7 files changed, 132 insertions, 8 deletions

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKey.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKey.java
index b24a22dbc0ec..16f732f63bf7 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKey.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKey.java
@@ -22,6 +22,8 @@ import android.system.keystore2.Authorization;
 import android.system.keystore2.Domain;
 import android.system.keystore2.KeyDescriptor;
 
+import com.android.internal.annotations.VisibleForTesting;
+
 import java.security.Key;
 
 /**
@@ -46,7 +48,11 @@ public class AndroidKeyStoreKey implements Key {
     // We do not include this member in comparisons.
     private final KeyStoreSecurityLevel mSecurityLevel;
 
-    AndroidKeyStoreKey(@NonNull KeyDescriptor descriptor,
+    /**
+     * @hide
+     */
+    @VisibleForTesting
+    public AndroidKeyStoreKey(@NonNull KeyDescriptor descriptor,
             long keyId,
             @NonNull Authorization[] authorizations,
             @NonNull String algorithm,
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java b/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
index 4842984e8c6a..0b3be327b521 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
@@ -23,7 +23,7 @@ import android.system.keystore2.KeyDescriptor;
 import android.system.keystore2.KeyMetadata;
 
 import java.security.PublicKey;
-import java.util.Objects;
+import java.util.Arrays;
 
 /**
  * {@link PublicKey} backed by Android Keystore.
@@ -62,8 +62,8 @@ public abstract class AndroidKeyStorePublicKey extends AndroidKeyStoreKey implem
         int result = 1;
 
         result = prime * result + super.hashCode();
-        result = prime * result + ((mCertificate == null) ? 0 : mCertificate.hashCode());
-        result = prime * result + ((mCertificateChain == null) ? 0 : mCertificateChain.hashCode());
+        result = prime * result + Arrays.hashCode(mCertificate);
+        result = prime * result + Arrays.hashCode(mCertificateChain);
 
         return result;
     }
@@ -83,7 +83,7 @@ public abstract class AndroidKeyStorePublicKey extends AndroidKeyStoreKey implem
          */
         final AndroidKeyStorePublicKey other = (AndroidKeyStorePublicKey) obj;
 
-        return Objects.equals(mCertificate, other.mCertificate) && Objects.equals(mCertificateChain,
+        return Arrays.equals(mCertificate, other.mCertificate) && Arrays.equals(mCertificateChain,
                 other.mCertificateChain);
     }
 }
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 67358c4f3255..33411e1ec5b9 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -601,8 +601,6 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
         }
         KeyProtection params = (KeyProtection) param;
 
-        @SecurityLevel int securityLevel = params.isStrongBoxBacked() ? SecurityLevel.STRONGBOX :
-                SecurityLevel.TRUSTED_ENVIRONMENT;
         @Domain int targetDomain = (getTargetDomain());
 
         if (key instanceof AndroidKeyStoreSecretKey) {
@@ -794,6 +792,9 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
             flags |= IKeystoreSecurityLevel.KEY_FLAG_AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING;
         }
 
+        @SecurityLevel int securityLevel = params.isStrongBoxBacked() ? SecurityLevel.STRONGBOX :
+                SecurityLevel.TRUSTED_ENVIRONMENT;
+
         try {
             KeyStoreSecurityLevel securityLevelInterface = mKeyStore.getSecurityLevel(
                     securityLevel);
diff --git a/keystore/tests/src/android/security/keystore2/AndroidKeyStoreSpiTest.java b/keystore/tests/src/android/security/keystore2/AndroidKeyStoreSpiTest.java
index 1bd3069f483a..f96c39c879fd 100644
--- a/keystore/tests/src/android/security/keystore2/AndroidKeyStoreSpiTest.java
+++ b/keystore/tests/src/android/security/keystore2/AndroidKeyStoreSpiTest.java
@@ -24,7 +24,13 @@ import static org.mockito.Mockito.when;
 
 import android.security.KeyStore2;
 import android.security.KeyStoreException;
+import android.security.KeyStoreSecurityLevel;
+import android.system.keystore2.Authorization;
+import android.system.keystore2.Domain;
+import android.system.keystore2.KeyDescriptor;
+import android.system.keystore2.KeyMetadata;
 
+import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
@@ -52,4 +58,112 @@ public class AndroidKeyStoreSpiTest {
         verify(mKeystore2).list(anyInt(), anyLong());
     }
 
