keystore: Pass verification token to credstore along with requested auth token. This is needed because the Secure Areas backing the Identity Credential HAL may exist in a different environment from where the auth token is minted. In this case, the Secure Area needs a verification token to make sense of the timestamp in the auth token. Getting a verification token is an asynchronous operation so change the binder method used by credstore to be asynchronous as well. Bug: 156076333 Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: Id6cb6812a31d968069b7d72bd2b39b512d38d241

commit: 59102f388f5eea04504506cdd14535cb51c665be [log] [tgz]
author: David Zeuthen <zeuthen@google.com> Fri May 08 10:58:09 2020 -0400
committer: David Zeuthen <zeuthen@google.com> Fri May 08 11:30:49 2020 -0400
tree: 9e5c10cbf3015c0d83188bdfa4ada79f7841b7d5
parent: de087d874662c1b1d2fb657e0b474b58c4890016 [diff] [blame]
diff --git a/identity/main.cpp b/identity/main.cpp
index af03a30..8f4968d 100644
--- a/identity/main.cpp
+++ b/identity/main.cpp

@@ -53,6 +53,9 @@
     CHECK(ret == ::android::OK) << "Couldn't register binder service";
     LOG(ERROR) << "Registered binder service";
 
+    // This is needed for binder callbacks from keystore on a ICredstoreTokenCallback binder.
+    android::ProcessState::self()->startThreadPool();
+
     IPCThreadState::self()->joinThreadPool();
 
     return 0;
commit	59102f388f5eea04504506cdd14535cb51c665be	[log] [tgz]
author	David Zeuthen <zeuthen@google.com>	Fri May 08 10:58:09 2020 -0400
committer	David Zeuthen <zeuthen@google.com>	Fri May 08 11:30:49 2020 -0400
tree	9e5c10cbf3015c0d83188bdfa4ada79f7841b7d5
parent	de087d874662c1b1d2fb657e0b474b58c4890016 [diff] [blame]