Use SecureRandom instead of java.util.Random.

The latter might be initialized in the Zygote and return the same
sequence within app restarts.

Bug: 273524418
Fix: 273524418
Test: m
Change-Id: Id85082edffb7b769bb5f78d66b561e5e097227c5

1 files changed, 1 insertions, 3 deletions

diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
index 6fa1a694eb67..372e4cb3d72e 100644
--- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
+++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
@@ -40,7 +40,6 @@ import java.security.InvalidKeyException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 
 /**
  * Assorted utility methods for implementing crypto operations on top of KeyStore.
@@ -50,7 +49,6 @@ import java.util.Random;
 abstract class KeyStoreCryptoOperationUtils {
 
     private static volatile SecureRandom sRng;
-    private static final Random sRandom = new Random();
 
     private KeyStoreCryptoOperationUtils() {}
 
@@ -213,7 +211,7 @@ abstract class KeyStoreCryptoOperationUtils {
         } else {
             // Keystore won't give us an operation challenge if the operation doesn't
             // need user authorization. So we make our own.
-            return sRandom.nextLong();
+            return getRng().nextLong();
         }
     }
 }