resolve merge conflicts of 2b93ec4 to oc-dr1-dev am: 0010dae9ff -s ours
am: 26d17119a5 -s ours
Change-Id: I722c862f0980af8d457e431499a95ee5ca15a643
diff --git a/Android.bp b/Android.bp
new file mode 100644
index 0000000..b44c296
--- /dev/null
+++ b/Android.bp
@@ -0,0 +1 @@
+subdirs = ["*"]
diff --git a/keystore-engine/android_engine.cpp b/keystore-engine/android_engine.cpp
index 368590c..779437d 100644
--- a/keystore-engine/android_engine.cpp
+++ b/keystore-engine/android_engine.cpp
@@ -48,8 +48,8 @@
#endif
namespace {
-extern const RSA_METHOD keystore_rsa_method;
-extern const ECDSA_METHOD keystore_ecdsa_method;
+KeystoreBackend *g_keystore_backend;
+void ensure_keystore_engine();
/* key_id_dup is called when one of the RSA or EC_KEY objects is duplicated. */
int key_id_dup(CRYPTO_EX_DATA* /* to */,
@@ -76,60 +76,6 @@
free(key_id);
}
-/* KeystoreEngine is a BoringSSL ENGINE that implements RSA and ECDSA by
- * forwarding the requested operations to Keystore. */
-class KeystoreEngine {
- public:
- KeystoreEngine()
- : rsa_index_(RSA_get_ex_new_index(0 /* argl */,
- NULL /* argp */,
- NULL /* new_func */,
- key_id_dup,
- key_id_free)),
- ec_key_index_(EC_KEY_get_ex_new_index(0 /* argl */,
- NULL /* argp */,
- NULL /* new_func */,
- key_id_dup,
- key_id_free)),
- engine_(ENGINE_new()) {
- ENGINE_set_RSA_method(
- engine_, &keystore_rsa_method, sizeof(keystore_rsa_method));
- ENGINE_set_ECDSA_method(
- engine_, &keystore_ecdsa_method, sizeof(keystore_ecdsa_method));
- }
-
- int rsa_ex_index() const { return rsa_index_; }
- int ec_key_ex_index() const { return ec_key_index_; }
-
- const ENGINE* engine() const { return engine_; }
-
- private:
- const int rsa_index_;
- const int ec_key_index_;
- ENGINE* const engine_;
-};
-
-pthread_once_t g_keystore_engine_once = PTHREAD_ONCE_INIT;
-KeystoreEngine *g_keystore_engine;
-KeystoreBackend *g_keystore_backend;
-
-/* init_keystore_engine is called to initialize |g_keystore_engine|. This
- * should only be called by |pthread_once|. */
-void init_keystore_engine() {
- g_keystore_engine = new KeystoreEngine;
-#ifndef BACKEND_WIFI_HIDL
- g_keystore_backend = new KeystoreBackendBinder;
-#else
- g_keystore_backend = new KeystoreBackendHidl;
-#endif
-}
-
-/* ensure_keystore_engine ensures that |g_keystore_engine| is pointing to a
- * valid |KeystoreEngine| object and creates one if not. */
-void ensure_keystore_engine() {
- pthread_once(&g_keystore_engine_once, init_keystore_engine);
-}
-
/* Many OpenSSL APIs take ownership of an argument on success but don't free
* the argument on failure. This means we need to tell our scoped pointers when
* we've transferred ownership, without triggering a warning by not using the
@@ -137,10 +83,7 @@
#define OWNERSHIP_TRANSFERRED(obj) \
typeof ((obj).release()) _dummy __attribute__((unused)) = (obj).release()
-const char* rsa_get_key_id(const RSA* rsa) {
- return reinterpret_cast<char*>(
- RSA_get_ex_data(rsa, g_keystore_engine->rsa_ex_index()));
-}
+const char* rsa_get_key_id(const RSA* rsa);
/* rsa_private_transform takes a big-endian integer from |in|, calculates the
* d'th power of it, modulo the RSA modulus, and writes the result as a
