Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

RESTRICT AUTOMERGE

Browse Source 
Update keyguard locked state from TrustManagerService

TrustManagerService holds the ground truth about whether a user is
locked or not, so update keystore using the information there,
instead of doing it from KeyguardStateMonitor. This fixes the issue
of work profile locked state not being correctly pushed to keystore.

Note: since this change is likely to be backported as a security
patch, I'm refraining from doing major refactoring right now.

Bug: 141329041
Bug: 144430870
Test: manually with KeyPairSampleApp
Change-Id: I3472ece73d573a775345ebcceeeb2cc460374c9b
(cherry picked from commit f9418dbb2c)
This commit is contained in:
Rubin Xu
2019-11-05 10:15:36 +00:00
committed by android-build-team Robot
parent f98e1086f5
commit 576c4d816c
3 changed files with 59 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
keystore/java/android/security/KeyStore.java
View File

@@ -1067,6 +1067,17 @@ public class KeyStore {
return onUserPasswordChanged(UserHandle.getUserId(Process.myUid()), newPassword);
}
/**
* Notify keystore about the latest user locked state. This is to support keyguard-bound key.
*/
public void onUserLockedStateChanged(int userHandle, boolean locked) {
try {
mBinder.onKeyguardVisibilityChanged(locked, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed to update user locked state " + userHandle, e);
}
}
private class KeyAttestationCallbackResult {
private KeystoreResponse keystoreResponse;
private KeymasterCertificateChain certificateChain;