Disable use of StrongBox for encryption am: c1903ad3d6 Change-Id: Id3f2e2e0f695ebd8eaa1c3883f636a4773b96859

commit: 27e7cc4e79b277c320baca0aad30663513604b03 [log] [tgz]
author: Shawn Willden <swillden@google.com> Mon Apr 02 20:50:49 2018 +0000
committer: android-build-merger <android-build-merger@google.com> Mon Apr 02 20:50:49 2018 +0000
tree: c289361c942e282c07c156a34e67afff631775a3
parent: 7d1e0f305f0743deb0917ce0e40bb8cc8afa3edb [diff]
parent: c1903ad3d65a04fab97268db3a2782697b0bbfc4 [diff]
diff --git a/Keymaster.cpp b/Keymaster.cpp
index 7d061bb..7df27ec 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp

@@ -25,6 +25,7 @@
 
 using ::android::hardware::hidl_string;
 using ::android::hardware::hidl_vec;
+using ::android::hardware::keymaster::V4_0::SecurityLevel;
 
 KeymasterOperation::~KeymasterOperation() {
     if (mDevice) mDevice->abort(mOpHandle);
@@ -97,8 +98,15 @@
 
 Keymaster::Keymaster() {
     auto devices = KmDevice::enumerateAvailableDevices();
-    if (devices.empty()) return;
-    mDevice = std::move(devices[0]);
+    for (auto& dev : devices) {
+        // Explicitly avoid using STRONGBOX for now.
+        // TODO: Re-enable STRONGBOX, since it's what we really want. b/77338527
+        if (dev->halVersion().securityLevel != SecurityLevel::STRONGBOX) {
+            mDevice = std::move(dev);
+            break;
+        }
+    }
+    if (!mDevice) return;
     auto& version = mDevice->halVersion();
     LOG(INFO) << "Using " << version.keymasterName << " from " << version.authorName
               << " for encryption.  Security level: " << toString(version.securityLevel)
commit	27e7cc4e79b277c320baca0aad30663513604b03	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Mon Apr 02 20:50:49 2018 +0000
committer	android-build-merger <android-build-merger@google.com>	Mon Apr 02 20:50:49 2018 +0000
tree	c289361c942e282c07c156a34e67afff631775a3
parent	7d1e0f305f0743deb0917ce0e40bb8cc8afa3edb [diff]
parent	c1903ad3d65a04fab97268db3a2782697b0bbfc4 [diff]