commit 6c72732a9b6ad557fa35e8d7cea20199214bce22
author Treehugger Robot <treehugger-gerrit@google.com> Thu May 06 00:10:22 2021 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu May 06 00:10:22 2021 +0000
tree 448f84125221dd73c824d6cbce85a9fa1d891efc
parent 70d788a4424f170138305b3ea6c6529a350938d5
parent 7e13aa04ce6863f8530326d41106b69f32ef407c

Merge "Keystore 2.0: Add watch dog library."

keystore2/src/enforcements.rs

diff --git a/keystore2/src/enforcements.rs b/keystore2/src/enforcements.rs
index 378b72f..04d1f77 100644
--- a/keystore2/src/enforcements.rs
+++ b/keystore2/src/enforcements.rs
@@ -682,9 +682,10 @@
             // So the HAT cannot be presented on create. So on update/finish we present both
             // an per-op-bound auth token and a timestamp token.
             (Some(_), true, true) => (None, DeferredAuthState::TimeStampedOpAuthRequired),
-            (Some(hat), true, false) => {
-                (None, DeferredAuthState::TimeStampRequired(hat.take_auth_token()))
-            }
+            (Some(hat), true, false) => (
+                Some(hat.auth_token().clone()),
+                DeferredAuthState::TimeStampRequired(hat.take_auth_token()),
+            ),
             (Some(hat), false, true) => {
                 (Some(hat.take_auth_token()), DeferredAuthState::OpAuthRequired)
             }

keystore2/src/globals.rs

diff --git a/keystore2/src/globals.rs b/keystore2/src/globals.rs
index 9f38799..bd28ca6 100644
--- a/keystore2/src/globals.rs
+++ b/keystore2/src/globals.rs
@@ -172,7 +172,7 @@
         &DB_PATH.lock().expect("Could not get the database path for legacy blob loader.")));
     /// Legacy migrator. Atomically migrates legacy blobs to the database.
     pub static ref LEGACY_MIGRATOR: Arc<LegacyMigrator> =
-        Arc::new(LegacyMigrator::new(ASYNC_TASK.clone()));
+        Arc::new(LegacyMigrator::new(Arc::new(Default::default())));
     /// Background thread which handles logging via statsd and logd
     pub static ref LOGS_HANDLER: Arc<AsyncTask> = Default::default();
 }

keystore2/src/km_compat/km_compat.cpp

diff --git a/keystore2/src/km_compat/km_compat.cpp b/keystore2/src/km_compat/km_compat.cpp
index 4141b1c..bdc3f2a 100644
--- a/keystore2/src/km_compat/km_compat.cpp
+++ b/keystore2/src/km_compat/km_compat.cpp
@@ -687,6 +687,14 @@
     return convertErrorCode(km_error);
 }
 
+ScopedAStatus
+KeyMintDevice::getKeyCharacteristics(const std::vector<uint8_t>& /* storageKeyBlob */,
+                                     const std::vector<uint8_t>& /* appId */,
+                                     const std::vector<uint8_t>& /* appData */,
+                                     std::vector<KeyCharacteristics>* /* keyCharacteristics */) {
+    return convertErrorCode(KMV1::ErrorCode::UNIMPLEMENTED);
+}
+
 ScopedAStatus KeyMintOperation::updateAad(const std::vector<uint8_t>& input,
                                           const std::optional<HardwareAuthToken>& optAuthToken,
                                           const std::optional<TimeStampToken>& optTimeStampToken) {

keystore2/src/km_compat/km_compat.h

diff --git a/keystore2/src/km_compat/km_compat.h b/keystore2/src/km_compat/km_compat.h
index cd2b804..09c9157 100644
--- a/keystore2/src/km_compat/km_compat.h
+++ b/keystore2/src/km_compat/km_compat.h
@@ -118,6 +118,11 @@
     ScopedAStatus convertStorageKeyToEphemeral(const std::vector<uint8_t>& storageKeyBlob,
                                                std::vector<uint8_t>* ephemeralKeyBlob) override;
 
+    ScopedAStatus
+    getKeyCharacteristics(const std::vector<uint8_t>& storageKeyBlob,
+                          const std::vector<uint8_t>& appId, const std::vector<uint8_t>& appData,
+                          std::vector<KeyCharacteristics>* keyCharacteristics) override;
+
     // These are public to allow testing code to use them directly.
     // This class should not be used publicly anyway.
     std::variant<std::vector<Certificate>, KMV1_ErrorCode>