Keystore 2.0: Add earlyBootEnded() to IKeystoreMaintenance Introduce earlyBootEnded() to IKeystoreMaintenance - when called, this method will inform all Keymint devices that early boot keys can no longer be used. The early_boot_ended permission (in the keystore2 access vector) is required to call this method. Bug: 181821046 Bug: 181910578 Test: call IKeystoreMaintenance::earlyBootEnded() from vold Change-Id: Ie1341626943c948bee002362ed7fc7f8f3abfc5b

commit: 5b9e5b1bc1bf1956b60535dcd3df4c04a1463a4c [log] [tgz]
author: Satya Tangirala <satyat@google.com> Tue Mar 09 12:54:21 2021 -0800
committer: Satya Tangirala <satyat@google.com> Wed Mar 24 03:11:00 2021 -0700
tree: 4683b6ce82239c221841f9bea9de2a8bbdc29202
parent: fdceabde5b48dc8f3b9668139ba6819aa4ae0ed6 [diff] [blame]
diff --git a/keystore2/src/permission.rs b/keystore2/src/permission.rs
index f0a4c87..45c4dc1 100644
--- a/keystore2/src/permission.rs
+++ b/keystore2/src/permission.rs

@@ -311,6 +311,8 @@
         ClearUID = 0x200,    selinux name: clear_uid;
         /// Checked when Credstore calls IKeystoreAuthorization to obtain auth tokens.
         GetAuthToken = 0x400,  selinux name: get_auth_token;
+        /// Checked when earlyBootEnded() is called.
+        EarlyBootEnded = 0x800,   selinux name: early_boot_ended;
         /// Checked when IKeystoreMaintenance::onDeviceOffBody is called.
         ReportOffBody = 0x1000, selinux name: report_off_body;
     }
commit	5b9e5b1bc1bf1956b60535dcd3df4c04a1463a4c	[log] [tgz]
author	Satya Tangirala <satyat@google.com>	Tue Mar 09 12:54:21 2021 -0800
committer	Satya Tangirala <satyat@google.com>	Wed Mar 24 03:11:00 2021 -0700
tree	4683b6ce82239c221841f9bea9de2a8bbdc29202
parent	fdceabde5b48dc8f3b9668139ba6819aa4ae0ed6 [diff] [blame]