diff options
author | Brian Young <bcyoung@google.com> | 2018-02-23 18:04:20 +0000 |
---|---|---|
committer | Brian C. Young <bcyoung@google.com> | 2018-03-29 10:24:18 -0700 |
commit | 9272dab49efa9c70ab92879c3e79a76fc8364d34 (patch) | |
tree | 9155709e2901fd9e5fe2a9ff2608765d87ce9b02 /keystore/java | |
parent | 36716eb4709503f2ef370c6f67273440cd91d18c (diff) | |
download | base-9272dab49efa9c70ab92879c3e79a76fc8364d34.tar.gz |
Restore "Add "Unlocked device required" parameter to keys"
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit da82e2cb7193032867f86b996467bcd117545616.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Merged-In: Ia162f1db81d050f64995d0360f714e79033ea8a5
Change-Id: Ia162f1db81d050f64995d0360f714e79033ea8a5
(cherry picked from d7c961ee914192e09ec10727da6d31a6b597bf51)
Diffstat (limited to 'keystore/java')
-rw-r--r-- | keystore/java/android/security/KeyStore.java | 5 | ||||
-rw-r--r-- | keystore/java/android/security/keystore/KeymasterUtils.java | 9 | ||||
-rw-r--r-- | keystore/java/android/security/keystore/UserAuthArgs.java | 1 |
3 files changed, 11 insertions, 4 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 33ce582eda96..6837a630fa9a 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -16,6 +16,7 @@ package android.security; +import android.app.ActivityManager; import android.app.ActivityThread; import android.app.Application; import android.app.KeyguardManager; @@ -545,7 +546,9 @@ public class KeyStore { try { args = args != null ? args : new KeymasterArguments(); entropy = entropy != null ? entropy : new byte[0]; - // TODO(67752510): Apply USER_ID tag + if (!args.containsTag(KeymasterDefs.KM_TAG_USER_ID)) { + args.addUnsignedInt(KeymasterDefs.KM_TAG_USER_ID, ActivityManager.getCurrentUser()); + } return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, uid); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); diff --git a/keystore/java/android/security/keystore/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java index d194f0b9e4e9..6e5012160d6e 100644 --- a/keystore/java/android/security/keystore/KeymasterUtils.java +++ b/keystore/java/android/security/keystore/KeymasterUtils.java @@ -16,9 +16,8 @@ package android.security.keystore; -import android.util.Log; +import android.app.ActivityManager; import android.hardware.fingerprint.FingerprintManager; -import android.os.UserHandle; import android.security.GateKeeper; import android.security.KeyStore; import android.security.keymaster.KeymasterArguments; @@ -102,7 +101,7 @@ public abstract class KeymasterUtils { * require user authentication. */ public static void addUserAuthArgs(KeymasterArguments args, UserAuthArgs spec) { - // TODO (67752510): Implement "unlocked device required" + args.addUnsignedInt(KeymasterDefs.KM_TAG_USER_ID, ActivityManager.getCurrentUser()); if (spec.isUserConfirmationRequired()) { args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_CONFIRMATION_REQUIRED); @@ -112,6 +111,10 @@ public abstract class KeymasterUtils { args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED); } + if (spec.isUnlockedDeviceRequired()) { + args.addBoolean(KeymasterDefs.KM_TAG_UNLOCKED_DEVICE_REQUIRED); + } + if (!spec.isUserAuthenticationRequired()) { args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); return; diff --git a/keystore/java/android/security/keystore/UserAuthArgs.java b/keystore/java/android/security/keystore/UserAuthArgs.java index 1949592e7240..ad18ff8aef76 100644 --- a/keystore/java/android/security/keystore/UserAuthArgs.java +++ b/keystore/java/android/security/keystore/UserAuthArgs.java @@ -33,5 +33,6 @@ public interface UserAuthArgs { boolean isUserConfirmationRequired(); long getBoundToSpecificSecureUserId(); boolean isTrustedUserPresenceRequired(); + boolean isUnlockedDeviceRequired(); } |