1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17
18package com.android.server.security;
19
20import android.content.Context;
21import android.content.pm.PackageInfo;
22import android.content.pm.PackageManager;
23import android.content.pm.PackageManager.NameNotFoundException;
24import android.os.Binder;
25import android.os.RemoteException;
26import android.os.UserHandle;
27import android.security.keymaster.KeyAttestationPackageInfo;
28import android.security.keymaster.KeyAttestationApplicationId;
29import android.security.keymaster.IKeyAttestationApplicationIdProvider;
30
31/**
32 * @hide
33 * The KeyAttestationApplicationIdProviderService provides information describing the possible
34 * applications identified by a UID. Due to UID sharing, this KeyAttestationApplicationId can
35 * comprise information about multiple packages. The Information is used by keystore to describe
36 * the initiating application of a key attestation procedure.
37 */
38public class KeyAttestationApplicationIdProviderService
39        extends IKeyAttestationApplicationIdProvider.Stub {
40
41    public KeyAttestationApplicationIdProviderService(Context context) {
42        mPackageManager = context.getPackageManager();
43    }
44
45    private PackageManager mPackageManager;
46
47    public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)
48            throws RemoteException {
49        if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {
50            throw new SecurityException("This service can only be used by Keystore");
51        }
52        KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;
53        final long token = Binder.clearCallingIdentity();
54        try {
55            String[] packageNames = mPackageManager.getPackagesForUid(uid);
56            if (packageNames == null) {
57                throw new RemoteException("No packages for uid");
58            }
59            int userId = UserHandle.getUserId(uid);
60            keyAttestationPackageInfos = new KeyAttestationPackageInfo[packageNames.length];
61
62            for (int i = 0; i < packageNames.length; ++i) {
63                PackageInfo packageInfo = mPackageManager.getPackageInfoAsUser(packageNames[i],
64                        PackageManager.GET_SIGNATURES, userId);
65                keyAttestationPackageInfos[i] = new KeyAttestationPackageInfo(packageNames[i],
66                        packageInfo.versionCode, packageInfo.signatures);
67            }
68        } catch (NameNotFoundException nnfe) {
69            throw new RemoteException(nnfe.getMessage());
70        } finally {
71            Binder.restoreCallingIdentity(token);
72        }
73        return new KeyAttestationApplicationId(keyAttestationPackageInfos);
74    }
75}
76