Enforce USE_ATTESTATION_VERIFICATION_SERVICE permission to call APIs.

Bug: 233223690 Test: atest AttestationVerificationTest Test: removed permission from test AndroidManifest and verified failure Change-Id: I6dda91bb0bdf52e8e1456c0a607c224528a6d24a
author: Dave McCloskey <dlm@google.com> 2022-05-19 09:54:54 -0700
committer: Dave McCloskey <dlm@google.com> 2022-05-23 10:44:52 -0700
commit: 931bdc3451829d9d778ada733c95f8fd4fde3fd0 (patch)
tree: 300093a9826d34630ce568454f6e781adf31d1f4
parent: 8890d47366528e6cec88c05700d8a3fa20956567 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/security/AttestationVerificationManagerService.java b/services/core/java/com/android/server/security/AttestationVerificationManagerService.java
index 863f2d1a762d..2bf0b2cd4f4a 100644
--- a/services/core/java/com/android/server/security/AttestationVerificationManagerService.java
+++ b/services/core/java/com/android/server/security/AttestationVerificationManagerService.java
@@ -16,6 +16,7 @@
 
 package com.android.server.security;
 
+import static android.Manifest.permission.USE_ATTESTATION_VERIFICATION_SERVICE;
 import static android.security.attestationverification.AttestationVerificationManager.PROFILE_PEER_DEVICE;
 import static android.security.attestationverification.AttestationVerificationManager.PROFILE_SELF_TRUSTED;
 import static android.security.attestationverification.AttestationVerificationManager.RESULT_FAILURE;
@@ -60,6 +61,7 @@ public class AttestationVerificationManagerService extends SystemService {
                 Bundle requirements,
                 byte[] attestation,
                 AndroidFuture resultCallback) throws RemoteException {
+            enforceUsePermission();
             try {
                 Slog.d(TAG, "verifyAttestation");
                 verifyAttestationForAllVerifiers(profile, localBindingType, requirements,
@@ -73,9 +75,14 @@ public class AttestationVerificationManagerService extends SystemService {
         @Override
         public void verifyToken(VerificationToken token, ParcelDuration parcelDuration,
                 AndroidFuture resultCallback) throws RemoteException {
+            enforceUsePermission();
             // TODO(b/201696614): Implement
             resultCallback.complete(RESULT_UNKNOWN);
         }
+
+        private void enforceUsePermission() {
+            getContext().enforceCallingOrSelfPermission(USE_ATTESTATION_VERIFICATION_SERVICE, null);
+        }
     };
 
     private void verifyAttestationForAllVerifiers(
author	Dave McCloskey <dlm@google.com>	2022-05-19 09:54:54 -0700
committer	Dave McCloskey <dlm@google.com>	2022-05-23 10:44:52 -0700
commit	931bdc3451829d9d778ada733c95f8fd4fde3fd0 (patch)
tree	300093a9826d34630ce568454f6e781adf31d1f4
parent	8890d47366528e6cec88c05700d8a3fa20956567 (diff)