From 3829840d360ec1d277a7ee9c1e818c038915f691 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 17 Mar 2021 11:00:15 -0700 Subject: [PATCH] Security: Add @SensitiveData annotation. Bug: 174857732 Test: N/A Change-Id: Id1aeaf9b0da79b8c4d5e91f30942a31a26f7b1d4 --- security/keymint/aidl/Android.bp | 1 + .../android/hardware/security/keymint/IKeyMintDevice.aidl | 2 +- .../android/hardware/security/keymint/IKeyMintOperation.aidl | 2 +- .../aidl/android/hardware/security/keymint/IKeyMintDevice.aidl | 1 + .../android/hardware/security/keymint/IKeyMintOperation.aidl | 1 + 5 files changed, 5 insertions(+), 2 deletions(-) diff --git a/security/keymint/aidl/Android.bp b/security/keymint/aidl/Android.bp index 6766d99311..0c11f3b787 100644 --- a/security/keymint/aidl/Android.bp +++ b/security/keymint/aidl/Android.bp @@ -26,6 +26,7 @@ aidl_interface { vndk: { enabled: true, }, + apps_enabled: false, }, rust: { enabled: true, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl index 4f6fb28cd3..bf3099920f 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl +++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl @@ -33,7 +33,7 @@ package android.hardware.security.keymint; /* @hide */ -@VintfStability +@SensitiveData @VintfStability interface IKeyMintDevice { android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo(); void addRngEntropy(in byte[] data); diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl index 5ac2b4a139..4ab4ffed11 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl +++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl @@ -33,7 +33,7 @@ package android.hardware.security.keymint; /* @hide */ -@VintfStability +@SensitiveData @VintfStability interface IKeyMintOperation { void updateAad(in byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timeStampToken); byte[] update(in byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timeStampToken); diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl index 5aa307094c..1c503c2913 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl @@ -214,6 +214,7 @@ import android.hardware.security.secureclock.TimeStampToken; * @hide */ @VintfStability +@SensitiveData interface IKeyMintDevice { const int AUTH_TOKEN_MAC_LENGTH = 32; diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl index 5ad54cda19..d2a993f040 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl @@ -22,6 +22,7 @@ import android.hardware.security.secureclock.TimeStampToken; /** @hide */ @VintfStability +@SensitiveData interface IKeyMintOperation { /** * Provides additional authentication data (AAD) to a cryptographic operation begun with