summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Dmitry Dementyev <dementyev@google.com> 2018-01-11 05:31:47 +0000
committer Android (Google) Code Review <android-gerrit@google.com> 2018-01-11 05:31:47 +0000
commitdd9828e62fade644d7459fa1328bb22b2f2021a6 (patch)
tree1725a049841a796ff6dbcb5b7b9dc6b6c6175c6c
parent8e62041b8437d46429794caa7455cda085cc738c (diff)
parent122bfe1b7eed5fb772d40b901ed818095c62c2e9 (diff)
Merge "Check that recoverySecretTypes contains TYPE_LOCKSCREEN during unlock."
Diffstat
-rw-r--r--services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java7
-rw-r--r--services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java32
2 files changed, 36 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java
index 2c8bc4e37c9a..607987312f4d 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java
@@ -28,6 +28,7 @@ import android.security.recoverablekeystore.KeyStoreRecoveryMetadata;
import android.util.Log;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.util.ArrayUtils;
import com.android.internal.widget.LockPatternUtils;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage;
@@ -304,6 +305,12 @@ public class KeySyncTask implements Runnable {
* @param recoveryAgentUid uid of the recovery agent.
*/
private boolean shoudCreateSnapshot(int recoveryAgentUid) {
+ int[] types = mRecoverableKeyStoreDb.getRecoverySecretTypes(mUserId, recoveryAgentUid);
+ if (!ArrayUtils.contains(types, KeyStoreRecoveryMetadata.TYPE_LOCKSCREEN)) {
+ // Only lockscreen type is supported.
+ // We will need to pass extra argument to KeySyncTask to support custom pass phrase.
+ return false;
+ }
if (mCredentialUpdated) {
// Sync credential if at least one snapshot was created.
if (mRecoverableKeyStoreDb.getSnapshotVersion(mUserId, recoveryAgentUid) != null) {
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
index 8eaf50a8abc9..f798e9cb1a9e 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
@@ -16,6 +16,8 @@
package com.android.server.locksettings.recoverablekeystore;
+import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_LOCKSCREEN;
+
import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PASSWORD;
import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PATTERN;
import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_PIN;
@@ -104,6 +106,10 @@ public class KeySyncTaskTest {
mRecoverableKeyStoreDb = RecoverableKeyStoreDb.newInstance(context);
mKeyPair = SecureBox.genKeyPair();
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID,
+ new int[] {TYPE_LOCKSCREEN});
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2,
+ new int[] {TYPE_LOCKSCREEN});
mRecoverySnapshotStorage = new RecoverySnapshotStorage();
mKeySyncTask = new KeySyncTask(
@@ -406,10 +412,8 @@ public class KeySyncTaskTest {
isEqualTo(TYPE_PATTERN);
}
-
@Test
public void run_sendsEncryptedKeysWithTwoRegisteredAgents() throws Exception {
-
mRecoverableKeyStoreDb.setRecoveryServicePublicKey(
TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic());
mRecoverableKeyStoreDb.setRecoveryServicePublicKey(
@@ -425,13 +429,35 @@ public class KeySyncTaskTest {
}
@Test
- public void run_doesNotSendKeyToNonregisteredAgent() throws Exception {
+ public void run_sendsEncryptedKeysOnlyForAgentWhichActiveUserSecretType() throws Exception {
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID,
+ new int[] {TYPE_LOCKSCREEN, 100});
+ // Snapshot will not be created during unlock event.
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2,
+ new int[] {100});
mRecoverableKeyStoreDb.setRecoveryServicePublicKey(
TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic());
mRecoverableKeyStoreDb.setRecoveryServicePublicKey(
TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, mKeyPair.getPublic());
when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID)).thenReturn(true);
+ when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID2)).thenReturn(true);
+ addApplicationKey(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, TEST_APP_KEY_ALIAS);
+ addApplicationKey(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, TEST_APP_KEY_ALIAS);
+ mKeySyncTask.run();
+
+ verify(mSnapshotListenersStorage).recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID);
+ verify(mSnapshotListenersStorage, never()).
+ recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID2);
+ }
+
+ @Test
+ public void run_doesNotSendKeyToNonregisteredAgent() throws Exception {
+ mRecoverableKeyStoreDb.setRecoveryServicePublicKey(
+ TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic());
+ mRecoverableKeyStoreDb.setRecoveryServicePublicKey(
+ TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, mKeyPair.getPublic());
+ when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID)).thenReturn(true);
when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID2)).thenReturn(false);
addApplicationKey(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, TEST_APP_KEY_ALIAS);
addApplicationKey(TEST_USER_ID, TEST_RECOVERY_AGENT_UID2, TEST_APP_KEY_ALIAS);
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-19 11:11:45 +0000