Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 011675d26cbe4b25c351666407ea2c759ee50d98^! / . / keystore / keystore_attestation_id.h
commit011675d26cbe4b25c351666407ea2c759ee50d98[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Thu Sep 01 11:41:29 2016 +0100
committerJanis Danisevskis <jdanis@google.com>Thu Sep 01 15:01:33 2016 +0100
tree366f4a3d53df9417f7860b26e7461d5c1bfd5499
parent43a39ca5db419aef5a3ea50f66ea6fc77044e394 [diff] [blame]
Revise the attestation application id format

Signatures, or rather the signing certificates must be the same
for all packages sharing a uid. This patch changes the
format of the attestation application id such that there is
only one set of certificate digests rather than one per package.

Change-Id: I8c37ac452bbe8ea299fa08de5034b8370e736f6c

diff --git a/keystore/keystore_attestation_id.h b/keystore/keystore_attestation_id.h
index 55d2c94..8d20550 100644
--- a/keystore/keystore_attestation_id.h
+++ b/keystore/keystore_attestation_id.h

@@ -23,15 +23,39 @@
 namespace android {
 namespace security {
 
+template <typename T> class StatusOr {
+  public:
+    StatusOr(const status_t error) : _status(error), _value() {}
+    StatusOr(const T& value) : _status(NO_ERROR), _value(value) {}
+    StatusOr(T&& value) : _status(NO_ERROR), _value(value) {}
+
+    operator const T&() const { return _value; }
+    operator T&() { return _value; }
+    operator T &&() && { return std::move(_value); }
+
+    bool isOk() const { return NO_ERROR == _status; }
+
+    ::android::status_t status() const { return _status; }
+
+    const T& value() const & { return _value; }
+    T& value() & { return _value; }
+    T&& value() && { return std::move(_value); }
+
+  private:
+    ::android::status_t _status;
+    T _value;
+};
+
 /**
  * Gathers the attestation id for the application determined by uid by querying the package manager
- * As of this writing uids can be shared in android, which is why the asn.1 encoded result may
- * contain more than one application attestation id.
+ * As of this writing uids can be shared in android, which is why the asn.1 encoded attestation
+ * application id may contain more than one package info followed by a set of digests of the
+ * packages signing certificates.
  *
- * @returns .first the asn.1 encoded attestation application id if .second is NO_ERROR. If .second
- *          is not NO_ERROR the content of .first is undefined.
+ * @returns the asn.1 encoded attestation application id or an error code. Check the result with
+ *          .isOk() before accessing.
  */
-std::pair<std::vector<uint8_t>, status_t> gather_attestation_application_id(uid_t uid);
+StatusOr<std::vector<uint8_t>> gather_attestation_application_id(uid_t uid);
 
 }  // namespace security
 }  // namespace android