Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / d18fe9e3ceda59cc0178efc5f55a9afe2e733b02^! / .
commitd18fe9e3ceda59cc0178efc5f55a9afe2e733b02[log] [tgz]
authorSeth Moore <sethmo@google.com>Tue Apr 05 13:56:11 2022 -0700
committerSeth Moore <sethmo@google.com>Tue Apr 05 13:56:27 2022 -0700
tree04e1bc2b447be418a17e47c61003ee164f27e6ed
parenta535dfe28a360a31ee949bd4eea18d0dde901b1d [diff]
Add new privileged permission for unique id attestation

This permission will eventually replace the sepolicy that we have now,
making it possible to test unique id attestation, which is no longer
possible due to the deprecation of shared uids.

Skipping automerger because the framework manifest has diverged too
much across aosp and tm-dev to allow for clean auto merges, and
presubmits block.

Test: KeyAttestationTest
Bug: 216778747
Merged-In: Iecde35b9a79456b293118d8089dd2a3b0905f5f3
Change-Id: Iecde35b9a79456b293118d8089dd2a3b0905f5f3

diff --git a/core/api/test-current.txt b/core/api/test-current.txt
index 6b588f9..59db4d6 100644
--- a/core/api/test-current.txt
+++ b/core/api/test-current.txt

@@ -34,6 +34,7 @@
     field public static final String READ_PRIVILEGED_PHONE_STATE = "android.permission.READ_PRIVILEGED_PHONE_STATE";
     field public static final String RECORD_BACKGROUND_AUDIO = "android.permission.RECORD_BACKGROUND_AUDIO";
     field public static final String REMOVE_TASKS = "android.permission.REMOVE_TASKS";
+    field public static final String REQUEST_UNIQUE_ID_ATTESTATION = "android.permission.REQUEST_UNIQUE_ID_ATTESTATION";
     field public static final String RESET_APP_ERRORS = "android.permission.RESET_APP_ERRORS";
     field public static final String SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS = "android.permission.SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS";
     field public static final String START_TASKS_FROM_RECENTS = "android.permission.START_TASKS_FROM_RECENTS";

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index b87befb..f81ac3d 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -3409,6 +3409,12 @@
     <permission android:name="android.permission.UPDATE_FONTS"
         android:protectionLevel="signature|privileged" />
 
+    <!-- Allows the caller to generate keymint keys with the INCLUDE_UNIQUE_ID tag, which
+         uniquely identifies the device via the attestation certificate.
+         @hide @TestApi -->
+    <permission android:name="android.permission.REQUEST_UNIQUE_ID_ATTESTATION"
+         android:protectionLevel="signature" />
+
     <!-- ========================================= -->
     <!-- Permissions for special development tools -->
     <!-- ========================================= -->

diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index feee4a1..c934bd0 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml

@@ -606,6 +606,9 @@
     <!-- Permission required for ATS test - CarDevicePolicyManagerTest -->
     <uses-permission android:name="android.permission.LOCK_DEVICE" />
 
+    <!-- Permission required for CTS test - CtsKeystoreTestCases -->
+    <uses-permission android:name="android.permission.REQUEST_UNIQUE_ID_ATTESTATION" />
+
     <application android:label="@string/app_label"
                 android:theme="@android:style/Theme.DeviceDefault.DayNight"
                 android:defaultToDeviceProtectedStorage="true"