Merge "Create the system service for AVF & hook the manager to it."

import android.scheduling.SchedulingFrameworkInitializer;

import android.security.FileIntegrityManager;

import android.security.IFileIntegrityService;

import android.security.attestationverification.AttestationVerificationManager;

import android.security.attestationverification.IAttestationVerificationManagerService;

import android.service.oemlock.IOemLockService;

import android.service.oemlock.OemLockManager;

import android.service.persistentdata.IPersistentDataBlockService;

                        return new FileIntegrityManager(ctx.getOuterContext(),

                                IFileIntegrityService.Stub.asInterface(b));

                    }});

        registerService(Context.ATTESTATION_VERIFICATION_SERVICE,

                AttestationVerificationManager.class,

                new CachedServiceFetcher<AttestationVerificationManager>() {

                    @Override

                    public AttestationVerificationManager createService(ContextImpl ctx)

                            throws ServiceNotFoundException {

                        IBinder b = ServiceManager.getServiceOrThrow(

                                Context.ATTESTATION_VERIFICATION_SERVICE);

                        return new AttestationVerificationManager(ctx.getOuterContext(),

                                IAttestationVerificationManagerService.Stub.asInterface(b));

                    }});

        //CHECKSTYLE:ON IndentationCheck

        registerService(Context.APP_INTEGRITY_SERVICE, AppIntegrityManager.class,

                new CachedServiceFetcher<AppIntegrityManager>() {

import android.annotation.SystemService;

import android.content.Context;

import android.os.Bundle;

import android.os.ParcelDuration;

import android.os.RemoteException;

import android.util.Log;

import com.android.internal.infra.AndroidFuture;

import java.lang.annotation.ElementType;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.lang.annotation.Target;

import java.time.Duration;

import java.util.concurrent.Executor;

import java.util.concurrent.TimeUnit;

import java.util.function.BiConsumer;

/**

@SystemService(Context.ATTESTATION_VERIFICATION_SERVICE)

public class AttestationVerificationManager {

    private static final String TAG = "AVF";

    private static final Duration MAX_TOKEN_AGE = Duration.ofHours(1);

    private final Context mContext;

    private final IAttestationVerificationManagerService mService;

    /**

     * Verifies that {@code attestation} describes a computing environment that meets the

     * requirements of {@code profile}, {@code localBindingType}, and {@code requirements}.

            @NonNull byte[] attestation,

            @NonNull @CallbackExecutor Executor executor,

            @NonNull BiConsumer<@VerificationResult Integer, VerificationToken> callback) {

        executor.execute(() -> callback.accept(RESULT_UNKNOWN, null));

        try {

            AndroidFuture<IVerificationResult> resultCallback = new AndroidFuture<>();

            resultCallback.thenAccept(result -> {

                Log.d(TAG, "verifyAttestation result: " + result.resultCode + " / " + result.token);

                executor.execute(() -> {

                    callback.accept(result.resultCode, result.token);

                });

            });

            mService.verifyAttestation(profile, localBindingType, requirements, attestation,

                    resultCallback);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

    }

    /**

            @LocalBindingType int localBindingType,

            @NonNull Bundle requirements,

            @NonNull VerificationToken token,

            @Nullable java.time.Duration maximumAge) {

        return RESULT_UNKNOWN;

            @Nullable Duration maximumAge) {

        Duration usedMaximumAge;

        if (maximumAge == null) {

            usedMaximumAge = MAX_TOKEN_AGE;

        } else {

            if (maximumAge.compareTo(MAX_TOKEN_AGE) > 0) {

                throw new IllegalArgumentException(

                        "maximumAge cannot be greater than " + MAX_TOKEN_AGE + "; was "

                                + maximumAge);

            }

            usedMaximumAge = maximumAge;

        }

        try {

            AndroidFuture<Integer> resultCallback = new AndroidFuture<>();

            resultCallback.orTimeout(5, TimeUnit.SECONDS);

            mService.verifyToken(token, new ParcelDuration(usedMaximumAge), resultCallback);

            return resultCallback.get(); // block on result callback

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } catch (Throwable t) {

            throw new RuntimeException("Error verifying token.", t);

        }

    }

    /** @hide */

    public AttestationVerificationManager() {

    public AttestationVerificationManager(

            @NonNull Context context,

            @NonNull IAttestationVerificationManagerService service) {

        this.mContext = context;

        this.mService = service;

    }

    /** @hide */

/*

 * Copyright 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.security.attestationverification;

import android.os.Bundle;

import android.os.ParcelDuration;

import android.security.attestationverification.AttestationProfile;

import android.security.attestationverification.VerificationToken;

import com.android.internal.infra.AndroidFuture;

/**

 * Binder interface to communicate with AttestationVerificationManagerService.

 * @hide

 */

oneway interface IAttestationVerificationManagerService {

    void verifyAttestation(

            in AttestationProfile profile,

            in int localBindingType,

            in Bundle requirements,

            in byte[] attestation,

            in AndroidFuture resultCallback);

    void verifyToken(

            in VerificationToken token,

            in ParcelDuration maximumTokenAge,

            in AndroidFuture resultCallback);

}

/*

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.security.attestationverification;

import android.os.Bundle;

import com.android.internal.infra.AndroidFuture;

/**

 * Binder interface for the system server to communicate with app implementations of

 * AttestationVerificationService.

 * @hide

 */

oneway interface IAttestationVerificationService {

    void onVerifyAttestation(

        in Bundle requirements,

        in byte[] attestation,

        in AndroidFuture callback);

}

/*

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.security.attestationverification;

import android.security.attestationverification.VerificationToken;

/**

 * The result of an attestation verification.

 *

 * {@hide}

 */

parcelable IVerificationResult {

    /** The result code corresponding to @VerificationResult. */

    int resultCode;

    /** The token for the verification or null. */

    VerificationToken token;

}