From a4badd77fb8f948a86e94da05c43d24da8cb36df Mon Sep 17 00:00:00 2001
From: Jan Altensen <info@stricted.net>
Date: Fri, 2 Jul 2021 07:43:16 +0200
Subject: [PATCH] g12: Guard prebuilt tee*/keymaster for devices with no OP-TEE

* These need to be split out because development
  boards don't have OP-TEE, and even if they could
  kang another device's, we have no functional keys
  or TA files, so it's useless and broken.

* Devices that have no OP-TEE need to set
  `TARGET_HAS_TEE := false` in their lineage_${DEVICE}.mk.

* So that we can successfully encrypt as per the fstab
  entry for `/data`,  build the AOSP keymaster 4.1 service,
  and that uses a VINTF fragment.

Change-Id: I8756ba2d9cd5c53725645185783f9e15b739602c
---
 BoardConfigCommon.mk      |  3 +++
 extract-files.sh          |  1 +
 g12.mk                    |  5 +++++
 manifest-tee.xml          | 12 ++++++++++++
 manifest.xml              | 10 ----------
 proprietary-files-tee.txt | 13 +++++++++++++
 proprietary-files.txt     |  8 --------
 setup-makefiles.sh        |  8 ++++++++
 8 files changed, 42 insertions(+), 18 deletions(-)
 create mode 100644 manifest-tee.xml
 create mode 100644 proprietary-files-tee.txt

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index b31b3b0..9599ca2 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -38,6 +38,9 @@ TARGET_SCREEN_DENSITY := 320
 
 ## HIDL
 DEVICE_MANIFEST_FILE := $(COMMON_PATH)/manifest.xml
+ifneq ($(TARGET_HAS_TEE),false)
+DEVICE_MANIFEST_FILE += $(COMMON_PATH)/manifest-tee.xml
+endif
 DEVICE_MATRIX_FILE := $(COMMON_PATH)/compatibility_matrix.xml
 
 ## Kernel
diff --git a/extract-files.sh b/extract-files.sh
index 90a24a0..c53e26c 100755
--- a/extract-files.sh
+++ b/extract-files.sh
@@ -88,6 +88,7 @@ if [ -z "${ONLY_TARGET}" ]; then
     setup_vendor "${DEVICE_COMMON}" "${VENDOR_COMMON}" "${ANDROID_ROOT}" true "${CLEAN_VENDOR}"
 
     extract "${MY_DIR}/proprietary-files.txt" "${SRC}" "${KANG}" --section "${SECTION}"
+    extract "${MY_DIR}/proprietary-files-tee.txt" "${SRC}" "${KANG}" --section "${SECTION}"
 fi
 
 if [ -z "${ONLY_COMMON}" ] && [ -s "${MY_DIR}/../../${VENDOR_DEVICE}/${DEVICE}/proprietary-files.txt" ]; then
diff --git a/g12.mk b/g12.mk
index 87d35e1..12e9846 100644
--- a/g12.mk
+++ b/g12.mk
@@ -129,6 +129,11 @@ PRODUCT_PACKAGES += \
     libpuresoftkeymasterdevice.vendor \
     libsoft_attestation_cert.vendor
 
