Build and its override only on general-tests or mts-* am: b3568343f0
Original change: https://android-review.googlesource.com/c/platform/packages/modules/RemoteKeyProvisioning/+/3144836
Change-Id: I16977123600b901508184e670cee4b5076403ec8
Signed-off-by: Automerger Merge Worker <[email protected]>
diff --git a/app/AndroidManifest.xml b/app/AndroidManifest.xml
index 79a1783..b8ab08b 100644
--- a/app/AndroidManifest.xml
+++ b/app/AndroidManifest.xml
@@ -30,6 +30,7 @@
android:exported="false">
</service>
<service android:name=".service.RemoteProvisioningService"
+ android:permission="android.permission.BIND_RKP_SERVICE"
android:exported="true">
<intent-filter>
<action android:name="com.android.rkpdapp.IRemoteProvisioning"/>
diff --git a/app/TEST_MAPPING b/app/TEST_MAPPING
index 24454ba..c783dee 100644
--- a/app/TEST_MAPPING
+++ b/app/TEST_MAPPING
@@ -26,6 +26,9 @@
// TODO(b/325610326): Add this target to presubmit once there is enough
// SLO data for it.
"name": "AvfRkpdAppIntegrationTests"
+ },
+ {
+ "name": "AvfRkpdVmAttestationTestApp"
}
],
"mainline-presubmit": [
diff --git a/app/src/com/android/rkpdapp/service/RemoteProvisioningService.java b/app/src/com/android/rkpdapp/service/RemoteProvisioningService.java
index 3f1de2f..68ad3f4 100644
--- a/app/src/com/android/rkpdapp/service/RemoteProvisioningService.java
+++ b/app/src/com/android/rkpdapp/service/RemoteProvisioningService.java
@@ -19,7 +19,9 @@
import android.app.Service;
import android.content.Context;
import android.content.Intent;
+import android.os.Binder;
import android.os.IBinder;
+import android.os.Process;
import android.os.RemoteException;
import android.util.Log;
@@ -65,6 +67,14 @@
return;
}
+ // Check that only system process and self can bind.
+ if (Binder.getCallingUid() != Process.SYSTEM_UID
+ && Binder.getCallingUid() != Process.myUid()) {
+ callback.onError(
+ "Only system server and self are allowed to call RKP service.");
+ return;
+ }
+
SystemInterface systemInterface;
try {
systemInterface = ServiceManagerInterface.getInstance(irpcName);
