drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support cross-UID access from AndroidKeyStore.

Browse Source 
This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.

To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).

To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.

This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.

Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
This commit is contained in:
Alex Klyubin
2015-09-09 14:55:03 -07:00
parent 435acfc889
commit 3876b1be27
27 changed files with 286 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
keystore/java/android/security/KeyChain.java
View File

@ -374,7 +374,7 @@ public final class KeyChain {
throw new KeyChainException("keystore had a problem");
}
return AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(
KeyStore.getInstance(), keyId);
KeyStore.getInstance(), keyId, KeyStore.UID_SELF);
} catch (RemoteException e) {
throw new KeyChainException(e);
} catch (RuntimeException e) {