Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 98bb355a authored by Alex Johnston's avatar Alex Johnston
Browse files

hasKeyPair callable by the cred mng app 

The credential management app can call
hasKeyPair. The provided alias must be
found in the credential management
app's authentication policy.

Bug: 177979648
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
      atest android.devicepolicy.cts.CredentialManagementAppTest
Change-Id: Ib28549fb4e2848ba012df2d154d28f2002ec6e59
parent 3203531c

core/java/android/app/admin/DevicePolicyManager.java

+13 −4
Original line number Diff line number Diff line
@@ -6159,13 +6159,22 @@ public class DevicePolicyManager { 














    // STOPSHIP(b/174298501): clarify the expected return value following generateKeyPair call.















    /**













     * Called by a device or profile owner, or delegated certificate installer, to query whether a













     * certificate and private key are installed under a given alias.













     * This API can be called by the following to query whether a certificate and private key are













     * installed under a given alias:













     * <ul>













     *    <li>Device owner</li>













     *    <li>Profile owner</li>













     *    <li>Delegated certificate installer</li>













     *    <li>Credential management app</li>













     * </ul>













     *













     * If called by the credential management app, the alias must exist in the credential













     * management app's {@link android.security.AppUriAuthenticationPolicy}.















     *















     * @param alias The alias under which the key pair is installed.















     * @return {@code true} if a key pair with this alias exists, {@code false} otherwise.













     * @throws SecurityException if the caller is not a device or profile owner or a delegated













     *         certificate installer.













     * @throws SecurityException if the caller is not a device or profile owner, a delegated













     *         certificate installer or the credential management app.















     * @see #setDelegatedScopes















     * @see #DELEGATION_CERT_INSTALL















     */

































services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java



+2
−1




























Original line number
Diff line number
Diff line








@@ -5488,7 +5488,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













    @Override















    public boolean hasKeyPair(String callerPackage, String alias) {















        final CallerIdentity caller = getCallerIdentity(callerPackage);













        Preconditions.checkCallAuthorization(canManageCertificates(caller));













        Preconditions.checkCallAuthorization(canManageCertificates(caller)













                || isCredentialManagementApp(caller, alias));





























        return mInjector.binderWithCleanCallingIdentity(() -> {















            try (KeyChainConnection keyChainConnection =