diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-09-09 14:55:03 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-09-10 15:35:06 -0700 |
| commit | 3876b1be27e3aefde9a72eb2e4f856e94fc5f946 (patch) | |
| tree | 5783b18f074f1971a83a615ef805f5483f6cfb90 /keystore/java/android/security/KeyStore.java | |
| parent | 435acfc88917e3535462ea520b01d0868266acd2 (diff) | |
Support cross-UID access from AndroidKeyStore.
This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.
To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).
To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.
This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.
Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
Diffstat (limited to 'keystore/java/android/security/KeyStore.java')
| -rw-r--r-- | keystore/java/android/security/KeyStore.java | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 98b44dc43144..d7a0a9a7777c 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -640,7 +640,7 @@ public class KeyStore { * {@link KeyStoreException}. */ public InvalidKeyException getInvalidKeyException( - String keystoreKeyAlias, KeyStoreException e) { + String keystoreKeyAlias, int uid, KeyStoreException e) { switch (e.getErrorCode()) { case LOCKED: return new UserNotAuthenticatedException(); @@ -658,7 +658,8 @@ public class KeyStore { // to authenticate. KeyCharacteristics keyCharacteristics = new KeyCharacteristics(); int getKeyCharacteristicsErrorCode = - getKeyCharacteristics(keystoreKeyAlias, null, null, keyCharacteristics); + getKeyCharacteristics(keystoreKeyAlias, null, null, uid, + keyCharacteristics); if (getKeyCharacteristicsErrorCode != NO_ERROR) { return new InvalidKeyException( "Failed to obtained key characteristics", @@ -708,7 +709,8 @@ public class KeyStore { * Returns an {@link InvalidKeyException} corresponding to the provided keystore/keymaster error * code. */ - public InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int errorCode) { - return getInvalidKeyException(keystoreKeyAlias, getKeyStoreException(errorCode)); + public InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int uid, + int errorCode) { + return getInvalidKeyException(keystoreKeyAlias, uid, getKeyStoreException(errorCode)); } } |