trust: create service

Change-Id: Idb3880e1bd638703967513e7c08a4fe63f0926bc
Signed-off-by: Joey <joey@lineageos.org>

6 files changed, 219 insertions, 0 deletions

diff --git a/trust/Android.bp b/trust/Android.bp
new file mode 100644
index 0000000..9823467
--- /dev/null
+++ b/trust/Android.bp
@@ -0,0 +1,44 @@
+// Copyright (C) 2019 The LineageOS Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_defaults {
+    name: "trust_defaults",
+    defaults: ["hidl_defaults"],
+    relative_install_path: "hw",
+    srcs: [
+        "UsbRestrict.cpp",
+        "service.cpp",
+    ],
+    shared_libs: [
+        "libbase",
+        "libbinder",
+        "libhidlbase",
+        "libhidltransport",
+        "libutils",
+        "vendor.lineage.trust@1.0",
+    ],
+}
+
+cc_binary {
+    name: "lineage.trust@1.0-service",
+    init_rc: ["lineage.trust@1.0-service.rc"],
+    defaults: ["trust_defaults"],
+}
+
+cc_binary {
+    name: "vendor.lineage.trust@1.0-service",
+    init_rc: ["vendor.lineage.trust@1.0-service.rc"],
+    defaults: ["trust_defaults"],
+    proprietary: true,
+}
diff --git a/trust/UsbRestrict.cpp b/trust/UsbRestrict.cpp
new file mode 100644
index 0000000..cb22aed
--- /dev/null
+++ b/trust/UsbRestrict.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2019 The LineageOS Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <fstream>
+
+#include "UsbRestrict.h"
+
+#include <android-base/logging.h>
+
+namespace vendor {
+namespace lineage {
+namespace trust {
+namespace V1_0 {
+namespace implementation {
+
+static constexpr const char* kControlPath = "/proc/sys/kernel/deny_new_usb";
+
+// Methods from ::vendor::lineage::trust::V1_0::IUsbRestrict follow.
+Return<bool> UsbRestrict::isEnabled() {
+    std::ifstream file(kControlPath);
+    std::string content;
+    file >> content;
+    file.close();
+    return !file.fail() && std::stoi(content);
+}
+
+Return<void> UsbRestrict::setEnabled(bool enabled) {
+    std::ofstream file(kControlPath);
+    if (file.is_open()) {
+        file << (enabled ? "1" : "0");
+        file.close();
+    } else {
+        LOG(ERROR) << "Failed to open " << kControlPath << ", error=" << errno
+                   << " (" << strerror(errno) << ")";
+    }
+    return Void();
+}
+
+}  // namespace implementation
+}  // namespace V1_0
+}  // namespace trust
+}  // namespace lineage
+}  // namespace vendor
diff --git a/trust/UsbRestrict.h b/trust/UsbRestrict.h
new file mode 100644
index 0000000..61f9b1a
--- /dev/null
+++ b/trust/UsbRestrict.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2019 The LineageOS Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef VENDOR_LINEAGE_TRUST_V1_0_USBRESTRICT_H
+#define VENDOR_LINEAGE_TRUST_V1_0_USBRESTRICT_H
+
+#include <vendor/lineage/trust/1.0/IUsbRestrict.h>
+#include <hidl/MQDescriptor.h>
+#include <hidl/Status.h>
+
+namespace vendor {
+namespace lineage {
+namespace trust {
+namespace V1_0 {
+namespace implementation {
+
+using ::android::hardware::Return;
+using ::android::hardware::Void;
+using ::android::sp;
+
+class UsbRestrict : public IUsbRestrict {
+  public:
+    UsbRestrict() = default;
+
+    // Methods from ::vendor::lineage::trust::V1_0::IUsbRestrict follow.
+    Return<bool> isEnabled() override;
+    Return<void> setEnabled(bool enabled) override;
+};
+
+}  // namespace implementation
+}  // namespace V1_0
+}  // namespace trust
+}  // namespace lineage
+}  // namespace vendor
+
+#endif  // VENDOR_LINEAGE_TRUST_V1_0_USBRESTRICT_H
diff --git a/trust/lineage.trust@1.0-service.rc b/trust/lineage.trust@1.0-service.rc
new file mode 100644
index 0000000..f5abdc6
--- /dev/null
+++ b/trust/lineage.trust@1.0-service.rc
@@ -0,0 +1,4 @@
+service trust-hal-1-0 /system/bin/hw/lineage.trust@1.0-service
+    class hal
+    user root
+    group root
diff --git a/trust/service.cpp b/trust/service.cpp
new file mode 100644
index 0000000..9dad303
--- /dev/null
+++ b/trust/service.cpp
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2019 The LineageOS Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "vendor.lineage.trust@1.0-service"
+
+#include <android-base/logging.h>
+#include <binder/ProcessState.h>
+#include <hidl/HidlTransportSupport.h>
+
+#include "UsbRestrict.h"
+
+using android::sp;
+using android::status_t;
+using android::OK;
+
+// libhwbinder:
+using android::hardware::configureRpcThreadpool;
+using android::hardware::joinRpcThreadpool;
+
+using ::vendor::lineage::trust::V1_0::IUsbRestrict;
+using ::vendor::lineage::trust::V1_0::implementation::UsbRestrict;
+
+int main() {
+    sp<IUsbRestrict> usbRestrict;
+    status_t status;
+
+    LOG(INFO) << "Trust HAL service is starting.";
+
+    usbRestrict = new UsbRestrict();
+    if (usbRestrict == nullptr) {
+        LOG(ERROR) << "Can not create an instance of Trust HAL UsbRestricted Iface, exiting.";
+        goto shutdown;
+    }
+
+    configureRpcThreadpool(1, true /*callerWillJoin*/);
+
+    status = usbRestrict->registerAsService();
+    if (status != OK) {
+        LOG(ERROR) << "Could not register service for Trust HAL UsbRestricted Iface ("
+                   << status << ").";
+    }
+
+    LOG(INFO) << "Trust HAL service is ready.";
+    joinRpcThreadpool();
+    // Should not pass this line
+
+shutdown:
+    // In normal operation, we don't expect the thread pool to shutdown
+    LOG(ERROR) << "Trust HAL service is shutting down.";
+    return 1;
+}
diff --git a/trust/vendor.lineage.trust@1.0-service.rc b/trust/vendor.lineage.trust@1.0-service.rc
new file mode 100644
index 0000000..867a176
--- /dev/null
+++ b/trust/vendor.lineage.trust@1.0-service.rc
@@ -0,0 +1,4 @@
+service vendor.trust-hal-1-0 /vendor/bin/hw/vendor.lineage.trust@1.0-service
+    class hal
+    user root
+    group root