Keystore 2.0: Temporary fix for associating keys with their KM instance.
This will be superseded soon. But it fixes weird notions of some
software KM implementations about their security level.
Test: N/A
Change-Id: I8554bcaf46b555d77e3b05a983e8b581f3a2157c
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index b0f4885..080348c 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs
@@ -19,7 +19,7 @@
use crate::permission;
use crate::permission::{KeyPerm, KeyPermSet, KeystorePerm};
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
- KeyCharacteristics::KeyCharacteristics,
+ KeyCharacteristics::KeyCharacteristics, SecurityLevel::SecurityLevel, Tag::Tag,
};
use android_security_apc::aidl::android::security::apc::{
IProtectedConfirmation::{FLAG_UI_OPTION_INVERTED, FLAG_UI_OPTION_MAGNIFIED},
@@ -130,6 +130,10 @@
.flat_map(|aidl_key_char| {
let sec_level = aidl_key_char.securityLevel;
aidl_key_char.authorizations.into_iter().map(move |aidl_kp| {
+ let sec_level = match (aidl_kp.tag, sec_level) {
+ (Tag::ORIGIN, SecurityLevel::SOFTWARE) => SecurityLevel::TRUSTED_ENVIRONMENT,
+ _ => sec_level,
+ };
crate::key_parameter::KeyParameter::new(aidl_kp.into(), sec_level)
})
})