From 7f8ccb5caf21441830f16986123dac7d9c4979c7 Mon Sep 17 00:00:00 2001
From: David Zeuthen <zeuthen@google.com>
Date: Wed, 10 Mar 2021 14:40:17 -0500
Subject: [PATCH] KeyMint + KeyMaster: Include permissions for
 FEATURE_HARDWARE_KEYSTORE.

This change includes permission files for the new permission
FEATURE_HARDWARE_KEYSTORE for the default KeyMaster and KeyMint
implementations.

Test: Manually inspected that permission files are installed.
Test: atest android.keystore.cts.KeyAttestationTest#testAttestationKmVersionMatchesFeatureVersion
Bug: 160616951
Change-Id: Ia35e1ba6c894624999eed62e8434a20ebc833b97
---
 keymaster/4.1/default/Android.bp               | 11 ++++++++++-
 ...android.hardware.hardware_keystore.km41.xml | 18 ++++++++++++++++++
 security/keymint/aidl/default/Android.bp       | 12 +++++++++++-
 .../android.hardware.hardware_keystore.xml     | 18 ++++++++++++++++++
 4 files changed, 57 insertions(+), 2 deletions(-)
 create mode 100644 keymaster/4.1/default/android.hardware.hardware_keystore.km41.xml
 create mode 100644 security/keymint/aidl/default/android.hardware.hardware_keystore.xml

diff --git a/keymaster/4.1/default/Android.bp b/keymaster/4.1/default/Android.bp
index 3e2289a701..6ec1faef0e 100644
--- a/keymaster/4.1/default/Android.bp
+++ b/keymaster/4.1/default/Android.bp
@@ -45,5 +45,14 @@ cc_binary {
         "liblog",
         "libutils",
     ],
-
+    required: [
+        "android.hardware.hardware_keystore.km41.xml",
+    ],
+}
+
+prebuilt_etc {
+    name: "android.hardware.hardware_keystore.km41.xml",
+    sub_dir: "permissions",
+    vendor: true,
+    src: "android.hardware.hardware_keystore.km41.xml",
 }
diff --git a/keymaster/4.1/default/android.hardware.hardware_keystore.km41.xml b/keymaster/4.1/default/android.hardware.hardware_keystore.km41.xml
new file mode 100644
index 0000000000..0dbeed8f2b
--- /dev/null
+++ b/keymaster/4.1/default/android.hardware.hardware_keystore.km41.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<permissions>
+  <feature name="android.hardware.hardware_keystore" version="41" />
+</permissions>
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index f4e403ee2c..ebdc9b7790 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -39,7 +39,17 @@ cc_binary {
     srcs: [
         "service.cpp",
     ],
-    required: ["RemoteProvisioner"],
+    required: [
+        "RemoteProvisioner",
+        "android.hardware.hardware_keystore.xml",
+    ],
+}
+
+prebuilt_etc {
+    name: "android.hardware.hardware_keystore.xml",
+    sub_dir: "permissions",
+    vendor: true,
+    src: "android.hardware.hardware_keystore.xml",
 }
 
 cc_library {
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore.xml
new file mode 100644
index 0000000000..e5a93457c2
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<permissions>
+  <feature name="android.hardware.hardware_keystore" version="100" />
+</permissions>