From 10a9f1786b32f1642f10243f60b3bc4a62d95ea4 Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Thu, 16 Apr 2015 13:41:19 -0700 Subject: Set Secure User ID from app level. When AndroidKeyStore keys require used authentication, they need to be bound to a Keymaster's Secure User ID. This ID will be set by keystore soon. Until then, set it from the framework level (i.e., from apps which use AndroidKeyStore). NOTE: Accessing gatekeeper to obtain the Secure User ID will be blocked by SELinux policy. To test this code, disable SELinux enforcing mode. Bug: 18088752 Change-Id: I7a3315eb52f0fc978d14d5d0e9613f2f36c6c01e --- keystore/java/android/security/GateKeeper.java | 30 ++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 keystore/java/android/security/GateKeeper.java (limited to 'keystore/java/android/security/GateKeeper.java') diff --git a/keystore/java/android/security/GateKeeper.java b/keystore/java/android/security/GateKeeper.java new file mode 100644 index 000000000000..c9f06e9bbc81 --- /dev/null +++ b/keystore/java/android/security/GateKeeper.java @@ -0,0 +1,30 @@ +package android.security; + +import android.os.RemoteException; +import android.os.ServiceManager; +import android.os.UserHandle; +import android.service.gatekeeper.IGateKeeperService; + +/** + * Convenience class for accessing the gatekeeper service. + * + * @hide + */ +public abstract class GateKeeper { + + private GateKeeper() {} + + public static IGateKeeperService getService() { + return IGateKeeperService.Stub.asInterface( + ServiceManager.getService("android.service.gatekeeper.IGateKeeperService")); + } + + public static long getSecureUserId() throws IllegalStateException { + try { + return GateKeeper.getService().getSecureUserId(UserHandle.myUserId()); + } catch (RemoteException e) { + throw new IllegalStateException( + "Failed to obtain secure user ID from gatekeeper", e); + } + } +} -- cgit v1.2.3