commit ea47d3f78bd6902e406f5faf84a5477112f10e3e
author Eran Messeri <eranm@google.com> Wed Dec 06 12:01:42 2017 +0000
committer Eran Messeri <eranm@google.com> Thu Dec 14 11:04:52 2017 +0000
tree b615407be97c476806559ab4167e0ac5b2627bdb
parent d060d87468e16a34c56bd8d609a40890779bf666

Keystore: Enable key attestation from the system context.

When key attestation is requested by the system context, indicate, in
the attestation record, that the requesting package is the system and
not a user app.
This is done by including a single package information with
"AndroidSystem" as the package name and an empty signature.

This change is needed because the package manager currently fails to
provide package details for the system context (UID 1000). Even if it did,
it would be too verbose and include irrelevant packages.

This is necessary for supporting key attestation for keys generated
directly by KeyChain.

Bug: 63388672
Test: Combined with CTS tests for the attestation feature.
Change-Id: I33492ad1286709fe94b11be77e94d4effdf7566f

keystore/KeyAttestationApplicationId.cpp

diff --git a/keystore/KeyAttestationApplicationId.cpp b/keystore/KeyAttestationApplicationId.cpp
index 1352124..4bc939d 100644
--- a/keystore/KeyAttestationApplicationId.cpp
+++ b/keystore/KeyAttestationApplicationId.cpp
@@ -23,6 +23,14 @@
 namespace security {
 namespace keymaster {
 
+KeyAttestationApplicationId::KeyAttestationApplicationId() = default;
+
+KeyAttestationApplicationId::KeyAttestationApplicationId(
+        std::unique_ptr<KeyAttestationPackageInfo> package) :
+    packageInfos_(new std::vector<std::unique_ptr<KeyAttestationPackageInfo>>()) {
+    packageInfos_->push_back(std::move(package));
+}
+
 status_t KeyAttestationApplicationId::writeToParcel(Parcel* parcel) const {
     return parcel->writeParcelableVector(packageInfos_);
 }