Merge "Correct KeyMint path in comment."
diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp
index b81fb22..7ab4097 100644
--- a/fsverity_init/fsverity_init.cpp
+++ b/fsverity_init/fsverity_init.cpp
@@ -49,6 +49,7 @@
}
void LoadKeyFromFile(key_serial_t keyring_id, const char* keyname, const std::string& path) {
+ LOG(INFO) << "LoadKeyFromFile path=" << path << " keyname=" << keyname;
std::string content;
if (!android::base::ReadFileToString(path, &content)) {
LOG(ERROR) << "Failed to read key from " << path;
@@ -59,22 +60,24 @@
}
}
-void LoadKeyFromDirectory(key_serial_t keyring_id, const char* keyname, const char* dir) {
+void LoadKeyFromDirectory(key_serial_t keyring_id, const char* keyname_prefix, const char* dir) {
if (!std::filesystem::exists(dir)) {
return;
}
+ int counter = 0;
for (const auto& entry : std::filesystem::directory_iterator(dir)) {
if (!android::base::EndsWithIgnoreCase(entry.path().c_str(), ".der")) continue;
-
- LoadKeyFromFile(keyring_id, keyname, entry.path());
+ std::string keyname = keyname_prefix + std::to_string(counter);
+ counter++;
+ LoadKeyFromFile(keyring_id, keyname.c_str(), entry.path());
}
}
void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) {
// NB: Directories need to be synced with FileIntegrityService.java in
// frameworks/base.
- LoadKeyFromDirectory(keyring_id, "fsv_system", "/system/etc/security/fsverity");
- LoadKeyFromDirectory(keyring_id, "fsv_product", "/product/etc/security/fsverity");
+ LoadKeyFromDirectory(keyring_id, "fsv_system_", "/system/etc/security/fsverity");
+ LoadKeyFromDirectory(keyring_id, "fsv_product_", "/product/etc/security/fsverity");
}
int main(int argc, const char** argv) {
diff --git a/identity/Credential.cpp b/identity/Credential.cpp
index 2e6b9c1..7c75d8a 100644
--- a/identity/Credential.cpp
+++ b/identity/Credential.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#define LOG_TAG "Credential"
+#define LOG_TAG "credstore"
#include <android-base/logging.h>
#include <android/binder_manager.h>
diff --git a/identity/CredentialData.cpp b/identity/CredentialData.cpp
index 96c436a..d95c1ac 100644
--- a/identity/CredentialData.cpp
+++ b/identity/CredentialData.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#define LOG_TAG "CredentialData"
+#define LOG_TAG "credstore"
#include <chrono>
diff --git a/identity/CredentialStore.cpp b/identity/CredentialStore.cpp
index 509e022..071cf24 100644
--- a/identity/CredentialStore.cpp
+++ b/identity/CredentialStore.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#define LOG_TAG "CredentialStore"
+#define LOG_TAG "credstore"
#include <algorithm>
diff --git a/identity/CredentialStoreFactory.cpp b/identity/CredentialStoreFactory.cpp
index 5c3bf36..0e901ba 100644
--- a/identity/CredentialStoreFactory.cpp
+++ b/identity/CredentialStoreFactory.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#define LOG_TAG "CredentialStoreFactory"
+#define LOG_TAG "credstore"
#include <android-base/logging.h>
diff --git a/identity/TEST_MAPPING b/identity/TEST_MAPPING
new file mode 100644
index 0000000..87707a8
--- /dev/null
+++ b/identity/TEST_MAPPING
@@ -0,0 +1,7 @@
+{
+ "presubmit": [
+ {
+ "name": "CtsIdentityTestCases"
+ }
+ ]
+}
diff --git a/identity/Util.cpp b/identity/Util.cpp
index cd29017..3a46bca 100644
--- a/identity/Util.cpp
+++ b/identity/Util.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#define LOG_TAG "Util"
+#define LOG_TAG "credstore"
#include <fcntl.h>
#include <stdlib.h>
diff --git a/identity/WritableCredential.cpp b/identity/WritableCredential.cpp
index a300e51..9827d75 100644
--- a/identity/WritableCredential.cpp
+++ b/identity/WritableCredential.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#define LOG_TAG "WritableCredential"
+#define LOG_TAG "credstore"
#include <android-base/logging.h>
#include <android/hardware/identity/support/IdentityCredentialSupport.h>
diff --git a/identity/main.cpp b/identity/main.cpp
index 9add73c..2559789 100644
--- a/identity/main.cpp
+++ b/identity/main.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#define LOG_TAG "android.security.identity"
+#define LOG_TAG "credstore"
#include <filesystem>
@@ -51,7 +51,7 @@
auto ret = sm->addService(String16("android.security.identity"), factory);
CHECK(ret == ::android::OK) << "Couldn't register binder service";
- LOG(ERROR) << "Registered binder service";
+ LOG(INFO) << "Registered binder service";
// Credstore is a single-threaded process. So devote the main thread
// to handling binder messages.
