Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restore "Add "Unlocked device required" parameter to keys"

Browse Source 
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.

This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.

This reverts commit da82e2cb71.

Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed

Bug: 67752510

Change-Id: Ia162f1db81d050f64995d0360f714e79033ea8a5
This commit is contained in:
Brian Young
2018-02-23 18:04:20 +00:00
committed by Brian C. Young
parent fd75c7232a
commit d7c961ee91
4 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
keystore/java/android/security/KeyStore.java
View File

@@ -545,7 +545,9 @@ public class KeyStore {
try {
args = args != null ? args : new KeymasterArguments();
entropy = entropy != null ? entropy : new byte[0];
// TODO(67752510): Apply USER_ID tag
if (!args.containsTag(KeymasterDefs.KM_TAG_USER_ID)) {
args.addUnsignedInt(KeymasterDefs.KM_TAG_USER_ID, UserHandle.getCallingUserId());
}
return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, uid);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);