From 27a776f5bba75738b35cce17628143a448b245f7 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 22 Nov 2023 16:16:23 +0000 Subject: Rename the fix_unlocked_device_required_keys flag This flag was defined as a regular flag and then was later changed to a fixed_read_only flag. This scenario is currently "unsupported" by the flags infrastructure; an error occurs when trying to advance the flag to staging. Work around this by renaming the flag so that the flags infrastructure sees it as an entirely new flag. (Also fix two formatting errors in LockStateTrackingRule.kt which were causing the ktlint_hook pre-upload hook to fail.) Bug: 296464083 Bug: 311648623 Test: build Change-Id: Ia8c7b3d2602bcbd4e349cc7f340ff6077412996e --- core/java/android/security/flags.aconfig | 2 +- .../java/com/android/server/locksettings/LockSettingsService.java | 2 +- .../core/java/com/android/server/trust/TrustManagerService.java | 2 +- tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt | 4 ++-- .../TrustTests/src/android/trust/test/lib/LockStateTrackingRule.kt | 7 ++++--- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/core/java/android/security/flags.aconfig b/core/java/android/security/flags.aconfig index 5aa309753cc4..e94f23a6f4ce 100644 --- a/core/java/android/security/flags.aconfig +++ b/core/java/android/security/flags.aconfig @@ -8,7 +8,7 @@ flag { } flag { - name: "fix_unlocked_device_required_keys" + name: "fix_unlocked_device_required_keys_v2" namespace: "hardware_backed_security" description: "Fix bugs in behavior of UnlockedDeviceRequired keystore keys" bug: "296464083" diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index ec7f561bd9da..b4c39972dcaa 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -246,7 +246,7 @@ public class LockSettingsService extends ILockSettings.Stub { private static final String MIGRATED_SP_FULL = "migrated_all_users_to_sp_and_bound_keys"; private static final boolean FIX_UNLOCKED_DEVICE_REQUIRED_KEYS = - android.security.Flags.fixUnlockedDeviceRequiredKeys(); + android.security.Flags.fixUnlockedDeviceRequiredKeysV2(); // Duration that LockSettingsService will store the gatekeeper password for. This allows // multiple biometric enrollments without prompting the user to enter their password via diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 635e11be3a16..a884458bc6c2 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -829,7 +829,7 @@ public class TrustManagerService extends SystemService { } final boolean trusted; - if (android.security.Flags.fixUnlockedDeviceRequiredKeys()) { + if (android.security.Flags.fixUnlockedDeviceRequiredKeysV2()) { trusted = getUserTrustStateInner(id) == TrustState.TRUSTED; } else { trusted = aggregateIsTrusted(id); diff --git a/tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt b/tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt index 1dfd5c06167b..d0e56268a27d 100644 --- a/tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt +++ b/tests/TrustTests/src/android/trust/test/GrantAndRevokeTrustTest.kt @@ -93,7 +93,7 @@ class GrantAndRevokeTrustTest { } @Test - @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS) + @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2) fun grantCannotActivelyUnlockDevice() { // On automotive, trust agents can actively unlock the device. assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) @@ -120,7 +120,7 @@ class GrantAndRevokeTrustTest { } @Test - @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS) + @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2) fun grantCouldCauseWrongDeviceLockedStateDueToBug() { // On automotive, trust agents can actively unlock the device. assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) diff --git a/tests/TrustTests/src/android/trust/test/lib/LockStateTrackingRule.kt b/tests/TrustTests/src/android/trust/test/lib/LockStateTrackingRule.kt index 5a8f82827253..01218099f34c 100644 --- a/tests/TrustTests/src/android/trust/test/lib/LockStateTrackingRule.kt +++ b/tests/TrustTests/src/android/trust/test/lib/LockStateTrackingRule.kt @@ -36,7 +36,8 @@ import org.junit.runners.model.Statement class LockStateTrackingRule : TestRule { private val context: Context = getApplicationContext() private val windowManager = checkNotNull(WindowManagerGlobal.getWindowManagerService()) - private val keyguardManager = context.getSystemService(KeyguardManager::class.java) as KeyguardManager + private val keyguardManager = + context.getSystemService(KeyguardManager::class.java) as KeyguardManager @Volatile lateinit var trustState: TrustState private set @@ -63,7 +64,7 @@ class LockStateTrackingRule : TestRule { wait("not trusted") { trustState.trusted == false } } - // TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS + // TODO(b/299298338) remove this when removing FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2 fun assertUnlockedButNotReally() { wait("device unlocked") { !keyguardManager.isDeviceLocked } wait("not trusted") { trustState.trusted == false } @@ -87,7 +88,7 @@ class LockStateTrackingRule : TestRule { trustGrantedMessages: MutableList ) { Log.d(TAG, "Device became trusted=$enabled") - trustState = trustState.copy(trusted=enabled) + trustState = trustState.copy(trusted = enabled) } } -- cgit v1.2.3-59-g8ed1b