diff options
| author | TreeHugger Robot <treehugger-gerrit@google.com> | 2020-07-29 01:13:05 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2020-07-29 01:13:05 +0000 |
| commit | 328cf0267fd63476f1bb20ad2af7bcb455428536 (patch) | |
| tree | c513db47ae4d45c9e65f0fe1a2610eef2378f33b /9_security-model | |
| parent | 0f0f67c20fb99aad637424c95176ca623a3d23b7 (diff) | |
| parent | 1a7970dbcc85b5ad57f085757251ad5e3f95d2b4 (diff) | |
| download | platform_compatibility_cdd-328cf0267fd63476f1bb20ad2af7bcb455428536.tar.gz platform_compatibility_cdd-328cf0267fd63476f1bb20ad2af7bcb455428536.tar.bz2 platform_compatibility_cdd-328cf0267fd63476f1bb20ad2af7bcb455428536.zip | |
Merge "CDD: Add Identity Credential as STRONGLY RECOMMENDED" into rvc-dev
Diffstat (limited to '9_security-model')
| -rw-r--r-- | 9_security-model/9_11_keys-and-credentials.md | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/9_security-model/9_11_keys-and-credentials.md b/9_security-model/9_11_keys-and-credentials.md index fe42b8fd..496f4639 100644 --- a/9_security-model/9_11_keys-and-credentials.md +++ b/9_security-model/9_11_keys-and-credentials.md @@ -301,3 +301,40 @@ security requirements or otherwise enable access to sensitive user data. The recommended way to implement IAR is to allow firmware updates only when the primary user password is provided via the IAuthSecret HAL. IAR will likely become a requirement in a future release. + +### 9.11.3\. Identity Credential + +The Identity Credential System is defined and achieved by implementing all +APIs in the +[`android.security.identity.*`](https://developer.android.com/reference/android/security/identity/package-summary) +package. These APIs allows app developers to store and retrieve user identity +documents. Device implementations: + +* [C-SR] are STRONGLY RECOMMENDED to implement the Identity Credential +System. + +If device implementations implement the Identity Credential System, they: + +* [C-0-1] MUST return non-null for the [IdentityCredentialStore#getInstance()]( + https://developer.android.com/reference/android/security/identity/IdentityCredentialStore#getInstance%28android.content.Context%29) + method. + +* [C-0-2] MUST implement the Identity Credential System (e.g. the + `android.security.identity.*` APIs) with code communicating with a trusted + application in an area that is securely isolated from the code running on + the kernel and above. Secure isolation MUST block all potential mechanisms + by which kernel or userspace code might access the internal state of the + isolated environment, including DMA. + +* [C-0-3] The cryptographic operations needed to implement the Identity + Credential System (e.g. the `android.security.identity.*` APIs) MUST be + performed entirely in the trusted application and private key material MUST + never leave the isolated execution environment unless specifically required + by higher-level APIs (e.g. the + [createEphemeralKeyPair()](https://developer.android.com/reference/android/security/identity/IdentityCredential#createEphemeralKeyPair%28%29) + method). + +* [C-0-4] The trusted application MUST be implemented in a way such that its + security properties are not affected (e.g. credential data is not released unless access + control conditions are satisfied, MACs can't be produced for arbitrary + data) even if Android is misbehaving or compromised. |