diff --git a/keystore-engine/keystore2_engine.cpp b/keystore-engine/keystore2_engine.cpp
index 8d25f48..69d2ca6 100644
--- a/keystore-engine/keystore2_engine.cpp
+++ b/keystore-engine/keystore2_engine.cpp
@@ -33,7 +33,7 @@
#define AT __func__ << ":" << __LINE__ << " "
-constexpr const char keystore2_service_name[] = "android.system.keystore2";
+constexpr const char keystore2_service_name[] = "android.system.keystore2.IKeystoreService/default";
const std::string keystore2_grant_id_prefix("ks2_keystore-engine_grant_id:");
/**
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index b6ccf4c..aff824b 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -100,4 +100,6 @@
"libvpnprofilestore-rust",
],
init_rc: ["keystore2.rc"],
+
+ vintf_fragments: ["android.system.keystore2-service.xml"],
}
diff --git a/keystore2/TEST_MAPPING b/keystore2/TEST_MAPPING
index 99a1e60..16b6f85 100644
--- a/keystore2/TEST_MAPPING
+++ b/keystore2/TEST_MAPPING
@@ -8,6 +8,9 @@
},
{
"name": "keystore2_test"
+ },
+ {
+ "name": "CtsIdentityTestCases"
}
]
}
diff --git a/keystore2/android.system.keystore2-service.xml b/keystore2/android.system.keystore2-service.xml
new file mode 100644
index 0000000..6b8d0cb
--- /dev/null
+++ b/keystore2/android.system.keystore2-service.xml
@@ -0,0 +1,9 @@
+<manifest version="1.0" type="framework">
+ <hal format="aidl">
+ <name>android.system.keystore2</name>
+ <interface>
+ <name>IKeystoreService</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</manifest>
diff --git a/keystore2/src/keystore2_main.rs b/keystore2/src/keystore2_main.rs
index 09ffecb..e745697 100644
--- a/keystore2/src/keystore2_main.rs
+++ b/keystore2/src/keystore2_main.rs
@@ -25,7 +25,7 @@
use std::{panic, path::Path, sync::mpsc::channel};
use vpnprofilestore::VpnProfileStore;
-static KS2_SERVICE_NAME: &str = "android.system.keystore2";
+static KS2_SERVICE_NAME: &str = "android.system.keystore2.IKeystoreService/default";
static APC_SERVICE_NAME: &str = "android.security.apc";
static AUTHORIZATION_SERVICE_NAME: &str = "android.security.authorization";
static REMOTE_PROVISIONING_SERVICE_NAME: &str = "android.security.remoteprovisioning";
diff --git a/ondevice-signing/KeystoreKey.cpp b/ondevice-signing/KeystoreKey.cpp
index de7033f..840b683 100644
--- a/ondevice-signing/KeystoreKey.cpp
+++ b/ondevice-signing/KeystoreKey.cpp
@@ -129,7 +129,7 @@
if (sm == nullptr) {
return false;
}
- auto service = sm->getService(String16("android.system.keystore2"));
+ auto service = sm->getService(String16("android.system.keystore2.IKeystoreService/default"));
if (service == nullptr) {
return false;
}
diff --git a/ondevice-signing/TEST_MAPPING b/ondevice-signing/TEST_MAPPING
new file mode 100644
index 0000000..03b9b95
--- /dev/null
+++ b/ondevice-signing/TEST_MAPPING
@@ -0,0 +1,7 @@
+{
+ "presubmit": [
+ {
+ "name": "odsign_e2e_tests"
+ }
+ ]
+}