diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 39341ef8..25544320 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -39,6 +39,8 @@ #include "keystore_utils.h" #include +#include + namespace keystore { using namespace android; @@ -103,8 +105,12 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid); if (!asn1_attestation_id_result.isOk()) { - ALOGE("failed to gather attestation_id"); - return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING; + if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) { + return KeyStoreServiceReturnCode(ErrorCode(KM_ERROR_UNIMPLEMENTED)); + } else { + ALOGE("failed to gather attestation_id"); + return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING; + } } std::vector& asn1_attestation_id = asn1_attestation_id_result; diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp index 830482bb..362bbc54 100644 --- a/keystore/keystore_attestation_id.cpp +++ b/keystore/keystore_attestation_id.cpp @@ -34,6 +34,8 @@ #include #include +#include + #include #include @@ -165,6 +167,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat return BAD_VALUE; } std::string package_name(String8(*pinfo->package_name()).string()); + // Prevent Google Play Services from using key attestation for SafetyNet + if (package_name == "com.google.android.gms") { + return KM_ERROR_UNIMPLEMENTED; + } std::unique_ptr attestation_package_info; auto rc = build_attestation_package_info(*pinfo, &attestation_package_info); if (rc != NO_ERROR) {