Merge "Added check for misprovisioned Pixel 2 device." into pi-dev

am: ec94be1526 Change-Id: I443bd4a96e616616e4608f1e9a8c5d8554647e56
2018-08-24 11:21:06 -07:00
parent faefa61c22 ec94be1526
commit eeedc9e276
3 changed files with 46 additions and 2 deletions
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -3510,4 +3510,11 @@

    <!-- Whether or not we should show the option to show battery percentage -->
    <bool name="config_battery_percentage_setting_available">true</bool>
+
+    <!-- Model of potentially misprovisioned devices. If none is specified in an overlay, an
+         empty string is passed in. -->
+    <string name="config_misprovisionedDeviceModel" translatable="false"></string>
+
+    <!-- Brand value for attestation of misprovisioned device. -->
+    <string name="config_misprovisionedBrandValue" translatable="false"></string>
 </resources>
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -3412,4 +3412,7 @@

  <java-symbol type="array" name="config_disableApksUnlessMatchedSku_apk_list" />
  <java-symbol type="array" name="config_disableApkUnlessMatchedSku_skus_list" />
+
+  <java-symbol type="string" name="config_misprovisionedDeviceModel" />
+  <java-symbol type="string" name="config_misprovisionedBrandValue" />
 </resources>
--- a/keystore/java/android/security/keystore/AttestationUtils.java
+++ b/keystore/java/android/security/keystore/AttestationUtils.java
@@ -22,9 +22,9 @@ import android.annotation.RequiresPermission;
 import android.annotation.SystemApi;
 import android.annotation.TestApi;
 import android.content.Context;
+import android.content.res.Resources;
 import android.os.Build;
 import android.security.KeyStore;
-import android.security.KeyStoreException;
 import android.security.keymaster.KeymasterArguments;
 import android.security.keymaster.KeymasterCertificateChain;
 import android.security.keymaster.KeymasterDefs;
@@ -117,6 +117,40 @@ public abstract class AttestationUtils {
    @NonNull public static KeymasterArguments prepareAttestationArguments(Context context,
            @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws
            DeviceIdAttestationException {
+        return prepareAttestationArguments(context, idTypes,attestationChallenge, Build.BRAND);
+    }
+
+    /**
+     * Prepares Keymaster Arguments with attestation data for misprovisioned Pixel 2 device.
+     * See http://go/keyAttestationFailure and http://b/69471841 for more info.
+     * @hide should only be used by KeyChain.
+     */
+    @NonNull public static KeymasterArguments prepareAttestationArgumentsIfMisprovisioned(
+            Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws
+            DeviceIdAttestationException {
+        if (!isPotentiallyMisprovisionedDevice(context)) {
+            return null;
+        }
+        Resources resources = context.getResources();
+        String misprovisionedBrand = resources.getString(
+                com.android.internal.R.string.config_misprovisionedBrandValue);
+        return prepareAttestationArguments(
+                    context, idTypes, attestationChallenge, misprovisionedBrand);
+    }
+
+    @NonNull private static boolean isPotentiallyMisprovisionedDevice(Context context) {
+        Resources resources = context.getResources();
+        String misprovisionedModel = resources.getString(
+                com.android.internal.R.string.config_misprovisionedDeviceModel);
+        String misprovisionedBrand = resources.getString(
+                com.android.internal.R.string.config_misprovisionedBrandValue);
+
+        return (Build.MODEL.equals(misprovisionedModel));
+    }
+
+    @NonNull private static KeymasterArguments prepareAttestationArguments(Context context,
+            @NonNull int[] idTypes, @NonNull byte[] attestationChallenge, String brand) throws
+            DeviceIdAttestationException {
        // Check method arguments, retrieve requested device IDs and prepare attestation arguments.
        if (attestationChallenge == null) {
            throw new NullPointerException("Missing attestation challenge");
@@ -169,7 +203,7 @@ public abstract class AttestationUtils {
            }
        }
        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_BRAND,
-                Build.BRAND.getBytes(StandardCharsets.UTF_8));
+                brand.getBytes(StandardCharsets.UTF_8));
        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_DEVICE,
                Build.DEVICE.getBytes(StandardCharsets.UTF_8));
        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_PRODUCT,