Add ro.remote_provisioning.*.rkp_only properties.

These properties are used to inform keystore2 and the RemoteProvisioner
app how they should behave in the system in the event that RKP keys are
exhausted. The usual behavior in a hybrid system is not to take any
action and fallback to the factory provisioned key if key attestation is
requested and no remotely provisioned keys are available.

However, there are instances where this could happen on a device that
was intended to be RKP only, in which case the system needs to know that
it should go ahead and attempt to remotely provision new certificates or
throw an error in the case where none are available.

Test: New properties are accessible from the two domains
Change-Id: I8d6c9e650566499bf08cfda2f71c64d5c2b26fd6
This commit is contained in:
Max Bires 2022-02-01 21:15:44 -08:00 committed by Seth Moore
parent 9e96849345
commit aaacfdb054
5 changed files with 12 additions and 0 deletions

View file

@ -105,6 +105,9 @@ neverallow { domain -init } property_service_version_prop:property_service set;
# Only init can set keystore.boot_level # Only init can set keystore.boot_level
neverallow { domain -init } keystore_listen_prop:property_service set; neverallow { domain -init } keystore_listen_prop:property_service set;
# Only init can set the ro.remote_provisioning.* props
neverallow { domain -init } remote_prov_prop:property_service set;
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing. # Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
allow init debugfs_bootreceiver_tracing:file w_file_perms; allow init debugfs_bootreceiver_tracing:file w_file_perms;

View file

@ -17,6 +17,9 @@ allow keystore platform_app:binder call;
# Allow to check whether security logging is enabled. # Allow to check whether security logging is enabled.
get_prop(keystore, device_logging_prop) get_prop(keystore, device_logging_prop)
# Allow keystore to check if the system is rkp only.
get_prop(keystore, remote_prov_prop)
# Allow keystore to write to statsd. # Allow keystore to write to statsd.
unix_socket_send(keystore, statsdw, statsd) unix_socket_send(keystore, statsdw, statsd)

View file

@ -31,6 +31,7 @@ system_internal_prop(perf_drop_caches_prop)
system_internal_prop(pm_prop) system_internal_prop(pm_prop)
system_internal_prop(profcollectd_node_id_prop) system_internal_prop(profcollectd_node_id_prop)
system_internal_prop(radio_cdma_ecm_prop) system_internal_prop(radio_cdma_ecm_prop)
system_internal_prop(remote_prov_prop)
system_internal_prop(rollback_test_prop) system_internal_prop(rollback_test_prop)
system_internal_prop(setupwizard_prop) system_internal_prop(setupwizard_prop)
system_internal_prop(snapuserd_prop) system_internal_prop(snapuserd_prop)

View file

@ -1249,6 +1249,10 @@ zygote.critical_window.minute u:object_r:zygote_config_prop:s0 exact int
ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool
# Store the URL that the provisioning code should point at.
ro.remote_provisioning.strongbox.rkp_only u:object_r:remote_prov_prop:s0 exact bool
ro.remote_provisioning.tee.rkp_only u:object_r:remote_prov_prop:s0 exact bool
# Broadcast boot stages, which keystore listens to # Broadcast boot stages, which keystore listens to
keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int

View file

@ -4,6 +4,7 @@ typeattribute remote_prov_app coredomain;
app_domain(remote_prov_app) app_domain(remote_prov_app)
net_domain(remote_prov_app) net_domain(remote_prov_app)
get_prop(remote_prov_app, remote_prov_prop)
# The app needs access to properly build a DeviceInfo package for the verifying server # The app needs access to properly build a DeviceInfo package for the verifying server
get_prop(remote_prov_app, vendor_security_patch_level_prop) get_prop(remote_prov_app, vendor_security_patch_level_prop)