Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / e2c341539c77efa6404efb28cd20063723da737a
commite2c341539c77efa6404efb28cd20063723da737a[log] [tgz]
authorEran Messeri <eranm@google.com>Thu Dec 21 21:01:22 2017 +0000
committerEran Messeri <eranm@google.com>Sun Dec 24 13:23:16 2017 +0000
tree279a6e020865bd312e221648ea0c17781aa94dda
parent2e0282a08da498711e9ff89517465f15d262c23b [diff]
Allow Device IDs in Key attestation request

Change Keystore to allow inclusion of device identifiers in the key
attestation request - but if, and only if, the request is coming from
the system context.

This was not supported previously as Device ID attestation was done
separately with an ephemeral key.
But as KeyChain-generated keys need to include device identifiers,
Keystore is changed to allow that, but only for attestation requests
from the system context.

Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
Change-Id: Ibbcf0c51931b644b98ab78b21e92a1edf571dc05
1 file changed
tree: 279a6e020865bd312e221648ea0c17781aa94dda
  1. keystore/
  2. keystore-engine/
  3. .clang-format
  4. Android.bp
  5. MODULE_LICENSE_APACHE2
  6. NOTICE
  7. OWNERS
  8. PREUPLOAD.cfg