[automerger skipped] credstore: Don't require credentials to use ACP ids starting at 0. am: 969d3803c8 -s ours
am skip reason: Change-Id I58595e6bf5f3ca3f82ebe9291fde54b7cf11e0dd with SHA-1 5263000348 is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/12141145
Change-Id: Ibd6ee7bf201a920e72602010bef128083f235453
diff --git a/METADATA b/METADATA
new file mode 100644
index 0000000..d97975c
--- /dev/null
+++ b/METADATA
@@ -0,0 +1,3 @@
+third_party {
+ license_type: NOTICE
+}
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index dcf92be..68df61f 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -1,8 +1,10 @@
[Builtin Hooks]
clang_format = true
+rustfmt = true
[Builtin Hooks Options]
clang_format = --commit ${PREUPLOAD_COMMIT} --style file --extensions c,h,cc,cpp
+rustfmt = --check --config-path=rustfmt.toml ${PREUPLOAD_FILES}
[Hook Scripts]
aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
diff --git a/identity/Util.cpp b/identity/Util.cpp
index a962dc3..cd29017 100644
--- a/identity/Util.cpp
+++ b/identity/Util.cpp
@@ -110,7 +110,7 @@
remaining -= numWritten;
}
- if (TEMP_FAILURE_RETRY(fsync(fd) == -1)) {
+ if (TEMP_FAILURE_RETRY(fsync(fd))) {
PLOG(ERROR) << "Failed fsyncing temp file for '" << path << "'";
close(fd);
return false;
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 1b38643..4e5bc48 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -1001,21 +1001,102 @@
return Status::ok();
}
+bool isDeviceIdAttestationTag(Tag tag) {
+ switch (tag) {
+ case Tag::ATTESTATION_ID_BRAND:
+ case Tag::ATTESTATION_ID_DEVICE:
+ case Tag::ATTESTATION_ID_MANUFACTURER:
+ case Tag::ATTESTATION_ID_MODEL:
+ case Tag::ATTESTATION_ID_PRODUCT:
+ case Tag::ATTESTATION_ID_IMEI:
+ case Tag::ATTESTATION_ID_MEID:
+ case Tag::ATTESTATION_ID_SERIAL:
+ return true;
+ case Tag::INVALID:
+ case Tag::PURPOSE:
+ case Tag::ALGORITHM:
+ case Tag::KEY_SIZE:
+ case Tag::BLOCK_MODE:
+ case Tag::DIGEST:
+ case Tag::PADDING:
+ case Tag::CALLER_NONCE:
+ case Tag::MIN_MAC_LENGTH:
+ case Tag::EC_CURVE:
+ case Tag::RSA_PUBLIC_EXPONENT:
+ case Tag::INCLUDE_UNIQUE_ID:
+ case Tag::BLOB_USAGE_REQUIREMENTS:
+ case Tag::BOOTLOADER_ONLY:
+ case Tag::ROLLBACK_RESISTANCE:
+ case Tag::HARDWARE_TYPE:
+ case Tag::ACTIVE_DATETIME:
+ case Tag::ORIGINATION_EXPIRE_DATETIME:
+ case Tag::USAGE_EXPIRE_DATETIME:
+ case Tag::MIN_SECONDS_BETWEEN_OPS:
+ case Tag::MAX_USES_PER_BOOT:
+ case Tag::USER_ID:
+ case Tag::USER_SECURE_ID:
+ case Tag::NO_AUTH_REQUIRED:
+ case Tag::USER_AUTH_TYPE:
+ case Tag::AUTH_TIMEOUT:
+ case Tag::ALLOW_WHILE_ON_BODY:
+ case Tag::TRUSTED_USER_PRESENCE_REQUIRED:
+ case Tag::TRUSTED_CONFIRMATION_REQUIRED:
+ case Tag::UNLOCKED_DEVICE_REQUIRED:
+ case Tag::APPLICATION_ID:
+ case Tag::APPLICATION_DATA:
+ case Tag::CREATION_DATETIME:
+ case Tag::ORIGIN:
+ case Tag::ROOT_OF_TRUST:
+ case Tag::OS_VERSION:
+ case Tag::OS_PATCHLEVEL:
+ case Tag::UNIQUE_ID:
+ case Tag::ATTESTATION_CHALLENGE:
+ case Tag::ATTESTATION_APPLICATION_ID:
+ case Tag::VENDOR_PATCHLEVEL:
+ case Tag::BOOT_PATCHLEVEL:
+ case Tag::ASSOCIATED_DATA:
+ case Tag::NONCE:
+ case Tag::MAC_LENGTH:
+ case Tag::RESET_SINCE_ID_ROTATION:
+ case Tag::CONFIRMATION_TOKEN:
+ return false;
+ // no default, all values must be present in the switch, in this way the compiler ensures
+ // that new values added in the Tag enum are also added here.
