Google Git
Sign in
android / platform / external / nos / host / generic / 4e27e478b25bbef8fc8bb34982c9754c13d78e62
commit4e27e478b25bbef8fc8bb34982c9754c13d78e62[log] [tgz]
authorJoseph Jang <josephjang@google.com>Tue Nov 09 14:40:53 2021 +0800
committerTreeHugger Robot <android-build-prod@system.gserviceaccount.com>Tue Nov 23 16:11:54 2021 +0000
treeba2b141a68f45c44bbd786e45d19f0b649a56190
parentdf60cda92f772016b37d09171bf97ee81b74ec61 [diff]
identity: Add session_cookie to block external decryption request

In order to prevent attacker sending data decryption request while
idenity task is decrypting user data from identify oem Hal, we add
a random session_cookie between ic_startRetrieveEntryValue() and
ic_retrieveEntryValue().

Bug: 196388042
Test: VtsHalIdentityTargetTest and android.security.identity.cts
Change-Id: I8e2d9ed22bc8dfee789f75c3627ed13f0db76638
Reviewed-on: https://nugget-os-review.googlesource.com/c/host/generic/+/48164
Presubmit-Verified: TreeHugger Robot <android-build-prod@system.gserviceaccount.com>
Reviewed-by: Brian Murray <brianjmurray@google.com>
Autosubmit: Brian Murray <brianjmurray@google.com>
Tested-by: Joseph Jang <josephjang@google.com>
1 file changed
tree: ba2b141a68f45c44bbd786e45d19f0b649a56190
  1. libnos/
  2. libnos_datagram/
  3. libnos_transport/
  4. nugget/
  5. .checkpatch.conf
  6. .clang-format
  7. Android.bp
  8. BUILD
  9. LICENSE
  10. METADATA
  11. MODULE_LICENSE_APACHE2
  12. NOTICE
  13. OWNERS
  14. README.md
README.md

Generic host components for Nugget

Nugget will be used in different contexts and with different hosts. This repo contains the components that can be shared between those hosts.

nugget

The nugget directory contains items that are shared between the host and the firmware. Those include:

  • shared headers
  • service protos

libnos

libnos is a C++ library for communication with a Nugget device. It offers an interface to manage a connection and exchange data and a generator for RPC stubs based on service protos.

libnos_datagram

libnos_datagram is a C library for exchanging datagrams with a Nugget device. This directory only contains the API of the library as the different platforms will need to implement it differently.

libnos_transport

libnos_transport is a C library for communicating with a Nugget device via the transport API. This is built on top of the libnos_datagram library for exchanging datagrams.