure Element
84 std::shared_ptr<JavacardSecureElement> card =
85 std::make_shared<JavacardSecureElement>(getTransportInstance());
86 // Add Keymint Service
87 addService<JavacardKeyMintDevice>(card);
88 // Add Shared Secret Service
89 addService<JavacardSharedSecret>(card);
90 // Add Remotely Provisioned Component Service
91 addService<JavacardRemotelyProvisionedComponentDevice>(card);
92
93 ABinderProcess_joinThreadPool();
94 return EXIT_FAILURE; // should not reach
95 }
96