From 3876b1be27e3aefde9a72eb2e4f856e94fc5f946 Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Wed, 9 Sep 2015 14:55:03 -0700 Subject: Support cross-UID access from AndroidKeyStore. This is meant for exposing the pre-existing cross-UID access to keys backed by the keystore service via higher-level JCA API. For example, this lets system_server use Wi-Fi or VPN UID keys via JCA API. To obtain a JCA AndroidKeyStore KeyStore for another UID, use the hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid). To generate a key owned by another UID, invoke setUid(uid) on KeyGenParameterSpec.Builder. This CL does not change the security policy, such as which UID can access/modify which UIDs' keys. The policy is that only certain system UIDs are permitted to access keys of certain other system UIDs. Bug: 23978113 Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de --- keystore/java/android/security/KeyChain.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'keystore/java/android/security/KeyChain.java') diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 7de26d696538..5b2594dcc9e7 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -374,7 +374,7 @@ public final class KeyChain { throw new KeyChainException("keystore had a problem"); } return AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore( - KeyStore.getInstance(), keyId); + KeyStore.getInstance(), keyId, KeyStore.UID_SELF); } catch (RemoteException e) { throw new KeyChainException(e); } catch (RuntimeException e) { -- cgit v1.2.3