#include <functional>#include <mutex>#include <optional>#include <thread>#include <android-base/logging.h>#include <android-base/strings.h>#include <fruit/fruit.h>#include <gflags/gflags.h>#include <keymaster/android_keymaster.h>#include <keymaster/contexts/pure_soft_keymaster_context.h>#include <keymaster/soft_keymaster_logger.h>#include <tss2/tss2_esys.h>#include <tss2/tss2_rc.h>#include "cuttlefish/common/libs/fs/shared_fd.h"#include "cuttlefish/common/libs/security/confui_sign.h"#include "cuttlefish/common/libs/security/gatekeeper_channel_sharedfd.h"#include "cuttlefish/common/libs/security/keymaster_channel_sharedfd.h"#include "cuttlefish/common/libs/transport/channel_sharedfd.h"#include "cuttlefish/host/commands/kernel_log_monitor/kernel_log_server.h"#include "cuttlefish/host/commands/kernel_log_monitor/utils.h"#include "cuttlefish/host/commands/secure_env/confui_sign_server.h"#include "cuttlefish/host/commands/secure_env/device_tpm.h"#include "cuttlefish/host/commands/secure_env/gatekeeper_responder.h"#include "cuttlefish/host/commands/secure_env/in_process_tpm.h"#include "cuttlefish/host/commands/secure_env/keymaster_responder.h"#include "cuttlefish/host/commands/secure_env/oemlock/oemlock.h"#include "cuttlefish/host/commands/secure_env/oemlock/oemlock_responder.h"#include "cuttlefish/host/commands/secure_env/proxy_keymaster_context.h"#include "cuttlefish/host/commands/secure_env/rust/kmr_ta.h"#include "cuttlefish/host/commands/secure_env/soft_gatekeeper.h"#include "cuttlefish/host/commands/secure_env/storage/insecure_json_storage.h"#include "cuttlefish/host/commands/secure_env/storage/storage.h"#include "cuttlefish/host/commands/secure_env/storage/tpm_storage.h"#include "cuttlefish/host/commands/secure_env/suspend_resume_handler.h"#include "cuttlefish/host/commands/secure_env/tpm_gatekeeper.h"#include "cuttlefish/host/commands/secure_env/tpm_keymaster_context.h"#include "cuttlefish/host/commands/secure_env/tpm_keymaster_enforcement.h"#include "cuttlefish/host/commands/secure_env/tpm_resource_manager.h"#include "cuttlefish/host/commands/secure_env/worker_thread_loop_body.h"#include "cuttlefish/host/libs/config/known_paths.h"#include "cuttlefish/host/libs/config/logging.h"
Include dependency graph for secure_env_not_windows_main.cpp:
Namespaces | |
| namespace | cuttlefish |
| namespace | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp} |
Functions | |
| DEFINE_int32 (confui_server_fd, -1, "A named socket to serve confirmation UI") | |
| DEFINE_int32 (snapshot_control_fd, -1, "A socket connected to run_cvd for snapshot operations and" "responses") | |
| DEFINE_int32 (keymaster_fd_in, -1, "A pipe for keymaster communication") | |
| DEFINE_int32 (keymaster_fd_out, -1, "A pipe for keymaster communication") | |
| DEFINE_int32 (keymint_fd_in, -1, "A pipe for keymint communication") | |
| DEFINE_int32 (keymint_fd_out, -1, "A pipe for keymint communication") | |
| DEFINE_int32 (gatekeeper_fd_in, -1, "A pipe for gatekeeper communication") | |
| DEFINE_int32 (gatekeeper_fd_out, -1, "A pipe for gatekeeper communication") | |
| DEFINE_int32 (oemlock_fd_in, -1, "A pipe for oemlock communication") | |
| DEFINE_int32 (oemlock_fd_out, -1, "A pipe for oemlock communication") | |
| DEFINE_int32 (kernel_events_fd, -1, "A pipe for monitoring events based on " "messages written to the kernel log. This " "is used by secure_env to monitor for " "device reboots.") | |
| DEFINE_string (tpm_impl, "in_memory", "The TPM implementation. \"in_memory\" or \"host_device\"") | |
| DEFINE_string (keymint_impl, "tpm", "The KeyMint implementation. \"tpm\" or \"software\"") | |
| DEFINE_string (gatekeeper_impl, "tpm", "The gatekeeper implementation. \"tpm\" or \"software\"") | |
