Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2d64d77 authored by Dmitry Dementyev's avatar Dmitry Dementyev Committed by android-build-merger
Browse files

Merge "Add RECOVER_KEYSTORE permission check to all IPC calls in RecoveryController." into pi-dev 

am: 69d41b05

Change-Id: Icd7c8b1aa836ad8cec54c23ed4b0bd0730e722f6
parents 3df3fecd 69d41b05

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+7 −0
Original line number Diff line number Diff line
@@ -247,6 +247,7 @@ public class RecoverableKeyStoreManager { 
            @NonNull String rootCertificateAlias, @NonNull byte[] recoveryServiceCertFile,

            @NonNull byte[] recoveryServiceSigFile)

            throws RemoteException {

        checkRecoverKeyStorePermission();

        if (rootCertificateAlias == null) {

            Log.e(TAG, "rootCertificateAlias is null");

        }
@@ -356,6 +357,7 @@ public class RecoverableKeyStoreManager { 
     *     {@link RecoveryController#RECOVERY_STATUS_PERMANENT_FAILURE}.

     */

    public @NonNull Map<String, Integer> getRecoveryStatus() throws RemoteException {

        checkRecoverKeyStorePermission();

        return mDatabase.getStatusForAllKeys(Binder.getCallingUid());

    }
@@ -656,6 +658,7 @@ public class RecoverableKeyStoreManager { 
     * @hide

     */

    public byte[] generateAndStoreKey(@NonNull String alias) throws RemoteException {

        checkRecoverKeyStorePermission();

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();
@@ -688,6 +691,7 @@ public class RecoverableKeyStoreManager { 
    }



    public void removeKey(@NonNull String alias) throws RemoteException {

        checkRecoverKeyStorePermission();

        Preconditions.checkNotNull(alias, "alias is null");

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();
@@ -706,6 +710,7 @@ public class RecoverableKeyStoreManager { 
     * @return grant alias, which caller can use to access the key.

     */

    public String generateKey(@NonNull String alias) throws RemoteException {

        checkRecoverKeyStorePermission();

        Preconditions.checkNotNull(alias, "alias is null");

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();
@@ -745,6 +750,7 @@ public class RecoverableKeyStoreManager { 
     */

    public String importKey(@NonNull String alias, @NonNull byte[] keyBytes)

            throws RemoteException {

        checkRecoverKeyStorePermission();

        Preconditions.checkNotNull(alias, "alias is null");

        Preconditions.checkNotNull(keyBytes, "keyBytes is null");

        if (keyBytes.length != RecoverableKeyGenerator.KEY_SIZE_BITS / Byte.SIZE) {
@@ -790,6 +796,7 @@ public class RecoverableKeyStoreManager { 
     * @return grant alias, which caller can use to access the key.

     */

    public String getKey(@NonNull String alias) throws RemoteException {

        checkRecoverKeyStorePermission();

        Preconditions.checkNotNull(alias, "alias is null");

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();