diff options
| author | 2018-03-23 12:10:09 -0700 | |
|---|---|---|
| committer | 2018-03-23 12:21:01 -0700 | |
| commit | a5945d53dc24576bffcb84a01491478b14bb7ea4 (patch) | |
| tree | 465bef693d77a6245e735ef542510e975d6fa0ae | |
| parent | 4341a66b03aa8ba03de09db4bd446312c47176be (diff) | |
Add RECOVER_KEYSTORE permission check to all IPC calls in
RecoveryController.
Bug: 76116351
Test: GTS tests under development.
Change-Id: Ia4b01eb790a55e587f5719b94ff6cf2482a8eae1
| -rw-r--r-- | services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java index e75722af95ae..d9c97aef4455 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java @@ -247,6 +247,7 @@ public class RecoverableKeyStoreManager { @NonNull String rootCertificateAlias, @NonNull byte[] recoveryServiceCertFile, @NonNull byte[] recoveryServiceSigFile) throws RemoteException { + checkRecoverKeyStorePermission(); if (rootCertificateAlias == null) { Log.e(TAG, "rootCertificateAlias is null"); } @@ -356,6 +357,7 @@ public class RecoverableKeyStoreManager { * {@link RecoveryController#RECOVERY_STATUS_PERMANENT_FAILURE}. */ public @NonNull Map<String, Integer> getRecoveryStatus() throws RemoteException { + checkRecoverKeyStorePermission(); return mDatabase.getStatusForAllKeys(Binder.getCallingUid()); } @@ -656,6 +658,7 @@ public class RecoverableKeyStoreManager { * @hide */ public byte[] generateAndStoreKey(@NonNull String alias) throws RemoteException { + checkRecoverKeyStorePermission(); int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); @@ -688,6 +691,7 @@ public class RecoverableKeyStoreManager { } public void removeKey(@NonNull String alias) throws RemoteException { + checkRecoverKeyStorePermission(); Preconditions.checkNotNull(alias, "alias is null"); int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); @@ -706,6 +710,7 @@ public class RecoverableKeyStoreManager { * @return grant alias, which caller can use to access the key. */ public String generateKey(@NonNull String alias) throws RemoteException { + checkRecoverKeyStorePermission(); Preconditions.checkNotNull(alias, "alias is null"); int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); @@ -745,6 +750,7 @@ public class RecoverableKeyStoreManager { */ public String importKey(@NonNull String alias, @NonNull byte[] keyBytes) throws RemoteException { + checkRecoverKeyStorePermission(); Preconditions.checkNotNull(alias, "alias is null"); Preconditions.checkNotNull(keyBytes, "keyBytes is null"); if (keyBytes.length != RecoverableKeyGenerator.KEY_SIZE_BITS / Byte.SIZE) { @@ -790,6 +796,7 @@ public class RecoverableKeyStoreManager { * @return grant alias, which caller can use to access the key. */ public String getKey(@NonNull String alias) throws RemoteException { + checkRecoverKeyStorePermission(); Preconditions.checkNotNull(alias, "alias is null"); int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); |