@@ -194,33 +137,7 @@
return 1;
}
-const struct rsa_meth_st keystore_rsa_method = {
- {
- 0 /* references */,
- 1 /* is_static */,
- },
- NULL /* app_data */,
-
- NULL /* init */,
- NULL /* finish */,
-
- NULL /* size */,
-
- NULL /* sign */,
-
- NULL /* encrypt */,
- NULL /* sign_raw */,
- NULL /* decrypt */,
-
- rsa_private_transform,
-
- RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_OPAQUE,
-};
-
-const char* ecdsa_get_key_id(const EC_KEY* ec_key) {
- return reinterpret_cast<char*>(
- EC_KEY_get_ex_data(ec_key, g_keystore_engine->ec_key_ex_index()));
-}
+const char* ecdsa_get_key_id(const EC_KEY* ec_key);
/* ecdsa_sign signs |digest_len| bytes from |digest| with |ec_key| and writes
* the resulting signature (an ASN.1 encoded blob) to |sig|. It returns one on
@@ -263,20 +180,78 @@
return 1;
}
-const ECDSA_METHOD keystore_ecdsa_method = {
- {
- 0 /* references */,
- 1 /* is_static */
- } /* common */,
- NULL /* app_data */,
+/* KeystoreEngine is a BoringSSL ENGINE that implements RSA and ECDSA by
+ * forwarding the requested operations to Keystore. */
+class KeystoreEngine {
+ public:
+ KeystoreEngine()
+ : rsa_index_(RSA_get_ex_new_index(0 /* argl */,
+ NULL /* argp */,
+ NULL /* new_func */,
+ key_id_dup,
+ key_id_free)),
+ ec_key_index_(EC_KEY_get_ex_new_index(0 /* argl */,
+ NULL /* argp */,
+ NULL /* new_func */,
+ key_id_dup,
+ key_id_free)),
+ engine_(ENGINE_new()) {
+ memset(&rsa_method_, 0, sizeof(rsa_method_));
+ rsa_method_.common.is_static = 1;
+ rsa_method_.private_transform = rsa_private_transform;
+ rsa_method_.flags = RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_OPAQUE;
+ ENGINE_set_RSA_method(engine_, &rsa_method_, sizeof(rsa_method_));
- NULL /* init */,
- NULL /* finish */,
- NULL /* group_order_size */,
- ecdsa_sign,
- ECDSA_FLAG_OPAQUE,
+ memset(&ecdsa_method_, 0, sizeof(ecdsa_method_));
+ ecdsa_method_.common.is_static = 1;
+ ecdsa_method_.sign = ecdsa_sign;
+ ecdsa_method_.flags = ECDSA_FLAG_OPAQUE;
+ ENGINE_set_ECDSA_method(engine_, &ecdsa_method_, sizeof(ecdsa_method_));
+ }
+
+ int rsa_ex_index() const { return rsa_index_; }
+ int ec_key_ex_index() const { return ec_key_index_; }
+
+ const ENGINE* engine() const { return engine_; }
+
+ private:
+ const int rsa_index_;
+ const int ec_key_index_;
+ RSA_METHOD rsa_method_;
+ ECDSA_METHOD ecdsa_method_;
+ ENGINE* const engine_;
};
+pthread_once_t g_keystore_engine_once = PTHREAD_ONCE_INIT;
+KeystoreEngine *g_keystore_engine;
+
+/* init_keystore_engine is called to initialize |g_keystore_engine|. This
+ * should only be called by |pthread_once|. */
+void init_keystore_engine() {
+ g_keystore_engine = new KeystoreEngine;
+#ifndef BACKEND_WIFI_HIDL
+ g_keystore_backend = new KeystoreBackendBinder;
+#else
+ g_keystore_backend = new KeystoreBackendHidl;
+#endif
+}
+
+/* ensure_keystore_engine ensures that |g_keystore_engine| is pointing to a
+ * valid |KeystoreEngine| object and creates one if not. */
+void ensure_keystore_engine() {
+ pthread_once(&g_keystore_engine_once, init_keystore_engine);
+}
+
+const char* rsa_get_key_id(const RSA* rsa) {
+ return reinterpret_cast<char*>(
+ RSA_get_ex_data(rsa, g_keystore_engine->rsa_ex_index()));
+}
