Loading core/java/android/app/admin/DevicePolicyManager.java +12 −0 Original line number Diff line number Diff line Loading @@ -7394,6 +7394,9 @@ public class DevicePolicyManager { * The grantee app will receive the {@link android.security.KeyChain#ACTION_KEY_ACCESS_CHANGED} * broadcast when access to a key is granted. * * Starting from {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE} throws an * {@link IllegalArgumentException} if {@code alias} doesn't correspond to an existing key. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with, or * {@code null} if calling from a delegated certificate chooser. * @param alias The alias of the key to grant access to. Loading Loading @@ -7460,6 +7463,9 @@ public class DevicePolicyManager { * The grantee app will receive the {@link android.security.KeyChain#ACTION_KEY_ACCESS_CHANGED} * broadcast when access to a key is revoked. * * Starting from {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE} throws an * {@link IllegalArgumentException} if {@code alias} doesn't correspond to an existing key. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with, or * {@code null} if calling from a delegated certificate chooser. * @param alias The alias of the key to revoke access from. Loading Loading @@ -7490,6 +7496,9 @@ public class DevicePolicyManager { * pair for authentication to Wifi networks. The key can then be used in configurations passed * to {@link android.net.wifi.WifiManager#addNetwork}. * * Starting from {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE} throws an * {@link IllegalArgumentException} if {@code alias} doesn't correspond to an existing key. * * @param alias The alias of the key pair. * @return {@code true} if the operation was set successfully, {@code false} otherwise. * Loading @@ -7513,6 +7522,9 @@ public class DevicePolicyManager { * pair for authentication to Wifi networks. Configured networks using this key won't be able to * authenticate. * * Starting from {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE} throws an * {@link IllegalArgumentException} if {@code alias} doesn't correspond to an existing key. * * @param alias The alias of the key pair. * @return {@code true} if the operation was set successfully, {@code false} otherwise. * Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +28 −4 Original line number Diff line number Diff line Loading @@ -671,6 +671,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @EnabledSince(targetSdkVersion = Build.VERSION_CODES.S) private static final long PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT = 165573442L; /** * For Admin Apps targeting U+ * If {@link android.security.IKeyChainService#setGrant} is called with an alias with no * existing key, throw IllegalArgumentException. */ @ChangeId @EnabledSince(targetSdkVersion = Build.VERSION_CODES.UPSIDE_DOWN_CAKE) private static final long THROW_EXCEPTION_WHEN_KEY_MISSING = 175101461L; private static final String CREDENTIAL_MANAGEMENT_APP_INVALID_ALIAS_MSG = "The alias provided must be contained in the aliases specified in the credential " + "management app's authentication policy"; Loading Loading @@ -5654,8 +5663,16 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final CallerIdentity caller = getCallerIdentity(callerPackage); Preconditions.checkCallAuthorization(canChooseCertificates(caller)); return setKeyChainGrantInternal(alias, hasGrant, Process.WIFI_UID, caller.getUserHandle()); try { return setKeyChainGrantInternal( alias, hasGrant, Process.WIFI_UID, caller.getUserHandle()); } catch (IllegalArgumentException e) { if (mInjector.isChangeEnabled(THROW_EXCEPTION_WHEN_KEY_MISSING, caller.getPackageName(), caller.getUserId())) { throw e; } return false; } } @Override Loading Loading @@ -5705,8 +5722,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } catch (RemoteException e) { throw new IllegalStateException("Failure getting grantee uid", e); } try { return setKeyChainGrantInternal(alias, hasGrant, granteeUid, caller.getUserHandle()); } catch (IllegalArgumentException e) { if (mInjector.isChangeEnabled(THROW_EXCEPTION_WHEN_KEY_MISSING, packageName, caller.getUserId())) { throw e; } return false; } } private boolean setKeyChainGrantInternal(String alias, boolean hasGrant, int granteeUid, Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +12 −0 Original line number Diff line number Diff line Loading @@ -7394,6 +7394,9 @@ public class DevicePolicyManager { * The grantee app will receive the {@link android.security.KeyChain#ACTION_KEY_ACCESS_CHANGED} * broadcast when access to a key is granted. * * Starting from {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE} throws an * {@link IllegalArgumentException} if {@code alias} doesn't correspond to an existing key. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with, or * {@code null} if calling from a delegated certificate chooser. * @param alias The alias of the key to grant access to. Loading Loading @@ -7460,6 +7463,9 @@ public class DevicePolicyManager { * The grantee app will receive the {@link android.security.KeyChain#ACTION_KEY_ACCESS_CHANGED} * broadcast when access to a key is revoked. * * Starting from {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE} throws an * {@link IllegalArgumentException} if {@code alias} doesn't correspond to an existing key. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with, or * {@code null} if calling from a delegated certificate chooser. * @param alias The alias of the key to revoke access from. Loading Loading @@ -7490,6 +7496,9 @@ public class DevicePolicyManager { * pair for authentication to Wifi networks. The key can then be used in configurations passed * to {@link android.net.wifi.WifiManager#addNetwork}. * * Starting from {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE} throws an * {@link IllegalArgumentException} if {@code alias} doesn't correspond to an existing key. * * @param alias The alias of the key pair. * @return {@code true} if the operation was set successfully, {@code false} otherwise. * Loading @@ -7513,6 +7522,9 @@ public class DevicePolicyManager { * pair for authentication to Wifi networks. Configured networks using this key won't be able to * authenticate. * * Starting from {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE} throws an * {@link IllegalArgumentException} if {@code alias} doesn't correspond to an existing key. * * @param alias The alias of the key pair. * @return {@code true} if the operation was set successfully, {@code false} otherwise. * Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +28 −4 Original line number Diff line number Diff line Loading @@ -671,6 +671,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @EnabledSince(targetSdkVersion = Build.VERSION_CODES.S) private static final long PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT = 165573442L; /** * For Admin Apps targeting U+ * If {@link android.security.IKeyChainService#setGrant} is called with an alias with no * existing key, throw IllegalArgumentException. */ @ChangeId @EnabledSince(targetSdkVersion = Build.VERSION_CODES.UPSIDE_DOWN_CAKE) private static final long THROW_EXCEPTION_WHEN_KEY_MISSING = 175101461L; private static final String CREDENTIAL_MANAGEMENT_APP_INVALID_ALIAS_MSG = "The alias provided must be contained in the aliases specified in the credential " + "management app's authentication policy"; Loading Loading @@ -5654,8 +5663,16 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final CallerIdentity caller = getCallerIdentity(callerPackage); Preconditions.checkCallAuthorization(canChooseCertificates(caller)); return setKeyChainGrantInternal(alias, hasGrant, Process.WIFI_UID, caller.getUserHandle()); try { return setKeyChainGrantInternal( alias, hasGrant, Process.WIFI_UID, caller.getUserHandle()); } catch (IllegalArgumentException e) { if (mInjector.isChangeEnabled(THROW_EXCEPTION_WHEN_KEY_MISSING, caller.getPackageName(), caller.getUserId())) { throw e; } return false; } } @Override Loading Loading @@ -5705,8 +5722,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } catch (RemoteException e) { throw new IllegalStateException("Failure getting grantee uid", e); } try { return setKeyChainGrantInternal(alias, hasGrant, granteeUid, caller.getUserHandle()); } catch (IllegalArgumentException e) { if (mInjector.isChangeEnabled(THROW_EXCEPTION_WHEN_KEY_MISSING, packageName, caller.getUserId())) { throw e; } return false; } } private boolean setKeyChainGrantInternal(String alias, boolean hasGrant, int granteeUid, Loading