+    @Mock
+    private KeyStoreSecurityLevel mKeystoreSecurityLevel;
+
+    private static KeyDescriptor descriptor() {
+        final KeyDescriptor keyDescriptor = new KeyDescriptor();
+        keyDescriptor.alias = "key";
+        keyDescriptor.blob = null;
+        keyDescriptor.domain = Domain.APP;
+        keyDescriptor.nspace = -1;
+        return keyDescriptor;
+    }
+
+    private static KeyMetadata metadata(byte[] cert, byte[] certChain) {
+        KeyMetadata metadata = new KeyMetadata();
+        metadata.authorizations = new Authorization[0];
+        metadata.certificate = cert;
+        metadata.certificateChain = certChain;
+        metadata.key = descriptor();
+        metadata.modificationTimeMs = 0;
+        metadata.keySecurityLevel = 1;
+        return metadata;
+    }
+
+    private static byte[] bytes(String string) {
+        return string.getBytes();
+    }
+
+    class MyPublicKey extends AndroidKeyStorePublicKey {
+        MyPublicKey(String cert, String chain, KeyStoreSecurityLevel securityLevel) {
+            super(descriptor(), metadata(cert.getBytes(), chain.getBytes()), "N/A".getBytes(),
+                    "RSA", securityLevel);
+        }
+
+        @Override
+        AndroidKeyStorePrivateKey getPrivateKey() {
+            return null;
+        }
+    }
+
+    private AndroidKeyStorePublicKey makePrivateKeyObject(String cert, String chain) {
+        return new MyPublicKey(cert, chain, mKeystoreSecurityLevel);
+    }
+
+    @Test
+    public void testKeystoreKeysAdhereToContractBetweenEqualsAndHashCode() throws Exception {
+        AndroidKeyStoreKey key1 = new AndroidKeyStoreKey(descriptor(), 1, new Authorization[0],
+                "RSA", mKeystoreSecurityLevel);
+        AndroidKeyStoreKey key2 = new AndroidKeyStoreKey(descriptor(), 2, new Authorization[0],
+                "RSA", mKeystoreSecurityLevel);
+        AndroidKeyStoreKey key1_clone = new AndroidKeyStoreKey(descriptor(), 1,
+                new Authorization[0], "RSA", mKeystoreSecurityLevel);
+
+        assertThat("Identity should yield true", key1.equals(key1));
+        Assert.assertEquals("Identity should yield same hash codes",
+                key1.hashCode(), key1.hashCode());
+        assertThat("Identity should yield true", key2.equals(key2));
+        Assert.assertEquals("Identity should yield same hash codes",
+                key2.hashCode(), key2.hashCode());
+        assertThat("Different keys should differ", !key1.equals(key2));
+        Assert.assertNotEquals("Different keys should have different hash codes",
+                key1.hashCode(), key2.hashCode());
+
+        assertThat("Same keys should yield true", key1.equals(key1_clone));
+        assertThat("Same keys should yield true", key1_clone.equals(key1));
+        Assert.assertEquals("Same keys should yield same hash codes",
+                key1.hashCode(), key1_clone.hashCode());
+
+        assertThat("anything.equal(null) should yield false", !key1.equals(null));
+        assertThat("anything.equal(null) should yield false", !key2.equals(null));
+        assertThat("anything.equal(null) should yield false", !key1_clone.equals(null));
+    }
+
+    @Test
+    public void testKeystorePublicKeysAdhereToContractBetweenEqualsAndHashCode() throws Exception {
+        AndroidKeyStorePublicKey key1 = makePrivateKeyObject("myCert1", "myChain1");
+        AndroidKeyStorePublicKey key2 = makePrivateKeyObject("myCert2", "myChain1");
+        AndroidKeyStorePublicKey key3 = makePrivateKeyObject("myCert1", "myChain3");
+        AndroidKeyStorePublicKey key1_clone = makePrivateKeyObject("myCert1", "myChain1");
+
+        assertThat("Identity should yield true", key1.equals(key1));
+        Assert.assertEquals("Identity should yield same hash codes",
+                key1.hashCode(), key1.hashCode());
+        assertThat("Identity should yield true", key2.equals(key2));
+        Assert.assertEquals("Identity should yield same hash codes",
+                key2.hashCode(), key2.hashCode());
+        assertThat("Identity should yield true", key3.equals(key3));
+        Assert.assertEquals("Identity should yield same hash codes",
+                key3.hashCode(), key3.hashCode());
+        assertThat("Different keys should differ", !key1.equals(key2));
+        Assert.assertNotEquals("Different keys should have different hash codes",
+                key1.hashCode(), key2.hashCode());
+        assertThat("Different keys should differ", !key1.equals(key3));
+        Assert.assertNotEquals("Different keys should have different hash codes",
+                key1.hashCode(), key3.hashCode());
+        assertThat("Different keys should differ", !key2.equals(key3));
+        Assert.assertNotEquals("Different keys should have different hash codes",
+                key2.hashCode(), key3.hashCode());
+
+        assertThat("Same keys should yield true", key1.equals(key1_clone));
+        assertThat("Same keys should yield true", key1_clone.equals(key1));
+        Assert.assertEquals("Same keys should yield same hash codes",
+                key1.hashCode(), key1_clone.hashCode());
+
+        assertThat("anything.equal(null) should yield false", !key1.equals(null));
+        assertThat("anything.equal(null) should yield false", !key2.equals(null));
+        assertThat("anything.equal(null) should yield false", !key3.equals(null));
+        assertThat("anything.equal(null) should yield false", !key1_clone.equals(null));
+    }
 }
diff --git a/services/core/java/com/android/server/criticalevents/OWNERS b/services/core/java/com/android/server/criticalevents/OWNERS
new file mode 100644
index 000000000000..9c3136c592f1
--- /dev/null
+++ b/services/core/java/com/android/server/criticalevents/OWNERS
@@ -0,0 +1,2 @@
+benmiles@google.com
+gaillard@google.com
diff --git a/services/tests/servicestests/src/com/android/server/criticalevents/OWNERS b/services/tests/servicestests/src/com/android/server/criticalevents/OWNERS
new file mode 100644
index 000000000000..07c0e70574f0
--- /dev/null
+++ b/services/tests/servicestests/src/com/android/server/criticalevents/OWNERS
@@ -0,0 +1 @@
+include /services/core/java/com/android/server/criticalevents/OWNERS
diff --git a/telephony/java/android/telephony/ServiceState.java b/telephony/java/android/telephony/ServiceState.java
index f859857b8a2a..846e6f3c5800 100644
--- a/telephony/java/android/telephony/ServiceState.java
+++ b/telephony/java/android/telephony/ServiceState.java
@@ -612,7 +612,7 @@ public class ServiceState implements Parcelable {
     /**
      * Get the channel number of the current primary serving cell, or -1 if unknown
      *
-     * <p>This is EARFCN for LTE, UARFCN for UMTS, and ARFCN for GSM.
+     * <p>This is NRARFCN for NR, EARFCN for LTE, UARFCN for UMTS, and ARFCN for GSM.
      *
      * @return Channel number of primary serving cell
      */