HIDL HALs mark sensitive data

For extra precautious transaction clearing. Bug: 171501998 Test: hidl_test + inspecting output Change-Id: I813dc3dd6c85ad0e86c6b8c116b7a207517dd12e
2026-02-01 05:49:27 +00:00 · 2020-11-19 23:16:09 +00:00
parent 312bf0e65e
commit 28f2549765
6 changed files with 9 additions and 2 deletions
--- a/current.txt
+++ b/current.txt
@@ -769,6 +769,10 @@ a64467bae843569f0d465c5be7f0c7a5b987985b55a3ef4794dd5afc68538650 android.hardwar
 # ABI preserving changes to HALs during Android S
 2c331a9605f3a08d9c1e0a36169ca57758bc43c11a78ef3f3730509885e52c15 android.hardware.graphics.composer@2.4::IComposerClient
 3da3ce039247872d95c6bd48621dbfdfa1c2d2a91a90f257862f87ee2bc46300 android.hardware.health@2.1::types
+9679f27a42f75781c8993ef163ed92808a1928de186639834841d0b8e326e63d android.hardware.gatekeeper@1.0::IGatekeeper
+40456eb90ea88b62d18ad3fbf1da8917981cd55ac04ce69c8e058d49ff5beff4 android.hardware.keymaster@3.0::IKeymasterDevice
+6017b4f2481feb0fffceae81c62bc372c898998b2d8fe69fbd39859d3a315e5e android.hardware.keymaster@4.0::IKeymasterDevice
+dabe23dde7c9e3ad65c61def7392f186d7efe7f4216f9b6f9cf0863745b1a9f4 android.hardware.keymaster@4.1::IKeymasterDevice
 cd84ab19c590e0e73dd2307b591a3093ee18147ef95e6d5418644463a6620076 android.hardware.neuralnetworks@1.2::IDevice
 9625e85f56515ad2cf87b6a1847906db669f746ea4ab02cd3d4ca25abc9b0109 android.hardware.neuralnetworks@1.2::types
 9e758e208d14f7256e0885d6d8ad0b61121b21d8c313864f981727ae55bffd16 android.hardware.neuralnetworks@1.3::types
--- a/gatekeeper/1.0/Android.bp
+++ b/gatekeeper/1.0/Android.bp
@@ -10,5 +10,5 @@ hidl_interface {
    interfaces: [
        "android.hidl.base@1.0",
    ],
-    gen_java: true,
+    gen_java: false,
 }
--- a/gatekeeper/1.0/IGatekeeper.hal
+++ b/gatekeeper/1.0/IGatekeeper.hal
@@ -15,6 +15,7 @@
 */
 package android.hardware.gatekeeper@1.0;

+@SensitiveData
 interface IGatekeeper {

 /**
--- a/keymaster/3.0/IKeymasterDevice.hal
+++ b/keymaster/3.0/IKeymasterDevice.hal
@@ -20,6 +20,7 @@ package android.hardware.keymaster@3.0;
 * Keymaster device definition.  For thorough documentation see the implementer's reference, at
 * https://source.android.com/security/keystore/implementer-ref.html
 */
+@SensitiveData
 interface IKeymasterDevice {

    /**
--- a/keymaster/4.0/IKeymasterDevice.hal
+++ b/keymaster/4.0/IKeymasterDevice.hal
@@ -195,7 +195,7 @@ import android.hardware.keymaster@3.0::KeyFormat;
 * Tag::VENDOR_PATCHLEVEL, and Tag::BOOT_PATCHLEVEL must be cryptographically bound to every
 * IKeymasterDevice key, as described in the Key Access Control section above.
 */
-
+@SensitiveData
 interface IKeymasterDevice {

    /**
--- a/keymaster/4.1/IKeymasterDevice.hal
+++ b/keymaster/4.1/IKeymasterDevice.hal
@@ -37,6 +37,7 @@ import @4.0::VerificationToken;
 * versions will be numbered as major_version * 10 + minor version.  The addition of new attestable
 * tags changes the attestation format again, slightly, so the attestationVersion must be 4.
 */
+@SensitiveData
 interface IKeymasterDevice extends @4.0::IKeymasterDevice {
    /**
     * Called by client to notify the IKeymasterDevice that the device is now locked, and keys with