10a9f1786b
When AndroidKeyStore keys require used authentication, they need to be bound to a Keymaster's Secure User ID. This ID will be set by keystore soon. Until then, set it from the framework level (i.e., from apps which use AndroidKeyStore). NOTE: Accessing gatekeeper to obtain the Secure User ID will be blocked by SELinux policy. To test this code, disable SELinux enforcing mode. Bug: 18088752 Change-Id: I7a3315eb52f0fc978d14d5d0e9613f2f36c6c01e
31 lines
874 B
Java
31 lines
874 B
Java
package android.security;
|
|
|
|
import android.os.RemoteException;
|
|
import android.os.ServiceManager;
|
|
import android.os.UserHandle;
|
|
import android.service.gatekeeper.IGateKeeperService;
|
|
|
|
/**
|
|
* Convenience class for accessing the gatekeeper service.
|
|
*
|
|
* @hide
|
|
*/
|
|
public abstract class GateKeeper {
|
|
|
|
private GateKeeper() {}
|
|
|
|
public static IGateKeeperService getService() {
|
|
return IGateKeeperService.Stub.asInterface(
|
|
ServiceManager.getService("android.service.gatekeeper.IGateKeeperService"));
|
|
}
|
|
|
|
public static long getSecureUserId() throws IllegalStateException {
|
|
try {
|
|
return GateKeeper.getService().getSecureUserId(UserHandle.myUserId());
|
|
} catch (RemoteException e) {
|
|
throw new IllegalStateException(
|
|
"Failed to obtain secure user ID from gatekeeper", e);
|
|
}
|
|
}
|
|
}
|