Allow credstore to call into KeyAttestationApplicationIdProviderService

This was previously reserved for keystore only but since credstore
also needs to do attestations, this is needed.

Bug: 111446262
Test: atest android.security.identity.cts
Test: Manually verifying the AttestationApplicationId from credstore
Change-Id: Ie44f9e4c8f2e1bd916ccbe7c7e5537dc498d8154

2 files changed, 14 insertions, 6 deletions

diff --git a/core/java/android/os/Process.java b/core/java/android/os/Process.java
index 6f4f30c4981a..10b4e5ddcd55 100644
--- a/core/java/android/os/Process.java
+++ b/core/java/android/os/Process.java
@@ -99,6 +99,12 @@ public class Process {
     public static final int KEYSTORE_UID = 1017;
 
     /**
+     * Defines the UID/GID for credstore.
+     * @hide
+     */
+    public static final int CREDSTORE_UID = 1076;
+
+    /**
      * Defines the UID/GID for the NFC service process.
      * @hide
      */
diff --git a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
index a8c68c07231d..c908acdd1d6c 100644
--- a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
+++ b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
@@ -24,16 +24,16 @@ import android.content.pm.PackageManager.NameNotFoundException;
 import android.os.Binder;
 import android.os.RemoteException;
 import android.os.UserHandle;
-import android.security.keymaster.KeyAttestationPackageInfo;
-import android.security.keymaster.KeyAttestationApplicationId;
 import android.security.keymaster.IKeyAttestationApplicationIdProvider;
+import android.security.keymaster.KeyAttestationApplicationId;
+import android.security.keymaster.KeyAttestationPackageInfo;
 
 /**
  * @hide
  * The KeyAttestationApplicationIdProviderService provides information describing the possible
  * applications identified by a UID. Due to UID sharing, this KeyAttestationApplicationId can
- * comprise information about multiple packages. The Information is used by keystore to describe
- * the initiating application of a key attestation procedure.
+ * comprise information about multiple packages. The Information is used by keystore and credstore
+ * to describe the initiating application of a key attestation procedure.
  */
 public class KeyAttestationApplicationIdProviderService
         extends IKeyAttestationApplicationIdProvider.Stub {
@@ -46,8 +46,10 @@ public class KeyAttestationApplicationIdProviderService
 
     public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)
             throws RemoteException {
-        if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {
-            throw new SecurityException("This service can only be used by Keystore");
+        int callingUid = Binder.getCallingUid();
+        if (callingUid != android.os.Process.KEYSTORE_UID
+                && callingUid != android.os.Process.CREDSTORE_UID) {
+            throw new SecurityException("This service can only be used by Keystore or Credstore");
         }
         KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;
         final long token = Binder.clearCallingIdentity();