[SecurityController] Listen to USER_UNLOCKED

So far, SecurityControllerImpl waits for user switches to update its certificate cache. Most of the time the certificates are not ready yet, since it is too early in the boot process. With this CL, we only check certificates after receiving the ACTION_USER_UNLOCKED broadcast. This allows us to remove the retry-mechanism that patched over the above problem. Bug: 141698830 Test: atest SecurityControllerTest Change-Id: I2c6cacc6d4ab65c3b4c44f7cc88deaf57cc40789
author: phweiss <phweiss@google.com> 2019-10-21 19:41:09 +0200
committer: phweiss <phweiss@google.com> 2019-10-22 13:04:41 +0200
commit: 1a50c524bc6188bbd8206ddeba63bc4f02dfc194 (patch)
tree: f94cfa5d1fe2f014f63e50f219856b6eb5d70a26
parent: a9da1921f05a09bed597cb4c6b13d9e55f384e8c (diff)
2 files changed, 15 insertions, 15 deletions
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
index d88ae78c5afb..39d20ba9644b 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
@@ -125,6 +125,7 @@ public class SecurityControllerImpl extends CurrentUserTracker implements Securi
 
         IntentFilter filter = new IntentFilter();
         filter.addAction(KeyChain.ACTION_TRUST_STORE_CHANGED);
+        filter.addAction(Intent.ACTION_USER_UNLOCKED);
         context.registerReceiverAsUser(mBroadcastReceiver, UserHandle.ALL, filter, null,
                 bgHandler);
 
@@ -300,14 +301,11 @@ public class SecurityControllerImpl extends CurrentUserTracker implements Securi
         } else {
             mVpnUserId = mCurrentUserId;
         }
-        refreshCACerts();
         fireCallbacks();
     }
 
-    private void refreshCACerts() {
-        new CACertLoader().execute(mCurrentUserId);
-        int workProfileId = getWorkProfileUserId(mCurrentUserId);
-        if (workProfileId != UserHandle.USER_NULL) new CACertLoader().execute(workProfileId);
+    private void refreshCACerts(int userId) {
+        new CACertLoader().execute(userId);
     }
 
     private String getNameForVpnConfig(VpnConfig cfg, UserHandle user) {
@@ -403,7 +401,10 @@ public class SecurityControllerImpl extends CurrentUserTracker implements Securi
     private final BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() {
         @Override public void onReceive(Context context, Intent intent) {
             if (KeyChain.ACTION_TRUST_STORE_CHANGED.equals(intent.getAction())) {
-                refreshCACerts();
+                refreshCACerts(getSendingUserId());
+            } else if (Intent.ACTION_USER_UNLOCKED.equals(intent.getAction())) {
+                int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);
+                if (userId != UserHandle.USER_NULL) refreshCACerts(userId);
             }
         }
     };
@@ -418,9 +419,6 @@ public class SecurityControllerImpl extends CurrentUserTracker implements Securi
                 return new Pair<Integer, Boolean>(userId[0], hasCACerts);
             } catch (RemoteException | InterruptedException | AssertionError e) {
                 Log.i(TAG, "failed to get CA certs", e);
-                mBgHandler.postDelayed(
-                        () -> new CACertLoader().execute(userId[0]),
-                        CA_CERT_LOADING_RETRY_TIME_IN_MS);
                 return new Pair<Integer, Boolean>(userId[0], null);
             }
         }
diff --git a/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java b/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java
index 854cc2fad8e5..97542a9e5966 100644
--- a/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java
+++ b/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java
@@ -93,9 +93,9 @@ public class SecurityControllerTest extends SysuiTestCase implements SecurityCon
         when(mKeyChainService.queryLocalInterface("android.security.IKeyChainService"))
                 .thenReturn(mKeyChainService);
 
-        // Wait for callbacks from 1) the CACertLoader and 2) the onUserSwitched() function in the
+        // Wait for callbacks from the onUserSwitched() function in the
         // constructor of mSecurityController
-        mStateChangedLatch = new CountDownLatch(2);
+        mStateChangedLatch = new CountDownLatch(1);
         // TODO: Migrate this test to TestableLooper and use a handler attached
         // to that.
         mSecurityController = new SecurityControllerImpl(mContext,
@@ -169,7 +169,6 @@ public class SecurityControllerTest extends SysuiTestCase implements SecurityCon
         assertTrue(mSecurityController.hasCACertInCurrentUser());
 
         // Exception
-
         mStateChangedLatch = new CountDownLatch(1);
 
         when(mKeyChainService.getUserCaAliases())
@@ -181,9 +180,12 @@ public class SecurityControllerTest extends SysuiTestCase implements SecurityCon
 
         assertFalse(mStateChangedLatch.await(1, TimeUnit.SECONDS));
         assertTrue(mSecurityController.hasCACertInCurrentUser());
-        // The retry takes 30s
-        //assertTrue(mStateChangedLatch.await(31, TimeUnit.SECONDS));
-        //assertFalse(mSecurityController.hasCACertInCurrentUser());
+
+        mSecurityController.new CACertLoader()
+                           .execute(0);
+
+        assertTrue(mStateChangedLatch.await(1, TimeUnit.SECONDS));
+        assertFalse(mSecurityController.hasCACertInCurrentUser());
     }
 
     @Test
author	phweiss <phweiss@google.com>	2019-10-21 19:41:09 +0200
committer	phweiss <phweiss@google.com>	2019-10-22 13:04:41 +0200
commit	1a50c524bc6188bbd8206ddeba63bc4f02dfc194 (patch)
tree	f94cfa5d1fe2f014f63e50f219856b6eb5d70a26
parent	a9da1921f05a09bed597cb4c6b13d9e55f384e8c (diff)