| DEFINE_string (oemlock_impl, "tpm", "The oemlock implementation. \"tpm\" or \"software\"") | |
| constexpr std::chrono::seconds | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp}::kRestartLockTimeout (2) |
| SharedFD | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp}::DupFdFlag (gflags::int32 fd) |
| void | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp}::ReExecSelf () |
| std::thread | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp}::StartKernelEventMonitor (SharedFD kernel_events_fd, std::timed_mutex &oemlock_lock) |
| fruit::Component< fruit::Required< gatekeeper::SoftGateKeeper, TpmGatekeeper, TpmResourceManager >, gatekeeper::GateKeeper, keymaster::KeymasterEnforcement > | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp}::ChooseGatekeeperComponent () |
| fruit::Component< fruit::Required< TpmResourceManager >, oemlock::OemLock > | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp}::ChooseOemlockComponent () |
| fruit::Component< TpmResourceManager, gatekeeper::GateKeeper, oemlock::OemLock, keymaster::KeymasterEnforcement > | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp}::SecureEnvComponent () |
| Result< void > | cuttlefish::SecureEnvMain (int argc, char **argv) |
| int | main (int argc, char **argv) |
Variables | |
| constexpr size_t | cuttlefish::anonymous_namespace{secure_env_not_windows_main.cpp}::kOperationTableSize = 16 |
Function Documentation
◆ DEFINE_int32() [1/11]
| DEFINE_int32 | ( | confui_server_fd | , |
| - | 1, | ||
| "A named socket to serve confirmation UI" | |||
| ) |
◆ DEFINE_int32() [2/11]
| DEFINE_int32 | ( | gatekeeper_fd_in | , |
| - | 1, | ||
| "A pipe for gatekeeper communication" | |||
| ) |
◆ DEFINE_int32() [3/11]
| DEFINE_int32 | ( | gatekeeper_fd_out | , |
| - | 1, | ||
| "A pipe for gatekeeper communication" | |||
| ) |
◆ DEFINE_int32() [4/11]
| DEFINE_int32 | ( | kernel_events_fd | , |
| - | 1, | ||
| "A pipe for monitoring events based on " "messages written to the kernel log. This " "is used by secure_env to monitor for " "device reboots." | |||
| ) |
◆ DEFINE_int32() [5/11]
| DEFINE_int32 | ( | keymaster_fd_in | , |
| - | 1, | ||
| "A pipe for keymaster communication" | |||
| ) |
◆ DEFINE_int32() [6/11]
| DEFINE_int32 | ( | keymaster_fd_out | , |
| - | 1, | ||
| "A pipe for keymaster communication" | |||
| ) |
◆ DEFINE_int32() [7/11]
| DEFINE_int32 | ( | keymint_fd_in | , |
| - | 1, | ||
| "A pipe for keymint communication" | |||
| ) |
◆ DEFINE_int32() [8/11]
| DEFINE_int32 | ( | keymint_fd_out | , |
| - | 1, | ||
| "A pipe for keymint communication" | |||
| ) |
◆ DEFINE_int32() [9/11]
| DEFINE_int32 | ( | oemlock_fd_in | , |
| - | 1, | ||
| "A pipe for oemlock communication" | |||
| ) |
◆ DEFINE_int32() [10/11]
| DEFINE_int32 | ( | oemlock_fd_out | , |
| - | 1, | ||
| "A pipe for oemlock communication" | |||
| ) |
◆ DEFINE_int32() [11/11]
| DEFINE_int32 | ( | snapshot_control_fd | , |
| - | 1, | ||
| "A socket connected to run_cvd for snapshot operations and" "responses" | |||
| ) |
◆ DEFINE_string() [1/4]
| DEFINE_string | ( | gatekeeper_impl | , |
| "tpm" | , | ||
| "The gatekeeper implementation. \"tpm\" or \"software\"" | |||
| ) |
◆ DEFINE_string() [2/4]
| DEFINE_string | ( | keymint_impl | , |
| "tpm" | , | ||
| "The KeyMint implementation. \"tpm\" or \"software\"" | |||
| ) |
◆ DEFINE_string() [3/4]
| DEFINE_string | ( | oemlock_impl | , |
| "tpm" | , | ||
| "The oemlock implementation. \"tpm\" or \"software\"" | |||
| ) |
◆ DEFINE_string() [4/4]
| DEFINE_string | ( | tpm_impl | , |
| "in_memory" | , | ||
| "The TPM implementation. \"in_memory\" or \"host_device\"" | |||
| ) |
◆ main()
| int main | ( | int | argc, |
| char ** | argv | ||
| ) |
