Merge "Keystore 2.0: Revisite Authorization.java" am: 08bf2e8f49 am: fe60537082 (20d7e967) · Commits · e / os / android_frameworks_base

keystore/java/android/security/Authorization.java

+7 −15

Original line number	Diff line number	Diff line
		@@ -33,21 +33,13 @@ import android.util.Log;
		*/
		public class Authorization {
		private static final String TAG = "KeystoreAuthorization";
		private static IKeystoreAuthorization sIKeystoreAuthorization;

		public static final int SYSTEM_ERROR = ResponseCode.SYSTEM_ERROR;

		public Authorization() {
		sIKeystoreAuthorization = null;
		}

		private static synchronized IKeystoreAuthorization getService() {
		if (sIKeystoreAuthorization == null) {
		sIKeystoreAuthorization = IKeystoreAuthorization.Stub.asInterface(
		private static IKeystoreAuthorization getService() {
		return IKeystoreAuthorization.Stub.asInterface(
		ServiceManager.checkService("android.security.authorization"));
		}
		return sIKeystoreAuthorization;
		}

		/**
		* Adds an auth token to keystore2.
		@@ -55,12 +47,12 @@ public class Authorization {
		* @param authToken created by Android authenticators.
		* @return 0 if successful or {@code ResponseCode.SYSTEM_ERROR}.
		*/
		public int addAuthToken(@NonNull HardwareAuthToken authToken) {
		public static int addAuthToken(@NonNull HardwareAuthToken authToken) {
		if (!android.security.keystore2.AndroidKeyStoreProvider.isInstalled()) return 0;
		try {
		getService().addAuthToken(authToken);
		return 0;
		} catch (RemoteException e) {
		} catch (RemoteException \| NullPointerException e) {
		Log.w(TAG, "Can not connect to keystore", e);
		return SYSTEM_ERROR;
		} catch (ServiceSpecificException e) {
		@@ -73,7 +65,7 @@ public class Authorization {
		* @param authToken
		* @return 0 if successful or a {@code ResponseCode}.
		*/
		public int addAuthToken(@NonNull byte[] authToken) {
		public static int addAuthToken(@NonNull byte[] authToken) {
		return addAuthToken(AuthTokenUtils.toHardwareAuthToken(authToken));
		}

		@@ -86,7 +78,7 @@ public class Authorization {
		*
		* @return 0 if successful or a {@code ResponseCode}.
		*/
		public int onLockScreenEvent(@NonNull boolean locked, @NonNull int userId,
		public static int onLockScreenEvent(@NonNull boolean locked, @NonNull int userId,
		@Nullable byte[] syntheticPassword) {
		if (!android.security.keystore2.AndroidKeyStoreProvider.isInstalled()) return 0;
		try {
		@@ -96,7 +88,7 @@ public class Authorization {
		getService().onLockScreenEvent(LockScreenEvent.UNLOCK, userId, syntheticPassword);
		}
		return 0;
		} catch (RemoteException e) {
		} catch (RemoteException \| NullPointerException e) {
		Log.w(TAG, "Can not connect to keystore", e);
		return SYSTEM_ERROR;
		} catch (ServiceSpecificException e) {

keystore/java/android/security/KeyStore.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -996,7 +996,7 @@ public class KeyStore {
		*/
		public int addAuthToken(byte[] authToken) {
		try {
		new Authorization().addAuthToken(authToken);
		Authorization.addAuthToken(authToken);
		return mBinder.addAuthToken(authToken);
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);

keystore/java/android/security/KeyStore2.java

+0 −1

Original line number	Diff line number	Diff line
		@@ -107,7 +107,6 @@ public class KeyStore2 {
		try {
		return request.execute(service);
		} catch (ServiceSpecificException e) {
		Log.e(TAG, "KeyStore exception", e);
		throw getKeyStoreException(e.errorCode);
		} catch (RemoteException e) {
		if (firstTry) {

services/core/java/com/android/server/locksettings/LockSettingsService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -1280,7 +1280,7 @@ public class LockSettingsService extends ILockSettings.Stub {

		private void unlockKeystore(byte[] password, int userHandle) {
		if (DEBUG) Slog.v(TAG, "Unlock keystore for user: " + userHandle);
		new Authorization().onLockScreenEvent(false, userHandle, password);
		Authorization.onLockScreenEvent(false, userHandle, password);
		// TODO(b/120484642): Update keystore to accept byte[] passwords
		String passwordString = password == null ? null : new String(password);
		final KeyStore ks = KeyStore.getInstance();

services/core/java/com/android/server/trust/TrustManagerService.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -700,7 +700,7 @@ public class TrustManagerService extends SystemService {
		if (changed) {
		dispatchDeviceLocked(userId, locked);

		mAuthorizationService.onLockScreenEvent(locked, userId, null);
		Authorization.onLockScreenEvent(locked, userId, null);
		KeyStore.getInstance().onUserLockedStateChanged(userId, locked);
		// Also update the user's profiles who have unified challenge, since they
		// share the same unlocked state (see {@link #isDeviceLocked(int)})
		@@ -1258,7 +1258,7 @@ public class TrustManagerService extends SystemService {
		mDeviceLockedForUser.put(userId, locked);
		}

		mAuthorizationService.onLockScreenEvent(locked, userId, null);
		Authorization.onLockScreenEvent(locked, userId, null);
		KeyStore.getInstance().onUserLockedStateChanged(userId, locked);

		if (locked) {