Merge "Invalidate existing keys when platform_key_generation_id is set" into qt-dev (f739c03a) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java

+4 −6

Original line number	Diff line number	Diff line
		@@ -333,6 +333,7 @@ public class RecoverableKeyStoreDb {
		String[] selectionArguments = new String[] {String.valueOf(userId)};

		ensureUserMetadataEntryExists(userId);
		invalidateKeysForUser(userId);
		return db.update(UserMetadataEntry.TABLE_NAME, values, selection, selectionArguments);
		}

		@@ -394,16 +395,13 @@ public class RecoverableKeyStoreDb {
		/**
		* Updates status of old keys to {@code RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE}.
		*/
		public void invalidateKeysWithOldGenerationId(int userId, int newGenerationId) {
		public void invalidateKeysForUser(int userId) {
		SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase();
		ContentValues values = new ContentValues();
		values.put(KeysEntry.COLUMN_NAME_RECOVERY_STATUS,
		RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE);
		String selection =
		KeysEntry.COLUMN_NAME_USER_ID + " = ? AND "
		+ KeysEntry.COLUMN_NAME_GENERATION_ID + " < ?";
		db.update(KeysEntry.TABLE_NAME, values, selection,
		new String[] {String.valueOf(userId), String.valueOf(newGenerationId)});
		String selection = KeysEntry.COLUMN_NAME_USER_ID + " = ?";
		db.update(KeysEntry.TABLE_NAME, values, selection, new String[] {String.valueOf(userId)});
		}

		/**

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbTest.java

+27 −2

Original line number	Diff line number	Diff line
		@@ -329,6 +329,31 @@ public class RecoverableKeyStoreDbTest {
		assertEquals(serialNumber, mRecoverableKeyStoreDb.getUserSerialNumbers().get(userId));
		}

		@Test
		public void setPlatformKeyGenerationId_invalidatesExistingKeysForUser() {
		int userId = 42;
		int generationId = 110;
		int uid = 1009;
		int status = 120;
		String alias = "test";
		byte[] nonce = getUtf8Bytes("nonce");
		byte[] keyMaterial = getUtf8Bytes("keymaterial");
		byte[] keyMetadata = null;

		WrappedKey wrappedKey =
		new WrappedKey(nonce, keyMaterial, keyMetadata, generationId, status);
		mRecoverableKeyStoreDb.insertKey(userId, uid, alias, wrappedKey);

		WrappedKey retrievedKey = mRecoverableKeyStoreDb.getKey(uid, alias);
		assertThat(retrievedKey.getRecoveryStatus()).isEqualTo(status);

		mRecoverableKeyStoreDb.setPlatformKeyGenerationId(userId, generationId + 1);

		retrievedKey = mRecoverableKeyStoreDb.getKey(uid, alias);
		assertThat(retrievedKey.getRecoveryStatus())
		.isEqualTo(RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE);
		}


		@Test
		public void removeUserFromAllTables_removesData() throws Exception {
		@@ -439,7 +464,7 @@ public class RecoverableKeyStoreDbTest {
		}

		@Test
		public void testInvalidateKeysWithOldGenerationId_withSingleKey() {
		public void testInvalidateKeysForUser_withSingleKey() {
		int userId = 12;
		int uid = 1009;
		int generationId = 6;
		@@ -458,7 +483,7 @@ public class RecoverableKeyStoreDbTest {
		assertThat(retrievedKey.getRecoveryStatus()).isEqualTo(status);

		mRecoverableKeyStoreDb.setRecoveryStatus(uid, alias, status2);
		mRecoverableKeyStoreDb.invalidateKeysWithOldGenerationId(userId, generationId + 1);
		mRecoverableKeyStoreDb.invalidateKeysForUser(userId);

		retrievedKey = mRecoverableKeyStoreDb.getKey(uid, alias);
		assertThat(retrievedKey.getRecoveryStatus())