+
+const char* ecdsa_get_key_id(const EC_KEY* ec_key) {
+ return reinterpret_cast<char*>(
+ EC_KEY_get_ex_data(ec_key, g_keystore_engine->ec_key_ex_index()));
+}
+
struct EVP_PKEY_Delete {
void operator()(EVP_PKEY* p) const {
EVP_PKEY_free(p);
diff --git a/keystore/Android.bp b/keystore/Android.bp
new file mode 100644
index 0000000..7e91c72
--- /dev/null
+++ b/keystore/Android.bp
@@ -0,0 +1,197 @@
+cc_defaults {
+ name: "keystore_defaults",
+
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-Wextra",
+ "-Wunused",
+ ],
+
+ sanitize: {
+ misc_undefined: ["integer"],
+ },
+
+ clang: true,
+}
+
+cc_binary {
+ name: "keystore",
+ defaults: ["keystore_defaults"],
+
+ srcs: [
+ ":IKeyAttestationApplicationIdProvider.aidl",
+ "auth_token_table.cpp",
+ "blob.cpp",
+ "entropy.cpp",
+ "grant_store.cpp",
+ "key_store_service.cpp",
+ "keyblob_utils.cpp",
+ "keymaster_enforcement.cpp",
+ "keystore.cpp",
+ "keystore_attestation_id.cpp",
+ "keystore_main.cpp",
+ "keystore_utils.cpp",
+ "legacy_keymaster_device_wrapper.cpp",
+ "operation.cpp",
+ "permissions.cpp",
+ "user_state.cpp",
+ ],
+ shared_libs: [
+ "android.hardware.keymaster@3.0",
+ "android.system.wifi.keystore@1.0",
+ "libbinder",
+ "libcrypto",
+ "libcutils",
+ "libhardware",
+ "libhidlbase",
+ "libhidltransport",
+ "libhwbinder",
+ "libkeymaster_messages",
+ "libkeymaster_portable",
+ "libkeymaster_staging",
+ "libkeystore_binder",
+ "liblog",
+ "libselinux",
+ "libsoftkeymaster",
+ "libsoftkeymasterdevice",
+ "libutils",
+ "libwifikeystorehal",
+ ],
+ init_rc: ["keystore.rc"],
+ aidl: {
+ include_dirs: ["frameworks/base/core/java/"],
+ },
+
+ product_variables: {
+ pdk: {
+ enabled: false,
+ },
+ },
+}
+
+cc_binary {
+ name: "keystore_cli",
+ defaults: ["keystore_defaults"],
+ tags: ["debug"],
+
+ srcs: ["keystore_cli.cpp"],
+ shared_libs: [
+ "android.hardware.keymaster@3.0",
+ "libbinder",
+ "libcrypto",
+ "libcutils",
+ "libhidlbase",
+ "libhwbinder",
+ "libkeystore_binder",
+ "liblog",
+ "libutils",
+ ],
+}
+
+cc_binary {
+ name: "keystore_cli_v2",
+ defaults: ["keystore_defaults"],
+ tags: ["debug"],
+
+ cflags: [
+ "-DKEYMASTER_NAME_TAGS",
+ "-Wno-unused-parameter",
+ ],
+ srcs: ["keystore_cli_v2.cpp"],
+ shared_libs: [
+ "android.hardware.keymaster@3.0",
+ "libchrome",
+ "libhidlbase",
+ "libhwbinder",
+ "libkeystore_binder",
+ ],
+
+ local_include_dirs: ["include"],
+}
+
+// Library for keystore clients
+cc_library_shared {
+ name: "libkeystore_binder",
+ defaults: ["keystore_defaults"],
+
+ srcs: [
+ "IKeystoreService.cpp",
+ "KeyAttestationApplicationId.cpp",
+ "KeyAttestationPackageInfo.cpp",
+ "Signature.cpp",
+ "authorization_set.cpp",
+ "keyblob_utils.cpp",
+ "keystore_aidl_hidl_marshalling_utils.cpp",
+ "keystore_client.proto",
+ "keystore_client_impl.cpp",
+ "keystore_get.cpp",
+ "keystore_tags_utils.cpp",
+ ],
+ shared_libs: [
+ "android.hardware.keymaster@3.0",
+ "libbinder",
+ "libhidlbase",
+ "libhwbinder",
+ "liblog",
+ "libprotobuf-cpp-lite",
+ "libutils",
+ ],
+
+ proto: {
+ type: "lite",
+ export_proto_headers: true,
+ },
+ export_include_dirs: ["include"],
+ export_shared_lib_headers: [
+ "android.hardware.keymaster@3.0",
+ "libbinder",
