Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b2348adb authored by Eric Biggers's avatar Eric Biggers Committed by Gerrit Code Review
Browse files

Merge changes I0880685c,I865ec19d,Id3a1e34b,I31c4f4d2,I17103be4 into main 

* changes:
  Fix refreshDeviceLockedForUser() to use correct trust state
  Improve LockStateTrackingRule
  Add flag fix_unlocked_device_required_keys
  Fix kotlin nullable errors in TrustTests
  Include TrustState in TrustManagerService dumpUser
parents 3b7fe89e c6772277

core/java/android/security/flags.aconfig

+7 −0
Original line number Diff line number Diff line
@@ -6,3 +6,10 @@ flag { 
    description: "Feature flag for fs-verity API"

    bug: "285185747"

}



flag {

    name: "fix_unlocked_device_required_keys"

    namespace: "hardware_backed_security"

    description: "Fix bugs in behavior of UnlockedDeviceRequired keystore keys"

    bug: "296464083"

}

services/core/java/com/android/server/trust/TrustManagerService.java

+13 −2
Original line number Diff line number Diff line
@@ -830,6 +830,12 @@ public class TrustManagerService extends SystemService { 
        }

    }



    private TrustState getUserTrustStateInner(int userId) {

        synchronized (mUserTrustState) {

            return mUserTrustState.get(userId, TrustState.UNTRUSTED);

        }

    }



    boolean isDeviceLockedInner(int userId) {

        synchronized (mDeviceLockedForUser) {

            return mDeviceLockedForUser.get(userId, true);
@@ -880,7 +886,12 @@ public class TrustManagerService extends SystemService { 
                continue;

            }



            boolean trusted = aggregateIsTrusted(id);

            final boolean trusted;

            if (android.security.Flags.fixUnlockedDeviceRequiredKeys()) {

                trusted = getUserTrustStateInner(id) == TrustState.TRUSTED;

            } else {

                trusted = aggregateIsTrusted(id);

            }

            boolean showingKeyguard = true;

            boolean biometricAuthenticated = false;

            boolean currentUserIsUnlocked = false;
@@ -1644,7 +1655,7 @@ public class TrustManagerService extends SystemService { 
            if (isCurrent) {

                fout.print(" (current)");

            }

            fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id)));

            fout.print(": trustState=" + getUserTrustStateInner(user.id));

            fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id)));

            fout.print(", deviceLocked=" + dumpBool(isDeviceLockedInner(user.id)));

            fout.print(", strongAuthRequired=" + dumpHex(

tests/TrustTests/Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ android_test { 
        "androidx.test.rules",

        "androidx.test.ext.junit",

        "androidx.test.uiautomator_uiautomator",

        "flag-junit",

        "mockito-target-minus-junit4",

        "servicestests-utils",

        "truth-prebuilt",

tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt

+53 −1
Original line number Diff line number Diff line
@@ -16,6 +16,10 @@ 


package android.trust.test



import android.content.pm.PackageManager

import android.platform.test.annotations.RequiresFlagsDisabled

import android.platform.test.annotations.RequiresFlagsEnabled

import android.platform.test.flag.junit.DeviceFlagsValueProvider

import android.service.trust.GrantTrustResult

import android.trust.BaseTrustAgentService

import android.trust.TrustTestActivity
@@ -27,6 +31,7 @@ import androidx.test.ext.junit.runners.AndroidJUnit4 
import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation

import androidx.test.uiautomator.UiDevice

import com.android.server.testutils.mock

import org.junit.Assume.assumeFalse

import org.junit.Before

import org.junit.Rule

import org.junit.Test
@@ -45,6 +50,7 @@ class GrantAndRevokeTrustTest { 
    private val activityScenarioRule = ActivityScenarioRule(TrustTestActivity::class.java)

    private val lockStateTrackingRule = LockStateTrackingRule()

    private val trustAgentRule = TrustAgentRule<GrantAndRevokeTrustAgent>()

    private val packageManager = getInstrumentation().getTargetContext().getPackageManager()



    @get:Rule

    val rule: RuleChain = RuleChain
@@ -52,6 +58,7 @@ class GrantAndRevokeTrustTest { 
        .around(ScreenLockRule())

        .around(lockStateTrackingRule)

        .around(trustAgentRule)

        .around(DeviceFlagsValueProvider.createCheckFlagsRule())



    @Before

    fun manageTrust() {
@@ -72,7 +79,7 @@ class GrantAndRevokeTrustTest { 
        trustAgentRule.agent.grantTrust(GRANT_MESSAGE, 10000, 0) {}

        uiDevice.sleep()



        lockStateTrackingRule.assertUnlocked()

        lockStateTrackingRule.assertUnlockedAndTrusted()

    }



    @Test
@@ -85,6 +92,51 @@ class GrantAndRevokeTrustTest { 
        lockStateTrackingRule.assertLocked()

    }



    @Test

    @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS)

    fun grantCannotActivelyUnlockDevice() {

        // On automotive, trust agents can actively unlock the device.

        assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE))



        // Lock the device.

        uiDevice.sleep()

        lockStateTrackingRule.assertLocked()



        // Grant trust.

        trustAgentRule.agent.grantTrust(GRANT_MESSAGE, 10000, 0) {}



        // The grant should not have unlocked the device.  Wait a bit so that

        // TrustManagerService probably will have finished processing the grant.

        await()

        lockStateTrackingRule.assertLocked()



        // Turn the screen on and off to cause TrustManagerService to refresh

        // its deviceLocked state.  Then verify the state is still locked.  This

        // part failed before the fix for b/296464083.

        uiDevice.wakeUp()

        uiDevice.sleep()

        await()

        lockStateTrackingRule.assertLocked()

    }



    @Test

    @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS)

    fun grantCouldCauseWrongDeviceLockedStateDueToBug() {

        // On automotive, trust agents can actively unlock the device.

        assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE))



        // Verify that b/296464083 exists.  That is, when the device is locked

        // and a trust agent grants trust, the deviceLocked state incorrectly

        // becomes false even though the device correctly remains locked.

        uiDevice.sleep()

        lockStateTrackingRule.assertLocked()

        trustAgentRule.agent.grantTrust(GRANT_MESSAGE, 10000, 0) {}

        uiDevice.wakeUp()

        uiDevice.sleep()

        await()

        lockStateTrackingRule.assertUnlockedButNotReally()

    }



    @Test

    fun grantDoesNotCallBack() {

        val callback = mock<(GrantTrustResult) -> Unit>()

tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt

+2 −2
Original line number Diff line number Diff line
@@ -102,7 +102,7 @@ class TemporaryAndRenewableTrustTest { 
        trustAgentRule.agent.grantTrust(

            GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}



        lockStateTrackingRule.assertUnlocked()

        lockStateTrackingRule.assertUnlockedAndTrusted()

    }



    @Test
@@ -125,7 +125,7 @@ class TemporaryAndRenewableTrustTest { 
            Log.i(TAG, "Callback received; status=${it.status}")

            result = it

        }

        lockStateTrackingRule.assertUnlocked()

        lockStateTrackingRule.assertUnlockedAndTrusted()



        wait("callback triggered") { result?.status == STATUS_UNLOCKED_BY_GRANT }

    }