Loading core/java/android/security/flags.aconfig +1 −1 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ flag { } flag { name: "fix_unlocked_device_required_keys" name: "fix_unlocked_device_required_keys_v2" namespace: "hardware_backed_security" description: "Fix bugs in behavior of UnlockedDeviceRequired keystore keys" bug: "296464083" Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +1 −1 Original line number Diff line number Diff line Loading @@ -246,7 +246,7 @@ public class LockSettingsService extends ILockSettings.Stub { private static final String MIGRATED_SP_FULL = "migrated_all_users_to_sp_and_bound_keys"; private static final boolean FIX_UNLOCKED_DEVICE_REQUIRED_KEYS = android.security.Flags.fixUnlockedDeviceRequiredKeys(); android.security.Flags.fixUnlockedDeviceRequiredKeysV2(); // Duration that LockSettingsService will store the gatekeeper password for. This allows // multiple biometric enrollments without prompting the user to enter their password via Loading services/core/java/com/android/server/trust/TrustManagerService.java +1 −1 Original line number Diff line number Diff line Loading @@ -829,7 +829,7 @@ public class TrustManagerService extends SystemService { } final boolean trusted; if (android.security.Flags.fixUnlockedDeviceRequiredKeys()) { if (android.security.Flags.fixUnlockedDeviceRequiredKeysV2()) { trusted = getUserTrustStateInner(id) == TrustState.TRUSTED; } else { trusted = aggregateIsTrusted(id); Loading tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt +2 −2 Original line number Diff line number Diff line Loading @@ -93,7 +93,7 @@ class GrantAndRevokeTrustTest { } @Test @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS) @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2) fun grantCannotActivelyUnlockDevice() { // On automotive, trust agents can actively unlock the device. assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) Loading @@ -120,7 +120,7 @@ class GrantAndRevokeTrustTest { } @Test @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS) @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2) fun grantCouldCauseWrongDeviceLockedStateDueToBug() { // On automotive, trust agents can actively unlock the device. assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) Loading tests/TrustTests/src/android/trust/test/lib/LockStateTrackingRule.kt +4 −3 Original line number Diff line number Diff line Loading @@ -36,7 +36,8 @@ import org.junit.runners.model.Statement class LockStateTrackingRule : TestRule { private val context: Context = getApplicationContext() private val windowManager = checkNotNull(WindowManagerGlobal.getWindowManagerService()) private val keyguardManager = context.getSystemService(KeyguardManager::class.java) as KeyguardManager private val keyguardManager = context.getSystemService(KeyguardManager::class.java) as KeyguardManager @Volatile lateinit var trustState: TrustState private set Loading @@ -63,7 +64,7 @@ class LockStateTrackingRule : TestRule { wait("not trusted") { trustState.trusted == false } } // TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS // TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2 fun assertUnlockedButNotReally() { wait("device unlocked") { !keyguardManager.isDeviceLocked } wait("not trusted") { trustState.trusted == false } Loading Loading
core/java/android/security/flags.aconfig +1 −1 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ flag { } flag { name: "fix_unlocked_device_required_keys" name: "fix_unlocked_device_required_keys_v2" namespace: "hardware_backed_security" description: "Fix bugs in behavior of UnlockedDeviceRequired keystore keys" bug: "296464083" Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +1 −1 Original line number Diff line number Diff line Loading @@ -246,7 +246,7 @@ public class LockSettingsService extends ILockSettings.Stub { private static final String MIGRATED_SP_FULL = "migrated_all_users_to_sp_and_bound_keys"; private static final boolean FIX_UNLOCKED_DEVICE_REQUIRED_KEYS = android.security.Flags.fixUnlockedDeviceRequiredKeys(); android.security.Flags.fixUnlockedDeviceRequiredKeysV2(); // Duration that LockSettingsService will store the gatekeeper password for. This allows // multiple biometric enrollments without prompting the user to enter their password via Loading
services/core/java/com/android/server/trust/TrustManagerService.java +1 −1 Original line number Diff line number Diff line Loading @@ -829,7 +829,7 @@ public class TrustManagerService extends SystemService { } final boolean trusted; if (android.security.Flags.fixUnlockedDeviceRequiredKeys()) { if (android.security.Flags.fixUnlockedDeviceRequiredKeysV2()) { trusted = getUserTrustStateInner(id) == TrustState.TRUSTED; } else { trusted = aggregateIsTrusted(id); Loading
tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt +2 −2 Original line number Diff line number Diff line Loading @@ -93,7 +93,7 @@ class GrantAndRevokeTrustTest { } @Test @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS) @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2) fun grantCannotActivelyUnlockDevice() { // On automotive, trust agents can actively unlock the device. assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) Loading @@ -120,7 +120,7 @@ class GrantAndRevokeTrustTest { } @Test @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS) @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2) fun grantCouldCauseWrongDeviceLockedStateDueToBug() { // On automotive, trust agents can actively unlock the device. assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) Loading
tests/TrustTests/src/android/trust/test/lib/LockStateTrackingRule.kt +4 −3 Original line number Diff line number Diff line Loading @@ -36,7 +36,8 @@ import org.junit.runners.model.Statement class LockStateTrackingRule : TestRule { private val context: Context = getApplicationContext() private val windowManager = checkNotNull(WindowManagerGlobal.getWindowManagerService()) private val keyguardManager = context.getSystemService(KeyguardManager::class.java) as KeyguardManager private val keyguardManager = context.getSystemService(KeyguardManager::class.java) as KeyguardManager @Volatile lateinit var trustState: TrustState private set Loading @@ -63,7 +64,7 @@ class LockStateTrackingRule : TestRule { wait("not trusted") { trustState.trusted == false } } // TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS // TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2 fun assertUnlockedButNotReally() { wait("device unlocked") { !keyguardManager.isDeviceLocked } wait("not trusted") { trustState.trusted == false } Loading
