Developing Native Android Application with Optee

Hello everyone,

I want to develop a native Android application by using optee. I developed a Ta and host application by using optee. Right now, I want to connect Ndk application to optee host application. And, I have some questions about that.

• How can I call a method of optee host application from Android Ndk app?
• If I call optee host app in /system/bin folder from Android app, android app can see this executable? (I tried, but it is gone wrong.)
• Can I put optee host application to another folder from /system/bin? If yes, host app can call Trusted application?

Thanks

See https://github.com/linaro-swg/optee_android_manifest/issues/31 for references.

@vchong, I think we need to compile optee-client and native android app together?

@vchong In additionally, can you give us some advice? Because, This reference is very old and there is no support CMake.

I think we need to compile optee-client and native android app together?

Please elaborate.

This reference is very old and there is no support CMake.

Sorry but there’s no new info for the reference and also no plan to support CMake in aosp build right now.

Screenshot from 2018-04-16 09-47-11959×934 117 KB

This is my native code in my Android Project.
The problem is that I cannot reach Optee-Client APIs from my project. So, It isnot build.
Because of that, I need to add optee-client project in my android project? What is the right way to do this?
Can you give me some suggestions? Because, example code is so mixed and it is not understandable.

Thanks @vchong

@tesmnorth We’ve not really tried this ourselves so can only give you general advice. The only real example is from the user in https://github.com/linaro-swg/optee_android_manifest/issues/31. I suppose you can add optee_client src code to your native code Android Project and build both, but since optee_client (libteec.so) should already built in the aosp src tree, it might be better to try to figure out a way to just link your native code to it. In the example from the user, he had to include a copy of libteec.so in /data/app/mypackage/lib/arm64 to get it to link. I’m not sure how that’s done though. It might be different depending on which IDE is used, and he used Eclipse.

This issue isn’t optee related though. It’s the same for any 3rd party or private library you need to link to in your native code. If you’ve managed to link to other libraries, then you should be able to link to libteec.so as well using the same approach.

I builded optee+ android for hikey before. I need to take libteec.so from aosp tree and add to my native project.
I think, I find a way to link to it from native project. I understood this from your reply, is it true?

I am trying and will write a solution in here.

I think, I find a way to link to it from native project. I understood this from your reply, is it true?

Right

I am trying and will write a solution in here.

Absolutely. It would be awesome if you can share a solution. It’ll be great reference for other users.

Screenshot from 2018-04-17 14-42-371108×786 137 KB

Is there a special directory in “out” folder to adding native project in android studio?

If 64-bit, use target/product/hikey/system/lib64/. If 32-bit, use target/product/hikey/system/lib/.

I think, I generated build jni files with libteec.

Android.mk :

LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := libteec
LOCAL_SRC_FILES := /home/test/optee_android/out/target/product/hikey/system/lib64/libteec.so
include $(PREBUILT_SHARED_LIBRARY)

include $(CLEAR_VARS)
CFG_TEEC_PUBLIC_INCLUDE = /home/test/devel/optee/optee_client/public

LOCAL_STATIC_LIBRARIES := libteec
LOCAL_MODULE := test
LOCAL_SRC_FILES := test.c

LOCAL_C_INCLUDES :=  $(CFG_TEEC_PUBLIC_INCLUDE) \
/home/test/devel/optee/optee_client/libteec/src/ \

include $(BUILD_SHARED_LIBRARY)

I can generate a apk and it put libteec.so and libtest.so in /data/app/mypackage/lib/arm64/

I also have done these steps:

• “device/linaro/hikey/ueventd.common.rc”, set /dev/teepriv0 and /dev/tee0 from 0660 to 0666
• "device/linaro/hikey/hikey/BoardConfig.mk " add androidboot.selinux=permissive to BOARD_KERNEL_CMDLINE
• "device/linaro/hikey/bootloader/EFI/BOOT/grub.cfg " add androidboot.selinux=permissive (but i don’t know if it is necessary)

But, I took this error when I run my native apk in optee + android.

E/AndroidRuntime: FATAL EXCEPTION: main
                  Process: com.test.testnative, PID: 3232
                  **java.lang.UnsatisfiedLinkError: dlopen failed: library "libc++.so" not found**
                      at java.lang.Runtime.loadLibrary0(Runtime.java:1016)
                      at java.lang.System.loadLibrary(System.java:1657)
                      at com.tez.mobileidcard.MobileSigningLib.<clinit>(MobileSigningLib.java:6)
                      at com.tez.mobileidcard.MainActivity.onCreate(MainActivity.java:14)
                      at android.app.Activity.performCreate(Activity.java:6999)
                      at android.app.Activity.performCreate(Activity.java:6990)
                      at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1214)

I have libc++.so in /system/lib64/

OK. I solved the problem. I have to install native apk as System App. I totally can use OPTEE Client Api from Android Native App.

Thanks @vchong

I totally can use OPTEE Client Api from Android Native App.

Awesome! Great job and congrats!

I have to install native apk as System App

Does it default to Vendor App?

What do you use to generate your apk? Would be nice if you can share the source and setup for that too.

Thanks

Np. You did most of the work. ; )

Thanks

Yes. If I installed my native apk as normally, it cannot open libc++.so dll. I think, /data/app/ directory can not access /system/lib64/. But, if I install it as manually to /system/priv-app/ directory, native apk accesses libc++.so (I used some functions of libc++ in my native optee client in apk). Maybe, if it is possible, optee-team can make some changes for accessing libc++.so from /data/app. But now, I can do this and there is no problem. Everything is ok.

I use Android Studio for generating apk. Then, I put in /system/priv-app/ as I said above.

yes of course. Now, I have some works on my project. When all works are done, I will push my github repo. Then, I will post project github link in here.

Hello, I build a simple android NDK app with optee according your discuss above. I guess I have almost made it because I met the same link error of libc++.so.

I want to know how to install it as a System APP. I just cp the folder of the installed app in /data/app/ to /system/priv-app/ and delete it from /data/app/. then it can not lauch. the logcat show that the operating system still load the app from the deleted folder and of course cannot find it.

05-15 14:24:27.244 2658 4034 W StreamHAL: Error from HAL stream in function get_presentation_position: Operation not permitted
05-15 14:24:27.244 2860 4515 W ziparchive: Unable to open ‘/data/app/com.example.wangzh.jniteeeest-B07R8Cixlp_iGHoyCHDEtg==/base.apk’: No such file or directory
05-15 14:24:27.244 2860 4515 E system_server: Failed to open APK ‘/data/app/com.example.wangzh.jniteeeest-B07R8Cixlp_iGHoyCHDEtg==/base.apk’ I/O error
05-15 14:24:27.245 2860 4515 E ResourcesManager: failed to add asset path /data/app/com.example.wangzh.jniteeeest-B07R8Cixlp_iGHoyCHDEtg==/base.apk

I believe what I have done is not a correct way to install an app as system app. Can you give some advice? Anything will be helpful to me. Thanks!

Have you solved this problem? could you share your solution if you have a better one?

yep, I have solved. What problem have you met ?

Hi everyone!
I have been following your discussing and tried to build an app with OP-TEE, and I think I almost there since I met the same error related to libc++.so
At the moment I tried to install the apk on system/priv-app/ but with no success, so I might have done some misstep during the installation process.
Since some of you already solved it (namely, @tesmnorth and @tulipper), could you please provide me some explanation in how you did it so I could replicate? Thanks!