From aaacfdb05424692db11d5e26df912c57918a539a Mon Sep 17 00:00:00 2001 From: Max Bires Date: Tue, 1 Feb 2022 21:15:44 -0800 Subject: [PATCH] Add ro.remote_provisioning.*.rkp_only properties. These properties are used to inform keystore2 and the RemoteProvisioner app how they should behave in the system in the event that RKP keys are exhausted. The usual behavior in a hybrid system is not to take any action and fallback to the factory provisioned key if key attestation is requested and no remotely provisioned keys are available. However, there are instances where this could happen on a device that was intended to be RKP only, in which case the system needs to know that it should go ahead and attempt to remotely provision new certificates or throw an error in the case where none are available. Test: New properties are accessible from the two domains Change-Id: I8d6c9e650566499bf08cfda2f71c64d5c2b26fd6 --- private/init.te | 3 +++ private/keystore.te | 3 +++ private/property.te | 1 + private/property_contexts | 4 ++++ private/remote_prov_app.te | 1 + 5 files changed, 12 insertions(+) diff --git a/private/init.te b/private/init.te index 997a18485..1405b9ea7 100644 --- a/private/init.te +++ b/private/init.te @@ -105,6 +105,9 @@ neverallow { domain -init } property_service_version_prop:property_service set; # Only init can set keystore.boot_level neverallow { domain -init } keystore_listen_prop:property_service set; +# Only init can set the ro.remote_provisioning.* props +neverallow { domain -init } remote_prov_prop:property_service set; + # Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing. allow init debugfs_bootreceiver_tracing:file w_file_perms; diff --git a/private/keystore.te b/private/keystore.te index 838712fde..78c0198aa 100644 --- a/private/keystore.te +++ b/private/keystore.te @@ -17,6 +17,9 @@ allow keystore platform_app:binder call; # Allow to check whether security logging is enabled. get_prop(keystore, device_logging_prop) +# Allow keystore to check if the system is rkp only. +get_prop(keystore, remote_prov_prop) + # Allow keystore to write to statsd. unix_socket_send(keystore, statsdw, statsd) diff --git a/private/property.te b/private/property.te index 3f02c839d..834d2dfd4 100644 --- a/private/property.te +++ b/private/property.te @@ -31,6 +31,7 @@ system_internal_prop(perf_drop_caches_prop) system_internal_prop(pm_prop) system_internal_prop(profcollectd_node_id_prop) system_internal_prop(radio_cdma_ecm_prop) +system_internal_prop(remote_prov_prop) system_internal_prop(rollback_test_prop) system_internal_prop(setupwizard_prop) system_internal_prop(snapuserd_prop) diff --git a/private/property_contexts b/private/property_contexts index 04e77e4ef..d24410885 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -1249,6 +1249,10 @@ zygote.critical_window.minute u:object_r:zygote_config_prop:s0 exact int ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool +# Store the URL that the provisioning code should point at. +ro.remote_provisioning.strongbox.rkp_only u:object_r:remote_prov_prop:s0 exact bool +ro.remote_provisioning.tee.rkp_only u:object_r:remote_prov_prop:s0 exact bool + # Broadcast boot stages, which keystore listens to keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int diff --git a/private/remote_prov_app.te b/private/remote_prov_app.te index 010c9bc3f..b2b398754 100644 --- a/private/remote_prov_app.te +++ b/private/remote_prov_app.te @@ -4,6 +4,7 @@ typeattribute remote_prov_app coredomain; app_domain(remote_prov_app) net_domain(remote_prov_app) +get_prop(remote_prov_app, remote_prov_prop) # The app needs access to properly build a DeviceInfo package for the verifying server get_prop(remote_prov_app, vendor_security_patch_level_prop)