am 47814acc: am f8a96d16: Merge "Cleanup keystore password changing and unlocking" into mnc-dev (dcf8c5eb) · Commits · e / os / android_frameworks_base

core/java/android/security/IKeystoreService.aidl

+2 −2

Original line number	Diff line number	Diff line
		@@ -37,9 +37,9 @@ interface IKeystoreService {
		int exist(String name, int uid);
		String[] saw(String namePrefix, int uid);
		int reset();
		int password(String password);
		int onUserPasswordChanged(int userId, String newPassword);
		int lock();
		int unlock(String password);
		int unlock(int userId, String userPassword);
		int zero();
		int generate(String name, int uid, int keyType, int keySize, int flags,
		in KeystoreArguments args);

keystore/java/android/security/KeyStore.java

+43 −11

Original line number	Diff line number	Diff line
		@@ -24,8 +24,10 @@ import android.content.Context;
		import android.hardware.fingerprint.FingerprintManager;
		import android.os.Binder;
		import android.os.IBinder;
		import android.os.Process;
		import android.os.RemoteException;
		import android.os.ServiceManager;
		import android.os.UserHandle;
		import android.security.keymaster.ExportResult;
		import android.security.keymaster.KeyCharacteristics;
		import android.security.keymaster.KeymasterArguments;
		@@ -212,15 +214,6 @@ public class KeyStore {
		}
		}

		public boolean password(String password) {
		try {
		return mBinder.password(password) == NO_ERROR;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return false;
		}
		}

		public boolean lock() {
		try {
		return mBinder.lock() == NO_ERROR;
		@@ -230,9 +223,20 @@ public class KeyStore {
		}
		}

		public boolean unlock(String password) {
		/**
		* Attempt to unlock the keystore for {@code user} with the password {@code password}.
		* This is required before keystore entries created with FLAG_ENCRYPTED can be accessed or
		* created.
		*
		* @param user Android user ID to operate on
		* @param password user's keystore password. Should be the most recent value passed to
		* {@link #onUserPasswordChanged} for the user.
		*
		* @return whether the keystore was unlocked.
		*/
		public boolean unlock(int userId, String password) {
		try {
		mError = mBinder.unlock(password);
		mError = mBinder.unlock(userId, password);
		return mError == NO_ERROR;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		@@ -240,6 +244,10 @@ public class KeyStore {
		}
		}

		public boolean unlock(String password) {
		return unlock(UserHandle.getUserId(Process.myUid()), password);
		}

		public boolean isEmpty() {
		try {
		return mBinder.zero() == KEY_NOT_FOUND;
		@@ -539,6 +547,30 @@ public class KeyStore {
		}
		}

		/**
		* Notify keystore that a user's password has changed.
		*
		* @param userId the user whose password changed.
		* @param newPassword the new password or "" if the password was removed.
		*/
		public boolean onUserPasswordChanged(int userId, String newPassword) {
		// Parcel.cpp doesn't support deserializing null strings and treats them as "". Make that
		// explicit here.
		if (newPassword == null) {
		newPassword = "";
		}
		try {
		return mBinder.onUserPasswordChanged(userId, newPassword) == NO_ERROR;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return false;
		}
		}

		public boolean onUserPasswordChanged(String newPassword) {
		return onUserPasswordChanged(UserHandle.getUserId(Process.myUid()), newPassword);
		}

		/**
		* Returns a {@link KeyStoreException} corresponding to the provided keystore/keymaster error
		* code.

keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -73,7 +73,7 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase {
		}

		private void setupPassword() {
		assertTrue(mAndroidKeyStore.password("1111"));
		assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111"));
		assertTrue(mAndroidKeyStore.isUnlocked());

		String[] aliases = mAndroidKeyStore.saw("");
		@@ -288,7 +288,7 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase {
		} catch (IllegalStateException expected) {
		}

		assertTrue(mAndroidKeyStore.password("1111"));
		assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111"));
		assertTrue(mAndroidKeyStore.isUnlocked());

		final KeyPair pair2 = mGenerator.generateKeyPair();

keystore/tests/src/android/security/AndroidKeyStoreTest.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -736,7 +736,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase {
		}

		private void setupPassword() {
		assertTrue(mAndroidKeyStore.password("1111"));
		assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111"));
		assertTrue(mAndroidKeyStore.isUnlocked());

		assertEquals(0, mAndroidKeyStore.saw("").length);
		@@ -2089,7 +2089,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase {
		} catch (KeyStoreException success) {
		}

		assertTrue(mAndroidKeyStore.password("1111"));
		assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111"));
		assertTrue(mAndroidKeyStore.isUnlocked());

		mKeyStore.setEntry(TEST_ALIAS_1, entry,

keystore/tests/src/android/security/KeyStoreTest.java

+67 −43

File changed.

Preview size limit exceeded, changes collapsed.