Skip to content

Commit

Permalink
raise minimum OS version to Android 10
Browse files Browse the repository at this point in the history
Android 11 is the oldest version receiving official security support but
the Android 10 end-of-life was relatively recent.
  • Loading branch information
thestinger committed Apr 15, 2023
1 parent bb15283 commit 0b1e725
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 35 deletions.
2 changes: 1 addition & 1 deletion app/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ android {

defaultConfig {
applicationId = "app.attestation.auditor"
minSdk = 26
minSdk = 29
targetSdk = 33
versionCode = 69
versionName = versionCode.toString()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ class AttestationProtocol {
private static final byte AUDITOR_APP_VARIANT_PLAY = 1;
private static final byte AUDITOR_APP_VARIANT_DEBUG = 2;
private static final int AUDITOR_APP_MINIMUM_VERSION = 47;
private static final int OS_VERSION_MINIMUM = 80000;
private static final int OS_VERSION_MINIMUM = 100000;
private static final int OS_PATCH_LEVEL_MINIMUM = 201801;
private static final int VENDOR_PATCH_LEVEL_MINIMUM = 201808;
private static final int BOOT_PATCH_LEVEL_MINIMUM = 201809;
Expand Down Expand Up @@ -1362,11 +1362,6 @@ static class AttestationResult {
}
}

@TargetApi(28)
static void enableStrongBox(final KeyGenParameterSpec.Builder builder) {
builder.setIsStrongBoxBacked(true);
}

@TargetApi(31)
static void setAttestKeyAlias(final KeyGenParameterSpec.Builder builder, final String alias) {
builder.setAttestKeyAlias(alias);
Expand All @@ -1384,7 +1379,7 @@ static KeyGenParameterSpec.Builder getKeyBuilder(final String alias, final int p
builder.setKeyValidityEnd(new Date(startTime.getTime() + EXPIRE_OFFSET_MS));
}
if (useStrongBox) {
enableStrongBox(builder);
builder.setIsStrongBoxBacked(true);
}
return builder;
}
Expand Down
17 changes: 6 additions & 11 deletions app/src/main/java/app/attestation/auditor/RemoteVerifyJob.java
Original file line number Diff line number Diff line change
Expand Up @@ -88,9 +88,8 @@ static void schedule(final Context context, int interval) {
final long intervalMillis = interval * 1000;
final long flexMillis = intervalMillis / 10;
if (jobInfo != null &&
(Build.VERSION.SDK_INT >= Build.VERSION_CODES.P &&
jobInfo.getEstimatedNetworkDownloadBytes() == ESTIMATED_DOWNLOAD_BYTES &&
jobInfo.getEstimatedNetworkUploadBytes() == ESTIMATED_UPLOAD_BYTES) &&
jobInfo.getEstimatedNetworkDownloadBytes() == ESTIMATED_DOWNLOAD_BYTES &&
jobInfo.getEstimatedNetworkUploadBytes() == ESTIMATED_UPLOAD_BYTES &&
jobInfo.getIntervalMillis() == intervalMillis &&
jobInfo.getFlexMillis() == flexMillis) {
Log.d(TAG, "job already registered");
Expand All @@ -100,10 +99,8 @@ static void schedule(final Context context, int interval) {
if (jobInfo == null) {
final JobInfo.Builder builder = new JobInfo.Builder(FIRST_RUN_JOB_ID, serviceName)
.setPersisted(true)
.setRequiredNetworkType(JobInfo.NETWORK_TYPE_ANY);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
builder.setEstimatedNetworkBytes(ESTIMATED_DOWNLOAD_BYTES, ESTIMATED_UPLOAD_BYTES);
}
.setRequiredNetworkType(JobInfo.NETWORK_TYPE_ANY)
.setEstimatedNetworkBytes(ESTIMATED_DOWNLOAD_BYTES, ESTIMATED_UPLOAD_BYTES);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
builder.setExpedited(true);
}
Expand All @@ -117,10 +114,8 @@ static void schedule(final Context context, int interval) {
final JobInfo.Builder builder = new JobInfo.Builder(PERIODIC_JOB_ID, serviceName)
.setPeriodic(intervalMillis, flexMillis)
.setPersisted(true)
.setRequiredNetworkType(JobInfo.NETWORK_TYPE_ANY);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
builder.setEstimatedNetworkBytes(ESTIMATED_DOWNLOAD_BYTES, ESTIMATED_UPLOAD_BYTES);
}
.setRequiredNetworkType(JobInfo.NETWORK_TYPE_ANY)
.setEstimatedNetworkBytes(ESTIMATED_DOWNLOAD_BYTES, ESTIMATED_UPLOAD_BYTES);
if (scheduler.schedule(builder.build()) == JobScheduler.RESULT_FAILURE) {
throw new RuntimeException("job schedule failed");
}
Expand Down
26 changes: 11 additions & 15 deletions app/src/main/java/app/attestation/auditor/SubmitSampleJob.java
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,8 @@ static void schedule(final Context context) {
final JobScheduler scheduler = context.getSystemService(JobScheduler.class);
final JobInfo.Builder builder = new JobInfo.Builder(JOB_ID, serviceName)
.setPersisted(true)
.setRequiredNetworkType(JobInfo.NETWORK_TYPE_ANY);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
builder.setEstimatedNetworkBytes(ESTIMATED_DOWNLOAD_BYTES, ESTIMATED_UPLOAD_BYTES);
}
.setRequiredNetworkType(JobInfo.NETWORK_TYPE_ANY)
.setEstimatedNetworkBytes(ESTIMATED_DOWNLOAD_BYTES, ESTIMATED_UPLOAD_BYTES);
if (scheduler.schedule(builder.build()) == JobScheduler.RESULT_FAILURE) {
throw new RuntimeException("job schedule failed");
}
Expand Down Expand Up @@ -96,17 +94,15 @@ public boolean onStartJob(final JobParameters params) {
keyStore.deleteEntry(KEYSTORE_ALIAS_SAMPLE);

