Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 93bc5a18 authored by Dave McCloskey's avatar Dave McCloskey
Browse files

Adding unimplemented TalismanManagerService, TalismanManager, and TalismanService 

This is the basic skeleton of the TalismanManager and its associated classes, and the corresponding system API for obtaining and verifying talismans. See go/talisman-aosp for more details.

The implementation of these classes will follow in future changes.

Bug: 418280383
Test: N/A
Flag: NONE No-op. Flag to be added in next CL
Change-Id: Ica054673ff1388d5bc74b7de6ef523631c7206c6
BYPASS_LARGE_CHANGE_WARNING=mostly API definitions.
parent e324a45b

core/java/android/content/Context.java

+9 −0
Original line number Diff line number Diff line
@@ -6597,6 +6597,15 @@ public abstract class Context { 
     */

    public static final String ATTESTATION_VERIFICATION_SERVICE = "attestation_verification";



    /**

     * Use with {@link #getSystemService(String)} to retrieve an

     * {@link android.security.talisman.TalismanManager}.

     * @see #getSystemService(String)

     * @see android.security.talisman.TalismanManager

     * @hide

     */

    public static final String TALISMAN_SERVICE = "talisman";



    /**

     * Use with {@link #getSystemService(String)} to retrieve an

     * {@link android.security.advancedprotection.AdvancedProtectionManager}

core/java/android/security/talisman/ITalismanManager.aidl

0 → 100644
+33 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2025 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.security.talisman;



import android.security.talisman.Talisman;

import android.security.talisman.TalismanIdentitySet;



/**

 * Interface for the TalismanManagerService.

 * {@hide}

 */

interface ITalismanManager {

    Talisman acquireVerifiedDeviceTalisman();

    TalismanIdentitySet acquirePreparedIdentitySet();

    int verifyTalismanAndChallenge(in Talisman talisman, in byte[] remoteResponse,

            in byte[] expectedChallenge);

    int[] verifyIdentityTalismans(in Talisman verifiedDeviceTalisman, in Talisman[] identityTalismans);

    void updatePreparedIdentities(in List<String> identities);

}

core/java/android/security/talisman/Talisman.aidl

0 → 100644
+19 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2025 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.security.talisman;



parcelable Talisman;
 
 No newline at end of file

core/java/android/security/talisman/Talisman.java

0 → 100644
+94 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2025 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.security.talisman;



import android.annotation.NonNull;

import android.os.Parcel;

import android.os.Parcelable;



import java.util.Arrays;

import java.util.Objects;



/**

 * A talisman, which is a cryptographically-verifiable claim about the device or user.

 *

 * <p>A talisman is a CBOR Web Token (CWT) that contains claims about the device, and is signed by a

 * key trusted by the system. It can be used to prove properties of the device to a remote party.

 *

 * <p>This object can be used with {@link TalismanManager} to sign challenges to prove possession of

 * the private key associated with the talisman. This operation requires the {@link

 * android.Manifest.permission#SIGN_TALISMAN} permission.

 *

 * <p>Instances of this class are obtained from {@link TalismanManager}.

 *

 * @hide

 */

public final class Talisman implements Parcelable {



    private final byte[] mEncodedTalisman;



    public Talisman(@NonNull byte[] encodedTalisman) {

        mEncodedTalisman = Objects.requireNonNull(encodedTalisman).clone();

    }



    private Talisman(Parcel in) {

        mEncodedTalisman = in.createByteArray();

    }



    /** Returns a copy of the encoded form of the talisman. */

    @NonNull

    public byte[] encoded() {

        return mEncodedTalisman.clone();

    }



    @Override

    public int describeContents() {

        return 0;

    }



    @Override

    public void writeToParcel(@NonNull Parcel dest, int flags) {

        dest.writeByteArray(mEncodedTalisman);

    }



    @NonNull

    public static final Creator<Talisman> CREATOR =

            new Creator<Talisman>() {

                @Override

                public Talisman createFromParcel(Parcel in) {

                    return new Talisman(in);

                }



                @Override

                public Talisman[] newArray(int size) {

                    return new Talisman[size];

                }

            };



    @Override

    public boolean equals(Object o) {

        if (this == o) return true;

        if (!(o instanceof Talisman)) return false;

        Talisman that = (Talisman) o;

        return Arrays.equals(mEncodedTalisman, that.mEncodedTalisman);

    }



    @Override

    public int hashCode() {

        return Arrays.hashCode(mEncodedTalisman);

    }

}

core/java/android/security/talisman/TalismanIdentitySet.aidl

0 → 100644
+19 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2025 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.security.talisman;



parcelable TalismanIdentitySet;