Add keymaster authorization policy enforcement to keystore.
Bug: 19511945
Change-Id: I76c04e8d3253ba490cedac53bbc75943ec68df1d
diff --git a/keystore/operation.h b/keystore/operation.h
index d0e65a5..6806388 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h
@@ -47,12 +47,13 @@
class OperationMap {
public:
OperationMap(IBinder::DeathRecipient* deathRecipient);
- sp<IBinder> addOperation(keymaster_operation_handle_t handle, keymaster_purpose_t purpose,
- const keymaster1_device_t* dev, sp<IBinder> appToken,
- keymaster_key_characteristics_t* characteristics, bool pruneable);
- bool hasOperation(sp<IBinder> token);
+ sp<IBinder> addOperation(keymaster_operation_handle_t handle, uint64_t keyid,
+ keymaster_purpose_t purpose, const keymaster1_device_t* dev,
+ sp<IBinder> appToken, keymaster_key_characteristics_t* characteristics,
+ bool pruneable);
bool getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle,
- keymaster_purpose_t* outPurpose, const keymaster1_device_t** outDev,
+ uint64_t* outKeyid, keymaster_purpose_t* outPurpose,
+ const keymaster1_device_t** outDev,
const keymaster_key_characteristics_t** outCharacteristics);
bool removeOperation(sp<IBinder> token);
bool hasPruneableOperation();
@@ -66,10 +67,11 @@
void removeOperationTracking(sp<IBinder> token, sp<IBinder> appToken);
struct Operation {
Operation();
- Operation(keymaster_operation_handle_t handle, keymaster_purpose_t purpose,
+ Operation(keymaster_operation_handle_t handle, uint64_t keyid, keymaster_purpose_t purpose,
const keymaster1_device_t* device,
keymaster_key_characteristics_t* characteristics, sp<IBinder> appToken);
keymaster_operation_handle_t handle;
+ uint64_t keyid;
keymaster_purpose_t purpose;
const keymaster1_device_t* device;
Unique_keymaster_key_characteristics characteristics;