Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update keyguard locked state from TrustManagerService

Browse Source 
TrustManagerService holds the ground truth about whether a user is
locked or not, so update keystore using the information there,
instead of doing it from KeyguardStateMonitor. This fixes the issue
of work profile locked state not being correctly pushed to keystore.

Note: since this change is likely to be backported as a security
patch, I'm refraining from doing major refactoring right now.

Bug: 141329041
Test: manually with KeyPairSampleApp
Change-Id: I3472ece73d573a775345ebcceeeb2cc460374c9b
This commit is contained in:
Rubin Xu
2019-11-05 10:15:36 +00:00
parent 98e9bbdb06
commit c398627e5e
3 changed files with 59 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
keystore/java/android/security/KeyStore.java
View File

@@ -1067,6 +1067,17 @@ public class KeyStore {
return onUserPasswordChanged(UserHandle.getUserId(Process.myUid()), newPassword);
}
/**
* Notify keystore about the latest user locked state. This is to support keyguard-bound key.
*/
public void onUserLockedStateChanged(int userHandle, boolean locked) {
try {
mBinder.onKeyguardVisibilityChanged(locked, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed to update user locked state " + userHandle, e);
}
}
private class KeyAttestationCallbackResult {
private KeystoreResponse keystoreResponse;
private KeymasterCertificateChain certificateChain;