summaryrefslogtreecommitdiff
path: root/keystore/java
diff options
context:
space:
mode:
authorBrian Young <bcyoung@google.com>2018-02-23 18:04:20 +0000
committerBrian C. Young <bcyoung@google.com>2018-03-29 10:24:18 -0700
commit9272dab49efa9c70ab92879c3e79a76fc8364d34 (patch)
tree9155709e2901fd9e5fe2a9ff2608765d87ce9b02 /keystore/java
parent36716eb4709503f2ef370c6f67273440cd91d18c (diff)
downloadbase-9272dab49efa9c70ab92879c3e79a76fc8364d34.tar.gz
Restore "Add "Unlocked device required" parameter to keys"
Add a keymaster parameter for keys that should be inaccessible when the device screen is locked. "Locked" here is a state where the device can be used or accessed without any further trust factor such as a PIN, password, fingerprint, or trusted face or voice. This parameter is added to the Java keystore interface for key creation and import, as well as enums specified by and for the native keystore process. This reverts commit da82e2cb7193032867f86b996467bcd117545616. Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed Bug: 67752510 Merged-In: Ia162f1db81d050f64995d0360f714e79033ea8a5 Change-Id: Ia162f1db81d050f64995d0360f714e79033ea8a5 (cherry picked from d7c961ee914192e09ec10727da6d31a6b597bf51)
Diffstat (limited to 'keystore/java')
-rw-r--r--keystore/java/android/security/KeyStore.java5
-rw-r--r--keystore/java/android/security/keystore/KeymasterUtils.java9
-rw-r--r--keystore/java/android/security/keystore/UserAuthArgs.java1
3 files changed, 11 insertions, 4 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 33ce582eda96..6837a630fa9a 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -16,6 +16,7 @@
package android.security;
+import android.app.ActivityManager;
import android.app.ActivityThread;
import android.app.Application;
import android.app.KeyguardManager;
@@ -545,7 +546,9 @@ public class KeyStore {
try {
args = args != null ? args : new KeymasterArguments();
entropy = entropy != null ? entropy : new byte[0];
- // TODO(67752510): Apply USER_ID tag
+ if (!args.containsTag(KeymasterDefs.KM_TAG_USER_ID)) {
+ args.addUnsignedInt(KeymasterDefs.KM_TAG_USER_ID, ActivityManager.getCurrentUser());
+ }
return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, uid);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
diff --git a/keystore/java/android/security/keystore/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java
index d194f0b9e4e9..6e5012160d6e 100644
--- a/keystore/java/android/security/keystore/KeymasterUtils.java
+++ b/keystore/java/android/security/keystore/KeymasterUtils.java
@@ -16,9 +16,8 @@
package android.security.keystore;
-import android.util.Log;
+import android.app.ActivityManager;
import android.hardware.fingerprint.FingerprintManager;
-import android.os.UserHandle;
import android.security.GateKeeper;
import android.security.KeyStore;
import android.security.keymaster.KeymasterArguments;
@@ -102,7 +101,7 @@ public abstract class KeymasterUtils {
* require user authentication.
*/
public static void addUserAuthArgs(KeymasterArguments args, UserAuthArgs spec) {
- // TODO (67752510): Implement "unlocked device required"
+ args.addUnsignedInt(KeymasterDefs.KM_TAG_USER_ID, ActivityManager.getCurrentUser());
if (spec.isUserConfirmationRequired()) {
args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_CONFIRMATION_REQUIRED);
@@ -112,6 +111,10 @@ public abstract class KeymasterUtils {
args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED);
}
+ if (spec.isUnlockedDeviceRequired()) {
+ args.addBoolean(KeymasterDefs.KM_TAG_UNLOCKED_DEVICE_REQUIRED);
+ }
+
if (!spec.isUserAuthenticationRequired()) {
args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
return;
diff --git a/keystore/java/android/security/keystore/UserAuthArgs.java b/keystore/java/android/security/keystore/UserAuthArgs.java
index 1949592e7240..ad18ff8aef76 100644
--- a/keystore/java/android/security/keystore/UserAuthArgs.java
+++ b/keystore/java/android/security/keystore/UserAuthArgs.java
@@ -33,5 +33,6 @@ public interface UserAuthArgs {
boolean isUserConfirmationRequired();
long getBoundToSpecificSecureUserId();
boolean isTrustedUserPresenceRequired();
+ boolean isUnlockedDeviceRequired();
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 21:24:18 +0000