Do not create snapshot on first init
Currently the first time the RecoveryController is initialized, it sets
a snapshot pending. This is because there is no cert, so it installs the
cert, and the existing logic also sets snapshot pending. This fixes that.
Bug: 74949975
Test: runtest frameworks-services -p \
com.android.server.locksettings.recoverablekeystore
Change-Id: If150524c3fc41fd2ee9cc6310109b41d62dcbb29
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
index e0487ea..6d2bec8 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
@@ -217,12 +217,17 @@
ERROR_INVALID_CERTIFICATE, "Failed to validate certificate.");
}
+ boolean wasInitialized = mDatabase.getRecoveryServiceCertPath(userId, uid) != null;
+
// Save the chosen and validated certificate into database
try {
Log.d(TAG, "Saving the randomly chosen endpoint certificate to database");
if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) {
mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial);
- mDatabase.setShouldCreateSnapshot(userId, uid, true);
+ if (wasInitialized) {
+ Log.i(TAG, "This is a certificate change. Snapshot pending.");
+ mDatabase.setShouldCreateSnapshot(userId, uid, true);
+ }
mDatabase.setCounterId(userId, uid, new SecureRandom().nextLong());
}
} catch (CertificateEncodingException e) {
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
index 06b94cb..8db2537 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
@@ -298,7 +298,7 @@
mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
TestData.getCertXmlWithSerial(certSerial));
- assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
+ assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();
assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid)).isEqualTo(
TestData.CERT_PATH_1);
assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid)).isEqualTo(
@@ -348,6 +348,7 @@
assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid))
.isEqualTo(certSerial + 1);
+ assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
}
@Test
@@ -363,6 +364,7 @@
assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid))
.isEqualTo(certSerial);
+ assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();
}
@Test
@@ -373,7 +375,6 @@
mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
TestData.getCertXmlWithSerial(certSerial));
- mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
TestData.getCertXmlWithSerial(certSerial));
@@ -404,7 +405,7 @@
mRecoverableKeyStoreManager.initRecoveryServiceWithSigFile(
ROOT_CERTIFICATE_ALIAS, TestData.getCertXml(), TestData.getSigXml());
- assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
+ assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();
assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid)).isEqualTo(
TestData.CERT_PATH_1);
assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull();
@@ -946,12 +947,12 @@
public void setRecoverySecretTypes_updatesShouldCreateSnapshot() throws Exception {
int uid = Binder.getCallingUid();
int userId = UserHandle.getCallingUserId();
- int[] types = new int[]{1, 2, 3};
+ mRecoverableKeyStoreManager.setRecoverySecretTypes(new int[] { 1 });
mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS);
// Pretend that key was synced
mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
- mRecoverableKeyStoreManager.setRecoverySecretTypes(types);
+ mRecoverableKeyStoreManager.setRecoverySecretTypes(new int[] { 2 });
assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
}