Loading core/java/android/app/admin/DevicePolicyManager.java +13 −4 Original line number Original line Diff line number Diff line Loading @@ -6169,13 +6169,22 @@ public class DevicePolicyManager { // STOPSHIP(b/174298501): clarify the expected return value following generateKeyPair call. // STOPSHIP(b/174298501): clarify the expected return value following generateKeyPair call. /** /** * Called by a device or profile owner, or delegated certificate installer, to query whether a * This API can be called by the following to query whether a certificate and private key are * certificate and private key are installed under a given alias. * installed under a given alias: * <ul> * <li>Device owner</li> * <li>Profile owner</li> * <li>Delegated certificate installer</li> * <li>Credential management app</li> * </ul> * * If called by the credential management app, the alias must exist in the credential * management app's {@link android.security.AppUriAuthenticationPolicy}. * * * @param alias The alias under which the key pair is installed. * @param alias The alias under which the key pair is installed. * @return {@code true} if a key pair with this alias exists, {@code false} otherwise. * @return {@code true} if a key pair with this alias exists, {@code false} otherwise. * @throws SecurityException if the caller is not a device or profile owner or a delegated * @throws SecurityException if the caller is not a device or profile owner, a delegated * certificate installer. * certificate installer or the credential management app. * @see #setDelegatedScopes * @see #setDelegatedScopes * @see #DELEGATION_CERT_INSTALL * @see #DELEGATION_CERT_INSTALL */ */ Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +2 −1 Original line number Original line Diff line number Diff line Loading @@ -5482,7 +5482,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override @Override public boolean hasKeyPair(String callerPackage, String alias) { public boolean hasKeyPair(String callerPackage, String alias) { final CallerIdentity caller = getCallerIdentity(callerPackage); final CallerIdentity caller = getCallerIdentity(callerPackage); Preconditions.checkCallAuthorization(canManageCertificates(caller)); Preconditions.checkCallAuthorization(canManageCertificates(caller) || isCredentialManagementApp(caller, alias)); return mInjector.binderWithCleanCallingIdentity(() -> { return mInjector.binderWithCleanCallingIdentity(() -> { try (KeyChainConnection keyChainConnection = try (KeyChainConnection keyChainConnection = Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +13 −4 Original line number Original line Diff line number Diff line Loading @@ -6169,13 +6169,22 @@ public class DevicePolicyManager { // STOPSHIP(b/174298501): clarify the expected return value following generateKeyPair call. // STOPSHIP(b/174298501): clarify the expected return value following generateKeyPair call. /** /** * Called by a device or profile owner, or delegated certificate installer, to query whether a * This API can be called by the following to query whether a certificate and private key are * certificate and private key are installed under a given alias. * installed under a given alias: * <ul> * <li>Device owner</li> * <li>Profile owner</li> * <li>Delegated certificate installer</li> * <li>Credential management app</li> * </ul> * * If called by the credential management app, the alias must exist in the credential * management app's {@link android.security.AppUriAuthenticationPolicy}. * * * @param alias The alias under which the key pair is installed. * @param alias The alias under which the key pair is installed. * @return {@code true} if a key pair with this alias exists, {@code false} otherwise. * @return {@code true} if a key pair with this alias exists, {@code false} otherwise. * @throws SecurityException if the caller is not a device or profile owner or a delegated * @throws SecurityException if the caller is not a device or profile owner, a delegated * certificate installer. * certificate installer or the credential management app. * @see #setDelegatedScopes * @see #setDelegatedScopes * @see #DELEGATION_CERT_INSTALL * @see #DELEGATION_CERT_INSTALL */ */ Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +2 −1 Original line number Original line Diff line number Diff line Loading @@ -5482,7 +5482,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override @Override public boolean hasKeyPair(String callerPackage, String alias) { public boolean hasKeyPair(String callerPackage, String alias) { final CallerIdentity caller = getCallerIdentity(callerPackage); final CallerIdentity caller = getCallerIdentity(callerPackage); Preconditions.checkCallAuthorization(canManageCertificates(caller)); Preconditions.checkCallAuthorization(canManageCertificates(caller) || isCredentialManagementApp(caller, alias)); return mInjector.binderWithCleanCallingIdentity(() -> { return mInjector.binderWithCleanCallingIdentity(() -> { try (KeyChainConnection keyChainConnection = try (KeyChainConnection keyChainConnection = Loading