/** * Copyright (C) 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.remoteprovisioner; import static java.lang.Math.max; import android.app.job.JobInfo; import android.app.job.JobScheduler; import android.content.BroadcastReceiver; import android.content.ComponentName; import android.content.Context; import android.content.Intent; import android.os.RemoteException; import android.os.ServiceManager; import android.security.remoteprovisioning.AttestationPoolStatus; import android.security.remoteprovisioning.ImplInfo; import android.security.remoteprovisioning.IRemoteProvisioning; import android.util.Log; import java.time.Duration; /** * A receiver class that listens for boot to be completed and then starts a recurring job that will * monitor the status of the attestation key pool on device, purging old certificates and requesting * new ones as needed. */ public class BootReceiver extends BroadcastReceiver { private static final String TAG = "RemoteProvisioningBootReceiver"; private static final String SERVICE = "android.security.remoteprovisioning"; private static final Duration SCHEDULER_PERIOD = Duration.ofDays(1); private static final int ESTIMATED_DOWNLOAD_BYTES_STATIC = 2300; private static final int ESTIMATED_X509_CERT_BYTES = 540; private static final int ESTIMATED_UPLOAD_BYTES_STATIC = 600; private static final int ESTIMATED_CSR_KEY_BYTES = 44; @Override public void onReceive(Context context, Intent intent) { Log.i(TAG, "Caught boot intent, waking up."); SettingsManager.generateAndSetId(context); // An average call transmits about 500 bytes total. These calculations are for the // once a month wake-up where provisioning occurs, where the expected bytes sent is closer // to 8-10KB. int numKeysNeeded = max(SettingsManager.getExtraSignedKeysAvailable(context), calcNumPotentialKeysToDownload()); int estimatedDlBytes = ESTIMATED_DOWNLOAD_BYTES_STATIC + (ESTIMATED_X509_CERT_BYTES * numKeysNeeded); int estimatedUploadBytes = ESTIMATED_UPLOAD_BYTES_STATIC + (ESTIMATED_CSR_KEY_BYTES * numKeysNeeded); JobInfo info = new JobInfo .Builder(1, new ComponentName(context, PeriodicProvisioner.class)) .setRequiredNetworkType(JobInfo.NETWORK_TYPE_ANY) .setEstimatedNetworkBytes(estimatedDlBytes, estimatedUploadBytes) .setPeriodic(SCHEDULER_PERIOD.toMillis()) .build(); if (((JobScheduler) context.getSystemService(Context.JOB_SCHEDULER_SERVICE)).schedule(info) != JobScheduler.RESULT_SUCCESS) { Log.e(TAG, "Could not start the job scheduler for provisioning"); } } private int calcNumPotentialKeysToDownload() { try { IRemoteProvisioning binder = IRemoteProvisioning.Stub.asInterface(ServiceManager.getService(SERVICE)); int totalKeysAssigned = 0; if (binder == null) { Log.e(TAG, "Binder returned null pointer to RemoteProvisioning service."); return totalKeysAssigned; } ImplInfo[] implInfos = binder.getImplementationInfo(); if (implInfos == null) { Log.e(TAG, "No instances of IRemotelyProvisionedComponent registered in " + SERVICE); return totalKeysAssigned; } for (int i = 0; i < implInfos.length; i++) { AttestationPoolStatus pool = binder.getPoolStatus(0, implInfos[i].secLevel); if (pool != null) { totalKeysAssigned += pool.attested - pool.unassigned; } } return totalKeysAssigned; } catch (RemoteException e) { Log.e(TAG, "Failure on the RemoteProvisioning backend.", e); return 0; } } }