Include global security state extension values for serializaiton

This includes serializing autoreboot and usb port security state value, for display in its deserialization.
GrapheneOS · Oct 1, 2024 · aae0da6 · aae0da6
1 parent 0c26690
commit aae0da6
Showing 1 changed file with 33 additions and 3 deletions.
diff --git a/app/src/main/java/app/attestation/auditor/AttestationProtocol.java b/app/src/main/java/app/attestation/auditor/AttestationProtocol.java
@@ -60,6 +60,7 @@
 import java.util.Enumeration;
 import java.util.List;
 import java.util.Locale;
+import java.util.concurrent.TimeUnit;
 import java.util.zip.DataFormatException;
 import java.util.zip.Deflater;
 import java.util.zip.DeflaterOutputStream;
@@ -1534,13 +1535,42 @@ static AttestationResult generateSerialized(final Context context, final byte[]
             serializer.putInt(osEnforcedFlags);
 
             if (version >= 6) {
-                final short autoRebootMinutes = 0;
+                String autoRebootTimeoutKey = "android.ext.AUTO_REBOOT_TIMEOUT";
+                final int autoRebootMilliseconds =
+                        extraSecurityState.getInt(autoRebootTimeoutKey, SecurityStateExt.UNKNOWN_VALUE);
+                final short autoRebootMinutes;
+                if (autoRebootMilliseconds == SecurityStateExt.UNKNOWN_VALUE) {
+                    autoRebootMinutes = (short) SecurityStateExt.UNKNOWN_VALUE;
+                } else if (autoRebootMilliseconds < TimeUnit.SECONDS.toMillis(20)
+                    || autoRebootMilliseconds > TimeUnit.MINUTES.toMillis(Short.MAX_VALUE - 1)) {
+                    autoRebootMinutes = (short) SecurityStateExt.INVALID_VALUE;
+                } else {
+                    autoRebootMinutes = (short) (TimeUnit.MILLISECONDS.toMinutes(autoRebootMilliseconds) + 1);
+                }
                 serializer.putShort(autoRebootMinutes);
 
-                final byte portSecurityMode = 0;
+                String portSecurityModeKey = "android.ext.USB_PORT_SECURITY_MODE";
+                final int portSecurityModeRaw = extraSecurityState.getInt(portSecurityModeKey, SecurityStateExt.UNKNOWN_VALUE);
+                final byte portSecurityMode;
+                if (portSecurityModeRaw == SecurityStateExt.UNKNOWN_VALUE) {
+                    portSecurityMode = (byte) SecurityStateExt.UNKNOWN_VALUE;
+                } else if (portSecurityModeRaw > Byte.MAX_VALUE || portSecurityModeRaw < 0) {
+                    portSecurityMode = (byte) SecurityStateExt.INVALID_VALUE;
+                } else {
+                    portSecurityMode = (byte) portSecurityModeRaw;
+                }
                 serializer.put(portSecurityMode);
 
-                final byte userCount = 0;
+                String userCountKey = "android.ext.USER_COUNT";
+                final int userCountRaw = extraSecurityState.getInt(userCountKey, SecurityStateExt.UNKNOWN_VALUE);
+                final byte userCount;
+                if (userCountRaw == SecurityStateExt.UNKNOWN_VALUE) {
+                    userCount = (byte) SecurityStateExt.UNKNOWN_VALUE;
+                } else if (userCountRaw > Byte.MAX_VALUE || userCountRaw < 0) {
+                    userCount = (byte) SecurityStateExt.INVALID_VALUE;
+                } else {
+                    userCount = (byte) userCountRaw;
+                }
                 serializer.put(userCount);
             }