Merge "Split fsverity_init in multiple phases."
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index 4e819b8..dab6123 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -65,3 +65,22 @@
],
init_rc: ["keystore2.rc"],
}
+
+aidl_interface {
+ name: "android.security.attestationmanager",
+ srcs: [
+ "aidl/android/security/ByteArray.aidl",
+ "aidl/android/security/IAttestationManager.aidl",
+ ],
+ local_include_dir: "aidl",
+ imports: [ "android.hardware.keymint" ],
+ unstable: true,
+ backend: {
+ java: {
+ sdk_version: "module_current",
+ },
+ rust: {
+ enabled: true,
+ },
+ },
+}
diff --git a/keystore2/aidl/android/security/ByteArray.aidl b/keystore2/aidl/android/security/ByteArray.aidl
new file mode 100644
index 0000000..db2e18c
--- /dev/null
+++ b/keystore2/aidl/android/security/ByteArray.aidl
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+/**
+ * Simple data holder for a byte array, allowing for multidimensional arrays in AIDL.
+ *
+ * @hide
+ */
+parcelable ByteArray {
+ byte[] data;
+}
\ No newline at end of file
diff --git a/keystore2/aidl/android/security/IAttestationManager.aidl b/keystore2/aidl/android/security/IAttestationManager.aidl
new file mode 100644
index 0000000..1953cca
--- /dev/null
+++ b/keystore2/aidl/android/security/IAttestationManager.aidl
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+import android.security.ByteArray;
+import android.hardware.keymint.KeyParameter;
+
+/**
+ * Internal interface for performing device attestation.
+ *
+ * @hide
+ */
+interface IAttestationManager {
+ /**
+ * Attest a provided list of device identifiers.
+ *
+ * @return The signed certificate chain, with each individual certificate encoded as a byte
+ * array.
+ */
+ ByteArray[] attestDevice(
+ in KeyParameter[] deviceIdentifiers, boolean useIndividualAttestation,
+ in byte[] attestationChallenge, int securityLevel);
+}
\ No newline at end of file
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 9d20c75..0db4162 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -265,7 +265,7 @@
creation_date DATETIME,
domain INTEGER,
namespace INTEGER,
- alias TEXT);",
+ alias BLOB);",
NO_PARAMS,
)
.context("Failed to initialize \"keyentry\" table.")?;