mirror of
https://github.com/Evolution-X/hardware_interfaces
synced 2026-02-01 11:36:00 +00:00
hwcrypto: Add protectionIDs to keys
Added function to tag keys with protectionIDs. This allow the key creator to limit the types of buffer that a key can operate onto. Bug: 284177057 Test: qemu android build Change-Id: Ie0eb266c93877c690a1cf27b356c7f8f35b1fd97
This commit is contained in:
Orlando Arbildo
@@ -28,4 +28,5 @@ aidl_interface {
|
||||
enabled: true,
|
||||
},
|
||||
},
|
||||
frozen: false,
|
||||
}
|
||||
|
||||
@@ -37,4 +37,5 @@ interface IOpaqueKey {
|
||||
android.hardware.security.see.hwcrypto.KeyPolicy getKeyPolicy();
|
||||
byte[] getPublicKey();
|
||||
android.hardware.security.see.hwcrypto.types.OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
|
||||
void setProtectionId(in android.hardware.security.see.hwcrypto.types.ProtectionId protectionId, in android.hardware.security.see.hwcrypto.types.OperationType[] allowedOperations);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
/*
|
||||
* Copyright 2024 The Android Open Source Project
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
|
||||
// two cases:
|
||||
// 1). this is a frozen version file - do not edit this in any case.
|
||||
// 2). this is a 'current' file. If you make a backwards compatible change to
|
||||
// the interface (from the latest frozen version), the build system will
|
||||
// prompt you to update this file with `m <name>-update-api`.
|
||||
//
|
||||
// You must not make a backward incompatible change to any AIDL file built
|
||||
// with the aidl_interface module type with versions property set. The module
|
||||
// type is used to build AIDL files in a way that they can be used across
|
||||
// independently updatable components of the system. If a device is shipped
|
||||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.security.see.hwcrypto.types;
|
||||
enum ProtectionId {
|
||||
WIDEVINE_OUTPUT_BUFFER = 1,
|
||||
}
|
||||
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto;
|
||||
import android.hardware.security.see.hwcrypto.KeyPolicy;
|
||||
import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
|
||||
import android.hardware.security.see.hwcrypto.types.OperationType;
|
||||
import android.hardware.security.see.hwcrypto.types.ProtectionId;
|
||||
|
||||
interface IOpaqueKey {
|
||||
/*
|
||||
@@ -65,4 +66,25 @@ interface IOpaqueKey {
|
||||
* <code>HalErrorCode</code> otherwise.
|
||||
*/
|
||||
OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
|
||||
|
||||
/*
|
||||
* setProtectionId() - Sets the protectionID associated with the buffers where the operation
|
||||
* will be performed. A protection ID serves as a limitation on the key so
|
||||
* it can only operate on buffers with a matching protection ID.
|
||||
* The client calling this functions needs to have the necessary permissions
|
||||
* to read and/or write to this buffer. Setting this parameter means that
|
||||
* if the key is shared with a different client, the client receiving the
|
||||
* key will be limited in which buffers can be used to read/write data for
|
||||
* this operation.
|
||||
*
|
||||
* @protectionId:
|
||||
* ID of the given use case to provide protection for. The method of protecting the buffer
|
||||
* will be platform dependent.
|
||||
* @allowedOperations:
|
||||
* array of allowed operations. Allowed operations are either READ or WRITE.
|
||||
*
|
||||
* Return:
|
||||
* service specific error based on <code>HalErrorCode</code> on failure.
|
||||
*/
|
||||
void setProtectionId(in ProtectionId protectionId, in OperationType[] allowedOperations);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
/*
|
||||
* Copyright 2024 The Android Open Source Project
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package android.hardware.security.see.hwcrypto.types;
|
||||
|
||||
/*
|
||||
* Enum describing the different types of protected buffers. Protected buffers are named by its
|
||||
* corresponding use case and its underlaying implementation is platform dependant.
|
||||
*/
|
||||
enum ProtectionId {
|
||||
/*
|
||||
* ProtectionID used by HwCrypto to enable Keys that can be used for Widevine video buffers.
|
||||
* These buffers should not be readable by non-trusted entities and HwCrypto should not allow
|
||||
* any read access to them through its interface.
|
||||
*/
|
||||
WIDEVINE_OUTPUT_BUFFER = 1,
|
||||
}
|
||||
Reference in New Issue
Block a user