drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_frameworks_base/keystore/java/android/security/IGenerateRkpKeyService.aidl
Max Bires 7fd458dc44 Adding AIDL and functions for talking to RemoteProvisioner 
This change adds an AIDL interface which the RemoteProvisioner app
implements that allows the keystore SPI to inform the app when an
attestation key may have been used, and when the underlying attestation
key pool is totally empty. The former is a non-blocking call, and the
latter blocks until completion.

Since the latter involves network, there are timeouts involved on the
app side to ensure that the blocking call doesn't hang indefinitely if
there's no network.

Test: atest CtsKeystoreTestCases && atest RemoteProvisionerUnitTests

Change-Id: Ie49e37659c96ce5c1626d1b99a4a7ccc62028156
2021-03-24 01:13:10 -07:00

37 lines
1.5 KiB
Plaintext
Raw Blame History

/**
* Copyright (C) 2021 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security;
/**
* Interface to allow the framework to notify the RemoteProvisioner app when keys are empty. This
* will be used if Keystore replies with an error code NO_KEYS_AVAILABLE in response to an
* attestation request. The framework can then synchronously call generateKey() to get more
* attestation keys generated and signed. Upon return, the caller can be certain an attestation key
* is available.
*
* @hide
*/
interface IGenerateRkpKeyService {
/**
* Ping the provisioner service to let it know an app generated a key. This may or may not have
* consumed a remotely provisioned attestation key, so the RemoteProvisioner app should check.
*/
oneway void notifyKeyGenerated(in int securityLevel);
/** Ping the provisioner service to indicate there are no remaining attestation keys left. */
void generateKey(in int securityLevel);
}
Reference in New Issue View Git Blame Copy Permalink