Identity Credential: Restrict AccessControlProfile identifiers to 32. In order to implement Identity Credential on resource-restricted secure hardware, we need to limit the number of possible AccessControlProfile in a credential. A limit of 32 means that such hardware only need to devote four bytes of RAM for a bitmask with information about which profiles are authorized. Document this, add new VTS test, and update the default implementation. Bug: 155100967 Test: atest android.security.identity.cts Test: atest VtsHalIdentityTargetTest Change-Id: Ia4f2ee0013b330561df744e0595f298a0d156122

commit: a0796e98c298fc1fc7df88f26c0d417454c34fea [log] [tgz]
author: David Zeuthen <zeuthen@google.com> Mon Apr 27 15:24:55 2020 -0400
committer: David Zeuthen <zeuthen@google.com> Mon Apr 27 15:28:27 2020 -0400
tree: f41c4b7c2981adea203082f7f6bbcd32b987a07f
parent: 71156e527c376ec407670325a57989a2542d5c9a [diff] [blame]
diff --git a/identity/aidl/default/WritableIdentityCredential.cpp b/identity/aidl/default/WritableIdentityCredential.cpp
index fd246d8..b392444 100644
--- a/identity/aidl/default/WritableIdentityCredential.cpp
+++ b/identity/aidl/default/WritableIdentityCredential.cpp

@@ -143,6 +143,12 @@
     }
     accessControlProfileIds_.insert(id);
 
+    if (id < 0 || id >= 32) {
+        return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+                IIdentityCredentialStore::STATUS_INVALID_DATA,
+                "Access Control Profile id must be non-negative and less than 32"));
+    }
+
     // Spec requires if |userAuthenticationRequired| is false, then |timeoutMillis| must also
     // be zero.
     if (!userAuthenticationRequired && timeoutMillis != 0) {
commit	a0796e98c298fc1fc7df88f26c0d417454c34fea	[log] [tgz]
author	David Zeuthen <zeuthen@google.com>	Mon Apr 27 15:24:55 2020 -0400
committer	David Zeuthen <zeuthen@google.com>	Mon Apr 27 15:28:27 2020 -0400
tree	f41c4b7c2981adea203082f7f6bbcd32b987a07f
parent	71156e527c376ec407670325a57989a2542d5c9a [diff] [blame]