Merge "Add PREUPLOAD to require clang-format."
diff --git a/keystore/Android.bp b/keystore/Android.bp
index 42fcf8e..b58671c 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -69,6 +69,8 @@
             enabled: false,
         },
     },
+
+    required: ["keystore_cli_v2"],
 }
 
 cc_binary {
diff --git a/keystore/KeyAttestationApplicationId.cpp b/keystore/KeyAttestationApplicationId.cpp
index 1352124..4bc939d 100644
--- a/keystore/KeyAttestationApplicationId.cpp
+++ b/keystore/KeyAttestationApplicationId.cpp
@@ -23,6 +23,14 @@
 namespace security {
 namespace keymaster {
 
+KeyAttestationApplicationId::KeyAttestationApplicationId() = default;
+
+KeyAttestationApplicationId::KeyAttestationApplicationId(
+        std::unique_ptr<KeyAttestationPackageInfo> package) :
+    packageInfos_(new std::vector<std::unique_ptr<KeyAttestationPackageInfo>>()) {
+    packageInfos_->push_back(std::move(package));
+}
+
 status_t KeyAttestationApplicationId::writeToParcel(Parcel* parcel) const {
     return parcel->writeParcelableVector(packageInfos_);
 }
diff --git a/keystore/KeyAttestationPackageInfo.cpp b/keystore/KeyAttestationPackageInfo.cpp
index a84c246..8092828 100644
--- a/keystore/KeyAttestationPackageInfo.cpp
+++ b/keystore/KeyAttestationPackageInfo.cpp
@@ -23,6 +23,15 @@
 namespace security {
 namespace keymaster {
 
+KeyAttestationPackageInfo::KeyAttestationPackageInfo() = default;
+
+KeyAttestationPackageInfo::KeyAttestationPackageInfo(
+        const String16& packageName, int32_t versionCode,
+        SharedSignaturesVector signatures) :
+    packageName_(new String16(packageName)), versionCode_(versionCode),
+    signatures_(signatures) {
+}
+
 status_t KeyAttestationPackageInfo::writeToParcel(Parcel* parcel) const {
     auto rc = parcel->writeString16(packageName_);
     if (rc != NO_ERROR) return rc;
@@ -37,7 +46,7 @@
     rc = parcel->readInt32(&versionCode_);
     if (rc != NO_ERROR) return rc;
 
-    std::unique_ptr<std::vector<std::unique_ptr<content::pm::Signature>>> temp_vector;
+    std::unique_ptr<SignaturesVector> temp_vector;
     rc = parcel->readParcelableVector(&temp_vector);
     if (rc != NO_ERROR) return rc;
     signatures_.reset(temp_vector.release());
diff --git a/keystore/include/keystore/KeyAttestationApplicationId.h b/keystore/include/keystore/KeyAttestationApplicationId.h
index 5161d4b..550a7e1 100644
--- a/keystore/include/keystore/KeyAttestationApplicationId.h
+++ b/keystore/include/keystore/KeyAttestationApplicationId.h
@@ -30,6 +30,8 @@
   public:
     typedef SharedNullableIterator<const KeyAttestationPackageInfo, std::vector>
         ConstKeyAttestationPackageInfoIterator;
+    KeyAttestationApplicationId();
+    KeyAttestationApplicationId(std::unique_ptr<KeyAttestationPackageInfo> package);
 
     status_t writeToParcel(Parcel*) const override;
     status_t readFromParcel(const Parcel* parcel) override;
diff --git a/keystore/include/keystore/KeyAttestationPackageInfo.h b/keystore/include/keystore/KeyAttestationPackageInfo.h
index b938e83..5ca6c8c 100644
--- a/keystore/include/keystore/KeyAttestationPackageInfo.h
+++ b/keystore/include/keystore/KeyAttestationPackageInfo.h
@@ -30,6 +30,13 @@
   public:
     typedef SharedNullableIterator<const content::pm::Signature, std::vector>
         ConstSignatureIterator;
+    typedef std::vector<std::unique_ptr<content::pm::Signature>>
+        SignaturesVector;
+    typedef std::shared_ptr<SignaturesVector> SharedSignaturesVector;
+
+    KeyAttestationPackageInfo(
+        const String16& packageName, int32_t versionCode, SharedSignaturesVector signatures);
+    KeyAttestationPackageInfo();
 
     status_t writeToParcel(Parcel*) const override;
     status_t readFromParcel(const Parcel* parcel) override;
@@ -43,7 +50,7 @@
   private:
     std::unique_ptr<String16> packageName_;
     int32_t versionCode_;
-    std::shared_ptr<std::vector<std::unique_ptr<content::pm::Signature>>> signatures_;
+    SharedSignaturesVector signatures_;
 };
 
 }  // namespace keymaster
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index ac10921..b309ad6 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -814,7 +814,7 @@
 
     if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
         //TODO(jbires): remove uid checking upon implementation of b/25646100
-        if (!checkBinderPermission(P_GEN_UNIQUE_ID) &&
+        if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
             originalUid != IPCThreadState::self()->getCallingUid()) {
             *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
             return Status::ok();
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 830482b..97d81c5 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -34,6 +34,8 @@
 #include <keystore/KeyAttestationPackageInfo.h>
 #include <keystore/Signature.h>
 
+#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
+
 #include <openssl/asn1t.h>
 #include <openssl/sha.h>
 
@@ -229,16 +231,28 @@
     auto& pm = KeyAttestationApplicationIdProvider::get();
 
     /* Get the attestation application ID from package manager */
-    KeyAttestationApplicationId key_attestation_id;
-    auto status = pm.getKeyAttestationApplicationId(uid, &key_attestation_id);
-    if (!status.isOk()) {
-        ALOGE("package manager request for key attestation ID failed with: %s",
-              status.exceptionMessage().string());
-        return FAILED_TRANSACTION;
+    KeyAttestationApplicationId* key_attestation_id = nullptr;
+    if (uid == AID_SYSTEM) {
+      KeyAttestationPackageInfo::SharedSignaturesVector signatures(
+                new KeyAttestationPackageInfo::SignaturesVector());
+        signatures->push_back(std::unique_ptr<content::pm::Signature>(
+                new content::pm::Signature()));
+
+        std::unique_ptr<KeyAttestationPackageInfo> package_info(
+                new KeyAttestationPackageInfo(
+                        String16("AndroidSystem"), 1, signatures));
+        key_attestation_id = new KeyAttestationApplicationId(std::move(package_info));
+    } else {
+        auto status = pm.getKeyAttestationApplicationId(uid, key_attestation_id);
+        if (!status.isOk()) {
+            ALOGE("package manager request for key attestation ID failed with: %s %d",
+                  status.exceptionMessage().string(), status.exceptionCode());
+            return FAILED_TRANSACTION;
+        }
     }
 
     /* DER encode the attestation application ID */
-    return build_attestation_application_id(key_attestation_id);
+    return build_attestation_application_id(*key_attestation_id);
 }
 
 }  // namespace security