Google Git
Sign in
android / platform / external / nos / host / android / 15361469739d69efba81b06198c01e09581e5d4e
commit15361469739d69efba81b06198c01e09581e5d4e[log] [tgz]
authorGarret Kelly <gdk@google.com>Thu May 23 08:46:31 2019 -0400
committerGarret Kelly <gdk@google.com>Thu May 23 08:48:47 2019 -0400
tree8a1ea17fa37d8c492708fea944db01a56a66e692
parent428eb3c899ddfd3f541e034d5fb16e41e7298024 [diff]
parentf88949e2207b65935e0c4442ea04d5a37dadb811 [diff]
Merge remote-tracking branch 'goog/upstream-pixel18' into pi-dev-uaf-fix

* goog/upstream-pixel18:
  keymaster: address UAF bug in attest()

Bug: 133197843
Bug: 129562815
Test: manual
Change-Id: If990030f5cff02c241a88a51d63bc2b9dbfc365f
Signed-off-by: Garret Kelly <gdk@google.com>
tree: 8a1ea17fa37d8c492708fea944db01a56a66e692
  1. citadel/
  2. hals/
  3. manual_tests/
  4. Android.bp
  5. LICENSE
  6. METADATA
  7. MODULE_LICENSE_APACHE2
  8. NOTICE
  9. README.md
README.md

Android components for Nugget

Android communicates with Nugget apps in order to implement security related HALs. Currently, those HALs are Keymaster, Weaver and OemLock.

Services

Apps that define a protobuf service will have an app interface class autogenerated. These classes will wrap a NuggetClient. The generator can be found in the generator directory.

Asynchronous communication

Work in progress.

Currently, everything is synchronous and just exposes the call_application() function from the Nugget transport API. In future, asynchronous calls may be desired. Support for this could be added in:

  • Nugget transport API
  • NuggetClient on top of call_application()
  • Generated services

citadel

This directory contains the components to support Citadel connected to Android.