diff options
| author | Kenny Root <kroot@google.com> | 2013-10-07 09:49:15 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2013-10-07 11:13:15 -0700 |
| commit | ee8068b9e7bfb2770635062fc9c2035be2142bd8 (patch) | |
| tree | 9e7157b3333487e6c4e5101efc08a7bda4902e4b | |
| parent | f25805e36356cf09dc4853224b24e969ad55651f (diff) | |
| download | security-kitkat-cts-release.tar.gz | |
Set encrypted flag when appropriateandroid-sdk-4.4.2_r1.0.1android-sdk-4.4.2_r1android-cts-4.4_r4android-cts-4.4_r1android-4.4w_r1android-4.4_r1.2.0.1android-4.4_r1.2android-4.4_r1.1.0.1android-4.4_r1.1android-4.4_r1.0.1android-4.4_r1android-4.4_r0.9android-4.4.4_r2.0.1android-4.4.4_r2android-4.4.4_r1.0.1android-4.4.4_r1android-4.4.3_r1.1.0.1android-4.4.3_r1.1android-4.4.3_r1.0.1android-4.4.3_r1android-4.4.2_r2.0.1android-4.4.2_r2android-4.4.2_r1.0.1android-4.4.2_r1android-4.4.1_r1.0.1android-4.4.1_r1kitkat-wearkitkat-releasekitkat-mr2.2-releasekitkat-mr2.1-releasekitkat-mr2-releasekitkat-mr1.1-releasekitkat-mr1-releasekitkat-devkitkat-cts-releasekitkat-cts-dev
"generate" and "put" were not setting the encrypted flag in the blob
written to disk. Add setting the flag whenever appropriate for these
functions.
Additinally, the master key should always be encrypted.
Bug: 11113056
Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80
| -rw-r--r-- | keystore/keystore.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 336a15b9..7366c347 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -421,7 +421,11 @@ public: mBlob.version = CURRENT_BLOB_VERSION; mBlob.type = uint8_t(type); - mBlob.flags = KEYSTORE_FLAG_NONE; + if (type == TYPE_MASTER_KEY) { + mBlob.flags = KEYSTORE_FLAG_ENCRYPTED; + } else { + mBlob.flags = KEYSTORE_FLAG_NONE; + } } Blob(blob b) { @@ -1492,6 +1496,8 @@ public: String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC); + keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); + return mKeyStore->put(filename.string(), &keyBlob, callingUid); } @@ -1848,6 +1854,7 @@ public: Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); free(data); + keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); keyBlob.setFallback(isFallback); return mKeyStore->put(filename.string(), &keyBlob, callingUid); |