From adaf68cd627e6d8447c061ead91bd5ad95013f91 Mon Sep 17 00:00:00 2001
From: Eran Messeri <eranm@google.com>
Date: Tue, 27 Mar 2018 19:34:03 +0100
Subject: [PATCH] Device ID attestation: Add feature flag.

Add a feature flag to find out if Device ID attestation is supported or
not, as it is an optional feature.
Otherwise, the cts tests could not meaningfully say if the device
correctly supports this feature or not.

Bug: 72642093
Bug: 73448533
Test: Modified CTS tests.
Change-Id: Ia6ba47a5262412ab24afa700d1b891be10a21df9
---
 api/current.txt                                      |  1 +
 core/java/android/app/admin/DevicePolicyManager.java |  9 +++++++++
 core/java/android/content/pm/PackageManager.java     | 11 +++++++++++
 3 files changed, 21 insertions(+)

diff --git a/api/current.txt b/api/current.txt
index af042fb49630a..1bf5fe73ab2db 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -6508,6 +6508,7 @@ package android.app.admin {
     method public boolean isApplicationHidden(android.content.ComponentName, java.lang.String);
     method public boolean isBackupServiceEnabled(android.content.ComponentName);
     method public deprecated boolean isCallerApplicationRestrictionsManagingPackage();
+    method public boolean isDeviceIdAttestationSupported();
     method public boolean isDeviceOwnerApp(java.lang.String);
     method public boolean isEphemeralUser(android.content.ComponentName);
     method public boolean isLockTaskPermitted(java.lang.String);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 5c55e4fa3fc74..a5a58fe20ace7 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -4292,6 +4292,15 @@ public class DevicePolicyManager {
         return null;
     }
 
+    /**
+     * Returns {@code true} if the device supports attestation of device identifiers in addition
+     * to key attestation.
+     * @return {@code true} if Device ID attestation is supported.
+     */
+    public boolean isDeviceIdAttestationSupported() {
+        PackageManager pm = mContext.getPackageManager();
+        return pm.hasSystemFeature(PackageManager.FEATURE_DEVICE_ID_ATTESTATION);
+    }
 
     /**
      * Called by a device or profile owner, or delegated certificate installer, to associate
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index 491f0af2576da..dd86d475b0e8d 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -2628,6 +2628,17 @@ public abstract class PackageManager {
     public static final String FEATURE_STRONGBOX_KEYSTORE =
             "android.hardware.strongbox_keystore";
 
+    /**
+     * Feature for {@link #getSystemAvailableFeatures} and {@link #hasSystemFeature}:
+     * The device has a Keymaster implementation that supports Device ID attestation.
+     *
+     * @see DevicePolicyManager#isDeviceIdAttestationSupported
+     * @hide
+     */
+    @SdkConstant(SdkConstantType.FEATURE)
+    public static final String FEATURE_DEVICE_ID_ATTESTATION =
+            "android.software.device_id_attestation";
+
     /**
      * Action to external storage service to clean out removed apps.
      * @hide