Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 27a776f5 authored by Eric Biggers's avatar Eric Biggers
Browse files

Rename the fix_unlocked_device_required_keys flag 

This flag was defined as a regular flag and then was later changed to a
fixed_read_only flag.  This scenario is currently "unsupported" by the
flags infrastructure; an error occurs when trying to advance the flag to
staging.  Work around this by renaming the flag so that the flags
infrastructure sees it as an entirely new flag.

(Also fix two formatting errors in LockStateTrackingRule.kt which were
causing the ktlint_hook pre-upload hook to fail.)

Bug: 296464083
Bug: 311648623
Test: build
Change-Id: Ia8c7b3d2602bcbd4e349cc7f340ff6077412996e
parent 0cb5a08b

core/java/android/security/flags.aconfig

+1 −1
Original line number Diff line number Diff line
@@ -8,7 +8,7 @@ flag { 
}



flag {

    name: "fix_unlocked_device_required_keys"

    name: "fix_unlocked_device_required_keys_v2"

    namespace: "hardware_backed_security"

    description: "Fix bugs in behavior of UnlockedDeviceRequired keystore keys"

    bug: "296464083"

services/core/java/com/android/server/locksettings/LockSettingsService.java

+1 −1
Original line number Diff line number Diff line
@@ -246,7 +246,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
    private static final String MIGRATED_SP_FULL = "migrated_all_users_to_sp_and_bound_keys";



    private static final boolean FIX_UNLOCKED_DEVICE_REQUIRED_KEYS =

            android.security.Flags.fixUnlockedDeviceRequiredKeys();

            android.security.Flags.fixUnlockedDeviceRequiredKeysV2();



    // Duration that LockSettingsService will store the gatekeeper password for. This allows

    // multiple biometric enrollments without prompting the user to enter their password via

services/core/java/com/android/server/trust/TrustManagerService.java

+1 −1
Original line number Diff line number Diff line
@@ -829,7 +829,7 @@ public class TrustManagerService extends SystemService { 
            }



            final boolean trusted;

            if (android.security.Flags.fixUnlockedDeviceRequiredKeys()) {

            if (android.security.Flags.fixUnlockedDeviceRequiredKeysV2()) {

                trusted = getUserTrustStateInner(id) == TrustState.TRUSTED;

            } else {

                trusted = aggregateIsTrusted(id);

tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt

+2 −2
Original line number Diff line number Diff line
@@ -93,7 +93,7 @@ class GrantAndRevokeTrustTest { 
    }



    @Test

    @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS)

    @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2)

    fun grantCannotActivelyUnlockDevice() {

        // On automotive, trust agents can actively unlock the device.

        assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE))
@@ -120,7 +120,7 @@ class GrantAndRevokeTrustTest { 
    }



    @Test

    @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS)

    @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2)

    fun grantCouldCauseWrongDeviceLockedStateDueToBug() {

        // On automotive, trust agents can actively unlock the device.

        assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE))

tests/TrustTests/src/android/trust/test/lib/LockStateTrackingRule.kt

+4 −3
Original line number Diff line number Diff line
@@ -36,7 +36,8 @@ import org.junit.runners.model.Statement 
class LockStateTrackingRule : TestRule {

    private val context: Context = getApplicationContext()

    private val windowManager = checkNotNull(WindowManagerGlobal.getWindowManagerService())

    private val keyguardManager = context.getSystemService(KeyguardManager::class.java) as KeyguardManager

    private val keyguardManager =

            context.getSystemService(KeyguardManager::class.java) as KeyguardManager



    @Volatile lateinit var trustState: TrustState

        private set
@@ -63,7 +64,7 @@ class LockStateTrackingRule : TestRule { 
        wait("not trusted") { trustState.trusted == false }

    }



    // TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS

    // TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2

    fun assertUnlockedButNotReally() {

        wait("device unlocked") { !keyguardManager.isDeviceLocked }

        wait("not trusted") { trustState.trusted == false }