+ "libhidlbase",
+ "libhwbinder",
+ ],
+}
+
+// Library for keystore clients using the WiFi HIDL interface
+cc_library_shared {
+ name: "libkeystore-wifi-hidl",
+ defaults: ["keystore_defaults"],
+
+ srcs: ["keystore_get_wifi_hidl.cpp"],
+ shared_libs: [
+ "android.system.wifi.keystore@1.0",
+ "libbase",
+ "libhidlbase",
+ "libhidltransport",
+ "liblog",
+ "libutils",
+ ],
+
+ export_include_dirs: ["include"],
+
+ vendor: true,
+}
+
+// Library for unit tests
+cc_library_static {
+ name: "libkeystore_test",
+ defaults: ["keystore_defaults"],
+
+ srcs: ["auth_token_table.cpp"],
+ static_libs: ["libgtest_main"],
+ shared_libs: [
+ "android.hardware.keymaster@3.0",
+ "libhidlbase",
+ "libhwbinder",
+ "libkeymaster_messages",
+ "libutils",
+ ],
+ export_shared_lib_headers: [
+ "android.hardware.keymaster@3.0",
+ "libhidlbase",
+ "libhwbinder",
+ ],
+
+ export_include_dirs: ["include"],
+}
+
+subdirs = ["tests"]
diff --git a/keystore/Android.mk b/keystore/Android.mk
deleted file mode 100644
index 7dd5aef..0000000
--- a/keystore/Android.mk
+++ /dev/null
@@ -1,195 +0,0 @@
-#
-# Copyright (C) 2009 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-LOCAL_PATH := $(call my-dir)
-
-# This has to be lazy-resolved because it depends on the LOCAL_MODULE_CLASS
-# which varies depending on what is being built.
-define keystore_proto_include
-$(call local-generated-sources-dir)/proto/$(LOCAL_PATH)
-endef
-
-ifneq ($(TARGET_BUILD_PDK),true)
-include $(CLEAR_VARS)
-ifeq ($(USE_32_BIT_KEYSTORE), true)
-LOCAL_MULTILIB := 32
-endif
-LOCAL_CFLAGS := -Wall -Wextra -Werror -Wunused
-LOCAL_SRC_FILES := \
- auth_token_table.cpp \
- blob.cpp \
- entropy.cpp \
- key_store_service.cpp \
- keystore_attestation_id.cpp \
- keyblob_utils.cpp \
- keystore.cpp \
- keystore_main.cpp \
- keystore_utils.cpp \
- legacy_keymaster_device_wrapper.cpp \
- keymaster_enforcement.cpp \
- operation.cpp \
- permissions.cpp \
- user_state.cpp \
- grant_store.cpp \
- ../../../frameworks/base/core/java/android/security/keymaster/IKeyAttestationApplicationIdProvider.aidl
-LOCAL_SHARED_LIBRARIES := \
- libbinder \
- libcutils \
- libcrypto \
- libhardware \
- libwifikeystorehal \
- libkeystore_binder \
- liblog \
- libsoftkeymaster \
- libutils \
- libselinux \
- libsoftkeymasterdevice \
- libkeymaster_messages \
- libkeymaster_portable \
- libkeymaster_staging \
- libhwbinder \
- libhidlbase \
- libhidltransport \
- android.hardware.keymaster@3.0 \
- android.system.wifi.keystore@1.0
-LOCAL_HEADER_LIBRARIES := libbase_headers
-LOCAL_MODULE := keystore
-LOCAL_MODULE_TAGS := optional
-LOCAL_INIT_RC := keystore.rc
-LOCAL_C_INCLUES := system/keymaster/
-LOCAL_CLANG := true
-LOCAL_SANITIZE := integer
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-LOCAL_AIDL_INCLUDES := frameworks/base/core/java/
-include $(BUILD_EXECUTABLE)
-endif
-
-include $(CLEAR_VARS)
-ifeq ($(USE_32_BIT_KEYSTORE), true)
-LOCAL_MULTILIB := 32
-endif
-LOCAL_CFLAGS := -Wall -Wextra -Werror
-LOCAL_SRC_FILES := keystore_cli.cpp
-LOCAL_SHARED_LIBRARIES := libcutils libcrypto libkeystore_binder libutils liblog libbinder \
- libhwbinder \
- libhidlbase \
- android.hardware.keymaster@3.0
