Merge "Keystore 2.0: Revisite Authorization.java" am: 08bf2e8f49

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1587591 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I152776851eaed8754e4ea6033d5606da99e4ae1a
2021-02-20 22:07:27 +00:00
parent f5fbe10aa7 08bf2e8f49
commit fe60537082
5 changed files with 11 additions and 20 deletions
--- a/keystore/java/android/security/Authorization.java
+++ b/keystore/java/android/security/Authorization.java
@@ -33,20 +33,12 @@ import android.util.Log;
 */
 public class Authorization {
    private static final String TAG = "KeystoreAuthorization";
-    private static IKeystoreAuthorization sIKeystoreAuthorization;

    public static final int SYSTEM_ERROR = ResponseCode.SYSTEM_ERROR;

-    public Authorization() {
-        sIKeystoreAuthorization = null;
-    }
-
-    private static synchronized IKeystoreAuthorization getService() {
-        if (sIKeystoreAuthorization == null) {
-            sIKeystoreAuthorization = IKeystoreAuthorization.Stub.asInterface(
+    private static IKeystoreAuthorization getService() {
+        return IKeystoreAuthorization.Stub.asInterface(
                    ServiceManager.checkService("android.security.authorization"));
-        }
-        return sIKeystoreAuthorization;
    }

    /**
@@ -55,12 +47,12 @@ public class Authorization {
     * @param authToken created by Android authenticators.
     * @return 0 if successful or {@code ResponseCode.SYSTEM_ERROR}.
     */
-    public int addAuthToken(@NonNull HardwareAuthToken authToken) {
+    public static int addAuthToken(@NonNull HardwareAuthToken authToken) {
        if (!android.security.keystore2.AndroidKeyStoreProvider.isInstalled()) return 0;
        try {
            getService().addAuthToken(authToken);
            return 0;
-        } catch (RemoteException e) {
+        } catch (RemoteException | NullPointerException e) {
            Log.w(TAG, "Can not connect to keystore", e);
            return SYSTEM_ERROR;
        } catch (ServiceSpecificException e) {
@@ -73,7 +65,7 @@ public class Authorization {
     * @param authToken
     * @return 0 if successful or a {@code ResponseCode}.
     */
-    public int addAuthToken(@NonNull byte[] authToken) {
+    public static int addAuthToken(@NonNull byte[] authToken) {
        return addAuthToken(AuthTokenUtils.toHardwareAuthToken(authToken));
    }

@@ -86,7 +78,7 @@ public class Authorization {
     *
     * @return 0 if successful or a {@code ResponseCode}.
     */
-    public int onLockScreenEvent(@NonNull boolean locked, @NonNull int userId,
+    public static int onLockScreenEvent(@NonNull boolean locked, @NonNull int userId,
            @Nullable byte[] syntheticPassword) {
        if (!android.security.keystore2.AndroidKeyStoreProvider.isInstalled()) return 0;
        try {
@@ -96,7 +88,7 @@ public class Authorization {
                getService().onLockScreenEvent(LockScreenEvent.UNLOCK, userId, syntheticPassword);
            }
            return 0;
-        } catch (RemoteException e) {
+        } catch (RemoteException | NullPointerException e) {
            Log.w(TAG, "Can not connect to keystore", e);
            return SYSTEM_ERROR;
        } catch (ServiceSpecificException e) {
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -996,7 +996,7 @@ public class KeyStore {
     */
    public int addAuthToken(byte[] authToken) {
        try {
-            new Authorization().addAuthToken(authToken);
+            Authorization.addAuthToken(authToken);
            return mBinder.addAuthToken(authToken);
        } catch (RemoteException e) {
            Log.w(TAG, "Cannot connect to keystore", e);
--- a/keystore/java/android/security/KeyStore2.java
+++ b/keystore/java/android/security/KeyStore2.java
@@ -107,7 +107,6 @@ public class KeyStore2 {
            try {
                return request.execute(service);
            } catch (ServiceSpecificException e) {
-                Log.e(TAG, "KeyStore exception", e);
                throw getKeyStoreException(e.errorCode);
            } catch (RemoteException e) {
                if (firstTry) {
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -1280,7 +1280,7 @@ public class LockSettingsService extends ILockSettings.Stub {

    private void unlockKeystore(byte[] password, int userHandle) {
        if (DEBUG) Slog.v(TAG, "Unlock keystore for user: " + userHandle);
-        new Authorization().onLockScreenEvent(false, userHandle, password);
+        Authorization.onLockScreenEvent(false, userHandle, password);
        // TODO(b/120484642): Update keystore to accept byte[] passwords
        String passwordString = password == null ? null : new String(password);
        final KeyStore ks = KeyStore.getInstance();
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -700,7 +700,7 @@ public class TrustManagerService extends SystemService {
        if (changed) {
            dispatchDeviceLocked(userId, locked);

-            mAuthorizationService.onLockScreenEvent(locked, userId, null);
+            Authorization.onLockScreenEvent(locked, userId, null);
            KeyStore.getInstance().onUserLockedStateChanged(userId, locked);
            // Also update the user's profiles who have unified challenge, since they
            // share the same unlocked state (see {@link #isDeviceLocked(int)})
@@ -1258,7 +1258,7 @@ public class TrustManagerService extends SystemService {
                        mDeviceLockedForUser.put(userId, locked);
                    }

-                    mAuthorizationService.onLockScreenEvent(locked, userId, null);
+                    Authorization.onLockScreenEvent(locked, userId, null);
                    KeyStore.getInstance().onUserLockedStateChanged(userId, locked);

                    if (locked) {