Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 5fcaa8f95f6f51e665fcc405a20a702b45eed172^1..5fcaa8f95f6f51e665fcc405a20a702b45eed172 / .
commit5fcaa8f95f6f51e665fcc405a20a702b45eed172[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Wed May 04 07:28:40 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Wed May 04 07:28:40 2022 +0000
tree4f91b40cf465ee3a2a21b4156df7409da216e8b0
parent819b184bf76604fcf4337000b82ad224b61f00d0 [diff]
parentb6e1609da1540aa6942f3cb799869e025066a7dd [diff]
Merge "Updated the description for APPLICATION_ID and APPLICATION_DATA" am: 6cd7c6295b am: de59134032 am: b6e1609da1

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2075380

Change-Id: Ie0d3753fd1819249fb08dc3be8cedcdd91fc961e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index b28ebcb..42dfad5 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl

@@ -504,7 +504,9 @@
      * that is necessary during all uses of the key.  In particular, calls to exportKey() and
      * getKeyCharacteristics() must provide the same value to the clientId parameter, and calls to
      * begin() must provide this tag and the same associated data as part of the inParams set.  If
-     * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+     * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.  Note
+     * that a key with a zero-length APPLICATION_ID cannot have its key characteristics retrieved
+     * using getKeyCharacteristics() due to a historical limitation of the API.
      *
      * The content of this tag must be bound to the key cryptographically, meaning it must not be
      * possible for an adversary who has access to all of the secure world secrets but does not have
@@ -525,7 +527,9 @@
      * that is necessary during all uses of the key.  In particular, calls to begin() and
      * exportKey() must provide the same value to the appData parameter, and calls to begin must
      * provide this tag and the same associated data as part of the inParams set.  If the correct
-     * data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+     * data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.  Note that a key
+     * with a zero-length APPLICATION_DATA cannot have its key characteristics retrieved using
+     * getKeyCharacteristics() due to a historical limitation of the API.
      *
      * The content of this tag must be bound to the key cryptographically, meaning it must not be
      * possible for an adversary who has access to all of the secure world secrets but does not have