1 //
2 // Copyright (C) 2019 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15
16 #include "host/commands/run_cvd/launch/launch.h"
17
18 #include <unistd.h>
19
20 #include <string>
21 #include <utility>
22 #include <vector>
23
24 #include <fruit/fruit.h>
25
26 #include "common/libs/utils/result.h"
27 #include "host/commands/run_cvd/launch/snapshot_control_files.h"
28 #include "host/libs/config/command_source.h"
29 #include "host/libs/config/known_paths.h"
30
31 namespace cuttlefish {
32
SecureEnv(const CuttlefishConfig & config,const CuttlefishConfig::InstanceSpecific & instance,AutoSnapshotControlFiles::Type & snapshot_control_files,KernelLogPipeProvider & kernel_log_pipe_provider)33 Result<MonitorCommand> SecureEnv(
34 const CuttlefishConfig& config,
35 const CuttlefishConfig::InstanceSpecific& instance,
36 AutoSnapshotControlFiles::Type& snapshot_control_files,
37 KernelLogPipeProvider& kernel_log_pipe_provider) {
38 Command command(SecureEnvBinary());
39 command.AddParameter("-confui_server_fd=",
40 snapshot_control_files->confui_server_fd);
41 command.AddParameter("-snapshot_control_fd=",
42 snapshot_control_files->secure_env_snapshot_control_fd);
43
44 std::vector<std::string> fifo_paths = {
45 instance.PerInstanceInternalPath("keymaster_fifo_vm.in"),
46 instance.PerInstanceInternalPath("keymaster_fifo_vm.out"),
47 instance.PerInstanceInternalPath("gatekeeper_fifo_vm.in"),
48 instance.PerInstanceInternalPath("gatekeeper_fifo_vm.out"),
49 instance.PerInstanceInternalPath("oemlock_fifo_vm.in"),
50 instance.PerInstanceInternalPath("oemlock_fifo_vm.out"),
51 instance.PerInstanceInternalPath("keymint_fifo_vm.in"),
52 instance.PerInstanceInternalPath("keymint_fifo_vm.out"),
53 };
54 std::vector<SharedFD> fifos;
55 for (const auto& path : fifo_paths) {
56 fifos.emplace_back(CF_EXPECT(SharedFD::Fifo(path, 0660)));
57 }
58 command.AddParameter("-keymaster_fd_out=", fifos[0]);
59 command.AddParameter("-keymaster_fd_in=", fifos[1]);
60 command.AddParameter("-gatekeeper_fd_out=", fifos[2]);
61 command.AddParameter("-gatekeeper_fd_in=", fifos[3]);
62 command.AddParameter("-oemlock_fd_out=", fifos[4]);
63 command.AddParameter("-oemlock_fd_in=", fifos[5]);
64 command.AddParameter("-keymint_fd_out=", fifos[6]);
65 command.AddParameter("-keymint_fd_in=", fifos[7]);
66
67 const auto& secure_hals = config.secure_hals();
68 bool secure_keymint = secure_hals.count(SecureHal::HostKeymintSecure) > 0;
69 command.AddParameter("-keymint_impl=", secure_keymint ? "tpm" : "software");
70 bool secure_gatekeeper =
71 secure_hals.count(SecureHal::HostGatekeeperSecure) > 0;
72 auto gatekeeper_impl = secure_gatekeeper ? "tpm" : "software";
73 command.AddParameter("-gatekeeper_impl=", gatekeeper_impl);
74
75 bool secure_oemlock = secure_hals.count(SecureHal::HostOemlockSecure) > 0;
76 auto oemlock_impl = secure_oemlock ? "tpm" : "software";
77 command.AddParameter("-oemlock_impl=", oemlock_impl);
78
79 command.AddParameter("-kernel_events_fd=",
80 kernel_log_pipe_provider.KernelLogPipe());
81
82 return std::move(command);
83 }
84
85 } // namespace cuttlefish
86