Do not create snapshot on first init (e8edf978) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+6 −1

Original line number	Diff line number	Diff line
		@@ -217,12 +217,17 @@ public class RecoverableKeyStoreManager {
		ERROR_INVALID_CERTIFICATE, "Failed to validate certificate.");
		}

		boolean wasInitialized = mDatabase.getRecoveryServiceCertPath(userId, uid) != null;

		// Save the chosen and validated certificate into database
		try {
		Log.d(TAG, "Saving the randomly chosen endpoint certificate to database");
		if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) {
		mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial);
		if (wasInitialized) {
		Log.i(TAG, "This is a certificate change. Snapshot pending.");
		mDatabase.setShouldCreateSnapshot(userId, uid, true);
		}
		mDatabase.setCounterId(userId, uid, new SecureRandom().nextLong());
		}
		} catch (CertificateEncodingException e) {

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java

+6 −5

Original line number	Diff line number	Diff line
		@@ -298,7 +298,7 @@ public class RecoverableKeyStoreManagerTest {
		mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
		TestData.getCertXmlWithSerial(certSerial));

		assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
		assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();
		assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid)).isEqualTo(
		TestData.CERT_PATH_1);
		assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid)).isEqualTo(
		@@ -348,6 +348,7 @@ public class RecoverableKeyStoreManagerTest {

		assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid))
		.isEqualTo(certSerial + 1);
		assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
		}

		@Test
		@@ -363,6 +364,7 @@ public class RecoverableKeyStoreManagerTest {

		assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid))
		.isEqualTo(certSerial);
		assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();
		}

		@Test
		@@ -373,7 +375,6 @@ public class RecoverableKeyStoreManagerTest {

		mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
		TestData.getCertXmlWithSerial(certSerial));
		mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
		mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
		TestData.getCertXmlWithSerial(certSerial));

		@@ -404,7 +405,7 @@ public class RecoverableKeyStoreManagerTest {
		mRecoverableKeyStoreManager.initRecoveryServiceWithSigFile(
		ROOT_CERTIFICATE_ALIAS, TestData.getCertXml(), TestData.getSigXml());

		assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
		assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();
		assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid)).isEqualTo(
		TestData.CERT_PATH_1);
		assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull();
		@@ -946,12 +947,12 @@ public class RecoverableKeyStoreManagerTest {
		public void setRecoverySecretTypes_updatesShouldCreateSnapshot() throws Exception {
		int uid = Binder.getCallingUid();
		int userId = UserHandle.getCallingUserId();
		int[] types = new int[]{1, 2, 3};
		mRecoverableKeyStoreManager.setRecoverySecretTypes(new int[] { 1 });

		mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS);
		// Pretend that key was synced
		mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
		mRecoverableKeyStoreManager.setRecoverySecretTypes(types);
		mRecoverableKeyStoreManager.setRecoverySecretTypes(new int[] { 2 });

		assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
		}