summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/android/os/Process.java6
-rw-r--r--services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java20
2 files changed, 20 insertions, 6 deletions
diff --git a/core/java/android/os/Process.java b/core/java/android/os/Process.java
index f69c996c5368..31376587e144 100644
--- a/core/java/android/os/Process.java
+++ b/core/java/android/os/Process.java
@@ -92,6 +92,12 @@ public class Process {
public static final int VPN_UID = 1016;
/**
+ * Defines the UID/GID for keystore.
+ * @hide
+ */
+ public static final int KEYSTORE_UID = 1017;
+
+ /**
* Defines the UID/GID for the NFC service process.
* @hide
*/
diff --git a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
index 0b80d819fd80..ab9ab6713eea 100644
--- a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
+++ b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
@@ -21,6 +21,7 @@ import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
+import android.os.Binder;
import android.os.RemoteException;
import android.os.UserHandle;
import android.security.keymaster.KeyAttestationPackageInfo;
@@ -45,14 +46,19 @@ public class KeyAttestationApplicationIdProviderService
public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)
throws RemoteException {
- String[] packageNames = mPackageManager.getPackagesForUid(uid);
- if (packageNames == null) {
- throw new RemoteException("No packages for uid");
+ if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {
+ throw new SecurityException("This service can only be used by Keystore");
}
- int userId = UserHandle.getUserId(uid);
- KeyAttestationPackageInfo[] keyAttestationPackageInfos =
- new KeyAttestationPackageInfo[packageNames.length];
+ KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;
+ final long token = Binder.clearCallingIdentity();
try {
+ String[] packageNames = mPackageManager.getPackagesForUid(uid);
+ if (packageNames == null) {
+ throw new RemoteException("No packages for uid");
+ }
+ int userId = UserHandle.getUserId(uid);
+ keyAttestationPackageInfos = new KeyAttestationPackageInfo[packageNames.length];
+
for (int i = 0; i < packageNames.length; ++i) {
PackageInfo packageInfo = mPackageManager.getPackageInfoAsUser(packageNames[i],
PackageManager.GET_SIGNATURES, userId);
@@ -61,6 +67,8 @@ public class KeyAttestationApplicationIdProviderService
}
} catch (NameNotFoundException nnfe) {
throw new RemoteException(nnfe.getMessage());
+ } finally {
+ Binder.restoreCallingIdentity(token);
}
return new KeyAttestationApplicationId(keyAttestationPackageInfos);
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-04 10:23:05 +0000