Add ro.remote_provisioning.*.rkp_only properties.
These properties are used to inform keystore2 and the RemoteProvisioner app how they should behave in the system in the event that RKP keys are exhausted. The usual behavior in a hybrid system is not to take any action and fallback to the factory provisioned key if key attestation is requested and no remotely provisioned keys are available. However, there are instances where this could happen on a device that was intended to be RKP only, in which case the system needs to know that it should go ahead and attempt to remotely provision new certificates or throw an error in the case where none are available. Test: New properties are accessible from the two domains Change-Id: I8d6c9e650566499bf08cfda2f71c64d5c2b26fd6
This commit is contained in:
parent
9e96849345
commit
aaacfdb054
5 changed files with 12 additions and 0 deletions
|
@ -105,6 +105,9 @@ neverallow { domain -init } property_service_version_prop:property_service set;
|
||||||
# Only init can set keystore.boot_level
|
# Only init can set keystore.boot_level
|
||||||
neverallow { domain -init } keystore_listen_prop:property_service set;
|
neverallow { domain -init } keystore_listen_prop:property_service set;
|
||||||
|
|
||||||
|
# Only init can set the ro.remote_provisioning.* props
|
||||||
|
neverallow { domain -init } remote_prov_prop:property_service set;
|
||||||
|
|
||||||
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
|
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
|
||||||
allow init debugfs_bootreceiver_tracing:file w_file_perms;
|
allow init debugfs_bootreceiver_tracing:file w_file_perms;
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,9 @@ allow keystore platform_app:binder call;
|
||||||
# Allow to check whether security logging is enabled.
|
# Allow to check whether security logging is enabled.
|
||||||
get_prop(keystore, device_logging_prop)
|
get_prop(keystore, device_logging_prop)
|
||||||
|
|
||||||
|
# Allow keystore to check if the system is rkp only.
|
||||||
|
get_prop(keystore, remote_prov_prop)
|
||||||
|
|
||||||
# Allow keystore to write to statsd.
|
# Allow keystore to write to statsd.
|
||||||
unix_socket_send(keystore, statsdw, statsd)
|
unix_socket_send(keystore, statsdw, statsd)
|
||||||
|
|
||||||
|
|
|
@ -31,6 +31,7 @@ system_internal_prop(perf_drop_caches_prop)
|
||||||
system_internal_prop(pm_prop)
|
system_internal_prop(pm_prop)
|
||||||
system_internal_prop(profcollectd_node_id_prop)
|
system_internal_prop(profcollectd_node_id_prop)
|
||||||
system_internal_prop(radio_cdma_ecm_prop)
|
system_internal_prop(radio_cdma_ecm_prop)
|
||||||
|
system_internal_prop(remote_prov_prop)
|
||||||
system_internal_prop(rollback_test_prop)
|
system_internal_prop(rollback_test_prop)
|
||||||
system_internal_prop(setupwizard_prop)
|
system_internal_prop(setupwizard_prop)
|
||||||
system_internal_prop(snapuserd_prop)
|
system_internal_prop(snapuserd_prop)
|
||||||
|
|
|
@ -1249,6 +1249,10 @@ zygote.critical_window.minute u:object_r:zygote_config_prop:s0 exact int
|
||||||
|
|
||||||
ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool
|
ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool
|
||||||
|
|
||||||
|
# Store the URL that the provisioning code should point at.
|
||||||
|
ro.remote_provisioning.strongbox.rkp_only u:object_r:remote_prov_prop:s0 exact bool
|
||||||
|
ro.remote_provisioning.tee.rkp_only u:object_r:remote_prov_prop:s0 exact bool
|
||||||
|
|
||||||
# Broadcast boot stages, which keystore listens to
|
# Broadcast boot stages, which keystore listens to
|
||||||
keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int
|
keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ typeattribute remote_prov_app coredomain;
|
||||||
app_domain(remote_prov_app)
|
app_domain(remote_prov_app)
|
||||||
net_domain(remote_prov_app)
|
net_domain(remote_prov_app)
|
||||||
|
|
||||||
|
get_prop(remote_prov_app, remote_prov_prop)
|
||||||
# The app needs access to properly build a DeviceInfo package for the verifying server
|
# The app needs access to properly build a DeviceInfo package for the verifying server
|
||||||
get_prop(remote_prov_app, vendor_security_patch_level_prop)
|
get_prop(remote_prov_app, vendor_security_patch_level_prop)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue