-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Android app call TA through CA lib : permission denied #31
Comments
Have not tried this myself (hopefully soon in the future) so not sure how much help I can be. Can you maybe provide some logs including the commands you run and error messages? |
Hi vchong, I have tried to add my hello_world.so in my apk (/data/app/mypackage/lib/arm64. But I have java.lang.UnsatisfiedLinkError on libteec.so. After more investigation i have found this link which say since Android 7 Android application can't uses private librairies anymore : https://developer.android.com/about/versions/nougat/android-7.0-changes.html#afw. To fix the issue i see :
I try to add also libteec.so in my app. So i have libteec.so and libhello_world.so in /data/app/mypackage/lib/arm64. There is no link error but method "TEEC_InitializeContext" return "TEEC_ERROR_ITEM_NOT_FOUND" (0xFFFF0008). Quote above say also to use public NDK APIs. Maybe we can add libteec in it. I don't check this point. Thanks |
I think by copying |
Hi vchong, The 'item not found' error is thrown on opening of /dev/tee0 in libteec. It is okay now with 3 operations :
I think there is better integration to be done in AOSP. But I do not know all the security features of AOSP. Thanks again :) |
You're welcome. Glad you got it to work. Yes, there's indeed room for improvement and hopefully we can get to them soon. It would be very helpful to that cause if you can contribute back and share your code too! |
I would be happy but what kind of contribution do you want from me ? |
Right, so we don't have a github repository for this atm. Do you have one that you can perhaps share? Basically, it would contain the source code and makefiles for both .so libraries, the Java (and any other apk related) code, and perhaps a README to list the steps required to integrate them into an existing aosp source tree, build and run. If no repository, we'd be willing to accept a post/comment here as well, and we can formally move it to a new repository later once everything is tested and verified. |
Hi vchong,
I don't have github repository. I have standalone build environment, it is not integrated to AOSP build :( |
@DamienLieupart Yes, for single build or testing you can just do manual changes, but for permanent changes, should change the config or make files. If you use
Assume you're using some sort of IDE like Android Studio?
Yes please. You can just copy and paste them or attach the source files here, whichever is preferred. |
I'm using eclipse with atd plugin on windows and gradle for compilation. In "OpteeExamplesLibrary" there is :
"OpteeExamplesApplication" is android application which include "OpteeExamplesLibrary-0.0.1.aar" ->dependencies { It's pretty dirty but it works fine :) |
@DamienLieupart Thank you very much for your contribution! We've lots to learn on the app development side of things. Hopefully we can get these published as sample references soon. Will let you know when we do that. Again, thanks! |
hi victor, I do not think it is a effective method to deal with the reqirement.
BRs |
Hi @dracular1983 You're welcome. I agree there are still room for improvement, but work in this area is currently on hold due to lack of resources and to a certain degree expertise as well, so contributions are always welcome. With the current development environment provided:
BRs |
Hello all, Are there any improvements or news about this situation ? |
The only changes since are:
|
Thank you for answer. Is there any progress integrating keystore(android) with optee? |
You're welcome.
You can try/test the initial release here: https://github.com/linaro-swg/optee_android_manifest/tree/3.3.0 |
Sorry for extra questions . Additionally, I will use keystore for generation of AES and RSA encryption keys. Is it possible to store keys in RPMB or Optee with this release? Next, Can I use Optee for encryption and decryption from keystore? |
The keystore TA currently uses
With https://github.com/linaro-swg/optee_android_manifest/tree/3.3.0, all keystore API calls should go through Optee. You can try calling some APIs and check the debug logs to confirm. |
I vchong,
I work on Hikey 620 with AOSP 8.1. I try to call TA hello world from android application but i have permission denied.
I have created hello_world library (.so) with JNI overlay and method implemented same code as helloworld CA.
In my android app I include JNI library and call this method.
I try to put libopee_hello_world.so generated : in android application, in system/lib64 near libteec.so and also in /data.
I have checked previous link you mentioned OP-TEE/optee_os#903.
I try to set selinux to permissive but same problem.
Could you please give me better way to call TA from android application and which rights, rules i have to changed in android.
I work on demonstrator, so modified root privilege or other is not important.
Thanks.
The text was updated successfully, but these errors were encountered: