Snap for 4625912 from eec88d343a1105d4da5c108c49258e2ccc131f4a to pi-release
Change-Id: I40a5a665341a55d349ce49684bd182679f833317
diff --git a/keystore/binder/android/security/IKeystoreService.aidl b/keystore/binder/android/security/IKeystoreService.aidl
index 738eb68..538dd28 100644
--- a/keystore/binder/android/security/IKeystoreService.aidl
+++ b/keystore/binder/android/security/IKeystoreService.aidl
@@ -58,12 +58,12 @@
int addRngEntropy(in byte[] data, int flags);
int generateKey(String alias, in KeymasterArguments arguments, in byte[] entropy, int uid,
int flags, out KeyCharacteristics characteristics);
- int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appId,
+ int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appData,
int uid, out KeyCharacteristics characteristics);
int importKey(String alias, in KeymasterArguments arguments, int format,
in byte[] keyData, int uid, int flags, out KeyCharacteristics characteristics);
ExportResult exportKey(String alias, int format, in KeymasterBlob clientId,
- in KeymasterBlob appId, int uid);
+ in KeymasterBlob appData, int uid);
OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable,
in KeymasterArguments params, in byte[] entropy, int uid);
OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input);
@@ -84,4 +84,5 @@
int presentConfirmationPrompt(IBinder listener, String promptText, in byte[] extraData,
in String locale, in int uiOptionsAsFlags);
int cancelConfirmationPrompt(IBinder listener);
+ boolean isConfirmationPromptSupported();
}
diff --git a/keystore/confirmation_manager.cpp b/keystore/confirmation_manager.cpp
index d8c5378..acca304 100644
--- a/keystore/confirmation_manager.cpp
+++ b/keystore/confirmation_manager.cpp
@@ -115,6 +115,19 @@
return Status::ok();
}
+// Called by keystore main thread.
+Status ConfirmationManager::isConfirmationPromptSupported(bool* aidl_return) {
+ sp<IConfirmationUI> confirmationUI = IConfirmationUI::tryGetService();
+ if (confirmationUI == nullptr) {
+ ALOGW("Error getting confirmationUI service\n");
+ *aidl_return = false;
+ return Status::ok();
+ }
+
+ *aidl_return = true;
+ return Status::ok();
+}
+
void ConfirmationManager::finalizeTransaction(ConfirmationResponseCode responseCode,
hidl_vec<uint8_t> dataThatWasConfirmed,
bool callAbortOnHal) {
diff --git a/keystore/confirmation_manager.h b/keystore/confirmation_manager.h
index 4bf4b8d..b92deda 100644
--- a/keystore/confirmation_manager.h
+++ b/keystore/confirmation_manager.h
@@ -61,6 +61,9 @@
Status cancelConfirmationPrompt(const android::sp<android::IBinder>& listener,
int32_t* aidl_return);
+ // Checks if the confirmationUI HAL is available.
+ Status isConfirmationPromptSupported(bool* aidl_return);
+
// Gets the latest confirmation token received from the ConfirmationUI HAL.
hidl_vec<uint8_t> getLatestConfirmationToken();
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index d59966f..aab3db1 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -579,8 +579,8 @@
Status KeyStoreService::get_pubkey(const String16& name, ::std::vector<uint8_t>* pubKey) {
android::security::keymaster::ExportResult result;
KeymasterBlob clientId;
- KeymasterBlob appId;
- exportKey(name, static_cast<int32_t>(KeyFormat::X509), clientId, appId, UID_SELF, &result);
+ KeymasterBlob appData;
+ exportKey(name, static_cast<int32_t>(KeyFormat::X509), clientId, appData, UID_SELF, &result);
if (!result.resultCode.isOk()) {
ALOGW("export failed: %d", int32_t(result.resultCode));
return Status::fromServiceSpecificError(static_cast<int32_t>(result.resultCode));
@@ -855,7 +855,7 @@
Status KeyStoreService::getKeyCharacteristics(
const String16& name, const ::android::security::keymaster::KeymasterBlob& clientId,
- const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid,
+ const ::android::security::keymaster::KeymasterBlob& appData, int32_t uid,
::android::security::keymaster::KeyCharacteristics* outCharacteristics, int32_t* aidl_return) {
if (!outCharacteristics) {
*aidl_return =
@@ -921,7 +921,7 @@
};
rc = KS_HANDLE_HIDL_ERROR(
- dev->getKeyCharacteristics(hidlKeyBlob, clientId.getData(), appId.getData(), hidlCb));
+ dev->getKeyCharacteristics(hidlKeyBlob, clientId.getData(), appData.getData(), hidlCb));
if (!rc.isOk()) {
*aidl_return = static_cast<int32_t>(rc);
return Status::ok();
@@ -932,8 +932,8 @@
if (clientId.getData().size()) {
upgradeParams.push_back(TAG_APPLICATION_ID, clientId.getData());
}
- if (appId.getData().size()) {
- upgradeParams.push_back(TAG_APPLICATION_DATA, appId.getData());
+ if (appData.getData().size()) {
+ upgradeParams.push_back(TAG_APPLICATION_DATA, appData.getData());
}
rc = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob);
if (!rc.isOk()) {
@@ -944,7 +944,7 @@
auto upgradedHidlKeyBlob = blob2hidlVec(keyBlob);
rc = KS_HANDLE_HIDL_ERROR(dev->getKeyCharacteristics(
- upgradedHidlKeyBlob, clientId.getData(), appId.getData(), hidlCb));
+ upgradedHidlKeyBlob, clientId.getData(), appData.getData(), hidlCb));
if (!rc.isOk()) {
*aidl_return = static_cast<int32_t>(rc);
return Status::ok();
@@ -1073,7 +1073,7 @@
Status KeyStoreService::exportKey(const String16& name, int32_t format,
const ::android::security::keymaster::KeymasterBlob& clientId,
- const ::android::security::keymaster::KeymasterBlob& appId,
+ const ::android::security::keymaster::KeymasterBlob& appData,
int32_t uid, ExportResult* result) {
uid_t targetUid = getEffectiveUid(uid);
@@ -1106,7 +1106,7 @@
result->exportData = keyMaterial;
};
KeyStoreServiceReturnCode rc = KS_HANDLE_HIDL_ERROR(
- dev->exportKey(KeyFormat(format), key, clientId.getData(), appId.getData(), hidlCb));
+ dev->exportKey(KeyFormat(format), key, clientId.getData(), appData.getData(), hidlCb));
// Overwrite result->resultCode only on HIDL error. Otherwise we want the result set in the
// callback hidlCb.
if (!rc.isOk()) {
@@ -1118,8 +1118,8 @@
if (clientId.getData().size()) {
upgradeParams.push_back(TAG_APPLICATION_ID, clientId.getData());
}
- if (appId.getData().size()) {
- upgradeParams.push_back(TAG_APPLICATION_DATA, appId.getData());
+ if (appData.getData().size()) {
+ upgradeParams.push_back(TAG_APPLICATION_DATA, appData.getData());
}
result->resultCode = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob);
if (!result->resultCode.isOk()) {
@@ -1129,7 +1129,7 @@
auto upgradedHidlKeyBlob = blob2hidlVec(keyBlob);
result->resultCode = KS_HANDLE_HIDL_ERROR(dev->exportKey(
- KeyFormat(format), upgradedHidlKeyBlob, clientId.getData(), appId.getData(), hidlCb));
+ KeyFormat(format), upgradedHidlKeyBlob, clientId.getData(), appData.getData(), hidlCb));
if (!result->resultCode.isOk()) {
return Status::ok();
}
@@ -1787,6 +1787,10 @@
return mConfirmationManager->cancelConfirmationPrompt(listener, aidl_return);
}
+Status KeyStoreService::isConfirmationPromptSupported(bool* aidl_return) {
+ return mConfirmationManager->isConfirmationPromptSupported(aidl_return);
+}
+
/**
* Prune the oldest pruneable operation.
*/
@@ -1919,13 +1923,13 @@
sp<Keymaster>* dev,
const AuthorizationSet& params,
KeyCharacteristics* out) {
- ::std::vector<uint8_t> appId;
+ ::std::vector<uint8_t> clientId;
::std::vector<uint8_t> appData;
for (auto param : params) {
if (param.tag == Tag::APPLICATION_ID) {
- appId = authorizationValue(TAG_APPLICATION_ID, param).value();
+ clientId = authorizationValue(TAG_APPLICATION_ID, param).value();
} else if (param.tag == Tag::APPLICATION_DATA) {
- appId = authorizationValue(TAG_APPLICATION_DATA, param).value();
+ appData = authorizationValue(TAG_APPLICATION_DATA, param).value();
}
}
ErrorCode error = ErrorCode::OK;
@@ -1938,7 +1942,8 @@
if (out) *out = keyCharacteristics;
};
- ErrorCode rc = KS_HANDLE_HIDL_ERROR((*dev)->getKeyCharacteristics(key, appId, appId, hidlCb));
+ ErrorCode rc =
+ KS_HANDLE_HIDL_ERROR((*dev)->getKeyCharacteristics(key, clientId, appData, hidlCb));
if (rc != ErrorCode::OK) {
return rc;
}
diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h
index ce809f8..70a56ca 100644
--- a/keystore/key_store_service.h
+++ b/keystore/key_store_service.h
@@ -175,6 +175,7 @@
::android::binder::Status
cancelConfirmationPrompt(const ::android::sp<::android::IBinder>& listener,
int32_t* _aidl_return) override;
+ ::android::binder::Status isConfirmationPromptSupported(bool* _aidl_return) override;
private:
static const int32_t UID_SELF = -1;