Merge "Confirmationui Rate Limiting App Abort Bug Fix"
diff --git a/identity/credstore.rc b/identity/credstore.rc
index 12c1e72..d9e989a 100644
--- a/identity/credstore.rc
+++ b/identity/credstore.rc
@@ -1,5 +1,4 @@
service credstore /system/bin/credstore /data/misc/credstore
- class main
- user keystore
- group keystore drmrpc readproc log
- writepid /dev/cpuset/foreground/tasks
\ No newline at end of file
+ class core
+ user credstore
+ group credstore
diff --git a/keystore/Android.bp b/keystore/Android.bp
index f3a7531..cbb174d 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -55,6 +55,7 @@
"android.hardware.confirmationui@1.0",
"android.hardware.keymaster@3.0",
"android.hardware.keymaster@4.0",
+ "android.hardware.keymaster@4.1",
"libbase",
"libbinder",
"libcrypto",
@@ -62,6 +63,7 @@
"libhardware",
"libhidlbase",
"libkeymaster4support",
+ "libkeymaster4_1support",
"libkeymaster_messages",
"libkeymaster_portable",
"libkeystore_aidl",
@@ -154,19 +156,22 @@
],
shared_libs: [
"android.hardware.keymaster@4.0",
+ "android.hardware.keymaster@4.1",
"libbinder",
"libhardware",
"libhidlbase",
"libkeymaster4support",
+ "libkeymaster4_1support",
"liblog",
"libprotobuf-cpp-lite",
"libutils",
],
export_shared_lib_headers: [
"android.hardware.keymaster@4.0",
+ "android.hardware.keymaster@4.1",
"libbinder",
"libhidlbase",
- "libkeymaster4support",
+ "libkeymaster4_1support",
],
}
// Library for keystore clients
diff --git a/keystore/KeyStore.h b/keystore/KeyStore.h
index a7fbab4..0027ec8 100644
--- a/keystore/KeyStore.h
+++ b/keystore/KeyStore.h
@@ -18,7 +18,7 @@
#define KEYSTORE_KEYSTORE_H_
#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <utils/Vector.h>
#include <keystore/keymaster_types.h>
diff --git a/keystore/OperationResult.cpp b/keystore/OperationResult.cpp
index 3ff8bc3..dec4d40 100644
--- a/keystore/OperationResult.cpp
+++ b/keystore/OperationResult.cpp
@@ -29,8 +29,8 @@
namespace security {
namespace keymaster {
-using keystore::keymaster::ErrorCode;
using ::android::status_t;
+using ::keystore::ErrorCode;
OperationResult::OperationResult() : resultCode(), token(), handle(0), inputConsumed(0), data() {}
diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h
index 86d65de..787b9b1 100644
--- a/keystore/auth_token_table.h
+++ b/keystore/auth_token_table.h
@@ -25,8 +25,6 @@
namespace keystore {
-using keymaster::HardwareAuthToken;
-
namespace test {
class AuthTokenTableTest;
} // namespace test
diff --git a/keystore/include/keystore/keymaster_types.h b/keystore/include/keystore/keymaster_types.h
index f3c6907..8da9682 100644
--- a/keystore/include/keystore/keymaster_types.h
+++ b/keystore/include/keystore/keymaster_types.h
@@ -16,11 +16,11 @@
#define SECURITY_KEYSTORE_INCLUDE_KEYSTORE_KEYMASTER_TYPES_H_
#include <android/hardware/keymaster/3.0/types.h>
-#include <android/hardware/keymaster/4.0/IKeymasterDevice.h>
-#include <android/hardware/keymaster/4.0/types.h>
+#include <android/hardware/keymaster/4.1/IKeymasterDevice.h>
+#include <android/hardware/keymaster/4.1/types.h>
-#include <keymasterV4_0/authorization_set.h>
-#include <keymasterV4_0/keymaster_tags.h>
+#include <keymasterV4_1/authorization_set.h>
+#include <keymasterV4_1/keymaster_tags.h>
/**
* This header lifts the types from the current Keymaster version into the keystore namespace.
