Merge "Inform the remote provisioner when a key may have been consumed" am: ca344c9949 am: dc13e716c4 am: d085caf2b3

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2043513 Change-Id: If493029b3ce52fb152ba04c81935041fedb30fec Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Seth Moore <sethmo@google.com> 2022-03-30 15:05:29 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-03-30 15:05:29 +0000
commit: d4530a83ef92c9ae25dda603e0fe009eddd7a107 (patch)
tree: 164710ecf2032e8896832483b8845774ac4e2805
parent: 342dccd9885b7af41db85616073aa3b67898830a (diff)
parent: d085caf2b3a4dac54376c06ff907907789a165a0 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/identity/java/android/security/identity/CredstoreIdentityCredentialStore.java b/identity/java/android/security/identity/CredstoreIdentityCredentialStore.java
index fb0880ce3521..bbaf0862f923 100644
--- a/identity/java/android/security/identity/CredstoreIdentityCredentialStore.java
+++ b/identity/java/android/security/identity/CredstoreIdentityCredentialStore.java
@@ -19,7 +19,10 @@ package android.security.identity;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.content.Context;
+import android.os.RemoteException;
 import android.os.ServiceManager;
+import android.security.GenerateRkpKey;
+import android.security.keymaster.KeymasterDefs;
 
 class CredstoreIdentityCredentialStore extends IdentityCredentialStore {
 
@@ -104,6 +107,16 @@ class CredstoreIdentityCredentialStore extends IdentityCredentialStore {
         try {
             IWritableCredential wc;
             wc = mStore.createCredential(credentialName, docType);
+            try {
+                GenerateRkpKey keyGen = new GenerateRkpKey(mContext);
+                // We don't know what the security level is for the backing keymint, so go ahead and
+                // poke the provisioner for both TEE and SB.
+                keyGen.notifyKeyGenerated(KeymasterDefs.KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT);
+                keyGen.notifyKeyGenerated(KeymasterDefs.KM_SECURITY_LEVEL_STRONGBOX);
+            } catch (RemoteException e) {
+                // Not really an error state. Does not apply at all if RKP is unsupported or
+                // disabled on a given device.
+            }
             return new CredstoreWritableIdentityCredential(mContext, credentialName, docType, wc);
         } catch (android.os.RemoteException e) {
             throw new RuntimeException("Unexpected RemoteException ", e);
author	Seth Moore <sethmo@google.com>	2022-03-30 15:05:29 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-03-30 15:05:29 +0000
commit	d4530a83ef92c9ae25dda603e0fe009eddd7a107 (patch)
tree	164710ecf2032e8896832483b8845774ac4e2805
parent	342dccd9885b7af41db85616073aa3b67898830a (diff)
parent	d085caf2b3a4dac54376c06ff907907789a165a0 (diff)