Merge "Mark current recoverable keystore snapshot as outdated in a few events:"

2018-01-12 00:46:34 +00:00
parent 3db5c8c004 40dadb0e75
commit c3188fd767
3 changed files with 59 additions and 10 deletions
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
@@ -148,6 +148,7 @@ public class RecoverableKeyStoreManager {
            throws RemoteException {
        checkRecoverKeyStorePermission();
        int userId = UserHandle.getCallingUserId();
+        int uid = Binder.getCallingUid();
        // TODO: open /system/etc/security/... cert file, and check the signature on the public keys
        PublicKey publicKey;
        try {
@@ -162,7 +163,10 @@ public class RecoverableKeyStoreManager {
            throw new ServiceSpecificException(
                    ERROR_BAD_X509_CERTIFICATE, "Not a valid X509 certificate.");
        }
-        mDatabase.setRecoveryServicePublicKey(userId, Binder.getCallingUid(), publicKey);
+        long updatedRows = mDatabase.setRecoveryServicePublicKey(userId, uid, publicKey);
+        if (updatedRows > 0) {
+            mDatabase.setShouldCreateSnapshot(userId, uid, true);
+        }
    }

    /**
@@ -204,7 +208,11 @@ public class RecoverableKeyStoreManager {
    public void setServerParameters(long serverParameters) throws RemoteException {
        checkRecoverKeyStorePermission();
        int userId = UserHandle.getCallingUserId();
-        mDatabase.setServerParameters(userId, Binder.getCallingUid(), serverParameters);
+        int uid = Binder.getCallingUid();
+        long updatedRows = mDatabase.setServerParameters(userId, uid, serverParameters);
+        if (updatedRows > 0) {
+            mDatabase.setShouldCreateSnapshot(userId, uid, true);
+        }
    }

    /**
@@ -256,8 +264,12 @@ public class RecoverableKeyStoreManager {
            @NonNull @KeyStoreRecoveryMetadata.UserSecretType int[] secretTypes)
            throws RemoteException {
        checkRecoverKeyStorePermission();
-        mDatabase.setRecoverySecretTypes(UserHandle.getCallingUserId(), Binder.getCallingUid(),
-            secretTypes);
+        int userId = UserHandle.getCallingUserId();
+        int uid = Binder.getCallingUid();
+        long updatedRows = mDatabase.setRecoverySecretTypes(userId, uid, secretTypes);
+        if (updatedRows > 0) {
+            mDatabase.setShouldCreateSnapshot(userId, uid, true);
+        }
    }

    /**
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
@@ -355,11 +355,11 @@ public class KeySyncTaskTest {

        KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID);
        assertThat(recoveryData.getRecoveryMetadata()).hasSize(1);
-        assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()).
+        assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()).
                isEqualTo(TYPE_PASSWORD);
    }

-   @Test
+    @Test
    public void run_setsCorrectTypeForPin() throws Exception {
        mKeySyncTask = new KeySyncTask(
                mRecoverableKeyStoreDb,
@@ -382,7 +382,7 @@ public class KeySyncTaskTest {
        KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID);
        assertThat(recoveryData.getRecoveryMetadata()).hasSize(1);
        // Password with only digits is changed to pin.
-        assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()).
+        assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()).
                isEqualTo(TYPE_PIN);
    }

@@ -408,7 +408,7 @@ public class KeySyncTaskTest {

        KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID);
        assertThat(recoveryData.getRecoveryMetadata()).hasSize(1);
-        assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()).
+        assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()).
                isEqualTo(TYPE_PATTERN);
    }

--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
@@ -78,6 +78,7 @@ import javax.crypto.spec.SecretKeySpec;
 public class RecoverableKeyStoreManagerTest {
    private static final String DATABASE_FILE_NAME = "recoverablekeystore.db";

+    private static final String ROOT_CERTIFICATE_ALIAS = "put_default_alias_here";
    private static final String TEST_SESSION_ID = "karlin";
    private static final byte[] TEST_PUBLIC_KEY = new byte[] {
        (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a,
@@ -206,10 +207,9 @@ public class RecoverableKeyStoreManagerTest {
    }

    @Test
-    public void removeKey_UpdatesShouldCreateSnapshot() throws Exception {
+    public void removeKey_updatesShouldCreateSnapshot() throws Exception {
        int uid = Binder.getCallingUid();
        int userId = UserHandle.getCallingUserId();
-
        mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS);
        // Pretend that key was synced
        mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
@@ -219,6 +219,29 @@ public class RecoverableKeyStoreManagerTest {
        assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
    }

+    @Test
+    public void removeKey_failureDoesNotUpdateShouldCreateSnapshot() throws Exception {
+        int uid = Binder.getCallingUid();
+        int userId = UserHandle.getCallingUserId();
+        mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
+        // Key did not exist
+        mRecoverableKeyStoreManager.removeKey(TEST_ALIAS);
+
+        assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();
+    }
+
+    @Test
+    public void initRecoveryService_updatesShouldCreateSnapshot() throws Exception {
+        int uid = Binder.getCallingUid();
+        int userId = UserHandle.getCallingUserId();
+        // Sync is not needed.
+        mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
+
+        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TEST_PUBLIC_KEY);
+
+        assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
+    }
+
    @Test
    public void startRecoverySession_checksPermissionFirst() throws Exception {
        mRecoverableKeyStoreManager.startRecoverySession(
@@ -448,6 +471,20 @@ public class RecoverableKeyStoreManagerTest {
                types3);
    }

+    @Test
+    public void setRecoverySecretTypes_updatesShouldCreateSnapshot() throws Exception {
+        int uid = Binder.getCallingUid();
+        int userId = UserHandle.getCallingUserId();
+        int[] types = new int[]{1, 2, 3};
+
+        mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS);
+        // Pretend that key was synced
+        mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
+        mRecoverableKeyStoreManager.setRecoverySecretTypes(types);
+
+        assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
+    }
+
    @Test
    public void setRecoveryStatus_forOneAlias() throws Exception {
        int userId = UserHandle.getCallingUserId();