Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 715e7541 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Allow credstore to call into KeyAttestationApplicationIdProviderService"

parents ff510dd0 117fcb6c

core/java/android/os/Process.java

+6 −0
Original line number Diff line number Diff line
@@ -98,6 +98,12 @@ public class Process { 
     */

    public static final int KEYSTORE_UID = 1017;



    /**

     * Defines the UID/GID for credstore.

     * @hide

     */

    public static final int CREDSTORE_UID = 1076;



    /**

     * Defines the UID/GID for the NFC service process.

     * @hide

services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java

+8 −6
Original line number Diff line number Diff line
@@ -24,16 +24,16 @@ import android.content.pm.PackageManager.NameNotFoundException; 
import android.os.Binder;

import android.os.RemoteException;

import android.os.UserHandle;

import android.security.keymaster.KeyAttestationPackageInfo;

import android.security.keymaster.KeyAttestationApplicationId;

import android.security.keymaster.IKeyAttestationApplicationIdProvider;

import android.security.keymaster.KeyAttestationApplicationId;

import android.security.keymaster.KeyAttestationPackageInfo;



/**

 * @hide

 * The KeyAttestationApplicationIdProviderService provides information describing the possible

 * applications identified by a UID. Due to UID sharing, this KeyAttestationApplicationId can

 * comprise information about multiple packages. The Information is used by keystore to describe

 * the initiating application of a key attestation procedure.

 * comprise information about multiple packages. The Information is used by keystore and credstore

 * to describe the initiating application of a key attestation procedure.

 */

public class KeyAttestationApplicationIdProviderService

        extends IKeyAttestationApplicationIdProvider.Stub {
@@ -46,8 +46,10 @@ public class KeyAttestationApplicationIdProviderService 


    public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)

            throws RemoteException {

        if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {

            throw new SecurityException("This service can only be used by Keystore");

        int callingUid = Binder.getCallingUid();

        if (callingUid != android.os.Process.KEYSTORE_UID

                && callingUid != android.os.Process.CREDSTORE_UID) {

            throw new SecurityException("This service can only be used by Keystore or Credstore");

        }

        KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;

        final long token = Binder.clearCallingIdentity();