Merge "Add MAX_BOOT_LEVEL tag, BOOT_LEVEL_EXCEEDED error"

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl

@@ -115,6 +115,7 @@ enum ErrorCode {
   MISSING_NOT_AFTER = -81,
   MISSING_ISSUER_SUBJECT = -82,
   INVALID_ISSUER_SUBJECT = -83,
+  BOOT_LEVEL_EXCEEDED = -84,
   UNIMPLEMENTED = -100,
   VERSION_MISMATCH = -101,
   UNKNOWN_ERROR = -1000,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl

@@ -98,4 +98,5 @@ enum Tag {
   CERTIFICATE_SUBJECT = -1879047185,
   CERTIFICATE_NOT_BEFORE = 1610613744,
   CERTIFICATE_NOT_AFTER = 1610613745,
+  MAX_BOOT_LEVEL = 805307378,
 }

security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl

@@ -105,6 +105,7 @@ enum ErrorCode {
     MISSING_NOT_AFTER = -81,
     MISSING_ISSUER_SUBJECT = -82,
     INVALID_ISSUER_SUBJECT = -83,
+    BOOT_LEVEL_EXCEEDED = -84,
 
     UNIMPLEMENTED = -100,
     VERSION_MISMATCH = -101,

security/keymint/aidl/android/hardware/security/keymint/Tag.aidl

@@ -960,4 +960,15 @@ enum Tag {
      * or importKey.
      */
     CERTIFICATE_NOT_AFTER = (6 << 28) /* TagType:DATE */ | 1009,
+
+    /**
+     * Tag::MAX_BOOT_LEVEL specifies a maximum boot level at which a key should function.
+     *
+     * Over the course of the init process, the boot level will be raised to
+     * monotonically increasing integer values. Implementations MUST NOT allow the key
+     * to be used once the boot level advances beyond the value of this tag.
+     *
+     * Cannot be hardware enforced in this version.
+     */
+    MAX_BOOT_LEVEL = (3 << 28) /* TagType:UINT */ | 1010,
 }

security/keymint/support/include/keymint_support/keymint_tags.h

@@ -130,6 +130,7 @@ DECLARE_TYPED_TAG(CERTIFICATE_SERIAL);
 DECLARE_TYPED_TAG(CERTIFICATE_SUBJECT);
 DECLARE_TYPED_TAG(CERTIFICATE_NOT_BEFORE);
 DECLARE_TYPED_TAG(CERTIFICATE_NOT_AFTER);
+DECLARE_TYPED_TAG(MAX_BOOT_LEVEL);
 
 #undef DECLARE_TYPED_TAG