Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 117fcb6c authored by David Zeuthen's avatar David Zeuthen
Browse files

Allow credstore to call into KeyAttestationApplicationIdProviderService 

This was previously reserved for keystore only but since credstore
also needs to do attestations, this is needed.

Bug: 111446262
Test: atest android.security.identity.cts
Test: Manually verifying the AttestationApplicationId from credstore
Change-Id: Ie44f9e4c8f2e1bd916ccbe7c7e5537dc498d8154
parent 48f7f07d

core/java/android/os/Process.java

+6 −0
Original line number Diff line number Diff line
@@ -98,6 +98,12 @@ public class Process { 
     */

    public static final int KEYSTORE_UID = 1017;



    /**

     * Defines the UID/GID for credstore.

     * @hide

     */

    public static final int CREDSTORE_UID = 1076;



    /**

     * Defines the UID/GID for the NFC service process.

     * @hide

services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java

+8 −6
Original line number Diff line number Diff line
@@ -24,16 +24,16 @@ import android.content.pm.PackageManager.NameNotFoundException; 
import android.os.Binder;

import android.os.RemoteException;

import android.os.UserHandle;

import android.security.keymaster.KeyAttestationPackageInfo;

import android.security.keymaster.KeyAttestationApplicationId;

import android.security.keymaster.IKeyAttestationApplicationIdProvider;

import android.security.keymaster.KeyAttestationApplicationId;

import android.security.keymaster.KeyAttestationPackageInfo;



/**

 * @hide

 * The KeyAttestationApplicationIdProviderService provides information describing the possible

 * applications identified by a UID. Due to UID sharing, this KeyAttestationApplicationId can

 * comprise information about multiple packages. The Information is used by keystore to describe

 * the initiating application of a key attestation procedure.

 * comprise information about multiple packages. The Information is used by keystore and credstore

 * to describe the initiating application of a key attestation procedure.

 */

public class KeyAttestationApplicationIdProviderService

        extends IKeyAttestationApplicationIdProvider.Stub {
@@ -46,8 +46,10 @@ public class KeyAttestationApplicationIdProviderService 


    public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)

            throws RemoteException {

        if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {

            throw new SecurityException("This service can only be used by Keystore");

        int callingUid = Binder.getCallingUid();

        if (callingUid != android.os.Process.KEYSTORE_UID

                && callingUid != android.os.Process.CREDSTORE_UID) {

            throw new SecurityException("This service can only be used by Keystore or Credstore");

        }

        KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;

        final long token = Binder.clearCallingIdentity();