+ifeq ($(TARGET_HAS_TEE),false)
+PRODUCT_PACKAGES += \
+    android.hardware.keymaster@4.1-service
+endif
+
 ## Logo
 PRODUCT_HOST_PACKAGES += \
     res_packer
diff --git a/manifest-tee.xml b/manifest-tee.xml
new file mode 100644
index 0000000..4a2e0a1
--- /dev/null
+++ b/manifest-tee.xml
@@ -0,0 +1,12 @@
+<manifest version="2.0" type="device" target-level="4">
+    <hal format="hidl">
+        <name>android.hardware.keymaster</name>
+        <transport>hwbinder</transport>
+        <version>4.1</version>
+        <interface>
+            <name>IKeymasterDevice</name>
+            <instance>default</instance>
+        </interface>
+        <fqname>@4.1::IKeymasterDevice/default</fqname>
+    </hal>
+</manifest>
diff --git a/manifest.xml b/manifest.xml
index 3e1d318..a7148ad 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -112,16 +112,6 @@
         </interface>
         <fqname>@2.0::IHealth/default</fqname>
     </hal>
-    <hal format="hidl">
-        <name>android.hardware.keymaster</name>
-        <transport>hwbinder</transport>
-        <version>4.1</version>
-        <interface>
-            <name>IKeymasterDevice</name>
-            <instance>default</instance>
-        </interface>
-        <fqname>@4.1::IKeymasterDevice/default</fqname>
-    </hal>
     <hal format="hidl">
         <name>android.hardware.media.omx</name>
         <transport>hwbinder</transport>
diff --git a/proprietary-files-tee.txt b/proprietary-files-tee.txt
new file mode 100644
index 0000000..3fb309b
--- /dev/null
+++ b/proprietary-files-tee.txt
@@ -0,0 +1,13 @@
+### All blobs from this list, unless pinned and noted as otherwise,
+##  are from adt3-user 11 RTT1.200909.003.A2 6832896 release-keys.
+
+## TEE/Keymaster
+vendor/bin/hw/android.hardware.keymaster@4.1-service.amlogic
+vendor/etc/init/android.hardware.keymaster@4.1-service.amlogic.rc
+vendor/lib/libtee_load_video_fw.so
+vendor/lib/libteec.so
+vendor/lib/libsecmem.so
+vendor/bin/tee-supplicant
+vendor/bin/tee_preload_fw
+vendor/etc/init/tee-supplicant.rc
+vendor/etc/init/tee_preload_fw.rc
diff --git a/proprietary-files.txt b/proprietary-files.txt
index 417d24e..cce3b5f 100644
--- a/proprietary-files.txt
+++ b/proprietary-files.txt
@@ -47,15 +47,12 @@ vendor/bin/hw/android.hardware.drm@1.3-service.widevine
 vendor/bin/hw/android.hardware.dumpstate@1.0-service.droidlogic
 vendor/bin/hw/android.hardware.graphics.composer@2.4-service.droidlogic
 vendor/bin/hw/android.hardware.health@2.0-service.droidlogic
-vendor/bin/hw/android.hardware.keymaster@4.1-service.amlogic
 vendor/bin/hw/android.hardware.oemlock@1.0-service.droidlogic
 vendor/bin/hw/android.hardware.thermal@2.0-service.droidlogic
 vendor/bin/hw/android.hardware.usb.gadget@1.1-service.droidlogic
 vendor/bin/oemcrypto_test_aml
 vendor/bin/remotecfg
 vendor/bin/systemcontrol
-vendor/bin/tee-supplicant
-vendor/bin/tee_preload_fw
 vendor/etc/audio_effects.conf
 vendor/etc/bluetooth/4343.hcd
 vendor/etc/bluetooth/BCM20702.hcd
@@ -82,7 +79,6 @@ vendor/etc/init/android.hardware.dumpstate@1.0-service.droidlogic.rc
 vendor/etc/init/android.hardware.graphics.allocator@3.0-service.rc
 vendor/etc/init/android.hardware.graphics.composer@2.4-service.droidlogic.rc
 vendor/etc/init/android.hardware.health@2.0-service.droidlogic.rc
-vendor/etc/init/android.hardware.keymaster@4.1-service.amlogic.rc
 vendor/etc/init/android.hardware.oemlock@1.0-service.droidlogic.rc
 vendor/etc/init/android.hardware.thermal@2.0-service.droidlogic.rc
 vendor/etc/init/android.hardware.usb.gadget@1.1-service.droidlogic.rc
@@ -93,8 +89,6 @@ vendor/etc/init/hdmicecd.rc
 vendor/etc/init/irblaster1.rc
 vendor/etc/init/sysfs_permissions.rc
 vendor/etc/init/systemcontrol.rc
-vendor/etc/init/tee-supplicant.rc
-vendor/etc/init/tee_preload_fw.rc
 vendor/etc/mesondisplay.cfg
 vendor/etc/permissions/android.software.cant_save_state.xml
 vendor/etc/permissions/droidlogic.software.core.xml
@@ -209,8 +203,6 @@ vendor/lib/libremotecontrolserver.so
 vendor/lib/libsecmem.so
 vendor/lib/libstagefrighthw.so
 vendor/lib/libsystemcontrolservice.so
-vendor/lib/libtee_load_video_fw.so
-vendor/lib/libteec.so
 vendor/lib/libthreadworker_alt.so
 vendor/lib/libtvbinder.so
 vendor/lib/libvideotunnel.so
diff --git a/setup-makefiles.sh b/setup-makefiles.sh
index 911a638..9f8d0f4 100755
--- a/setup-makefiles.sh
+++ b/setup-makefiles.sh
@@ -30,6 +30,14 @@ write_headers "g12a g12b sm1" "TARGET_AMLOGIC_SOC"
 # The standard common blobs
 write_makefiles "${MY_DIR}/proprietary-files.txt" true
 
+# The BSP blobs - we put a conditional in case the BSP
+# is actually being built
+printf '\n%s\n' 'ifneq ($(TARGET_HAS_TEE),false)' >> "$PRODUCTMK"
+
+write_makefiles "${MY_DIR}/proprietary-files-tee.txt" true
+
+printf '%s\n' 'endif' >> "$PRODUCTMK"
+
 # Finish
 write_footers
 
-- 
2.20.1