Merge "Use raw transport if Android T or below" into udc-dev

author: Raphael Kim <raphk@google.com> 2023-04-05 22:46:33 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2023-04-05 22:46:33 +0000
commit: 7474199153b7c11c934f707d7fd3eaab973a79c6 (patch)
tree: f68d9cf79c41e48181e5d92fd48428cb27d5687a
parent: be2a37457fda28617c463a5fd3adeb7da0d41792 (diff)
parent: b41e4bf9ec6108a1d4bd7f24637e56c839c7270f (diff)
1 files changed, 16 insertions, 10 deletions
diff --git a/services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java b/services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java
index 092eb4ea9014..d54aa7c101d7 100644
--- a/services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java
+++ b/services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java
@@ -301,25 +301,31 @@ public class CompanionTransportManager {
 
         int sdk = Build.VERSION.SDK_INT;
         String release = Build.VERSION.RELEASE;
-        if (Build.isDebuggable()) {
-            // Debug builds cannot pass attestation verification. Use hardcoded key instead.
+
+        if (sdk < SECURE_CHANNEL_AVAILABLE_SDK || remoteSdk < SECURE_CHANNEL_AVAILABLE_SDK) {
+            // If either device is Android T or below, use raw channel
+            // TODO: depending on the release version, either
+            //       1) using a RawTransport for old T versions
+            //       2) or an Ukey2 handshaked transport for UKey2 backported T versions
+            Slog.d(TAG, "Secure channel is not supported. Using raw transport");
+            transport = new RawTransport(transport.getAssociationId(), transport.getFd(), mContext);
+        } else if (Build.isDebuggable()) {
+            // If device is debug build, use hardcoded test key for authentication
             Slog.d(TAG, "Creating an unauthenticated secure channel");
             final byte[] testKey = "CDM".getBytes(StandardCharsets.UTF_8);
             transport = new SecureTransport(transport.getAssociationId(), transport.getFd(),
                     mContext, testKey, null);
-        } else if (remoteSdk == NON_ANDROID) {
+        } else if (sdk == NON_ANDROID || remoteSdk == NON_ANDROID) {
+            // If either device is not Android, then use app-specific pre-shared key
             // TODO: pass in a real preSharedKey
+            Slog.d(TAG, "Creating a PSK-authenticated secure channel");
             transport = new SecureTransport(transport.getAssociationId(), transport.getFd(),
                     mContext, new byte[0], null);
-        } else if (sdk >= SECURE_CHANNEL_AVAILABLE_SDK
-                && remoteSdk >= SECURE_CHANNEL_AVAILABLE_SDK) {
-            Slog.i(TAG, "Creating a secure channel");
+        } else {
+            // If none of the above applies, then use secure channel with attestation verification
+            Slog.d(TAG, "Creating a secure channel");
             transport = new SecureTransport(transport.getAssociationId(), transport.getFd(),
                     mContext);
-        } else {
-            // TODO: depending on the release version, either
-            //       1) using a RawTransport for old T versions
-            //       2) or an Ukey2 handshaked transport for UKey2 backported T versions
         }
         addMessageListenersToTransport(transport);
         transport.start();
author	Raphael Kim <raphk@google.com>	2023-04-05 22:46:33 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2023-04-05 22:46:33 +0000
commit	7474199153b7c11c934f707d7fd3eaab973a79c6 (patch)
tree	f68d9cf79c41e48181e5d92fd48428cb27d5687a
parent	be2a37457fda28617c463a5fd3adeb7da0d41792 (diff)
parent	b41e4bf9ec6108a1d4bd7f24637e56c839c7270f (diff)