Merge "Allow credstore to call into... (cc8a66cb) · Commits · e / os / android_frameworks_base

core/java/android/os/Process.java

+6 −0

Original line number	Diff line number	Diff line
		@@ -112,6 +112,12 @@ public class Process {
		*/
		public static final int KEYSTORE_UID = 1017;

		/**
		* Defines the UID/GID for credstore.
		* @hide
		*/
		public static final int CREDSTORE_UID = 1076;

		/**
		* Defines the UID/GID for the NFC service process.
		* @hide

services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java

+8 −6

Original line number	Diff line number	Diff line
		@@ -24,16 +24,16 @@ import android.content.pm.PackageManager.NameNotFoundException;
		import android.os.Binder;
		import android.os.RemoteException;
		import android.os.UserHandle;
		import android.security.keymaster.KeyAttestationPackageInfo;
		import android.security.keymaster.KeyAttestationApplicationId;
		import android.security.keymaster.IKeyAttestationApplicationIdProvider;
		import android.security.keymaster.KeyAttestationApplicationId;
		import android.security.keymaster.KeyAttestationPackageInfo;

		/**
		* @hide
		* The KeyAttestationApplicationIdProviderService provides information describing the possible
		* applications identified by a UID. Due to UID sharing, this KeyAttestationApplicationId can
		* comprise information about multiple packages. The Information is used by keystore to describe
		* the initiating application of a key attestation procedure.
		* comprise information about multiple packages. The Information is used by keystore and credstore
		* to describe the initiating application of a key attestation procedure.
		*/
		public class KeyAttestationApplicationIdProviderService
		extends IKeyAttestationApplicationIdProvider.Stub {
		@@ -46,8 +46,10 @@ public class KeyAttestationApplicationIdProviderService

		public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)
		throws RemoteException {
		if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {
		throw new SecurityException("This service can only be used by Keystore");
		int callingUid = Binder.getCallingUid();
		if (callingUid != android.os.Process.KEYSTORE_UID
		&& callingUid != android.os.Process.CREDSTORE_UID) {
		throw new SecurityException("This service can only be used by Keystore or Credstore");
		}
		KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;
		final long token = Binder.clearCallingIdentity();