upload android base code part6
This commit is contained in:
August
parent
421e214c7d
commit
4e516ec6ed
35396 changed files with 9188716 additions and 0 deletions
122
android/system/tpm/trunks/trunksd.cc
Normal file
122
android/system/tpm/trunks/trunksd.cc
Normal file
|
|
@ -0,0 +1,122 @@
|
|||
//
|
||||
// Copyright (C) 2014 The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
//
|
||||
|
||||
#include <sysexits.h>
|
||||
|
||||
#include <base/at_exit.h>
|
||||
#include <base/bind.h>
|
||||
#include <base/command_line.h>
|
||||
#include <base/threading/thread.h>
|
||||
#include <brillo/minijail/minijail.h>
|
||||
#include <brillo/syslog_logging.h>
|
||||
#include <brillo/userdb_utils.h>
|
||||
|
||||
#include "trunks/background_command_transceiver.h"
|
||||
#include "trunks/resource_manager.h"
|
||||
#include "trunks/tpm_handle.h"
|
||||
#include "trunks/tpm_simulator_handle.h"
|
||||
#if defined(USE_BINDER_IPC)
|
||||
#include "trunks/trunks_binder_service.h"
|
||||
#else
|
||||
#include "trunks/trunks_dbus_service.h"
|
||||
#endif
|
||||
#include "trunks/trunks_factory_impl.h"
|
||||
#include "trunks/trunks_ftdi_spi.h"
|
||||
|
||||
namespace {
|
||||
|
||||
const uid_t kRootUID = 0;
|
||||
const char kTrunksUser[] = "trunks";
|
||||
const char kTrunksGroup[] = "trunks";
|
||||
#if defined(__ANDROID__)
|
||||
const char kTrunksSeccompPath[] =
|
||||
"/system/usr/share/policy/trunksd-seccomp.policy";
|
||||
#else
|
||||
const char kTrunksSeccompPath[] = "/usr/share/policy/trunksd-seccomp.policy";
|
||||
#endif
|
||||
const char kBackgroundThreadName[] = "trunksd_background_thread";
|
||||
|
||||
void InitMinijailSandbox() {
|
||||
uid_t trunks_uid;
|
||||
gid_t trunks_gid;
|
||||
CHECK(brillo::userdb::GetUserInfo(kTrunksUser, &trunks_uid, &trunks_gid))
|
||||
<< "Error getting trunks uid and gid.";
|
||||
CHECK_EQ(getuid(), kRootUID) << "trunksd not initialized as root.";
|
||||
brillo::Minijail* minijail = brillo::Minijail::GetInstance();
|
||||
struct minijail* jail = minijail->New();
|
||||
minijail->DropRoot(jail, kTrunksUser, kTrunksGroup);
|
||||
minijail->UseSeccompFilter(jail, kTrunksSeccompPath);
|
||||
minijail->Enter(jail);
|
||||
minijail->Destroy(jail);
|
||||
CHECK_EQ(getuid(), trunks_uid)
|
||||
<< "trunksd was not able to drop user privilege.";
|
||||
CHECK_EQ(getgid(), trunks_gid)
|
||||
<< "trunksd was not able to drop group privilege.";
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
||||
int main(int argc, char** argv) {
|
||||
base::CommandLine::Init(argc, argv);
|
||||
base::CommandLine* cl = base::CommandLine::ForCurrentProcess();
|
||||
int flags = brillo::kLogToSyslog;
|
||||
if (cl->HasSwitch("log_to_stderr")) {
|
||||
flags |= brillo::kLogToStderr;
|
||||
}
|
||||
brillo::InitLog(flags);
|
||||
|
||||
// Create a service instance before anything else so objects like
|
||||
// AtExitManager exist.
|
||||
#if defined(USE_BINDER_IPC)
|
||||
trunks::TrunksBinderService service;
|
||||
#else
|
||||
trunks::TrunksDBusService service;
|
||||
#endif
|
||||
|
||||
// Chain together command transceivers:
|
||||
// [IPC] --> BackgroundCommandTransceiver
|
||||
// --> ResourceManager
|
||||
// --> TpmHandle
|
||||
// --> [TPM]
|
||||
trunks::CommandTransceiver* low_level_transceiver;
|
||||
if (cl->HasSwitch("ftdi")) {
|
||||
LOG(INFO) << "Sending commands to FTDI SPI.";
|
||||
low_level_transceiver = new trunks::TrunksFtdiSpi();
|
||||
} else if (cl->HasSwitch("simulator")) {
|
||||
LOG(INFO) << "Sending commands to simulator.";
|
||||
low_level_transceiver = new trunks::TpmSimulatorHandle();
|
||||
} else {
|
||||
low_level_transceiver = new trunks::TpmHandle();
|
||||
}
|
||||
CHECK(low_level_transceiver->Init())
|
||||
<< "Error initializing TPM communication.";
|
||||
// This needs to be *after* opening the TPM handle and *before* starting the
|
||||
// background thread.
|
||||
InitMinijailSandbox();
|
||||
base::Thread background_thread(kBackgroundThreadName);
|
||||
CHECK(background_thread.Start()) << "Failed to start background thread.";
|
||||
trunks::TrunksFactoryImpl factory(low_level_transceiver);
|
||||
CHECK(factory.Initialize()) << "Failed to initialize trunks factory.";
|
||||
trunks::ResourceManager resource_manager(factory, low_level_transceiver);
|
||||
background_thread.task_runner()->PostNonNestableTask(
|
||||
FROM_HERE, base::Bind(&trunks::ResourceManager::Initialize,
|
||||
base::Unretained(&resource_manager)));
|
||||
trunks::BackgroundCommandTransceiver background_transceiver(
|
||||
&resource_manager, background_thread.task_runner());
|
||||
service.set_transceiver(&background_transceiver);
|
||||
LOG(INFO) << "Trunks service started.";
|
||||
return service.Run();
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue