Snap for 6608602 from b0479b00cb89fe85f5d6af8c27f9dfab770a89f9 to ub-testdpc-rvc-release

android-build-team Robot · android-build-team Robot · commit 95d39d885c9e · 2020-06-19T16:07:28.000Z
Change-Id: If828144a481241007bb66f800149dca8c4762b15
diff --git a/app/build.gradle b/app/build.gradle
@@ -5,9 +5,9 @@ apply from: '../dist.gradle'
 ext {
     /* Version code for *next* release, bump *after* a release is created. */
     // 1 or more digits
-    versionMajor = 6
+    versionMajor = 7
     // exactly 1 digit
-    versionMinor = 2
+    versionMinor = 0
     // exactly 2 digits
     versionBuild = 00
 }
@@ -82,20 +82,28 @@ android {
         }
     }
 
-    task stripTestOnlyNormalDebug << {
-        stripTestOnlyForBuild("normal", "debug")
+    task stripTestOnlyNormalDebug {
+        doLast {
+            stripTestOnlyForBuild("normal", "debug")
+        }
     }
 
-    task stripTestOnlyNormalRelease << {
-        stripTestOnlyForBuild("normal", "release")
+    task stripTestOnlyNormalRelease {
+        doLast {
+            stripTestOnlyForBuild("normal", "release")
+        }
     }
 
-    task stripTestOnlyReplicaDebug << {
-        stripTestOnlyForBuild("replica", "debug")
+    task stripTestOnlyReplicaDebug {
+        doLast {
+            stripTestOnlyForBuild("replica", "debug")
+        }
     }
 
-    task stripTestOnlyReplicaRelease << {
-        stripTestOnlyForBuild("replica", "release")
+    task stripTestOnlyReplicaRelease {
+        doLast {
+            stripTestOnlyForBuild("replica", "release")
+        }
     }
 
     tasks.whenTaskAdded { task ->
diff --git a/app/src/main/java/com/afwsamples/testdpc/policy/PolicyManagementFragment.java b/app/src/main/java/com/afwsamples/testdpc/policy/PolicyManagementFragment.java
@@ -116,6 +116,7 @@
 import com.afwsamples.testdpc.policy.keyguard.LockScreenPolicyFragment;
 import com.afwsamples.testdpc.policy.keyguard.PasswordConstraintsFragment;
 import com.afwsamples.testdpc.policy.keymanagement.GenerateKeyAndCertificateTask;
+import com.afwsamples.testdpc.policy.keymanagement.KeyGenerationParameters;
 import com.afwsamples.testdpc.policy.keymanagement.SignAndVerifyTask;
 import com.afwsamples.testdpc.policy.locktask.KioskModeActivity;
 import com.afwsamples.testdpc.policy.locktask.LockTaskAppInfoArrayAdapter;
@@ -1616,14 +1617,8 @@ private boolean installKeyPair(final PrivateKey key, final Certificate cert, fin
         }
     }
 
-    private void generateKeyPair(final String alias, boolean isUserSelectable,
-                                 byte[] attestationChallenge,
-                                 int idAttestationFlags,
-                                 boolean useStrongBox,
-                                 boolean generateEcKey) {
-        new GenerateKeyAndCertificateTask(
-                alias, isUserSelectable, attestationChallenge, idAttestationFlags,
-                useStrongBox, generateEcKey, getActivity(), mAdminComponentName).execute();
+    private void generateKeyPair(final KeyGenerationParameters params) {
+        new GenerateKeyAndCertificateTask(params, getActivity(), mAdminComponentName).execute();
     }
 
     /**
@@ -2772,19 +2767,23 @@ private void showPromptForGeneratedKeyAlias(String alias) {
                 R.id.include_device_meid_in_attestation);
         final CheckBox useStrongBoxCheckbox = aliasNamingView.findViewById(
                 R.id.use_strongbox);
+        final CheckBox useIndividualAttestationCheckbox = aliasNamingView.findViewById(
+                R.id.use_individual_attestation);
+        useIndividualAttestationCheckbox.setEnabled(Util.SDK_INT >= VERSION_CODES.R);
 
         new AlertDialog.Builder(getActivity())
                 .setTitle(getString(R.string.certificate_alias_prompt_title))
                 .setView(aliasNamingView)
                 .setPositiveButton(android.R.string.ok, new DialogInterface.OnClickListener() {
                     @Override
                     public void onClick(DialogInterface dialog, int which) {
-                        String alias = input.getText().toString();
-                        boolean isUserSelectable = userSelectableCheckbox.isChecked();
+                        KeyGenerationParameters.Builder paramsBuilder =
+                                new KeyGenerationParameters.Builder();
+                        paramsBuilder.setAlias(input.getText().toString());
+                        paramsBuilder.setIsUserSelectable(userSelectableCheckbox.isChecked());
 
-                        byte[] attestationChallenge = null;
                         if (includeAttestationChallengeCheckbox.isChecked()) {
-                            attestationChallenge = new byte[] {0x61, 0x62, 0x63};
+                            paramsBuilder.setAttestationChallenge(new byte[] {0x61, 0x62, 0x63});
                         }
 
                         int idAttestationFlags = 0;
@@ -2800,10 +2799,15 @@ public void onClick(DialogInterface dialog, int which) {
                         if (deviceMeidAttestationCheckbox.isChecked()) {
                             idAttestationFlags |= DevicePolicyManager.ID_TYPE_MEID;
                         }
+                        if (useIndividualAttestationCheckbox.isChecked()) {
+                            idAttestationFlags |=
+                                    DevicePolicyManager.ID_TYPE_INDIVIDUAL_ATTESTATION;
+                        }
+                        paramsBuilder.setIdAttestationFlags(idAttestationFlags);
+                        paramsBuilder.setUseStrongBox(useStrongBoxCheckbox.isChecked());
+                        paramsBuilder.setGenerateEcKey(ecKeyCheckbox.isChecked());
 
-                        generateKeyPair(alias, isUserSelectable, attestationChallenge,
-                                idAttestationFlags, useStrongBoxCheckbox.isChecked(),
-                                ecKeyCheckbox.isChecked());
+                        generateKeyPair(paramsBuilder.build());
                     }
                 })
                 .setNegativeButton(android.R.string.cancel, null)
diff --git a/app/src/main/java/com/afwsamples/testdpc/policy/keymanagement/GenerateKeyAndCertificateTask.java b/app/src/main/java/com/afwsamples/testdpc/policy/keymanagement/GenerateKeyAndCertificateTask.java
@@ -27,6 +27,7 @@
 import android.security.keystore.KeyGenParameterSpec;
 import android.security.keystore.KeyProperties;
 import android.security.keystore.StrongBoxUnavailableException;
+import android.util.Base64;
 import android.util.Log;
 import android.view.View;
 import android.widget.TextView;
@@ -60,20 +61,15 @@ public class GenerateKeyAndCertificateTask extends AsyncTask<Void, Integer, Atte
     private final Activity mActivity;
 
     public GenerateKeyAndCertificateTask(
-            String alias,
-            boolean isUserSelectable,
-            byte[] attestationChallenge,
-            int idAttestationFlags,
-            boolean useStrongBox,
-            boolean generateEcKey,
+            KeyGenerationParameters params,
             Activity activity,
             ComponentName admin) {
-        mAlias = alias;
-        mIsUserSelectable = isUserSelectable;
-        mAttestationChallenge = attestationChallenge;
-        mIdAttestationFlags = idAttestationFlags;
-        mUseStrongBox = useStrongBox;
-        mGenerateEcKey = generateEcKey;
+        mAlias = params.alias;
+        mIsUserSelectable = params.isUserSelectable;
+        mAttestationChallenge = params.attestationChallenge;
+        mIdAttestationFlags = params.idAttestationFlags;
+        mUseStrongBox = params.useStrongBox;
+        mGenerateEcKey = params.generateEcKey;
         mActivity = activity;
         mAdminComponentName = admin;
         mDevicePolicyManager =
@@ -121,6 +117,15 @@ protected AttestedKeyPair doInBackground(Void... voids) {
                 return null;
             }
 
+            List<Certificate> attestationRecord = keyPair.getAttestationRecord();
+            if (attestationRecord != null) {
+                Log.i(TAG, "Attestation record:");
+                for (Certificate cert : attestationRecord) {
+                    Log.i(TAG, Base64.encodeToString(cert.getEncoded(), Base64.NO_WRAP));
+                }
+                Log.i(TAG, "End of attestation record.");
+            }
+
             X500Principal subject = new X500Principal("CN=TestDPC, O=Android, C=US");
             // Self-signed certificate: Same subject and issuer.
             X509Certificate selfSigned =
diff --git a/app/src/main/java/com/afwsamples/testdpc/policy/keymanagement/KeyGenerationParameters.java b/app/src/main/java/com/afwsamples/testdpc/policy/keymanagement/KeyGenerationParameters.java
@@ -0,0 +1,66 @@
+package com.afwsamples.testdpc.policy.keymanagement;
+
+public class KeyGenerationParameters {
+    public final String alias;
+    public final boolean isUserSelectable;
+    public final byte[] attestationChallenge;
+    public final int idAttestationFlags;
+    public final boolean useStrongBox;
+    public final boolean generateEcKey;
+
+    public KeyGenerationParameters(
+            String alias, boolean isUserSelectable, byte[] attestationChallenge,
+            int idAttestationFlags, boolean useStrongBox, boolean generateEcKey) {
+        this.alias = alias;
+        this.isUserSelectable = isUserSelectable;
+        this.attestationChallenge = attestationChallenge;
+        this.idAttestationFlags = idAttestationFlags;
+        this.useStrongBox = useStrongBox;
+        this.generateEcKey = generateEcKey;
+    }
+
+    public static class Builder {
+        private String mAlias;
+        private boolean mIsUserSelectable;
+        private byte[] mAttestationChallenge;
+        private int mIdAttestationFlags;
+        private boolean mUseStrongBox;
+        private boolean mGenerateEcKey;
+
+        public Builder setAlias(String alias) {
+            mAlias = alias;
+            return this;
+        }
+
+        public Builder setIsUserSelectable(boolean isUserSelectable) {
+            mIsUserSelectable = isUserSelectable;
+            return this;
+        }
+
+        public Builder setAttestationChallenge(byte[] attestationChallenge) {
+            mAttestationChallenge = attestationChallenge;
+            return this;
+        }
+
+        public Builder setIdAttestationFlags(int idAttestationFlags) {
+            mIdAttestationFlags = idAttestationFlags;
+            return this;
+        }
+
+        public Builder setUseStrongBox(boolean useStrongBox) {
+            mUseStrongBox = useStrongBox;
+            return this;
+        }
+
+        public Builder setGenerateEcKey(boolean generateEcKey) {
+            mGenerateEcKey = generateEcKey;
+            return this;
+        }
+
+        public KeyGenerationParameters build() {
+            return new KeyGenerationParameters(mAlias, mIsUserSelectable, mAttestationChallenge,
+                    mIdAttestationFlags, mUseStrongBox, mGenerateEcKey);
+        }
+
+    }
+}
diff --git a/app/src/main/res/layout/key_generation_prompt.xml b/app/src/main/res/layout/key_generation_prompt.xml
@@ -93,10 +93,21 @@
         android:layout_height="wrap_content"
         android:text="@string/meid_attestation_checkbox"/>
 
+    <TextView
+        android:layout_width="fill_parent"
+        android:layout_height="wrap_content"
+        android:text="@string/strongbox_features_description"/>
+
     <CheckBox
         android:id="@+id/use_strongbox"
         android:layout_width="match_parent"
         android:layout_height="wrap_content"
         android:text="@string/use_strongbox_checkbox"/>
 
+    <CheckBox
+        android:id="@+id/use_individual_attestation"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:text="@string/use_individual_attestation_checkbox"/>
+
 </LinearLayout>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
@@ -565,7 +565,10 @@
     <string name="serial_num_attestation_checkbox">Include device serial number</string>
     <string name="imei_attestation_checkbox">Include device IMEI</string>
     <string name="meid_attestation_checkbox">Include device MEID</string>
+    <string name="strongbox_features_description">StrongBox-related options</string>
     <string name="use_strongbox_checkbox">Use StrongBox</string>
+    <string name="use_individual_attestation_checkbox">Use Individual Attestation Certificate</string>
+
 
     <!-- Strings for app restrictions -->
     <string name="managed_configurations">Managed configurations</string>
diff --git a/settings.gradle b/settings.gradle
@@ -1,4 +1,2 @@
 include ':TestDPC'
-project(':TestDPC').projectDir = new File(rootDir, "vendor/unbundled_google/packages/TestDPC/app")
-include ':CosuApp'
-project(':CosuApp').projectDir = new File(rootDir, "vendor/unbundled_google/packages/TestDPC/cosuapp")
+project(':TestDPC').projectDir = new File(rootDir, "vendor/unbundled_google/packages/TestDPC/app")
