Loading services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java +7 −0 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ import android.security.recoverablekeystore.KeyStoreRecoveryMetadata; import android.util.Log; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.ArrayUtils; import com.android.internal.widget.LockPatternUtils; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; Loading Loading @@ -304,6 +305,12 @@ public class KeySyncTask implements Runnable { * @param recoveryAgentUid uid of the recovery agent. */ private boolean shoudCreateSnapshot(int recoveryAgentUid) { int[] types = mRecoverableKeyStoreDb.getRecoverySecretTypes(mUserId, recoveryAgentUid); if (!ArrayUtils.contains(types, KeyStoreRecoveryMetadata.TYPE_LOCKSCREEN)) { // Only lockscreen type is supported. // We will need to pass extra argument to KeySyncTask to support custom pass phrase. return false; } if (mCredentialUpdated) { // Sync credential if at least one snapshot was created. if (mRecoverableKeyStoreDb.getSnapshotVersion(mUserId, recoveryAgentUid) != null) { Loading services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java +29 −3 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.server.locksettings.recoverablekeystore; import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_LOCKSCREEN; import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PASSWORD; import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PATTERN; import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PIN; Loading Loading @@ -104,6 +106,10 @@ public class KeySyncTaskTest { mRecoverableKeyStoreDb = RecoverableKeyStoreDb.newInstance(context); mKeyPair = SecureBox.genKeyPair(); mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, new int[] {TYPE_LOCKSCREEN}); mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, new int[] {TYPE_LOCKSCREEN}); mRecoverySnapshotStorage = new RecoverySnapshotStorage(); mKeySyncTask = new KeySyncTask( Loading Loading @@ -406,10 +412,8 @@ public class KeySyncTaskTest { isEqualTo(TYPE_PATTERN); } @Test public void run_sendsEncryptedKeysWithTwoRegisteredAgents() throws Exception { mRecoverableKeyStoreDb.setRecoveryServicePublicKey( TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic()); mRecoverableKeyStoreDb.setRecoveryServicePublicKey( Loading @@ -425,8 +429,30 @@ public class KeySyncTaskTest { } @Test public void run_doesNotSendKeyToNonregisteredAgent() throws Exception { public void run_sendsEncryptedKeysOnlyForAgentWhichActiveUserSecretType() throws Exception { mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, new int[] {TYPE_LOCKSCREEN, 100}); // Snapshot will not be created during unlock event. mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, new int[] {100}); mRecoverableKeyStoreDb.setRecoveryServicePublicKey( TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic()); mRecoverableKeyStoreDb.setRecoveryServicePublicKey( TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, mKeyPair.getPublic()); when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID)).thenReturn(true); when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID2)).thenReturn(true); addApplicationKey(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, TEST_APP_KEY_ALIAS); addApplicationKey(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, TEST_APP_KEY_ALIAS); mKeySyncTask.run(); verify(mSnapshotListenersStorage).recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID); verify(mSnapshotListenersStorage, never()). recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID2); } @Test public void run_doesNotSendKeyToNonregisteredAgent() throws Exception { mRecoverableKeyStoreDb.setRecoveryServicePublicKey( TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic()); mRecoverableKeyStoreDb.setRecoveryServicePublicKey( Loading Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java +7 −0 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ import android.security.recoverablekeystore.KeyStoreRecoveryMetadata; import android.util.Log; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.ArrayUtils; import com.android.internal.widget.LockPatternUtils; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; Loading Loading @@ -304,6 +305,12 @@ public class KeySyncTask implements Runnable { * @param recoveryAgentUid uid of the recovery agent. */ private boolean shoudCreateSnapshot(int recoveryAgentUid) { int[] types = mRecoverableKeyStoreDb.getRecoverySecretTypes(mUserId, recoveryAgentUid); if (!ArrayUtils.contains(types, KeyStoreRecoveryMetadata.TYPE_LOCKSCREEN)) { // Only lockscreen type is supported. // We will need to pass extra argument to KeySyncTask to support custom pass phrase. return false; } if (mCredentialUpdated) { // Sync credential if at least one snapshot was created. if (mRecoverableKeyStoreDb.getSnapshotVersion(mUserId, recoveryAgentUid) != null) { Loading
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java +29 −3 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.server.locksettings.recoverablekeystore; import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_LOCKSCREEN; import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PASSWORD; import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PATTERN; import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PIN; Loading Loading @@ -104,6 +106,10 @@ public class KeySyncTaskTest { mRecoverableKeyStoreDb = RecoverableKeyStoreDb.newInstance(context); mKeyPair = SecureBox.genKeyPair(); mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, new int[] {TYPE_LOCKSCREEN}); mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, new int[] {TYPE_LOCKSCREEN}); mRecoverySnapshotStorage = new RecoverySnapshotStorage(); mKeySyncTask = new KeySyncTask( Loading Loading @@ -406,10 +412,8 @@ public class KeySyncTaskTest { isEqualTo(TYPE_PATTERN); } @Test public void run_sendsEncryptedKeysWithTwoRegisteredAgents() throws Exception { mRecoverableKeyStoreDb.setRecoveryServicePublicKey( TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic()); mRecoverableKeyStoreDb.setRecoveryServicePublicKey( Loading @@ -425,8 +429,30 @@ public class KeySyncTaskTest { } @Test public void run_doesNotSendKeyToNonregisteredAgent() throws Exception { public void run_sendsEncryptedKeysOnlyForAgentWhichActiveUserSecretType() throws Exception { mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, new int[] {TYPE_LOCKSCREEN, 100}); // Snapshot will not be created during unlock event. mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, new int[] {100}); mRecoverableKeyStoreDb.setRecoveryServicePublicKey( TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic()); mRecoverableKeyStoreDb.setRecoveryServicePublicKey( TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, mKeyPair.getPublic()); when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID)).thenReturn(true); when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID2)).thenReturn(true); addApplicationKey(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, TEST_APP_KEY_ALIAS); addApplicationKey(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, TEST_APP_KEY_ALIAS); mKeySyncTask.run(); verify(mSnapshotListenersStorage).recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID); verify(mSnapshotListenersStorage, never()). recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID2); } @Test public void run_doesNotSendKeyToNonregisteredAgent() throws Exception { mRecoverableKeyStoreDb.setRecoveryServicePublicKey( TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic()); mRecoverableKeyStoreDb.setRecoveryServicePublicKey( Loading