@@ -29,7 +29,7 @@
namespace keystore {
// Changing this namespace alias will change the keymaster version.
-namespace keymaster = ::android::hardware::keymaster::V4_0;
+namespace keymaster = ::android::hardware::keymaster::V4_1;
using android::hardware::hidl_vec;
using android::hardware::Return;
@@ -40,11 +40,17 @@
using keymaster::AuthorizationSet;
using keymaster::AuthorizationSetBuilder;
+// It's more convenient to use the V4.0 error and tag types by default.
+using ::android::hardware::keymaster::V4_0::ErrorCode;
+using ::android::hardware::keymaster::V4_0::Tag;
+
+using V4_1_ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode;
+using V4_1_Tag = ::android::hardware::keymaster::V4_1::Tag;
+
using keymaster::Algorithm;
using keymaster::BlockMode;
using keymaster::Digest;
using keymaster::EcCurve;
-using keymaster::ErrorCode;
using keymaster::HardwareAuthenticatorType;
using keymaster::HardwareAuthToken;
using keymaster::HmacSharingParameters;
@@ -55,7 +61,6 @@
using keymaster::OperationHandle;
using keymaster::PaddingMode;
using keymaster::SecurityLevel;
-using keymaster::Tag;
using keymaster::TagType;
using keymaster::VerificationToken;
diff --git a/keystore/include/keystore/keystore_return_types.h b/keystore/include/keystore/keystore_return_types.h
index f8cf1cc..2762f8d 100644
--- a/keystore/include/keystore/keystore_return_types.h
+++ b/keystore/include/keystore/keystore_return_types.h
@@ -23,8 +23,6 @@
namespace keystore {
-using keymaster::ErrorCode;
-
class KeyStoreServiceReturnCode;
class KeyStoreNativeReturnCode;
diff --git a/keystore/key_proto_handler.cpp b/keystore/key_proto_handler.cpp
index a106213..f8400af 100644
--- a/keystore/key_proto_handler.cpp
+++ b/keystore/key_proto_handler.cpp
@@ -19,7 +19,7 @@
#include <android/os/DropBoxManager.h>
#include <google/protobuf/message_lite.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <keystore/keymaster_types.h>
#include <utils/String16.h>
#include <utils/StrongPointer.h>
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 5bc5a78..fa8d145 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -613,8 +613,6 @@
const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
const String16& name, const KeymasterArguments& params, const ::std::vector<uint8_t>& entropy,
int uid, int flags, int32_t* _aidl_return) {
- // TODO(jbires): remove this getCallingUid call upon implementation of b/25646100
- uid_t originalUid = IPCThreadState::self()->getCallingUid();
uid = getEffectiveUid(uid);
auto logOnScopeExit = android::base::make_scope_guard([&] {
if (__android_log_security()) {
@@ -634,9 +632,7 @@
}
if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
- // TODO(jbires): remove uid checking upon implementation of b/25646100
- if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
- originalUid != IPCThreadState::self()->getCallingUid()) {
+ if (!checkBinderPermission(P_GEN_UNIQUE_ID)) {
return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
}
}
@@ -1326,11 +1322,22 @@
}
Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
- int32_t* aidl_return) {
+ int32_t* _aidl_return) {
+ if (isShowing) {
+ if (!checkBinderPermission(P_LOCK, UID_SELF)) {
+ LOG(WARNING) << "onKeyguardVisibilityChanged called with isShowing == true but "
+ "without LOCK permission";
+ return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
+ }
+ } else {
+ if (!checkBinderPermission(P_UNLOCK, UID_SELF)) {
+ LOG(WARNING) << "onKeyguardVisibilityChanged called with isShowing == false but "
+ "without UNLOCK permission";
+ return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
+ }
+ }
mKeyStore->getEnforcementPolicy().set_device_locked(isShowing, userId);
- *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
-
- return Status::ok();
+ return AIDL_RETURN(ResponseCode::NO_ERROR);
}
} // namespace keystore
