diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-09-09 14:55:03 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-09-10 15:35:06 -0700 |
| commit | 3876b1be27e3aefde9a72eb2e4f856e94fc5f946 (patch) | |
| tree | 5783b18f074f1971a83a615ef805f5483f6cfb90 /keystore/tests | |
| parent | 435acfc88917e3535462ea520b01d0868266acd2 (diff) | |
Support cross-UID access from AndroidKeyStore.
This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.
To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).
To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.
This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.
Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
Diffstat (limited to 'keystore/tests')
| -rw-r--r-- | keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java | 1 | ||||
| -rw-r--r-- | keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java b/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java index e5c15c50377b..1af0b7d4212a 100644 --- a/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java +++ b/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java @@ -384,6 +384,7 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { pubKey, AndroidKeyStoreProvider.getAndroidKeyStorePublicKey( Credentials.USER_PRIVATE_KEY + alias, + KeyStore.UID_SELF, x509userCert.getPublicKey().getAlgorithm(), x509userCert.getPublicKey().getEncoded())); diff --git a/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java b/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java index c3b731b19010..aa718dca168e 100644 --- a/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java +++ b/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java @@ -1918,7 +1918,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; KeyPair keyPair = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore( - keyStore, privateKeyAlias); + keyStore, privateKeyAlias, KeyStore.UID_SELF); final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setPublicKey(keyPair.getPublic()); |