Merge "Rename the fix_unlocked_device_required_keys flag" into main am: b932bbb958 (45193744) · Commits · e / os / android_frameworks_base

core/java/android/security/flags.aconfig

+1 −1

Original line number	Diff line number	Diff line
		@@ -8,7 +8,7 @@ flag {
		}

		flag {
		name: "fix_unlocked_device_required_keys"
		name: "fix_unlocked_device_required_keys_v2"
		namespace: "hardware_backed_security"
		description: "Fix bugs in behavior of UnlockedDeviceRequired keystore keys"
		bug: "296464083"

+1 −1

Original line number	Diff line number	Diff line
		@@ -246,7 +246,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		private static final String MIGRATED_SP_FULL = "migrated_all_users_to_sp_and_bound_keys";

		private static final boolean FIX_UNLOCKED_DEVICE_REQUIRED_KEYS =
		android.security.Flags.fixUnlockedDeviceRequiredKeys();
		android.security.Flags.fixUnlockedDeviceRequiredKeysV2();

		// Duration that LockSettingsService will store the gatekeeper password for. This allows
		// multiple biometric enrollments without prompting the user to enter their password via

+1 −1

Original line number	Diff line number	Diff line
		@@ -829,7 +829,7 @@ public class TrustManagerService extends SystemService {
		}

		final boolean trusted;
		if (android.security.Flags.fixUnlockedDeviceRequiredKeys()) {
		if (android.security.Flags.fixUnlockedDeviceRequiredKeysV2()) {
		trusted = getUserTrustStateInner(id) == TrustState.TRUSTED;
		} else {
		trusted = aggregateIsTrusted(id);

+2 −2

Original line number	Diff line number	Diff line
		@@ -93,7 +93,7 @@ class GrantAndRevokeTrustTest {
		}

		@Test
		@RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS)
		@RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2)
		fun grantCannotActivelyUnlockDevice() {
		// On automotive, trust agents can actively unlock the device.
		assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE))
		@@ -120,7 +120,7 @@ class GrantAndRevokeTrustTest {
		}

		@Test
		@RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS)
		@RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2)
		fun grantCouldCauseWrongDeviceLockedStateDueToBug() {
		// On automotive, trust agents can actively unlock the device.
		assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE))

+4 −3

Original line number	Diff line number	Diff line
		@@ -36,7 +36,8 @@ import org.junit.runners.model.Statement
		class LockStateTrackingRule : TestRule {
		private val context: Context = getApplicationContext()
		private val windowManager = checkNotNull(WindowManagerGlobal.getWindowManagerService())
		private val keyguardManager = context.getSystemService(KeyguardManager::class.java) as KeyguardManager
		private val keyguardManager =
		context.getSystemService(KeyguardManager::class.java) as KeyguardManager

		@Volatile lateinit var trustState: TrustState
		private set
		@@ -63,7 +64,7 @@ class LockStateTrackingRule : TestRule {
		wait("not trusted") { trustState.trusted == false }
		}

		// TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS
		// TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2
		fun assertUnlockedButNotReally() {
		wait("device unlocked") { !keyguardManager.isDeviceLocked }
		wait("not trusted") { trustState.trusted == false }