Weaver HAL
Weaver is used to harden the user authentication flow by securely
storing secrets which can only be read by presenting the associated key
secret. The key secret is derived from the user's credential.
Bug: 35628284
Test: Implement HAL, boot and call from system_server
Change-Id: Ia72fd537670c08d27320c944a0fe91243137bf6c
diff --git a/weaver/1.0/Android.bp b/weaver/1.0/Android.bp
new file mode 100644
index 0000000..738da4f
--- /dev/null
+++ b/weaver/1.0/Android.bp
@@ -0,0 +1,63 @@
+// This file is autogenerated by hidl-gen. Do not edit manually.
+
+filegroup {
+ name: "android.hardware.weaver@1.0_hal",
+ srcs: [
+ "types.hal",
+ "IWeaver.hal",
+ ],
+}
+
+genrule {
+ name: "android.hardware.weaver@1.0_genc++",
+ tools: ["hidl-gen"],
+ cmd: "$(location hidl-gen) -o $(genDir) -Lc++ -randroid.hardware:hardware/interfaces -randroid.hidl:system/libhidl/transport android.hardware.weaver@1.0",
+ srcs: [
+ ":android.hardware.weaver@1.0_hal",
+ ],
+ out: [
+ "android/hardware/weaver/1.0/types.cpp",
+ "android/hardware/weaver/1.0/WeaverAll.cpp",
+ ],
+}
+
+genrule {
+ name: "android.hardware.weaver@1.0_genc++_headers",
+ tools: ["hidl-gen"],
+ cmd: "$(location hidl-gen) -o $(genDir) -Lc++ -randroid.hardware:hardware/interfaces -randroid.hidl:system/libhidl/transport android.hardware.weaver@1.0",
+ srcs: [
+ ":android.hardware.weaver@1.0_hal",
+ ],
+ out: [
+ "android/hardware/weaver/1.0/types.h",
+ "android/hardware/weaver/1.0/hwtypes.h",
+ "android/hardware/weaver/1.0/IWeaver.h",
+ "android/hardware/weaver/1.0/IHwWeaver.h",
+ "android/hardware/weaver/1.0/BnHwWeaver.h",
+ "android/hardware/weaver/1.0/BpHwWeaver.h",
+ "android/hardware/weaver/1.0/BsWeaver.h",
+ ],
+}
+
+cc_library_shared {
+ name: "android.hardware.weaver@1.0",
+ generated_sources: ["android.hardware.weaver@1.0_genc++"],
+ generated_headers: ["android.hardware.weaver@1.0_genc++_headers"],
+ export_generated_headers: ["android.hardware.weaver@1.0_genc++_headers"],
+ shared_libs: [
+ "libhidlbase",
+ "libhidltransport",
+ "libhwbinder",
+ "liblog",
+ "libutils",
+ "libcutils",
+ "android.hidl.base@1.0",
+ ],
+ export_shared_lib_headers: [
+ "libhidlbase",
+ "libhidltransport",
+ "libhwbinder",
+ "libutils",
+ "android.hidl.base@1.0",
+ ],
+}
diff --git a/weaver/1.0/Android.mk b/weaver/1.0/Android.mk
new file mode 100644
index 0000000..f8b08ac
--- /dev/null
+++ b/weaver/1.0/Android.mk
@@ -0,0 +1,232 @@
+# This file is autogenerated by hidl-gen. Do not edit manually.
+
+LOCAL_PATH := $(call my-dir)
+
+################################################################################
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := android.hardware.weaver@1.0-java
+LOCAL_MODULE_CLASS := JAVA_LIBRARIES
+
+intermediates := $(call local-generated-sources-dir, COMMON)
+
+HIDL := $(HOST_OUT_EXECUTABLES)/hidl-gen$(HOST_EXECUTABLE_SUFFIX)
+
+LOCAL_JAVA_LIBRARIES := \
+ android.hidl.base@1.0-java \
+
+
+#
+# Build types.hal (WeaverConfig)
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/WeaverConfig.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::types.WeaverConfig
+
+$(GEN): $(LOCAL_PATH)/types.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build types.hal (WeaverReadResponse)
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/WeaverReadResponse.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::types.WeaverReadResponse
+
+$(GEN): $(LOCAL_PATH)/types.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build types.hal (WeaverReadStatus)
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/WeaverReadStatus.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::types.WeaverReadStatus
+
+$(GEN): $(LOCAL_PATH)/types.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build types.hal (WeaverStatus)
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/WeaverStatus.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::types.WeaverStatus
+
+$(GEN): $(LOCAL_PATH)/types.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build IWeaver.hal
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/IWeaver.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/IWeaver.hal
+$(GEN): PRIVATE_DEPS += $(LOCAL_PATH)/types.hal
+$(GEN): $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::IWeaver
+
+$(GEN): $(LOCAL_PATH)/IWeaver.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+include $(BUILD_JAVA_LIBRARY)
+
+
+################################################################################
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := android.hardware.weaver@1.0-java-static
+LOCAL_MODULE_CLASS := JAVA_LIBRARIES
+
+intermediates := $(call local-generated-sources-dir, COMMON)
+
+HIDL := $(HOST_OUT_EXECUTABLES)/hidl-gen$(HOST_EXECUTABLE_SUFFIX)
+
+LOCAL_STATIC_JAVA_LIBRARIES := \
+ android.hidl.base@1.0-java-static \
+
+
+#
+# Build types.hal (WeaverConfig)
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/WeaverConfig.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::types.WeaverConfig
+
+$(GEN): $(LOCAL_PATH)/types.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build types.hal (WeaverReadResponse)