diff --git a/keystore/keymaster_worker.h b/keystore/keymaster_worker.h
index 3165763..8e35c16 100644
--- a/keystore/keymaster_worker.h
+++ b/keystore/keymaster_worker.h
@@ -20,7 +20,7 @@
#include <condition_variable>
#include <functional>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <memory>
#include <mutex>
#include <optional>
@@ -32,6 +32,7 @@
#include <keystore/KeyCharacteristics.h>
#include <keystore/KeymasterBlob.h>
#include <keystore/OperationResult.h>
+#include <keystore/keymaster_types.h>
#include <keystore/keystore_return_types.h>
#include "blob.h"
@@ -43,16 +44,7 @@
using ::android::hardware::hidl_vec;
using ::android::hardware::Return;
using ::android::hardware::Void;
-using android::hardware::keymaster::V4_0::ErrorCode;
-using android::hardware::keymaster::V4_0::HardwareAuthToken;
-using android::hardware::keymaster::V4_0::HmacSharingParameters;
-using android::hardware::keymaster::V4_0::KeyCharacteristics;
-using android::hardware::keymaster::V4_0::KeyFormat;
-using android::hardware::keymaster::V4_0::KeyParameter;
-using android::hardware::keymaster::V4_0::KeyPurpose;
-using android::hardware::keymaster::V4_0::VerificationToken;
-using android::hardware::keymaster::V4_0::support::Keymaster;
-// using KeystoreCharacteristics = ::android::security::keymaster::KeyCharacteristics;
+using android::hardware::keymaster::V4_1::support::Keymaster;
using ::android::security::keymaster::KeymasterBlob;
class KeyStore;
diff --git a/keystore/keystore_aidl_hidl_marshalling_utils.cpp b/keystore/keystore_aidl_hidl_marshalling_utils.cpp
index 49e18f0..823ca58 100644
--- a/keystore/keystore_aidl_hidl_marshalling_utils.cpp
+++ b/keystore/keystore_aidl_hidl_marshalling_utils.cpp
@@ -205,7 +205,7 @@
namespace keymaster {
using ::android::status_t;
-using ::keystore::keymaster::ErrorCode;
+using ::keystore::ErrorCode;
ExportResult::ExportResult() : resultCode() {}
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index 91ebd12..02c2139 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp
@@ -21,8 +21,8 @@
#include <android/security/keystore/IKeystoreService.h>
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
-#include <keymasterV4_0/Keymaster3.h>
-#include <keymasterV4_0/Keymaster4.h>
+#include <keymasterV4_1/Keymaster3.h>
+#include <keymasterV4_1/Keymaster4.h>
#include <utils/StrongPointer.h>
#include <keystore/keystore_hidl_support.h>
diff --git a/keystore/operation.h b/keystore/operation.h
index e0865a4..ef880a7 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h
@@ -26,7 +26,7 @@
#include <binder/Binder.h>
#include <binder/IBinder.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <utils/StrongPointer.h>
#include <keystore/keymaster_types.h>
diff --git a/keystore/operation_proto_handler.cpp b/keystore/operation_proto_handler.cpp
index dfc0692..3b3d3fc 100644
--- a/keystore/operation_proto_handler.cpp
+++ b/keystore/operation_proto_handler.cpp
@@ -19,7 +19,7 @@
#include <android/os/DropBoxManager.h>
#include <google/protobuf/message_lite.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <keystore/keymaster_types.h>
#include <keystore/keystore_hidl_support.h>
#include <utils/String16.h>
diff --git a/keystore/operation_struct.h b/keystore/operation_struct.h
index 84265b6..23e79fc 100644
--- a/keystore/operation_struct.h
+++ b/keystore/operation_struct.h
@@ -19,7 +19,7 @@
#include <binder/Binder.h>
#include <binder/IBinder.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <utils/StrongPointer.h>
#include <keystore/keymaster_types.h>
diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
index bbcc1c2..a5a2c33 100644
--- a/keystore/tests/Android.bp
+++ b/keystore/tests/Android.bp
@@ -24,6 +24,7 @@
"libgtest_main",
"libhidlbase",
"libkeymaster4support",
+ "libkeymaster4_1support",
"libkeystore_test",
"liblog",
"libutils",