Merge "Throw ServiceSpecificException if calling app tries to initialize certificates with lower version. Earlier, the code just returned silently, giving no indication that updating certs failed." into pi-dev

2018-04-04 06:03:23 +00:00
parent f0e74ae8ac 23174b7eae
commit b2e6e45d00
3 changed files with 26 additions and 7 deletions
--- a/core/java/android/security/keystore/recovery/RecoveryController.java
+++ b/core/java/android/security/keystore/recovery/RecoveryController.java
@@ -250,6 +250,16 @@ public class RecoveryController {
     */
    public static final int ERROR_INVALID_CERTIFICATE = 28;

+
+    /**
+     * Failed because the provided certificate contained serial version which is lower that the
+     * version device is already initialized with. It is not possible to downgrade serial version of
+     * the provided certificate.
+     *
+     * @hide
+     */
+    public static final int ERROR_DOWNGRADE_CERTIFICATE = 29;
+
    private final ILockSettings mBinder;
    private final KeyStore mKeyStore;

@@ -340,6 +350,10 @@ public class RecoveryController {
                    || e.errorCode == ERROR_INVALID_CERTIFICATE) {
                throw new CertificateException("Invalid certificate for recovery service", e);
            }
+            if (e.errorCode == ERROR_DOWNGRADE_CERTIFICATE) {
+                throw new CertificateException(
+                        "Downgrading certificate serial version isn't supported.", e);
+            }
            throw wrapUnexpectedServiceSpecificException(e);
        }
    }
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
@@ -18,6 +18,7 @@ package com.android.server.locksettings.recoverablekeystore;

 import static android.security.keystore.recovery.RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT;
 import static android.security.keystore.recovery.RecoveryController.ERROR_DECRYPTION_FAILED;
+import static android.security.keystore.recovery.RecoveryController.ERROR_DOWNGRADE_CERTIFICATE;
 import static android.security.keystore.recovery.RecoveryController.ERROR_INSECURE_USER;
 import static android.security.keystore.recovery.RecoveryController.ERROR_INVALID_KEY_FORMAT;
 import static android.security.keystore.recovery.RecoveryController.ERROR_INVALID_CERTIFICATE;
@@ -212,6 +213,8 @@ public class RecoverableKeyStoreManager {
                Log.i(TAG, "The cert file serial number is the same, so skip updating.");
            } else {
                Log.e(TAG, "The cert file serial number is older than the one in database.");
+                throw new ServiceSpecificException(ERROR_DOWNGRADE_CERTIFICATE,
+                        "The cert file serial number is older than the one in database.");
            }
            return;
        }
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
@@ -19,6 +19,7 @@ package com.android.server.locksettings.recoverablekeystore;
 import static android.security.keystore.recovery.KeyChainProtectionParams.TYPE_LOCKSCREEN;
 import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PASSWORD;
 import static android.security.keystore.recovery.RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT;
+import static android.security.keystore.recovery.RecoveryController.ERROR_DOWNGRADE_CERTIFICATE;
 import static android.security.keystore.recovery.RecoveryController.ERROR_INVALID_CERTIFICATE;

 import static com.google.common.truth.Truth.assertThat;
@@ -409,19 +410,20 @@ public class RecoverableKeyStoreManagerTest {
    }

    @Test
-    public void initRecoveryService_ignoresSmallerSerial() throws Exception {
+    public void initRecoveryService_throwsExceptionOnSmallerSerial() throws Exception {
        int uid = Binder.getCallingUid();
        int userId = UserHandle.getCallingUserId();
        long certSerial = 1000L;

        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
                TestData.getCertXmlWithSerial(certSerial));
-        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
-                TestData.getCertXmlWithSerial(certSerial - 1));
-
-        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid,
-                DEFAULT_ROOT_CERT_ALIAS)).isEqualTo(certSerial);
-        assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();
+        try {
+            mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
+                    TestData.getCertXmlWithSerial(certSerial - 1));
+            fail();
+        } catch (ServiceSpecificException e) {
+            assertThat(e.errorCode).isEqualTo(ERROR_DOWNGRADE_CERTIFICATE);
+        }
    }

    @Test