diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-04-28 18:58:47 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-04-29 12:44:10 -0700 |
| commit | 708fc9404501ac42b6cac925fe3e10801b5f633b (patch) | |
| tree | 7ac523612e9aac429bf1df2cd0a191551888fba3 /keystore/java/android/security/KeymasterUtils.java | |
| parent | 47ea8b3d6bcef193a2d0ec9f0141525c83a0bcda (diff) | |
| download | frameworks_base-708fc9404501ac42b6cac925fe3e10801b5f633b.zip frameworks_base-708fc9404501ac42b6cac925fe3e10801b5f633b.tar.gz frameworks_base-708fc9404501ac42b6cac925fe3e10801b5f633b.tar.bz2 | |
Add KeyPermanentlyInvalidatedException.
This enables users of AndroidKeyStore crypto to differentiate between
the key being unusable until the user is authenticated
(UserNotAuthenticatedException) and the key being permanently unusable
(KeyPermanentlyInvalidatedException). The latter is the case when the
secure lock screen has been disabled or reset, and, for keys that
require user authentication for every use, when a new fingerprint is
enrolled or all fingerprints are unenrolled.
NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the
NewFingerprintEnrolledException which has thus been removed. There
is no way to find out whether a key was permenently invalidated
specifically because a new fingerprint was added.
Bug: 20642549
Bug: 20526234
Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b
Diffstat (limited to 'keystore/java/android/security/KeymasterUtils.java')
| -rw-r--r-- | keystore/java/android/security/KeymasterUtils.java | 20 |
1 files changed, 1 insertions, 19 deletions
diff --git a/keystore/java/android/security/KeymasterUtils.java b/keystore/java/android/security/KeymasterUtils.java index 7bf5475..3ccb588 100644 --- a/keystore/java/android/security/KeymasterUtils.java +++ b/keystore/java/android/security/KeymasterUtils.java @@ -18,12 +18,8 @@ package android.security; import android.content.Context; import android.hardware.fingerprint.FingerprintManager; -import android.os.RemoteException; -import android.os.ServiceManager; -import android.os.UserHandle; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; -import android.service.gatekeeper.IGateKeeperService; import libcore.util.EmptyArray; @@ -347,20 +343,6 @@ public abstract class KeymasterUtils { return result; } - private static long getRootSid() { - IGateKeeperService gatekeeperService = IGateKeeperService.Stub.asInterface( - ServiceManager.getService("android.service.gatekeeper.IGateKeeperService")); - if (gatekeeperService == null) { - throw new IllegalStateException("Gatekeeper service not available"); - } - - try { - return gatekeeperService.getSecureUserId(UserHandle.myUserId()); - } catch (RemoteException e) { - throw new IllegalStateException("Failed to obtain root SID"); - } - } - /** * Adds keymaster arguments to express the key's authorization policy supported by user * authentication. @@ -402,7 +384,7 @@ public abstract class KeymasterUtils { } else { // The key is authorized for use for the specified amount of time after the user has // authenticated. Whatever unlocks the secure lock screen should authorize this key. - long rootSid = getRootSid(); + long rootSid = GateKeeper.getSecureUserId(); if (rootSid == 0) { throw new IllegalStateException("Secure lock screen must be enabled" + " to create keys requiring user authentication"); |