From 708fc9404501ac42b6cac925fe3e10801b5f633b Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Tue, 28 Apr 2015 18:58:47 -0700 Subject: Add KeyPermanentlyInvalidatedException. This enables users of AndroidKeyStore crypto to differentiate between the key being unusable until the user is authenticated (UserNotAuthenticatedException) and the key being permanently unusable (KeyPermanentlyInvalidatedException). The latter is the case when the secure lock screen has been disabled or reset, and, for keys that require user authentication for every use, when a new fingerprint is enrolled or all fingerprints are unenrolled. NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the NewFingerprintEnrolledException which has thus been removed. There is no way to find out whether a key was permenently invalidated specifically because a new fingerprint was added. Bug: 20642549 Bug: 20526234 Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b --- keystore/java/android/security/KeymasterUtils.java | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) (limited to 'keystore/java/android/security/KeymasterUtils.java') diff --git a/keystore/java/android/security/KeymasterUtils.java b/keystore/java/android/security/KeymasterUtils.java index 7bf5475..3ccb588 100644 --- a/keystore/java/android/security/KeymasterUtils.java +++ b/keystore/java/android/security/KeymasterUtils.java @@ -18,12 +18,8 @@ package android.security; import android.content.Context; import android.hardware.fingerprint.FingerprintManager; -import android.os.RemoteException; -import android.os.ServiceManager; -import android.os.UserHandle; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; -import android.service.gatekeeper.IGateKeeperService; import libcore.util.EmptyArray; @@ -347,20 +343,6 @@ public abstract class KeymasterUtils { return result; } - private static long getRootSid() { - IGateKeeperService gatekeeperService = IGateKeeperService.Stub.asInterface( - ServiceManager.getService("android.service.gatekeeper.IGateKeeperService")); - if (gatekeeperService == null) { - throw new IllegalStateException("Gatekeeper service not available"); - } - - try { - return gatekeeperService.getSecureUserId(UserHandle.myUserId()); - } catch (RemoteException e) { - throw new IllegalStateException("Failed to obtain root SID"); - } - } - /** * Adds keymaster arguments to express the key's authorization policy supported by user * authentication. @@ -402,7 +384,7 @@ public abstract class KeymasterUtils { } else { // The key is authorized for use for the specified amount of time after the user has // authenticated. Whatever unlocks the secure lock screen should authorize this key. - long rootSid = getRootSid(); + long rootSid = GateKeeper.getSecureUserId(); if (rootSid == 0) { throw new IllegalStateException("Secure lock screen must be enabled" + " to create keys requiring user authentication"); -- cgit v1.1