Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Allow credstore to call into KeyAttestationApplicationIdProviderService" am: 715e754115

Browse Source 
Change-Id: I0d0c1be195ec894570c1fcbebca3f8b3298b1b34
This commit is contained in:
Automerger Merge Worker
2020-02-04 21:49:42 +00:00
parent 519fccfe7f 715e754115
commit 11e5071fbb
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/java/android/os/Process.java
View File

@@ -98,6 +98,12 @@ public class Process {
*/
public static final int KEYSTORE_UID = 1017;
/**
* Defines the UID/GID for credstore.
* @hide
*/
public static final int CREDSTORE_UID = 1076;
/**
* Defines the UID/GID for the NFC service process.
* @hide

14
services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
View File

@@ -24,16 +24,16 @@ import android.content.pm.PackageManager.NameNotFoundException;
import android.os.Binder;
import android.os.RemoteException;
import android.os.UserHandle;
import android.security.keymaster.KeyAttestationPackageInfo;
import android.security.keymaster.KeyAttestationApplicationId;
import android.security.keymaster.IKeyAttestationApplicationIdProvider;
import android.security.keymaster.KeyAttestationApplicationId;
import android.security.keymaster.KeyAttestationPackageInfo;
/**
* @hide
* The KeyAttestationApplicationIdProviderService provides information describing the possible
* applications identified by a UID. Due to UID sharing, this KeyAttestationApplicationId can
* comprise information about multiple packages. The Information is used by keystore to describe
* the initiating application of a key attestation procedure.
* comprise information about multiple packages. The Information is used by keystore and credstore
* to describe the initiating application of a key attestation procedure.
*/
public class KeyAttestationApplicationIdProviderService
extends IKeyAttestationApplicationIdProvider.Stub {
@@ -46,8 +46,10 @@ public class KeyAttestationApplicationIdProviderService
public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)
throws RemoteException {
if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {
throw new SecurityException("This service can only be used by Keystore");
int callingUid = Binder.getCallingUid();
if (callingUid != android.os.Process.KEYSTORE_UID
&& callingUid != android.os.Process.CREDSTORE_UID) {
throw new SecurityException("This service can only be used by Keystore or Credstore");
}
KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;
final long token = Binder.clearCallingIdentity();