Loading core/res/res/values/config.xml +7 −0 Original line number Diff line number Diff line Loading @@ -3517,4 +3517,11 @@ <!-- Whether or not battery saver should be "sticky" when manually enabled. --> <bool name="config_batterySaverStickyBehaviourDisabled">false</bool> <!-- Model of potentially misprovisioned devices. If none is specified in an overlay, an empty string is passed in. --> <string name="config_misprovisionedDeviceModel" translatable="false"></string> <!-- Brand value for attestation of misprovisioned device. --> <string name="config_misprovisionedBrandValue" translatable="false"></string> </resources> core/res/res/values/symbols.xml +3 −0 Original line number Diff line number Diff line Loading @@ -3446,4 +3446,7 @@ <java-symbol type="array" name="config_disableApksUnlessMatchedSku_apk_list" /> <java-symbol type="array" name="config_disableApkUnlessMatchedSku_skus_list" /> <java-symbol type="string" name="config_misprovisionedDeviceModel" /> <java-symbol type="string" name="config_misprovisionedBrandValue" /> </resources> keystore/java/android/security/keystore/AttestationUtils.java +33 −2 Original line number Diff line number Diff line Loading @@ -22,9 +22,9 @@ import android.annotation.RequiresPermission; import android.annotation.SystemApi; import android.annotation.TestApi; import android.content.Context; import android.content.res.Resources; import android.os.Build; import android.security.KeyStore; import android.security.KeyStoreException; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterCertificateChain; import android.security.keymaster.KeymasterDefs; Loading Loading @@ -117,6 +117,37 @@ public abstract class AttestationUtils { @NonNull public static KeymasterArguments prepareAttestationArguments(Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws DeviceIdAttestationException { return prepareAttestationArguments(context, idTypes,attestationChallenge, Build.BRAND); } /** * Prepares Keymaster Arguments with attestation data for misprovisioned Pixel 2 device. * See http://go/keyAttestationFailure and http://b/69471841 for more info. * @hide should only be used by KeyChain. */ @NonNull public static KeymasterArguments prepareAttestationArgumentsIfMisprovisioned( Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws DeviceIdAttestationException { if (!isPotentiallyMisprovisionedDevice(context)) { return null; } Resources resources = context.getResources(); String misprovisionedBrand = resources.getString( com.android.internal.R.string.config_misprovisionedBrandValue); return prepareAttestationArguments( context, idTypes, attestationChallenge, misprovisionedBrand); } @NonNull private static boolean isPotentiallyMisprovisionedDevice(Context context) { Resources resources = context.getResources(); String misprovisionedModel = resources.getString( com.android.internal.R.string.config_misprovisionedDeviceModel); return (Build.MODEL.equals(misprovisionedModel)); } @NonNull private static KeymasterArguments prepareAttestationArguments(Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge, String brand) throws DeviceIdAttestationException { // Check method arguments, retrieve requested device IDs and prepare attestation arguments. if (attestationChallenge == null) { throw new NullPointerException("Missing attestation challenge"); Loading Loading @@ -169,7 +200,7 @@ public abstract class AttestationUtils { } } attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_BRAND, Build.BRAND.getBytes(StandardCharsets.UTF_8)); brand.getBytes(StandardCharsets.UTF_8)); attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_DEVICE, Build.DEVICE.getBytes(StandardCharsets.UTF_8)); attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_PRODUCT, Loading Loading
core/res/res/values/config.xml +7 −0 Original line number Diff line number Diff line Loading @@ -3517,4 +3517,11 @@ <!-- Whether or not battery saver should be "sticky" when manually enabled. --> <bool name="config_batterySaverStickyBehaviourDisabled">false</bool> <!-- Model of potentially misprovisioned devices. If none is specified in an overlay, an empty string is passed in. --> <string name="config_misprovisionedDeviceModel" translatable="false"></string> <!-- Brand value for attestation of misprovisioned device. --> <string name="config_misprovisionedBrandValue" translatable="false"></string> </resources>
core/res/res/values/symbols.xml +3 −0 Original line number Diff line number Diff line Loading @@ -3446,4 +3446,7 @@ <java-symbol type="array" name="config_disableApksUnlessMatchedSku_apk_list" /> <java-symbol type="array" name="config_disableApkUnlessMatchedSku_skus_list" /> <java-symbol type="string" name="config_misprovisionedDeviceModel" /> <java-symbol type="string" name="config_misprovisionedBrandValue" /> </resources>
keystore/java/android/security/keystore/AttestationUtils.java +33 −2 Original line number Diff line number Diff line Loading @@ -22,9 +22,9 @@ import android.annotation.RequiresPermission; import android.annotation.SystemApi; import android.annotation.TestApi; import android.content.Context; import android.content.res.Resources; import android.os.Build; import android.security.KeyStore; import android.security.KeyStoreException; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterCertificateChain; import android.security.keymaster.KeymasterDefs; Loading Loading @@ -117,6 +117,37 @@ public abstract class AttestationUtils { @NonNull public static KeymasterArguments prepareAttestationArguments(Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws DeviceIdAttestationException { return prepareAttestationArguments(context, idTypes,attestationChallenge, Build.BRAND); } /** * Prepares Keymaster Arguments with attestation data for misprovisioned Pixel 2 device. * See http://go/keyAttestationFailure and http://b/69471841 for more info. * @hide should only be used by KeyChain. */ @NonNull public static KeymasterArguments prepareAttestationArgumentsIfMisprovisioned( Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws DeviceIdAttestationException { if (!isPotentiallyMisprovisionedDevice(context)) { return null; } Resources resources = context.getResources(); String misprovisionedBrand = resources.getString( com.android.internal.R.string.config_misprovisionedBrandValue); return prepareAttestationArguments( context, idTypes, attestationChallenge, misprovisionedBrand); } @NonNull private static boolean isPotentiallyMisprovisionedDevice(Context context) { Resources resources = context.getResources(); String misprovisionedModel = resources.getString( com.android.internal.R.string.config_misprovisionedDeviceModel); return (Build.MODEL.equals(misprovisionedModel)); } @NonNull private static KeymasterArguments prepareAttestationArguments(Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge, String brand) throws DeviceIdAttestationException { // Check method arguments, retrieve requested device IDs and prepare attestation arguments. if (attestationChallenge == null) { throw new NullPointerException("Missing attestation challenge"); Loading Loading @@ -169,7 +200,7 @@ public abstract class AttestationUtils { } } attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_BRAND, Build.BRAND.getBytes(StandardCharsets.UTF_8)); brand.getBytes(StandardCharsets.UTF_8)); attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_DEVICE, Build.DEVICE.getBytes(StandardCharsets.UTF_8)); attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_PRODUCT, Loading