-LOCAL_MODULE := keystore_cli
-LOCAL_MODULE_TAGS := debug
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-ifeq ($(USE_32_BIT_KEYSTORE), true)
-LOCAL_MULTILIB := 32
-endif
-LOCAL_CFLAGS := -Wall -Wextra -Werror -Wno-unused-parameter -DKEYMASTER_NAME_TAGS
-LOCAL_SRC_FILES := keystore_cli_v2.cpp
-LOCAL_SHARED_LIBRARIES := \
- libchrome \
- libkeystore_binder \
- libhwbinder \
- libhidlbase \
- android.hardware.keymaster@3.0
-
-LOCAL_MODULE := keystore_cli_v2
-LOCAL_MODULE_TAGS := debug
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include external/gtest/include
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_EXECUTABLE)
-
-# Library for keystore clients
-include $(CLEAR_VARS)
-ifeq ($(USE_32_BIT_KEYSTORE), true)
-LOCAL_MULTILIB := 32
-endif
-LOCAL_CFLAGS := -Wall -Wextra -Werror
-LOCAL_SRC_FILES := \
- IKeystoreService.cpp \
- KeyAttestationApplicationId.cpp \
- KeyAttestationPackageInfo.cpp \
- Signature.cpp \
- keyblob_utils.cpp \
- keystore_client.proto \
- keystore_client_impl.cpp \
- keystore_get.cpp \
- authorization_set.cpp \
- keystore_tags_utils.cpp \
- keystore_aidl_hidl_marshalling_utils.cpp
-LOCAL_SHARED_LIBRARIES := \
- libbinder \
- liblog \
- libprotobuf-cpp-lite \
- libutils \
- libhwbinder \
- libhidlbase \
- android.hardware.keymaster@3.0
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE := libkeystore_binder
-LOCAL_MODULE_TAGS := optional
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include $(call keystore_proto_include)
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-LOCAL_EXPORT_SHARED_LIBRARY_HEADERS := libbinder \
- libhwbinder \
- libhidlbase \
- android.hardware.keymaster@3.0
-LOCAL_CLANG := true
-LOCAL_SANITIZE := integer
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_SHARED_LIBRARY)
-
-# Library for keystore clients using the WiFi HIDL interface
-include $(CLEAR_VARS)
-LOCAL_CFLAGS := -Wall -Wextra -Werror
-LOCAL_SRC_FILES := \
- keystore_get_wifi_hidl.cpp
-LOCAL_SHARED_LIBRARIES := \
- android.system.wifi.keystore@1.0 \
- libbase \
- libhidlbase \
- libhidltransport \
- liblog \
- libutils
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE := libkeystore-wifi-hidl
-LOCAL_MODULE_TAGS := optional
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-LOCAL_CLANG := true
-LOCAL_SANITIZE := integer
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-LOCAL_VENDOR_MODULE := true
-include $(BUILD_SHARED_LIBRARY)
-
-# Library for unit tests
-include $(CLEAR_VARS)
-ifeq ($(USE_32_BIT_KEYSTORE), true)
-LOCAL_MULTILIB := 32
-endif
-LOCAL_CFLAGS := -Wall -Wextra -Werror
-LOCAL_SRC_FILES := auth_token_table.cpp
-LOCAL_MODULE := libkeystore_test
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
-LOCAL_STATIC_LIBRARIES := libgtest_main
-LOCAL_SHARED_LIBRARIES := libkeymaster_messages \
- libutils \
- libhwbinder \
- libhidlbase \
- android.hardware.keymaster@3.0
-
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_STATIC_LIBRARY)
diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
new file mode 100644
index 0000000..cc89681
--- /dev/null
+++ b/keystore/tests/Android.bp
@@ -0,0 +1,20 @@
+// Unit test for AuthTokenTable
+// TODO: enable after fixing b/68149839
+/*
