Loading services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +16 −4 Original line number Diff line number Diff line Loading @@ -148,6 +148,7 @@ public class RecoverableKeyStoreManager { throws RemoteException { checkRecoverKeyStorePermission(); int userId = UserHandle.getCallingUserId(); int uid = Binder.getCallingUid(); // TODO: open /system/etc/security/... cert file, and check the signature on the public keys PublicKey publicKey; try { Loading @@ -162,7 +163,10 @@ public class RecoverableKeyStoreManager { throw new ServiceSpecificException( ERROR_BAD_X509_CERTIFICATE, "Not a valid X509 certificate."); } mDatabase.setRecoveryServicePublicKey(userId, Binder.getCallingUid(), publicKey); long updatedRows = mDatabase.setRecoveryServicePublicKey(userId, uid, publicKey); if (updatedRows > 0) { mDatabase.setShouldCreateSnapshot(userId, uid, true); } } /** Loading Loading @@ -204,7 +208,11 @@ public class RecoverableKeyStoreManager { public void setServerParameters(long serverParameters) throws RemoteException { checkRecoverKeyStorePermission(); int userId = UserHandle.getCallingUserId(); mDatabase.setServerParameters(userId, Binder.getCallingUid(), serverParameters); int uid = Binder.getCallingUid(); long updatedRows = mDatabase.setServerParameters(userId, uid, serverParameters); if (updatedRows > 0) { mDatabase.setShouldCreateSnapshot(userId, uid, true); } } /** Loading Loading @@ -256,8 +264,12 @@ public class RecoverableKeyStoreManager { @NonNull @KeyStoreRecoveryMetadata.UserSecretType int[] secretTypes) throws RemoteException { checkRecoverKeyStorePermission(); mDatabase.setRecoverySecretTypes(UserHandle.getCallingUserId(), Binder.getCallingUid(), secretTypes); int userId = UserHandle.getCallingUserId(); int uid = Binder.getCallingUid(); long updatedRows = mDatabase.setRecoverySecretTypes(userId, uid, secretTypes); if (updatedRows > 0) { mDatabase.setShouldCreateSnapshot(userId, uid, true); } } /** Loading services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java +4 −4 Original line number Diff line number Diff line Loading @@ -355,7 +355,7 @@ public class KeySyncTaskTest { KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); assertThat(recoveryData.getRecoveryMetadata()).hasSize(1); assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()). assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()). isEqualTo(TYPE_PASSWORD); } Loading @@ -382,7 +382,7 @@ public class KeySyncTaskTest { KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); assertThat(recoveryData.getRecoveryMetadata()).hasSize(1); // Password with only digits is changed to pin. assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()). assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()). isEqualTo(TYPE_PIN); } Loading @@ -408,7 +408,7 @@ public class KeySyncTaskTest { KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); assertThat(recoveryData.getRecoveryMetadata()).hasSize(1); assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()). assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()). isEqualTo(TYPE_PATTERN); } Loading services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java +39 −2 Original line number Diff line number Diff line Loading @@ -78,6 +78,7 @@ import javax.crypto.spec.SecretKeySpec; public class RecoverableKeyStoreManagerTest { private static final String DATABASE_FILE_NAME = "recoverablekeystore.db"; private static final String ROOT_CERTIFICATE_ALIAS = "put_default_alias_here"; private static final String TEST_SESSION_ID = "karlin"; private static final byte[] TEST_PUBLIC_KEY = new byte[] { (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, Loading Loading @@ -206,10 +207,9 @@ public class RecoverableKeyStoreManagerTest { } @Test public void removeKey_UpdatesShouldCreateSnapshot() throws Exception { public void removeKey_updatesShouldCreateSnapshot() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS); // Pretend that key was synced mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false); Loading @@ -219,6 +219,29 @@ public class RecoverableKeyStoreManagerTest { assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue(); } @Test public void removeKey_failureDoesNotUpdateShouldCreateSnapshot() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false); // Key did not exist mRecoverableKeyStoreManager.removeKey(TEST_ALIAS); assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse(); } @Test public void initRecoveryService_updatesShouldCreateSnapshot() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); // Sync is not needed. mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false); mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TEST_PUBLIC_KEY); assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue(); } @Test public void startRecoverySession_checksPermissionFirst() throws Exception { mRecoverableKeyStoreManager.startRecoverySession( Loading Loading @@ -448,6 +471,20 @@ public class RecoverableKeyStoreManagerTest { types3); } @Test public void setRecoverySecretTypes_updatesShouldCreateSnapshot() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); int[] types = new int[]{1, 2, 3}; mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS); // Pretend that key was synced mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false); mRecoverableKeyStoreManager.setRecoverySecretTypes(types); assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue(); } @Test public void setRecoveryStatus_forOneAlias() throws Exception { int userId = UserHandle.getCallingUserId(); Loading Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +16 −4 Original line number Diff line number Diff line Loading @@ -148,6 +148,7 @@ public class RecoverableKeyStoreManager { throws RemoteException { checkRecoverKeyStorePermission(); int userId = UserHandle.getCallingUserId(); int uid = Binder.getCallingUid(); // TODO: open /system/etc/security/... cert file, and check the signature on the public keys PublicKey publicKey; try { Loading @@ -162,7 +163,10 @@ public class RecoverableKeyStoreManager { throw new ServiceSpecificException( ERROR_BAD_X509_CERTIFICATE, "Not a valid X509 certificate."); } mDatabase.setRecoveryServicePublicKey(userId, Binder.getCallingUid(), publicKey); long updatedRows = mDatabase.setRecoveryServicePublicKey(userId, uid, publicKey); if (updatedRows > 0) { mDatabase.setShouldCreateSnapshot(userId, uid, true); } } /** Loading Loading @@ -204,7 +208,11 @@ public class RecoverableKeyStoreManager { public void setServerParameters(long serverParameters) throws RemoteException { checkRecoverKeyStorePermission(); int userId = UserHandle.getCallingUserId(); mDatabase.setServerParameters(userId, Binder.getCallingUid(), serverParameters); int uid = Binder.getCallingUid(); long updatedRows = mDatabase.setServerParameters(userId, uid, serverParameters); if (updatedRows > 0) { mDatabase.setShouldCreateSnapshot(userId, uid, true); } } /** Loading Loading @@ -256,8 +264,12 @@ public class RecoverableKeyStoreManager { @NonNull @KeyStoreRecoveryMetadata.UserSecretType int[] secretTypes) throws RemoteException { checkRecoverKeyStorePermission(); mDatabase.setRecoverySecretTypes(UserHandle.getCallingUserId(), Binder.getCallingUid(), secretTypes); int userId = UserHandle.getCallingUserId(); int uid = Binder.getCallingUid(); long updatedRows = mDatabase.setRecoverySecretTypes(userId, uid, secretTypes); if (updatedRows > 0) { mDatabase.setShouldCreateSnapshot(userId, uid, true); } } /** Loading
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java +4 −4 Original line number Diff line number Diff line Loading @@ -355,7 +355,7 @@ public class KeySyncTaskTest { KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); assertThat(recoveryData.getRecoveryMetadata()).hasSize(1); assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()). assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()). isEqualTo(TYPE_PASSWORD); } Loading @@ -382,7 +382,7 @@ public class KeySyncTaskTest { KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); assertThat(recoveryData.getRecoveryMetadata()).hasSize(1); // Password with only digits is changed to pin. assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()). assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()). isEqualTo(TYPE_PIN); } Loading @@ -408,7 +408,7 @@ public class KeySyncTaskTest { KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); assertThat(recoveryData.getRecoveryMetadata()).hasSize(1); assertThat(recoveryData.getRecoveryMetadata().get(1).getLockScreenUiFormat()). assertThat(recoveryData.getRecoveryMetadata().get(0).getLockScreenUiFormat()). isEqualTo(TYPE_PATTERN); } Loading
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java +39 −2 Original line number Diff line number Diff line Loading @@ -78,6 +78,7 @@ import javax.crypto.spec.SecretKeySpec; public class RecoverableKeyStoreManagerTest { private static final String DATABASE_FILE_NAME = "recoverablekeystore.db"; private static final String ROOT_CERTIFICATE_ALIAS = "put_default_alias_here"; private static final String TEST_SESSION_ID = "karlin"; private static final byte[] TEST_PUBLIC_KEY = new byte[] { (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, Loading Loading @@ -206,10 +207,9 @@ public class RecoverableKeyStoreManagerTest { } @Test public void removeKey_UpdatesShouldCreateSnapshot() throws Exception { public void removeKey_updatesShouldCreateSnapshot() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS); // Pretend that key was synced mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false); Loading @@ -219,6 +219,29 @@ public class RecoverableKeyStoreManagerTest { assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue(); } @Test public void removeKey_failureDoesNotUpdateShouldCreateSnapshot() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false); // Key did not exist mRecoverableKeyStoreManager.removeKey(TEST_ALIAS); assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse(); } @Test public void initRecoveryService_updatesShouldCreateSnapshot() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); // Sync is not needed. mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false); mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TEST_PUBLIC_KEY); assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue(); } @Test public void startRecoverySession_checksPermissionFirst() throws Exception { mRecoverableKeyStoreManager.startRecoverySession( Loading Loading @@ -448,6 +471,20 @@ public class RecoverableKeyStoreManagerTest { types3); } @Test public void setRecoverySecretTypes_updatesShouldCreateSnapshot() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); int[] types = new int[]{1, 2, 3}; mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS); // Pretend that key was synced mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false); mRecoverableKeyStoreManager.setRecoverySecretTypes(types); assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue(); } @Test public void setRecoveryStatus_forOneAlias() throws Exception { int userId = UserHandle.getCallingUserId(); Loading
