Merge "Fixes KeyStore::isHardwareBacked"
diff --git a/keystore/include/keystore/keymaster_tags.h b/keystore/include/keystore/keymaster_tags.h
index b347dbf..05a33cd 100644
--- a/keystore/include/keystore/keymaster_tags.h
+++ b/keystore/include/keystore/keymaster_tags.h
@@ -86,7 +86,6 @@
using ::android::hardware::hidl_vec;
using ::android::hardware::Return;
-using ::android::hardware::Status;
// The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have. We
// need these old values to be able to support old keys that use them.
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index c2d98bb..cd81674 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -118,6 +118,7 @@
return ResponseCode::PERMISSION_DENIED;
}
String8 name8(name);
+ ALOGI("del %s %d", name8.string(), targetUid);
String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
ResponseCode result = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid));
if (result != ResponseCode::NO_ERROR) {
@@ -578,6 +579,7 @@
if (!checkBinderPermissionSelfOrSystem(P_CLEAR_UID, targetUid)) {
return ResponseCode::PERMISSION_DENIED;
}
+ ALOGI("clear_uid %" PRId64, targetUid64);
String8 prefix = String8::format("%u_", targetUid);
Vector<String16> aliases;
@@ -1248,6 +1250,8 @@
case Tag::ATTESTATION_ID_SERIAL:
case Tag::ATTESTATION_ID_IMEI:
case Tag::ATTESTATION_ID_MEID:
+ case Tag::ATTESTATION_ID_MANUFACTURER:
+ case Tag::ATTESTATION_ID_MODEL:
return true;
default:
break;
@@ -1698,6 +1702,7 @@
if (responseCode != ResponseCode::NO_ERROR) {
return responseCode;
}
+ ALOGI("upgradeKeyBlob %s %d", name8.string(), uid);
auto hidlKey = blob2hidlVec(*blob);
auto& dev = mKeyStore->getDevice(*blob);
@@ -1712,6 +1717,7 @@
String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10));
error = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(uid));
if (!error.isOk()) {
+ ALOGI("upgradeKeyBlob keystore->del failed %d", (int)error);
return;
}
@@ -1722,6 +1728,7 @@
error = mKeyStore->put(filename.string(), &newBlob, get_user_id(uid));
if (!error.isOk()) {
+ ALOGI("upgradeKeyBlob keystore->put failed %d", (int)error);
return;
}
diff --git a/keystore/keymaster_enforcement.cpp b/keystore/keymaster_enforcement.cpp
index 8333860..4cee57d 100644
--- a/keystore/keymaster_enforcement.cpp
+++ b/keystore/keymaster_enforcement.cpp
@@ -295,6 +295,8 @@
case Tag::ATTESTATION_ID_SERIAL:
case Tag::ATTESTATION_ID_IMEI:
case Tag::ATTESTATION_ID_MEID:
+ case Tag::ATTESTATION_ID_MANUFACTURER:
+ case Tag::ATTESTATION_ID_MODEL:
return ErrorCode::INVALID_KEY_BLOB;
/* Tags used for cryptographic parameters in keygen. Nothing to enforce. */
diff --git a/keystore/legacy_keymaster_device_wrapper.cpp b/keystore/legacy_keymaster_device_wrapper.cpp
index 440eb50..c57bfed 100644
--- a/keystore/legacy_keymaster_device_wrapper.cpp
+++ b/keystore/legacy_keymaster_device_wrapper.cpp
@@ -356,6 +356,8 @@
case Tag::ATTESTATION_ID_SERIAL:
case Tag::ATTESTATION_ID_IMEI:
case Tag::ATTESTATION_ID_MEID:
+ case Tag::ATTESTATION_ID_MANUFACTURER:
+ case Tag::ATTESTATION_ID_MODEL:
// Device id attestation may only be supported if the device is able to permanently
// destroy its knowledge of the ids. This device is unable to do this, so it must
// never perform any device id attestation.