diff options
author | Seth Moore <sethmo@google.com> | 2022-04-21 18:34:07 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-04-21 18:34:07 +0000 |
commit | c7f77838bf187a6ff275c5231d5570137e045631 (patch) | |
tree | 564b27298c1ad70c065d6e0f5d1c4501ddb0c061 | |
parent | 285bb857a653ec5d35093dad350d6dce6a63b7cc (diff) | |
parent | 8c6abf187fd1b233a2774b9776640262d0cf54b5 (diff) | |
download | security-c7f77838bf187a6ff275c5231d5570137e045631.tar.gz |
Merge "Do not cache rkp_only property" am: 4c348bd49f am: fb4ccc3172 am: 2fcd798bc9 am: 8c6abf187f
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036
Change-Id: I89328a9d7b6348a75a3885225c268cf2d64acb54
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | keystore2/src/remote_provisioning.rs | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index 8837d1c0..b47b3731 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -60,7 +60,6 @@ pub struct RemProvState { security_level: SecurityLevel, km_uuid: Uuid, is_hal_present: AtomicBool, - is_rkp_only: bool, } static COSE_KEY_XCOORD: Value = Value::Integer(-2); @@ -71,12 +70,7 @@ static COSE_MAC0_PAYLOAD: usize = 2; impl RemProvState { /// Creates a RemProvState struct. pub fn new(security_level: SecurityLevel, km_uuid: Uuid) -> Self { - Self { - security_level, - km_uuid, - is_hal_present: AtomicBool::new(true), - is_rkp_only: Self::read_is_rkp_only_property(security_level), - } + Self { security_level, km_uuid, is_hal_present: AtomicBool::new(true) } } /// Returns the uuid for the KM instance attached to this RemProvState struct. @@ -84,12 +78,12 @@ impl RemProvState { self.km_uuid } - fn read_is_rkp_only_property(security_level: SecurityLevel) -> bool { + fn is_rkp_only(&self) -> bool { let default_value = false; - let property_name = match security_level { - SecurityLevel::STRONGBOX => "ro.remote_provisioning.strongbox.rkp_only", - SecurityLevel::TRUSTED_ENVIRONMENT => "ro.remote_provisioning.tee.rkp_only", + let property_name = match self.security_level { + SecurityLevel::STRONGBOX => "remote_provisioning.strongbox.rkp_only", + SecurityLevel::TRUSTED_ENVIRONMENT => "remote_provisioning.tee.rkp_only", _ => return default_value, }; @@ -102,7 +96,7 @@ impl RemProvState { /// server, so unfortunately caching the presence or absence of the HAL is not enough to fully /// make decisions about the state of remote provisioning during runtime. fn check_rem_prov_enabled(&self, db: &mut KeystoreDB) -> Result<bool> { - if self.is_rkp_only { + if self.is_rkp_only() { return Ok(true); } if !self.is_hal_present.load(Ordering::Relaxed) @@ -162,7 +156,7 @@ impl RemProvState { "In get_remote_provisioning_key_and_certs: Error occurred: {:?}", e ); - if self.is_rkp_only { + if self.is_rkp_only() { return Err(e); } log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID); |