Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 54bdf029 authored by Thomas Cedeno's avatar Thomas Cedeno
Browse files

Add onUserStorageLocked to signal to Keystore 

Signal to keystore from UserController when a user
has successfully evicted their CE keys.

Bug: b/376496265
Flag: com.android.server.flags.user_data_refactoring
Test: atest UserControllerTest w/setprop fw.stop_bg_users_on_switch -1
Change-Id: I49a56820c6b7cd576cd4f8f4c5bba16e671e4555
parent b17cc6f3

keystore/java/android/security/KeyStoreAuthorization.java

+21 −0
Original line number Diff line number Diff line
@@ -123,6 +123,27 @@ public class KeyStoreAuthorization { 
        }

    }



    /**

     * Informs Keystore 2.0 that the credential encrypted storage for a particular user has been

     * locked.

     *

     * @param userId - the user's Android user ID

     * @return 0 if successful or a {@code ResponseCode}

     * @hide

     */

    public int onUserStorageLocked(int userId) {

        try {

            getService().onUserStorageLocked(userId);

            return 0;

        } catch (ServiceSpecificException e) {

            Log.e(TAG, "onUserStorageLocked failed", e);

            return e.errorCode;

        } catch (Exception e) {

            Log.e(TAG, "Can not connect to keystore", e);

            return SYSTEM_ERROR;

        }

    }



    /**

     * Gets the last authentication time of the given user and authenticators.

     *

services/core/java/com/android/server/am/UserController.java

+13 −3
Original line number Diff line number Diff line
@@ -112,6 +112,7 @@ import android.os.UserHandle; 
import android.os.UserManager;

import android.os.storage.IStorageManager;

import android.os.storage.StorageManager;

import android.security.KeyStoreAuthorization;

import android.text.TextUtils;

import android.text.format.DateUtils;

import android.util.ArraySet;
@@ -1524,9 +1525,10 @@ class UserController implements Handler.Callback { 


    private void dispatchUserLocking(@UserIdInt int userId,

            @Nullable List<KeyEvictedCallback> keyEvictedCallbacks) {

        // Evict the user's credential encryption key. Performed on FgThread to make it

        // serialized with call to UserManagerService.onBeforeUnlockUser in finishUserUnlocking

        // to prevent data corruption.

        // Evict user secrets that require strong authentication to unlock. This includes locking

        // the user's credential-encrypted storage and evicting the user's keystore super keys.

        // Performed on FgThread to make it serialized with call to

        // UserManagerService.onBeforeUnlockUser in finishUserUnlocking to prevent data corruption.

        FgThread.getHandler().post(() -> {

            synchronized (mLock) {

                if (mStartedUsers.get(userId) != null) {
@@ -1540,6 +1542,10 @@ class UserController implements Handler.Callback { 
            } catch (RemoteException re) {

                throw re.rethrowAsRuntimeException();

            }

            if (com.android.server.flags.Flags.userDataRefactoring()) {

                // Send communication to keystore to wipe key cache for the given userId.

                mInjector.getKeyStoreAuthorization().onUserStorageLocked(userId);

            }

            if (keyEvictedCallbacks == null) {

                return;

            }
@@ -4045,6 +4051,10 @@ class UserController implements Handler.Callback { 
            return mService.mContext.getSystemService(KeyguardManager.class);

        }



        KeyStoreAuthorization getKeyStoreAuthorization() {

            return KeyStoreAuthorization.getInstance();

        }



        void batteryStatsServiceNoteEvent(int code, String name, int uid) {

            mService.mBatteryStatsService.noteEvent(code, name, uid);

        }