Certificate[] strongBoxCerts = null;
if (Build.VERSION.SDK_INT >= 28) {
try {
builder.setIsStrongBoxBacked(true);
AttestationProtocol.generateKeyPair(builder.build());
strongBoxCerts = keyStore.getCertificateChain(KEYSTORE_ALIAS_SAMPLE);
keyStore.deleteEntry(KEYSTORE_ALIAS_SAMPLE);
} catch (final StrongBoxUnavailableException ignored) {
} catch (final IOException e) {
if (!(e.getCause() instanceof StrongBoxUnavailableException)) {
throw e;
}
try {
builder.setIsStrongBoxBacked(true);
AttestationProtocol.generateKeyPair(builder.build());
strongBoxCerts = keyStore.getCertificateChain(KEYSTORE_ALIAS_SAMPLE);
keyStore.deleteEntry(KEYSTORE_ALIAS_SAMPLE);
} catch (final StrongBoxUnavailableException ignored) {
} catch (final IOException e) {
if (!(e.getCause() instanceof StrongBoxUnavailableException)) {
throw e;
}
}

Expand Down
2 changes: 1 addition & 1 deletion app/src/main/res/values/strings.xml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<resources>
<string name="app_name">Auditor</string>
<string name="introduction">Two devices are needed to perform verification:\n\n- The device to be verified (Auditee), which needs to be one of the supported devices launched with Android 8.0+.\n\n- An Android 8.0+ device to perform the verification (Auditor).\n\nThe verification process requires sending data between the devices by scanning QR codes.</string>
<string name="introduction">Two devices with Android 10 or later are needed to perform verification:\n\n- The device to be verified (Auditee), which needs to be one of the supported devices.\n\n- An Android device to perform the verification (Auditor).\n\nThe verification process requires sending data between the devices by scanning QR codes.</string>
<string name="unsupported_auditee">Device is not one of the supported models.</string>
<string name="camera_permission_denied">Camera permission is required to scan QR codes.</string>
<string name="auditee_button">Auditee (device being verified)</string>
Expand Down

0 comments on commit 0b1e725

Please sign in to comment.