tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
8615 commits 1 branch 0 tags 12 MiB
Commit graph

7 commits

Author SHA1 Message Date
Tri Vo
71e8cc1107 identity: Fix RKPD usage 
Fixes:
- Revert to pre-RKPD behavior of getting an attestation key each time
  a credential is created.
- Revert to pre-RKPD behavior of falling back to factory key.
- Check RKPD feature flag each time before calling into RKPD.
- Correct service name used to call into RKPD.
- Add another thread to handle async responses from RKPD.
- Switch to new RKPD build flag "remote_provisioning.enable_rkpd".

Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: Idc11abb3c0e46de1a77609969e8539e9e96549d5
 2023-01-25 20:42:07 +00:00
David Zeuthen
62d43bf7cb identity: Use "credstore" for LOG_TAG everywhere. 
Currently we're using file-specific tags which makes it hard for
people looking at logcat to infer it's actually from credstore and it
also complicates filtering. Just use "credstore" everywhere.

Also change logging level from ERROR to INFO in the message
"Registered binder service" which is logged on startup.

Bug: None
Test: Compiles + manual inspection via logcat
Test: atest android.security.identity.cts (on goldfish)
Change-Id: I336d1a4e4e10b87fd3f08a5046cf5e13f09c9cb6
 2021-03-31 10:46:42 -04:00
Hasini Gunasinghe
4b462a511a Fix bug where credstore is immediately exiting. 
This CL adds the fix for the credstore failure reported in b/183253539.

Bug: 183253539
Test: CtsVerifier's Identity Credential Authentication test
Test: atest android.security.identity.cts
Change-Id: I396f36a58d260e3e081ef8a94aaf64431d0ad484
 2021-03-22 21:05:39 +00:00
Hasini Gunasinghe
8c9853fc2c Credstore: Remove dependency to keystore1. 
This CL removes dependency to keystore1 from credstore.

Test: yet to be tested.
Change-Id: I75934d1154d955aca3ea0cd0651690f68c6a8b55
 2021-03-19 10:13:34 -07:00
Hasini Gunasinghe
1b531b91c0 Integrate getAuthTokensForCredStore method with credstore. 
Bug: 159341610
Test: CtsVerifier

Change-Id: Ia2b7f1a27a05e92c7b5bb5da14caa423a70ac15b
 2021-03-12 20:25:31 +00:00
David Zeuthen
59102f388f keystore: Pass verification token to credstore along with requested auth token. 
This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.

Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.

Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Id6cb6812a31d968069b7d72bd2b39b512d38d241
 2020-05-08 11:30:49 -04:00
David Zeuthen
ab3e565511 Add credstore system daemon. 
The credstore system daemon is sitting below the Identity Credential
Framework APIs and on top of the Identity Credential HALs. Its main
job is to store credential data and provide a way for applications to
communicate with the secure hardware abstracted by the HAL.

This daemon runs as an unprivileged user, credstore.

The auth-tokens needed by credstore are supplied by keystore and this
CL includes the requisite changes to keystore for this to work.

Bug: 111446262
Test: CTS tests for Framework APIs
Change-Id: Ieb4d59852a143482436a1c418c25ed96e25c0047
 2020-01-16 13:05:48 -05:00