diff options
author | Shawn Willden <swillden@google.com> | 2016-03-15 08:37:29 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2016-03-29 18:17:02 -0600 |
commit | 814a6e725cd89ad6bf27a9951d25025dc9ace9a8 (patch) | |
tree | f9113923b189167a77f92b2535590b503b001bae | |
parent | 47d2616439c134502d9ee87a3d4bda065e3d5324 (diff) | |
download | security-814a6e725cd89ad6bf27a9951d25025dc9ace9a8.tar.gz |
Configure keymaster with OS version info.
Change-Id: Ia09591dbea04ff5d45370b47341efa5bf34604ce
-rw-r--r-- | keystore/keystore_main.cpp | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp index a2b75f65..e84fb371 100644 --- a/keystore/keystore_main.cpp +++ b/keystore/keystore_main.cpp @@ -17,6 +17,7 @@ //#define LOG_NDEBUG 0 #define LOG_TAG "keystore" +#include <keymaster/keymaster_configuration.h> #include <keymaster/soft_keymaster_device.h> #include <keymaster/soft_keymaster_logger.h> @@ -36,8 +37,24 @@ * user-defined password. To keep things simple, buffers are always larger than * the maximum space we needed, so boundary checks on buffers are omitted. */ +using keymaster::AuthorizationSet; +using keymaster::AuthorizationSetBuilder; using keymaster::SoftKeymasterDevice; +static int configure_keymaster_devices(keymaster2_device_t* main, keymaster2_device_t* fallback) { + keymaster_error_t error = keymaster::ConfigureDevice(main); + if (error != KM_ERROR_OK) { + return -1; + } + + error = keymaster::ConfigureDevice(fallback); + if (error != KM_ERROR_OK) { + return -1; + } + + return 0; +} + static int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0); ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version); @@ -199,6 +216,11 @@ int main(int argc, char* argv[]) { return 1; } + if (configure_keymaster_devices(dev, fallback)) { + ALOGE("Keymaster devices could not be configured; exiting"); + return 1; + } + if (configure_selinux() == -1) { return -1; } |