Merge "Add PREUPLOAD to require clang-format."
diff --git a/keystore/Android.bp b/keystore/Android.bp
index 42fcf8e..b58671c 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -69,6 +69,8 @@
enabled: false,
},
},
+
+ required: ["keystore_cli_v2"],
}
cc_binary {
diff --git a/keystore/KeyAttestationApplicationId.cpp b/keystore/KeyAttestationApplicationId.cpp
index 1352124..4bc939d 100644
--- a/keystore/KeyAttestationApplicationId.cpp
+++ b/keystore/KeyAttestationApplicationId.cpp
@@ -23,6 +23,14 @@
namespace security {
namespace keymaster {
+KeyAttestationApplicationId::KeyAttestationApplicationId() = default;
+
+KeyAttestationApplicationId::KeyAttestationApplicationId(
+ std::unique_ptr<KeyAttestationPackageInfo> package) :
+ packageInfos_(new std::vector<std::unique_ptr<KeyAttestationPackageInfo>>()) {
+ packageInfos_->push_back(std::move(package));
+}
+
status_t KeyAttestationApplicationId::writeToParcel(Parcel* parcel) const {
return parcel->writeParcelableVector(packageInfos_);
}
diff --git a/keystore/KeyAttestationPackageInfo.cpp b/keystore/KeyAttestationPackageInfo.cpp
index a84c246..8092828 100644
--- a/keystore/KeyAttestationPackageInfo.cpp
+++ b/keystore/KeyAttestationPackageInfo.cpp
@@ -23,6 +23,15 @@
namespace security {
namespace keymaster {
+KeyAttestationPackageInfo::KeyAttestationPackageInfo() = default;
+
+KeyAttestationPackageInfo::KeyAttestationPackageInfo(
+ const String16& packageName, int32_t versionCode,
+ SharedSignaturesVector signatures) :
+ packageName_(new String16(packageName)), versionCode_(versionCode),
+ signatures_(signatures) {
+}
+
status_t KeyAttestationPackageInfo::writeToParcel(Parcel* parcel) const {
auto rc = parcel->writeString16(packageName_);
if (rc != NO_ERROR) return rc;
@@ -37,7 +46,7 @@
rc = parcel->readInt32(&versionCode_);
if (rc != NO_ERROR) return rc;
- std::unique_ptr<std::vector<std::unique_ptr<content::pm::Signature>>> temp_vector;
+ std::unique_ptr<SignaturesVector> temp_vector;
rc = parcel->readParcelableVector(&temp_vector);
if (rc != NO_ERROR) return rc;
signatures_.reset(temp_vector.release());
diff --git a/keystore/include/keystore/KeyAttestationApplicationId.h b/keystore/include/keystore/KeyAttestationApplicationId.h
index 5161d4b..550a7e1 100644
--- a/keystore/include/keystore/KeyAttestationApplicationId.h
+++ b/keystore/include/keystore/KeyAttestationApplicationId.h
@@ -30,6 +30,8 @@
public:
typedef SharedNullableIterator<const KeyAttestationPackageInfo, std::vector>
ConstKeyAttestationPackageInfoIterator;
+ KeyAttestationApplicationId();
+ KeyAttestationApplicationId(std::unique_ptr<KeyAttestationPackageInfo> package);
status_t writeToParcel(Parcel*) const override;
status_t readFromParcel(const Parcel* parcel) override;
diff --git a/keystore/include/keystore/KeyAttestationPackageInfo.h b/keystore/include/keystore/KeyAttestationPackageInfo.h
index b938e83..5ca6c8c 100644
--- a/keystore/include/keystore/KeyAttestationPackageInfo.h
+++ b/keystore/include/keystore/KeyAttestationPackageInfo.h
@@ -30,6 +30,13 @@
public:
typedef SharedNullableIterator<const content::pm::Signature, std::vector>
ConstSignatureIterator;
+ typedef std::vector<std::unique_ptr<content::pm::Signature>>
+ SignaturesVector;
+ typedef std::shared_ptr<SignaturesVector> SharedSignaturesVector;
+
+ KeyAttestationPackageInfo(
+ const String16& packageName, int32_t versionCode, SharedSignaturesVector signatures);
+ KeyAttestationPackageInfo();
status_t writeToParcel(Parcel*) const override;
status_t readFromParcel(const Parcel* parcel) override;
@@ -43,7 +50,7 @@
private:
std::unique_ptr<String16> packageName_;
int32_t versionCode_;
- std::shared_ptr<std::vector<std::unique_ptr<content::pm::Signature>>> signatures_;
+ SharedSignaturesVector signatures_;
};
} // namespace keymaster
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index ac10921..b309ad6 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -814,7 +814,7 @@
if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
//TODO(jbires): remove uid checking upon implementation of b/25646100
- if (!checkBinderPermission(P_GEN_UNIQUE_ID) &&
+ if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
originalUid != IPCThreadState::self()->getCallingUid()) {
*aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
return Status::ok();
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 830482b..97d81c5 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -34,6 +34,8 @@
#include <keystore/KeyAttestationPackageInfo.h>
#include <keystore/Signature.h>
+#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
+
#include <openssl/asn1t.h>
#include <openssl/sha.h>
@@ -229,16 +231,28 @@
auto& pm = KeyAttestationApplicationIdProvider::get();
/* Get the attestation application ID from package manager */
- KeyAttestationApplicationId key_attestation_id;
- auto status = pm.getKeyAttestationApplicationId(uid, &key_attestation_id);
- if (!status.isOk()) {
- ALOGE("package manager request for key attestation ID failed with: %s",
- status.exceptionMessage().string());
- return FAILED_TRANSACTION;
+ KeyAttestationApplicationId* key_attestation_id = nullptr;
+ if (uid == AID_SYSTEM) {
+ KeyAttestationPackageInfo::SharedSignaturesVector signatures(
+ new KeyAttestationPackageInfo::SignaturesVector());
+ signatures->push_back(std::unique_ptr<content::pm::Signature>(
+ new content::pm::Signature()));
+
+ std::unique_ptr<KeyAttestationPackageInfo> package_info(
+ new KeyAttestationPackageInfo(
+ String16("AndroidSystem"), 1, signatures));
+ key_attestation_id = new KeyAttestationApplicationId(std::move(package_info));
+ } else {
+ auto status = pm.getKeyAttestationApplicationId(uid, key_attestation_id);
+ if (!status.isOk()) {
+ ALOGE("package manager request for key attestation ID failed with: %s %d",
+ status.exceptionMessage().string(), status.exceptionCode());
+ return FAILED_TRANSACTION;
+ }
}
/* DER encode the attestation application ID */
- return build_attestation_application_id(key_attestation_id);
+ return build_attestation_application_id(*key_attestation_id);
}
} // namespace security