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/WeaverReadResponse.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::types.WeaverReadResponse
+
+$(GEN): $(LOCAL_PATH)/types.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build types.hal (WeaverReadStatus)
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/WeaverReadStatus.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::types.WeaverReadStatus
+
+$(GEN): $(LOCAL_PATH)/types.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build types.hal (WeaverStatus)
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/WeaverStatus.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::types.WeaverStatus
+
+$(GEN): $(LOCAL_PATH)/types.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build IWeaver.hal
+#
+GEN := $(intermediates)/android/hardware/weaver/V1_0/IWeaver.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/IWeaver.hal
+$(GEN): PRIVATE_DEPS += $(LOCAL_PATH)/types.hal
+$(GEN): $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+ $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+ -Ljava \
+ -randroid.hardware:hardware/interfaces \
+ -randroid.hidl:system/libhidl/transport \
+ android.hardware.weaver@1.0::IWeaver
+
+$(GEN): $(LOCAL_PATH)/IWeaver.hal
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+include $(BUILD_STATIC_JAVA_LIBRARY)
+
+
+
+include $(call all-makefiles-under,$(LOCAL_PATH))
diff --git a/weaver/1.0/IWeaver.hal b/weaver/1.0/IWeaver.hal
new file mode 100644
index 0000000..2362c29
--- /dev/null
+++ b/weaver/1.0/IWeaver.hal
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.weaver@1.0;
+
+/**
+ * Weaver provides secure storage of secret values that can only be read if the
+ * corresponding key has been presented.
+ *
+ * The storage must be secure as the device's user authentication and encryption
+ * relies on the security of these values. The cardinality of the domains of the
+ * key and value must be suitably large such that they cannot be easily guessed.
+ *
+ * Weaver is structured as an array of slots, each containing a key-value pair.
+ * Slots are uniquely identified by an ID in the range [0, `getConfig().slots`).
+ */
+interface IWeaver {
+ /**
+ * Retrieves the config information for this implementation of Weaver.
+ *
+ * The config is static i.e. every invocation returns the same information.
+ *
+ * @return status is OK if the config was successfuly obtained.
+ * @return config data for this implementation of Weaver if status is OK,
+ * otherwise undefined.
+ */
+ getConfig() generates (WeaverStatus status, WeaverConfig config);
+
+ /**
+ * Overwrites the identified slot with the provided key and value.
+ *
+ * The new values are written regardless of the current state of the slot in
+ * order to remain idempotent.
+ *
+ * @param slotId of the slot to write to.
+ * @param key to write to the slot.
+ * @param value to write to slot.
+ * @return status is OK if the write was successfully completed.
+ */
+ write(uint32_t slotId, vec<uint8_t> key, vec<uint8_t> value)
+ generates (WeaverStatus status);
+
+ /**
+ * Attempts to retrieve the value stored in the identified slot.
+ *
+ * The value is only returned if the provided key matches the key stored in
+ * the slot. The value is never returned if the wrong key is provided.
+ *
+ * Throttling is used to limit the frequency of failed read attempts. The
+ * value is only returned when throttling is not active, even if the correct
+ * key is provided. If called when throttling is active, the time until the
+ * next attempt can be made is returned.
+ *
+ * @param slotId of the slot to read from.
+ * @param key that is stored in the slot.
+ * @return status is OK if the value was successfully read, INCORRECT_KEY if
+ * the key does not match the key in the slot or THROTTLE if
+ * throttling is active.
+ * @return readResponse contains the value read and the timeout to wait
+ * before making the next request. The value is undefined if the
+ * status is not OK and the timeout is undefined if the status is
+ * FAILED.
+ */
+ read(uint32_t slotId, vec<uint8_t> key)
+ generates (WeaverReadStatus status,
+ WeaverReadResponse readResponse);
+};
diff --git a/weaver/1.0/types.hal b/weaver/1.0/types.hal
new file mode 100644
index 0000000..49e5c04
--- /dev/null
+++ b/weaver/1.0/types.hal
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.weaver@1.0;
+
+enum WeaverStatus : uint32_t {
+ OK,
+ FAILED,
+};
+
+struct WeaverConfig {
+ /** The number of slots available. */
+ uint32_t slots;
+ /** The number of bytes used for a key. */
+ uint32_t keySize;
+ /** The number of bytes used for a value. */
+ uint32_t valueSize;
+};
+
+enum WeaverReadStatus : WeaverStatus {
+ INCORRECT_KEY,
+ THROTTLE,
+};
+
+struct WeaverReadResponse {
+ /** The time to wait, in milliseconds, before making the next request. */
+ uint32_t timeout;
+ /** The value read from the slot or empty if the value was not read. */
+ vec<uint8_t> value;
+};
diff --git a/weaver/Android.bp b/weaver/Android.bp
new file mode 100644
index 0000000..bbb3e4b
--- /dev/null
+++ b/weaver/Android.bp
@@ -0,0 +1,4 @@
+// This is an autogenerated file, do not edit.
+subdirs = [
+ "1.0",
+]