Use raw transport if Android T or below

Bug: 276778872 Test: Manual Change-Id: Ic3a36e7f179c4bc2312d3805da54d6c791d8085f
author: Raphael Kim <raphk@google.com> 2023-04-04 12:43:17 -0700
committer: Raphael Kim <raphk@google.com> 2023-04-04 14:39:45 -0700
commit: b41e4bf9ec6108a1d4bd7f24637e56c839c7270f (patch)
tree: 7ab71d631a91e8866e691cc29e882101151f214f
parent: 84ee359a920281fdad4d8e22f774747457aead80 (diff)
1 files changed, 16 insertions, 10 deletions
diff --git a/services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java b/services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java
index 092eb4ea9014..d54aa7c101d7 100644
--- a/services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java
+++ b/services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java
@@ -301,25 +301,31 @@ public class CompanionTransportManager {
 
         int sdk = Build.VERSION.SDK_INT;
         String release = Build.VERSION.RELEASE;
-        if (Build.isDebuggable()) {
-            // Debug builds cannot pass attestation verification. Use hardcoded key instead.
+
+        if (sdk < SECURE_CHANNEL_AVAILABLE_SDK || remoteSdk < SECURE_CHANNEL_AVAILABLE_SDK) {
+            // If either device is Android T or below, use raw channel
+            // TODO: depending on the release version, either
+            //       1) using a RawTransport for old T versions
+            //       2) or an Ukey2 handshaked transport for UKey2 backported T versions
+            Slog.d(TAG, "Secure channel is not supported. Using raw transport");
+            transport = new RawTransport(transport.getAssociationId(), transport.getFd(), mContext);
+        } else if (Build.isDebuggable()) {
+            // If device is debug build, use hardcoded test key for authentication
             Slog.d(TAG, "Creating an unauthenticated secure channel");
             final byte[] testKey = "CDM".getBytes(StandardCharsets.UTF_8);
             transport = new SecureTransport(transport.getAssociationId(), transport.getFd(),
                     mContext, testKey, null);
-        } else if (remoteSdk == NON_ANDROID) {
+        } else if (sdk == NON_ANDROID || remoteSdk == NON_ANDROID) {
+            // If either device is not Android, then use app-specific pre-shared key
             // TODO: pass in a real preSharedKey
+            Slog.d(TAG, "Creating a PSK-authenticated secure channel");
             transport = new SecureTransport(transport.getAssociationId(), transport.getFd(),
                     mContext, new byte[0], null);
-        } else if (sdk >= SECURE_CHANNEL_AVAILABLE_SDK
-                && remoteSdk >= SECURE_CHANNEL_AVAILABLE_SDK) {
-            Slog.i(TAG, "Creating a secure channel");
+        } else {
+            // If none of the above applies, then use secure channel with attestation verification
+            Slog.d(TAG, "Creating a secure channel");
             transport = new SecureTransport(transport.getAssociationId(), transport.getFd(),
                     mContext);
-        } else {
-            // TODO: depending on the release version, either
-            //       1) using a RawTransport for old T versions
-            //       2) or an Ukey2 handshaked transport for UKey2 backported T versions
         }
         addMessageListenersToTransport(transport);
         transport.start();
author	Raphael Kim <raphk@google.com>	2023-04-04 12:43:17 -0700
committer	Raphael Kim <raphk@google.com>	2023-04-04 14:39:45 -0700
commit	b41e4bf9ec6108a1d4bd7f24637e56c839c7270f (patch)
tree	7ab71d631a91e8866e691cc29e882101151f214f
parent	84ee359a920281fdad4d8e22f774747457aead80 (diff)