diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2018-04-03 07:27:20 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-04-03 07:27:20 +0000 |
| commit | 3c9f3058ccc5288a664616809a944654916ad0a4 (patch) | |
| tree | f568d70dd64b81ff0e9a9ae1073f5545a6793a3e | |
| parent | 27fe3846958644910d4a8d0ffc581c195a16a83c (diff) | |
| parent | 78daac2ca8d2ed82f9612e431f337fdefe5528c4 (diff) | |
Snap for 4696032 from 78daac2ca8d2ed82f9612e431f337fdefe5528c4 to pi-release
Change-Id: If9e8fd3888f7032198e59132bf59940afb311605
| -rw-r--r-- | keystore/key_store_service.cpp | 19 | ||||
| -rw-r--r-- | keystore/key_store_service.h | 3 |
2 files changed, 21 insertions, 1 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 9bd76fd..c8a8f84 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -849,6 +849,14 @@ KeyStoreService::generateKey(const String16& name, const KeymasterArguments& par } } + if (!containsTag(params.getParameters(), Tag::USER_ID)) { + // Most Java processes don't have access to this tag + KeyParameter user_id; + user_id.tag = Tag::USER_ID; + user_id.f.integer = mActiveUserId; + keyCharacteristics.push_back(user_id); + } + // Write the characteristics: String8 name8(name); String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS)); @@ -1079,6 +1087,14 @@ KeyStoreService::importKey(const String16& name, const KeymasterArguments& param String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS)); AuthorizationSet opParams = params.getParameters(); + if (!containsTag(params.getParameters(), Tag::USER_ID)) { + // Most Java processes don't have access to this tag + KeyParameter user_id; + user_id.tag = Tag::USER_ID; + user_id.f.integer = mActiveUserId; + opParams.push_back(user_id); + } + std::stringstream kcStream; opParams.Serialize(&kcStream); if (kcStream.bad()) { @@ -2234,6 +2250,9 @@ KeyStoreServiceReturnCode KeyStoreService::upgradeKeyBlob(const String16& name, Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId, int32_t* aidl_return) { enforcement_policy.set_device_locked(isShowing, userId); + if (!isShowing) { + mActiveUserId = userId; + } *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR); return Status::ok(); diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h index 8d3f1f2..0056342 100644 --- a/keystore/key_store_service.h +++ b/keystore/key_store_service.h @@ -39,7 +39,7 @@ class KeyStoreService : public android::security::BnKeystoreService, public: explicit KeyStoreService(KeyStore* keyStore) : mKeyStore(keyStore), mOperationMap(this), - mConfirmationManager(new ConfirmationManager(this)) {} + mConfirmationManager(new ConfirmationManager(this)), mActiveUserId(0) {} virtual ~KeyStoreService() = default; void binderDied(const android::wp<android::IBinder>& who); @@ -300,6 +300,7 @@ class KeyStoreService : public android::security::BnKeystoreService, android::sp<ConfirmationManager> mConfirmationManager; keystore::AuthTokenTable mAuthTokenTable; KeystoreKeymasterEnforcement enforcement_policy; + int32_t mActiveUserId; }; }; // namespace keystore |