Commit graph

120 commits

Author SHA1 Message Date
Bartosz Fabianowski
2377553df2 Add manufacturer and model to device ID attestation
Discussions have shown that in addition to brand, device and product,
we should also allow devices to attest their manufacturer and model.

Bug: 36433192
Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest

Change-Id: I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c
2017-03-20 14:01:03 +01:00
TreeHugger Robot
33b3a66047 Merge "keymaster HAL uses "default" service name" 2017-02-25 01:57:45 +00:00
Chris Phoenix
06be50266b keymaster HAL uses "default" service name
The getService() and registerAsService() methods of interface objects
now have default parameters of "default" for the service name. HALs
will not have to use any service name unless they want to register
more than one service.

Test: marlin boots

Bug: 33844934
Change-Id: I6533e4fe0e63e2d0b0158148f5e438bb4b6b5886
2017-02-24 14:31:22 -08:00
Steven Moreland
7e73d5b908 Remove viral dependency on libhwbinder. (2/2)
find hardware/interfaces -name Android.mk -exec sed -i -e '/libhwbinder
\\/d' {} \;
find hardware/interfaces -name Android.bp -exec sed -i -e
'/"libhwbinder"/d' {} \;
./hardware/interfaces/update-makefiles.sh

Note, automotive has some actual dependencies on libhwbinder, filed
b/35758626 for this.

Test: everything links
Test: (sanity) booted marlin on internal master with these changes
Bug: 35710429
Change-Id: I6d0726c8130d00684b978efbdd48e3ae396f12e5
2017-02-24 12:18:01 -08:00
TreeHugger Robot
da1773c3ce Merge "Have generateKey() treat additional entropy as optional" 2017-02-14 13:01:00 +00:00
Bartosz Fabianowski
50624e995d Have generateKey() treat additional entropy as optional
KeyStore.generateKey() takes an entropy parameter. This is optional
and can be null. That is how KeyStore used to work but a recent
refactor made us always feed the entropy to keymaster, even if it
is empty (null or byte[0] on the Java side). This CL makes us ignore
such empty entropy again.

We only noticed this because a recently added GTS test that happens
to set the entropy to null is failing on some hardware (other
keymaster implementations silently ignore this invalid attempt to
set entropy).

Bug: 35156555
Test: gts-tradefed run gts --module GtsGmscoreHostTestCases
      --test com.google.android.gts.security.DeviceIdAttestationHostTest

Change-Id: Iadaf40e69350c17dd18e4dc2a1dab97fa911e1bf
2017-02-14 11:24:38 +01:00
Steven Moreland
a0da1a1c3d Move hidl shims to the vendor partition. (2/2)
We need google shims on the vendor partition because they are providing
an implementation of a vendor defined interface. They were written by
google just as a courtesy/to make the transition easier. They're
basically a set for vendors to assemble their hal implementations
from.

Bug: 34135607
Test: marlin persist.hal.binderization on/off
Change-Id: I2e2af5af39264cf290259755bb9b2eb9827a21f5
2017-02-13 15:03:41 -08:00
Tri Vo
85120c9490 Update makefiles to use filgroup syntax.
Test: mmma hardware/interfaces
Change-Id: I9f4457c78b7820c242d46359f0debe05d1b3e482
2017-02-10 12:45:19 -08:00
TreeHugger Robot
930086babd Merge "Migrate driver/profiler to test/vts-testcase/hal." 2017-02-08 18:33:06 +00:00
Janis Danisevskis
46a1accf65 Merge "Use propper default service implementation for keymaster HAL" 2017-02-08 12:43:00 +00:00
Tri Vo
ce608bec74 Migrate driver/profiler to test/vts-testcase/hal.
Bug: 34893894
Test: mmma hardware/interfaces

Change-Id: Ic72716577a5f93700c5056986aff55a76b170b5d
2017-02-07 19:13:28 -08:00
Zhuoyao Zhang
e9b43bbe2d Update Andriod.bp for hals.
* Add driver/profiler build rule for all hals.

Test: mma
Change-Id: I98325f7af14fec7dd1bb64b1668de8c7c20ace92
2017-02-03 10:03:01 -08:00
Janis Danisevskis
2e88b6b408 Use propper default service implementation for keymaster HAL
Test: Boot marlin with ENABLE_TREBLE
Bug: 34641942
Change-Id: I3d65555dda7e5a54034f0768ba6739c5a3b1b268
2017-01-25 13:52:48 +00:00
Bartosz Fabianowski
aac0fc739e Add device id attestation
This adds device id attestation to the Keymaster 3.0 HAL. Device
id attestation must only be offered if the device can permanently
destroy device ids on request. The default implementation cannot
do this because it lacks storage that would survive device wipes.
Hence, the implementation refuses all device id attestation requests.

Bug: 34597337
Test: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest

Change-Id: I6ff6146fad4656b8e1367650de922124b3d7f7b2
2017-01-24 23:06:30 +01:00
Crystal Qin
46b49f208e Merge "Add the new key purpose to types.hal as well." 2017-01-20 18:13:42 +00:00
Yifan Hong
a18049ad13 Bp/nFoo -> Bp/nHwFoo.
Test: mma
Bug: 33554989
Change-Id: I4b3f852d20fdfc49f2da671dd3c12d618ffb4140
2017-01-11 13:14:59 -08:00
Crystal Qin
520cf0be24 Add the new key purpose to types.hal as well.
Test: There will be a cts test cl submitted together.
Change-Id: I8a84f10b8963001a24afe089ae79bedea00f8564
2017-01-04 14:09:11 -08:00
Martijn Coenen
028223775b Remove obsolete references to IPCThreadState/ProcessState.
Threadpool can now be configured/joined if needed with
configureRpcThreadpool() / joinRpcThreadpool().

Bug: 31226656
Test: mma
Change-Id: I0d7d9924cc8c8851cc2b61ebdae906204909890e
2016-12-30 14:00:31 +01:00
Janis Danisevskis
0f35e5a013 Add default implementation for binderized Keymaster HAL and service
The default implementation loads the device's legacy keymaster hal
and wraps in a softkeymasterdevice if the capabilities of the
device is less than keymaster 2.

Test: builds
Bug: 32020919
Change-Id: Ia7e274673b77c2712c386d573715ed3725b0c158
2016-12-20 09:09:29 -07:00
Janis Danisevskis
34d8809c7e Add interface definition for binderized Keymaster HAL
Test: accepted by hidl-gen
Bug: 32020919,32962548
Change-Id: Ib0decb231527e944e6b673017b721ea4601b7b2a
2016-12-20 09:09:29 -07:00