keymaster: abort operations on HAL errors

Not all error code paths in the HAL are
aborting initiated operations.  This change
tackles the error returns in attest().

This particular error case has not been encountered
in the field, but any errors during attest would
result in a similar situtation as described in the
associated bug -- operation handle leakage on Citadel.

Bug: 116055338
Test: release-tests.sh pass on PVT1
Change-Id: Icae96cc502cf16ece29c87e84c7b54c3e3e43727
1 file changed
tree: 7bc4f07c500745d83fa204ff8158a264a0c1a294
  1. Android.bp
  2. LICENSE
  3. METADATA
  4. MODULE_LICENSE_APACHE2
  5. NOTICE
  6. README.md
  7. citadel/
  8. hals/
  9. manual_tests/
README.md

Android components for Nugget

Android communicates with Nugget apps in order to implement security related HALs. Currently, those HALs are Keymaster, Weaver and OemLock.

Services

Apps that define a protobuf service will have an app interface class autogenerated. These classes will wrap a NuggetClient. The generator can be found in the generator directory.

Asynchronous communication

Work in progress.

Currently, everything is synchronous and just exposes the call_application() function from the Nugget transport API. In future, asynchronous calls may be desired. Support for this could be added in:

  • Nugget transport API
  • NuggetClient on top of call_application()
  • Generated services

citadel

This directory contains the components to support Citadel connected to Android.