Skip to content

khadas/android_hardware_rockchip_vendor_storage_service

BranchesTags

Repository files navigation

Vendor Storage AIDL Lazy Service

How to use

  • Use normal service

    PRODUCT_PACKAGES += rockchip.aidl.vendorstorage-service
DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE += hardware/rockchip/vendor_storage_service/default/frameworks_rockchip.aidl.vendorstorage-service.xml
BOARD_SEPOLICY_DIRS += hardware/rockchip/vendor_storage_service/default/sepolicy

  • Use updatable Apex

    If you use Apex to ship, please be sure to replace the signature, otherwise it will be easy for someone to hack into and read and write vendor storage!

    PRODUCT_PACKAGES += com.rockchip.hardware.vendorstorages
DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE += hardware/rockchip/vendor_storage_service/default/frameworks_rockchip.aidl.vendorstorage-service.xml
BOARD_SEPOLICY_DIRS += hardware/rockchip/vendor_storage_service/default/sepolicy

Code/C++, NDK and Java are also supported, but you need to write the code yourself.

  • Add rockchip.aidl.vendorstorage-V1-ndk to shared_libs in Android.bp:
    cc_binary {
        name: "Example",
        srcs: [
            "Example.cpp",
        ],
        shared_libs: [
            "libbinder_ndk",
            "libbase",
            "rockchip.aidl.vendorstorage-V1-ndk",
        ],
    }
  • cpp file:
    #include <aidl/rockchip/aidl/vendorstorage/IVendorStorage.h>

    using ::aidl::rockchip::aidl::vendorstorage::IVendorStorage;
    using ::aidl::rockchip::aidl::vendorstorage::VendorStorageCmd;
    using ::aidl::rockchip::aidl::vendorstorage::VendorStorageRequest;
    using ::aidl::rockchip::aidl::vendorstorage::VendorStorageResponse;
    using ::aidl::rockchip::aidl::vendorstorage::IVendorStorageRunCallback;

    using ::ndk::SpAIBinder;
    using namespace std;

    using ndk::SharedRefBase;
    using ndk::ScopedAStatus;

    ......Omitted here main......
    // Get vendorstorage service
    const std::string instance = std::string() + IVendorStorage::descriptor + "/default";
    vendorstorage = IVendorStorage::fromBinder(
        SpAIBinder(AServiceManager_waitForService(instance.c_str())));
          if (vendorstorage == nullptr) {
            cout << "Failed to get service VendorStorage" << endl;
            return -1;
          }

    // Call Initial
    VendorStorageRequest request;
    VendorStorageResponse response;
    request.cmd = VendorStorageCmd::CMD_INIT;
    vendorstorage->run(request, &response);
    cout << "Initial with ret: " << response.toString() << endl;

    // Read from vendorstorage
    VendorStorageRequest request;
    VendorStorageResponse response;
    request.buf_size = 256;
    request.cmd = VendorStorageCmd::CMD_READ;
    request.id = 1 // ID;
    aidl.run(request, &response);

    std::string result(response.buf.begin(), response.buf.begin() + response.buf_size);
    cout << "Read Result: " << result << endl;

    // Write to vendorstorage
    VendorStorageRequest request;
    VendorStorageResponse response;
    char *data = "RK3588SN1";
    int data_len = strlen(data);
    std::vector<uint8_t> requestValue(data, data + data_len);

    request.cmd = VendorStorageCmd::CMD_WRITE;
    request.id = 1 // ID;
    request.buf = requestValue;
    request.buf_size = data_len;
    aidl.run(request, &response);
    cout << "Write to vendorstorage: " << request.toString() << endl;
    cout << "Response: " << response.toString() << endl;
  • SELinux: Add this rules if needed, for example, we need read calibration data in sensors hal:
	hal_client_domain(hal_sensors_default, hal_vendorstorage)
  • Gave the permissions to the shell (You can think of it as adb shell), Just test, If you open permissions to the shell, IT WILL BE VERY DANGEROUS!!!
diff --git a/default/sepolicy/hal_vendorstorage.te b/default/sepolicy/hal_vendorstorage.te
index 9cf264b..39fe1b8 100644
--- a/default/sepolicy/hal_vendorstorage.te
+++ b/default/sepolicy/hal_vendorstorage.te
@@ -11,4 +11,5 @@ neverallow {
     -vndservicemanager
     -hal_vendorstorage_client
     -hal_sensors_server
+    -shell
 } hal_vendorstorage_server:binder { call transfer };
diff --git a/default/sepolicy/hal_vendorstorage_default.te b/default/sepolicy/hal_vendorstorage_default.te
index 91aeeb0..f396566 100644
--- a/default/sepolicy/hal_vendorstorage_default.te
+++ b/default/sepolicy/hal_vendorstorage_default.te
@@ -8,7 +8,7 @@ binder_use(vendor-vendorstorage-default)

 hal_client_domain(hal_sensors_default, hal_vendorstorage)
 # !!!DANGEROUS!!!
-# hal_client_domain(shell, hal_vendorstorage)
+hal_client_domain(shell, hal_vendorstorage)

 allow vendor-vendorstorage-default block_device:dir { search };
 allow vendor-vendorstorage-default uboot_block_device:blk_file { read write };

Example

  • client/client.cpp

IMPORTANT

Please replace the Apex signature yourself to prevent others from installing the apex program and causing security issues!

How to update Apex

$ export APEX_SIGN_NAME=com.rockchip.hardware.vendorstorages
$ openssl genrsa -out $APEX_SIGN_NAME.pem 4096
$ avbtool extract_public_key --key $APEX_SIGN_NAME.pem --output $APEX_SIGN_NAME.avbpubkey

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages