Loading core/java/android/app/admin/DevicePolicyManager.java +11 −6 Original line number Diff line number Diff line Loading @@ -5061,12 +5061,17 @@ public class DevicePolicyManager { * owner. If Device ID attestation is requested (using {@link #ID_TYPE_SERIAL}, * {@link #ID_TYPE_IMEI} or {@link #ID_TYPE_MEID}), the caller must be the Device Owner * or the Certificate Installer delegate. * @throws IllegalArgumentException if the alias in {@code keySpec} is empty, if the * algorithm specification in {@code keySpec} is not {@code RSAKeyGenParameterSpec} * or {@code ECGenParameterSpec}, or if Device ID attestation was requested but the * {@code keySpec} does not contain an attestation challenge. * @throws UnsupportedOperationException if Device ID attestation was requested but the * underlying hardware does not support it. * @throws IllegalArgumentException in the following cases: * <p> * <ul> * <li>The alias in {@code keySpec} is empty.</li> * <li>The algorithm specification in {@code keySpec} is not * {@code RSAKeyGenParameterSpec} or {@code ECGenParameterSpec}.</li> * <li>Device ID attestation was requested but the {@code keySpec} does not contain an * attestation challenge.</li> * </ul> * @throws UnsupportedOperationException if Device ID attestation or individual attestation * was requested but the underlying hardware does not support it. * @throws StrongBoxUnavailableException if the use of StrongBox for key generation was * specified in {@code keySpec} but the device does not have one. * @see KeyGenParameterSpec.Builder#setAttestationChallenge(byte[]) Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +14 −1 Original line number Diff line number Diff line Loading @@ -84,6 +84,7 @@ import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER; import static android.provider.Telephony.Carriers.DPC_URI; import static android.provider.Telephony.Carriers.ENFORCE_KEY; import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION; import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; Loading Loading @@ -5825,7 +5826,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { idTypeToAttestationFlag.put(ID_TYPE_IMEI, AttestationUtils.ID_TYPE_IMEI); idTypeToAttestationFlag.put(ID_TYPE_MEID, AttestationUtils.ID_TYPE_MEID); idTypeToAttestationFlag.put( ID_TYPE_INDIVIDUAL_ATTESTATION, AttestationUtils.USE_INDIVIDUAL_ATTESTATION); ID_TYPE_INDIVIDUAL_ATTESTATION, USE_INDIVIDUAL_ATTESTATION); int numFlagsSet = Integer.bitCount(idAttestationFlags); // No flags are set - return null to indicate no device ID attestation information should Loading Loading @@ -5865,6 +5866,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { if (deviceIdAttestationRequired && attestationUtilsFlags.length > 0) { enforceCallerCanRequestDeviceIdAttestation(who, callerPackage, callingUid); enforceIndividualAttestationSupportedIfRequested(attestationUtilsFlags); } else { enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_CERT_INSTALL); Loading Loading @@ -5959,6 +5961,17 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return false; } private void enforceIndividualAttestationSupportedIfRequested(int[] attestationUtilsFlags) { for (int attestationFlag : attestationUtilsFlags) { if (attestationFlag == USE_INDIVIDUAL_ATTESTATION && !mInjector.getPackageManager().hasSystemFeature( PackageManager.FEATURE_DEVICE_UNIQUE_ATTESTATION)) { throw new UnsupportedOperationException("Device Individual attestation is not " + "supported on this device."); } } } @Override public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias, byte[] cert, byte[] chain, boolean isUserSelectable) { Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +11 −6 Original line number Diff line number Diff line Loading @@ -5061,12 +5061,17 @@ public class DevicePolicyManager { * owner. If Device ID attestation is requested (using {@link #ID_TYPE_SERIAL}, * {@link #ID_TYPE_IMEI} or {@link #ID_TYPE_MEID}), the caller must be the Device Owner * or the Certificate Installer delegate. * @throws IllegalArgumentException if the alias in {@code keySpec} is empty, if the * algorithm specification in {@code keySpec} is not {@code RSAKeyGenParameterSpec} * or {@code ECGenParameterSpec}, or if Device ID attestation was requested but the * {@code keySpec} does not contain an attestation challenge. * @throws UnsupportedOperationException if Device ID attestation was requested but the * underlying hardware does not support it. * @throws IllegalArgumentException in the following cases: * <p> * <ul> * <li>The alias in {@code keySpec} is empty.</li> * <li>The algorithm specification in {@code keySpec} is not * {@code RSAKeyGenParameterSpec} or {@code ECGenParameterSpec}.</li> * <li>Device ID attestation was requested but the {@code keySpec} does not contain an * attestation challenge.</li> * </ul> * @throws UnsupportedOperationException if Device ID attestation or individual attestation * was requested but the underlying hardware does not support it. * @throws StrongBoxUnavailableException if the use of StrongBox for key generation was * specified in {@code keySpec} but the device does not have one. * @see KeyGenParameterSpec.Builder#setAttestationChallenge(byte[]) Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +14 −1 Original line number Diff line number Diff line Loading @@ -84,6 +84,7 @@ import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER; import static android.provider.Telephony.Carriers.DPC_URI; import static android.provider.Telephony.Carriers.ENFORCE_KEY; import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION; import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; Loading Loading @@ -5825,7 +5826,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { idTypeToAttestationFlag.put(ID_TYPE_IMEI, AttestationUtils.ID_TYPE_IMEI); idTypeToAttestationFlag.put(ID_TYPE_MEID, AttestationUtils.ID_TYPE_MEID); idTypeToAttestationFlag.put( ID_TYPE_INDIVIDUAL_ATTESTATION, AttestationUtils.USE_INDIVIDUAL_ATTESTATION); ID_TYPE_INDIVIDUAL_ATTESTATION, USE_INDIVIDUAL_ATTESTATION); int numFlagsSet = Integer.bitCount(idAttestationFlags); // No flags are set - return null to indicate no device ID attestation information should Loading Loading @@ -5865,6 +5866,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { if (deviceIdAttestationRequired && attestationUtilsFlags.length > 0) { enforceCallerCanRequestDeviceIdAttestation(who, callerPackage, callingUid); enforceIndividualAttestationSupportedIfRequested(attestationUtilsFlags); } else { enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_CERT_INSTALL); Loading Loading @@ -5959,6 +5961,17 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return false; } private void enforceIndividualAttestationSupportedIfRequested(int[] attestationUtilsFlags) { for (int attestationFlag : attestationUtilsFlags) { if (attestationFlag == USE_INDIVIDUAL_ATTESTATION && !mInjector.getPackageManager().hasSystemFeature( PackageManager.FEATURE_DEVICE_UNIQUE_ATTESTATION)) { throw new UnsupportedOperationException("Device Individual attestation is not " + "supported on this device."); } } } @Override public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias, byte[] cert, byte[] chain, boolean isUserSelectable) { Loading
