Keystore: Enable key attestation from the system context.
When key attestation is requested by the system context, indicate, in
the attestation record, that the requesting package is the system and
not a user app.
This is done by including a single package information with
"AndroidSystem" as the package name and an empty signature.
This change is needed because the package manager currently fails to
provide package details for the system context (UID 1000). Even if it did,
it would be too verbose and include irrelevant packages.
This is necessary for supporting key attestation for keys generated
directly by KeyChain.
Bug: 63388672
Test: Combined with CTS tests for the attestation feature.
Change-Id: I33492ad1286709fe94b11be77e94d4effdf7566f
diff --git a/keystore/KeyAttestationPackageInfo.cpp b/keystore/KeyAttestationPackageInfo.cpp
index a84c246..8092828 100644
--- a/keystore/KeyAttestationPackageInfo.cpp
+++ b/keystore/KeyAttestationPackageInfo.cpp
@@ -23,6 +23,15 @@
namespace security {
namespace keymaster {
+KeyAttestationPackageInfo::KeyAttestationPackageInfo() = default;
+
+KeyAttestationPackageInfo::KeyAttestationPackageInfo(
+ const String16& packageName, int32_t versionCode,
+ SharedSignaturesVector signatures) :
+ packageName_(new String16(packageName)), versionCode_(versionCode),
+ signatures_(signatures) {
+}
+
status_t KeyAttestationPackageInfo::writeToParcel(Parcel* parcel) const {
auto rc = parcel->writeString16(packageName_);
if (rc != NO_ERROR) return rc;
@@ -37,7 +46,7 @@
rc = parcel->readInt32(&versionCode_);
if (rc != NO_ERROR) return rc;
- std::unique_ptr<std::vector<std::unique_ptr<content::pm::Signature>>> temp_vector;
+ std::unique_ptr<SignaturesVector> temp_vector;
rc = parcel->readParcelableVector(&temp_vector);
if (rc != NO_ERROR) return rc;
signatures_.reset(temp_vector.release());