Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 472e6c8e18c800b0b650bd8697e17ce65c1f3608^! / . / identity / CredentialStore.cpp
commit472e6c8e18c800b0b650bd8697e17ce65c1f3608[log] [tgz]
authorDavid Zeuthen <zeuthen@google.com>Fri Oct 16 11:50:13 2020 -0400
committerDavid Zeuthen <zeuthen@google.com>Fri Jan 22 18:37:03 2021 -0500
tree471569d2a83c6aa0bbc43328f05d0e2cd51ee28b
parent507171614b09405ec1660ed7726d6869745b128c [diff] [blame]
Credstore changes for Android 12

- Add Credential.proveOwership()
- Add Credential.deleteWithChallenge()
- Add Credential.updateCredential()
- Add Credential.storeStaticAuthenticationDataWithExpirationDate()
  - Store this on disk. For entries stored without this parameter
    assume they never expire.
- Add allowUsingExpiredKeys to Credential.selectAuthKey() and
  Credential.getEntries()
  - Unless set to true, never select an expired key
- Introduce ERROR_NOT_SUPPORTED and return this if HAL does not
  support operation

Bug: 170146643
Test: atest android.security.identity.cts
Change-Id: Ic5dafc6498c9c59b82942def9d348d974f008589

diff --git a/identity/CredentialStore.cpp b/identity/CredentialStore.cpp
index e3a825b..f77294e 100644
--- a/identity/CredentialStore.cpp
+++ b/identity/CredentialStore.cpp

@@ -41,11 +41,12 @@
         LOG(ERROR) << "Error getting hardware information: " << status.toString8();
         return false;
     }
+    halApiVersion_ = hal_->getInterfaceVersion();
 
-    LOG(INFO) << "Connected to Identity Credential HAL with name '" << hwInfo_.credentialStoreName
-              << "' authored by '" << hwInfo_.credentialStoreAuthorName << "' with chunk size "
-              << hwInfo_.dataChunkSize << " and directoAccess set to "
-              << (hwInfo_.isDirectAccess ? "true" : "false");
+    LOG(INFO) << "Connected to Identity Credential HAL with API version " << halApiVersion_
+              << " and name '" << hwInfo_.credentialStoreName << "' authored by '"
+              << hwInfo_.credentialStoreAuthorName << "' with chunk size " << hwInfo_.dataChunkSize
+              << " and directoAccess set to " << (hwInfo_.isDirectAccess ? "true" : "false");
     return true;
 }
 
@@ -89,7 +90,7 @@
     }
 
     sp<IWritableCredential> writableCredential = new WritableCredential(
-        dataPath_, credentialName, docType, hwInfo_.dataChunkSize, halWritableCredential);
+        dataPath_, credentialName, docType, false, hwInfo_, halWritableCredential, halApiVersion_);
     *_aidl_return = writableCredential;
     return Status::ok();
 }
@@ -112,9 +113,10 @@
 
     // Note: IdentityCredentialStore.java's CipherSuite enumeration and CipherSuite from the
     // HAL is manually kept in sync. So this cast is safe.
-    sp<Credential> credential = new Credential(CipherSuite(cipherSuite), dataPath_, credentialName);
+    sp<Credential> credential = new Credential(CipherSuite(cipherSuite), dataPath_, credentialName,
+                                               callingUid, hwInfo_, hal_, halApiVersion_);
 
-    Status loadStatus = credential->loadCredential(hal_);
+    Status loadStatus = credential->ensureOrReplaceHalBinder();
     if (!loadStatus.isOk()) {
         LOG(ERROR) << "Error loading credential";
     } else {