+cc_test {
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-Wextra",
+ ],
+ srcs: ["auth_token_table_test.cpp"],
+ name: "keystore_unit_tests",
+ tags: ["test"],
+ static_libs: [
+ "libgtest_main",
+ "libkeystore_test",
+ "liblog",
+ ],
+ shared_libs: ["libkeymaster_messages"],
+}
+*/
diff --git a/keystore/tests/Android.mk b/keystore/tests/Android.mk
deleted file mode 100644
index 8126c94..0000000
--- a/keystore/tests/Android.mk
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# Copyright (C) 2015 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-LOCAL_PATH := $(call my-dir)
-
-# Unit test for AuthTokenTable
-include $(CLEAR_VARS)
-ifeq ($(USE_32_BIT_KEYSTORE), true)
-LOCAL_MULTILIB := 32
-endif
-LOCAL_CFLAGS := -Wall -Wextra -Werror
-LOCAL_SRC_FILES := \
- auth_token_table_test.cpp
-LOCAL_MODULE := keystore_unit_tests
-LOCAL_MODULE_TAGS := test
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
-LOCAL_STATIC_LIBRARIES := libgtest_main libkeystore_test liblog
-LOCAL_SHARED_LIBRARIES := libkeymaster_messages
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_NATIVE_TEST)
diff --git a/softkeymaster/Android.bp b/softkeymaster/Android.bp
new file mode 100644
index 0000000..3d27ecb
--- /dev/null
+++ b/softkeymaster/Android.bp
@@ -0,0 +1,40 @@
+cc_defaults {
+ name: "softkeymaster_defaults",
+
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-fvisibility=hidden",
+ ],
+}
+
+cc_library_shared {
+ name: "keystore.default",
+ defaults: ["softkeymaster_defaults"],
+
+ relative_install_path: "hw",
+ srcs: ["module.cpp"],
+ include_dirs: ["system/security/keystore"],
+ shared_libs: [
+ "libcrypto",
+ "libkeystore_binder",
+ "liblog",
+ "libsoftkeymaster",
+ ],
+}
+
+cc_library_shared {
+ name: "libsoftkeymaster",
+ defaults: ["softkeymaster_defaults"],
+
+ srcs: ["keymaster_openssl.cpp"],
+ include_dirs: ["system/security/keystore"],
+ local_include_dirs: [],
+ shared_libs: [
+ "libcrypto",
+ "libkeystore_binder",
+ "liblog",
+ ],
+
+ export_include_dirs: ["include"],
+}
diff --git a/softkeymaster/Android.mk b/softkeymaster/Android.mk
deleted file mode 100644
index eb32c87..0000000
--- a/softkeymaster/Android.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright (C) 2012 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-ifeq ($(USE_32_BIT_KEYSTORE), true)
-LOCAL_MULTILIB := 32
-endif
-LOCAL_MODULE := keystore.default
-LOCAL_MODULE_RELATIVE_PATH := hw
-LOCAL_SRC_FILES := module.cpp
-LOCAL_C_INCLUDES := system/security/keystore
-LOCAL_CFLAGS = -fvisibility=hidden -Wall -Werror
-LOCAL_SHARED_LIBRARIES := libcrypto liblog libkeystore_binder libsoftkeymaster
-LOCAL_MODULE_TAGS := optional
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_SHARED_LIBRARY)
-
-include $(CLEAR_VARS)
-ifeq ($(USE_32_BIT_KEYSTORE), true)
-LOCAL_MULTILIB := 32
-endif
-LOCAL_MODULE := libsoftkeymaster
-LOCAL_SRC_FILES := keymaster_openssl.cpp
-LOCAL_C_INCLUDES := system/security/keystore \
- $(LOCAL_PATH)/include
-LOCAL_CFLAGS = -fvisibility=hidden -Wall -Werror
-LOCAL_SHARED_LIBRARIES := libcrypto liblog libkeystore_binder
-LOCAL_MODULE_TAGS := optional
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_SHARED_LIBRARY)