Fix bug where PlatformKeyManager did not save generation ID (b811553c) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java

+11 −7

Original line number	Original line	Diff line number	Diff line
	@@ -115,16 +115,12 @@ public class PlatformKeyManager {
	/**		/**
	* Returns the current generation ID of the platform key. This increments whenever a platform		* Returns the current generation ID of the platform key. This increments whenever a platform
	* key has to be replaced. (e.g., because the user has removed and then re-added their lock		* key has to be replaced. (e.g., because the user has removed and then re-added their lock
	* screen).		* screen). Returns -1 if no key has been generated yet.
	*		*
	* @hide		* @hide
	*/		*/
	public int getGenerationId() {		public int getGenerationId() {
	int generationId = mDatabase.getPlatformKeyGenerationId(mUserId);		return mDatabase.getPlatformKeyGenerationId(mUserId);
	if (generationId == -1) {
	return 1;
	}
	return generationId;
	}		}

	/**		/**
	@@ -207,14 +203,22 @@ public class PlatformKeyManager {
	Locale.US, "Platform key generation %d exists already.", generationId));		Locale.US, "Platform key generation %d exists already.", generationId));
	return;		return;
	}		}
	if (generationId == 1) {		if (generationId == -1) {
	Log.i(TAG, "Generating initial platform ID.");		Log.i(TAG, "Generating initial platform ID.");
	} else {		} else {
	Log.w(TAG, String.format(Locale.US, "Platform generation ID was %d but no "		Log.w(TAG, String.format(Locale.US, "Platform generation ID was %d but no "
	+ "entry was present in AndroidKeyStore. Generating fresh key.", generationId));		+ "entry was present in AndroidKeyStore. Generating fresh key.", generationId));
	}		}

			if (generationId == -1) {
			generationId = 1;
			} else {
			// Had to generate a fresh key, bump the generation id
			generationId++;
			}

	generateAndLoadKey(generationId);		generateAndLoadKey(generationId);
			mDatabase.setPlatformKeyGenerationId(mUserId, generationId);
	}		}

	/**		/**

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+0 −1

Original line number	Original line	Diff line number	Diff line
	@@ -216,7 +216,6 @@ public class RecoverableKeyStoreManager {
	// Any application should be able to check status for its own keys.		// Any application should be able to check status for its own keys.
	// If caller is a recovery agent it can check statuses for other packages, but		// If caller is a recovery agent it can check statuses for other packages, but
	// only for recoverable keys it manages.		// only for recoverable keys it manages.
	checkRecoverKeyStorePermission();
	return mDatabase.getStatusForAllKeys(Binder.getCallingUid());		return mDatabase.getStatusForAllKeys(Binder.getCallingUid());
	}		}

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/PlatformKeyManagerTest.java

+41 −0

Original line number	Original line	Diff line number	Diff line
	@@ -204,6 +204,14 @@ public class PlatformKeyManagerTest {
	((KeyStore.SecretKeyEntry) entries.get(1)).getSecretKey().getEncoded());		((KeyStore.SecretKeyEntry) entries.get(1)).getSecretKey().getEncoded());
	}		}

			@Test
			public void init_savesGenerationIdToDatabase() throws Exception {
			mPlatformKeyManager.init();

			assertEquals(1,
			mRecoverableKeyStoreDb.getPlatformKeyGenerationId(USER_ID_FIXTURE));
			}

	@Test		@Test
	public void init_setsGenerationIdTo1() throws Exception {		public void init_setsGenerationIdTo1() throws Exception {
	mPlatformKeyManager.init();		mPlatformKeyManager.init();
	@@ -211,8 +219,39 @@ public class PlatformKeyManagerTest {
	assertEquals(1, mPlatformKeyManager.getGenerationId());		assertEquals(1, mPlatformKeyManager.getGenerationId());
	}		}

			@Test
			public void init_incrementsGenerationIdIfKeyIsUnavailable() throws Exception {
			mPlatformKeyManager.init();

			mPlatformKeyManager.init();

			assertEquals(2, mPlatformKeyManager.getGenerationId());
			}

			@Test
			public void init_doesNotIncrementGenerationIdIfKeyAvailable() throws Exception {
			mPlatformKeyManager.init();
			when(mKeyStoreProxy
			.containsAlias("com.android.server.locksettings.recoverablekeystore/"
			+ "platform/42/1/decrypt")).thenReturn(true);
			when(mKeyStoreProxy
			.containsAlias("com.android.server.locksettings.recoverablekeystore/"
			+ "platform/42/1/encrypt")).thenReturn(true);

			mPlatformKeyManager.init();

			assertEquals(1, mPlatformKeyManager.getGenerationId());
			}

			@Test
			public void getGenerationId_returnsMinusOneIfNotInitialized() throws Exception {
			assertEquals(-1, mPlatformKeyManager.getGenerationId());
			}

	@Test		@Test
	public void getDecryptKey_getsDecryptKeyWithCorrectAlias() throws Exception {		public void getDecryptKey_getsDecryptKeyWithCorrectAlias() throws Exception {
			mPlatformKeyManager.init();

	mPlatformKeyManager.getDecryptKey();		mPlatformKeyManager.getDecryptKey();

	verify(mKeyStoreProxy).getKey(		verify(mKeyStoreProxy).getKey(
	@@ -222,6 +261,8 @@ public class PlatformKeyManagerTest {

	@Test		@Test
	public void getEncryptKey_getsDecryptKeyWithCorrectAlias() throws Exception {		public void getEncryptKey_getsDecryptKeyWithCorrectAlias() throws Exception {
			mPlatformKeyManager.init();

	mPlatformKeyManager.getEncryptKey();		mPlatformKeyManager.getEncryptKey();

	verify(mKeyStoreProxy).getKey(		verify(mKeyStoreProxy).getKey(