+ }
+}
+
+// These are attestation id tags that are not unique per device and don't require special permission
+// to be attested. Any addition to this list needs privacy review and approval (PWG).
+bool isDevicePropertyAttestationTag(Tag tag) {
+ switch (tag) {
+ case Tag::ATTESTATION_ID_BRAND:
+ case Tag::ATTESTATION_ID_DEVICE:
+ case Tag::ATTESTATION_ID_MANUFACTURER:
+ case Tag::ATTESTATION_ID_MODEL:
+ case Tag::ATTESTATION_ID_PRODUCT:
+ return true;
+ default:
+ return false;
+ }
+}
+
bool isDeviceIdAttestationRequested(const KeymasterArguments& params) {
const hardware::hidl_vec<KeyParameter>& paramsVec = params.getParameters();
for (size_t i = 0; i < paramsVec.size(); ++i) {
- switch (paramsVec[i].tag) {
- case Tag::ATTESTATION_ID_BRAND:
- case Tag::ATTESTATION_ID_DEVICE:
- case Tag::ATTESTATION_ID_MANUFACTURER:
- case Tag::ATTESTATION_ID_MODEL:
- case Tag::ATTESTATION_ID_PRODUCT:
- case Tag::ATTESTATION_ID_IMEI:
- case Tag::ATTESTATION_ID_MEID:
- case Tag::ATTESTATION_ID_SERIAL:
+ if (isDeviceIdAttestationTag(paramsVec[i].tag)) {
return true;
- default:
- continue;
+ }
+ }
+ return false;
+}
+
+// Device properties can be attested safely without special permission
+bool needsPermissionToAttestDeviceIds(const KeymasterArguments& params) {
+ const hardware::hidl_vec<KeyParameter>& paramsVec = params.getParameters();
+ for (size_t i = 0; i < paramsVec.size(); ++i) {
+ if (isDeviceIdAttestationTag(paramsVec[i].tag) &&
+ !isDevicePropertyAttestationTag(paramsVec[i].tag)) {
+ return true;
}
}
return false;
@@ -1031,7 +1112,7 @@
uid_t callingUid = IPCThreadState::self()->getCallingUid();
- if (isDeviceIdAttestationRequested(params) && (get_app_id(callingUid) != AID_SYSTEM)) {
+ if (needsPermissionToAttestDeviceIds(params) && (get_app_id(callingUid) != AID_SYSTEM)) {
return AIDL_RETURN(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
}
@@ -1106,14 +1187,19 @@
}
uid_t callingUid = IPCThreadState::self()->getCallingUid();
- sp<IBinder> binder = defaultServiceManager()->getService(String16("permission"));
- if (binder == nullptr) {
- return AIDL_RETURN(ErrorCode::CANNOT_ATTEST_IDS);
- }
- if (!interface_cast<IPermissionController>(binder)->checkPermission(
- String16("android.permission.READ_PRIVILEGED_PHONE_STATE"),
- IPCThreadState::self()->getCallingPid(), callingUid)) {
- return AIDL_RETURN(ErrorCode::CANNOT_ATTEST_IDS);
+
+ // Request special permission only for unique ids
+ if (needsPermissionToAttestDeviceIds(params)) {
+ sp<IBinder> binder = defaultServiceManager()->getService(String16("permission"));
+ if (binder == nullptr) {
+ return AIDL_RETURN(ErrorCode::CANNOT_ATTEST_IDS);
+ }
+
+ if (!interface_cast<IPermissionController>(binder)->checkPermission(
+ String16("android.permission.READ_PRIVILEGED_PHONE_STATE"),
+ IPCThreadState::self()->getCallingPid(), callingUid)) {
+ return AIDL_RETURN(ErrorCode::CANNOT_ATTEST_IDS);
+ }
}
AuthorizationSet mutableParams = params.getParameters();
diff --git a/keystore/tests/Makefile b/keystore/tests/Makefile
index 2720b0f..b50b94a 100644
--- a/keystore/tests/Makefile
+++ b/keystore/tests/Makefile
@@ -17,7 +17,6 @@
KEYMASTER=$(BASE)/system/keymaster
INCLUDES=$(foreach dir,$(SUBS),-I $(BASE)/$(dir)/include) \
- -I $(BASE)/libnativehelper/include/nativehelper \
-I $(GTEST) -Iinclude
# Add USE_CLANG=1 to the make command line to build with clang, which has better error
diff --git a/rustfmt.toml b/rustfmt.toml
new file mode 120000
index 0000000..ee92d9e
--- /dev/null
+++ b/rustfmt.toml
@@ -0,0 +1 @@
+../../build/soong/scripts/rustfmt.toml
\ No newline at end of file