Update credential installation to work for user 0
Bug: 167108868
Test: CTS Verifier KeyChain Storages
Change-Id: Icd9c2fcae80b1876c346b06e0bf51f90103da013
diff --git a/src/com/android/car/settings/security/CredentialStorageActivity.java b/src/com/android/car/settings/security/CredentialStorageActivity.java
index 265f7a3..6e3753a 100644
--- a/src/com/android/car/settings/security/CredentialStorageActivity.java
+++ b/src/com/android/car/settings/security/CredentialStorageActivity.java
@@ -17,6 +17,7 @@
package com.android.car.settings.security;
import android.app.Activity;
+import android.app.ActivityManager;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
@@ -173,7 +174,13 @@
int uid = installBundle.getInt(Credentials.EXTRA_INSTALL_AS_UID, KeyStore.UID_SELF);
- if (uid != KeyStore.UID_SELF && !UserHandle.isSameUser(uid, Process.myUid())) {
+ // Checks that the provided uid is none of the following:
+ // 1. KeyStore.UID_SELF
+ // 2. Current uid process
+ // 3. uid running as the system process (if in headless system user mode)
+ if (uid != KeyStore.UID_SELF && !UserHandle.isSameUser(uid, Process.myUid())
+ && !(mUserManager.isHeadlessSystemUserMode()
+ && UserHandle.getUserId(uid) == UserHandle.USER_SYSTEM)) {
int dstUserId = UserHandle.getUserId(uid);
// Restrict install target to the wifi uid.
@@ -225,10 +232,12 @@
return false;
}
- credentialStorage.mUtils.resetKeyStore(UserHandle.myUserId());
+ UserHandle user = getUserHandleToUse(mCredentialStorage.get().mUserManager);
+ credentialStorage.mUtils.resetKeyStore(user.getIdentifier());
try {
- KeyChain.KeyChainConnection keyChainConnection = KeyChain.bind(credentialStorage);
+ KeyChain.KeyChainConnection keyChainConnection = KeyChain.bindAsUser(
+ credentialStorage, user);
try {
return keyChainConnection.getService().reset();
} catch (RemoteException e) {
@@ -283,8 +292,9 @@
@Override
protected Boolean doInBackground(Void... unused) {
- try (KeyChain.KeyChainConnection keyChainConnection = KeyChain.bind(
- CredentialStorageActivity.this)) {
+ try (KeyChain.KeyChainConnection keyChainConnection = KeyChain.bindAsUser(
+ CredentialStorageActivity.this,
+ getUserHandleToUse(CredentialStorageActivity.this.mUserManager))) {
return keyChainConnection.getService()
.installKeyPair(mKeyData, mCertData, mCaListData, mAlias, mUid);
} catch (RemoteException e) {
@@ -345,8 +355,8 @@
|| credentialStorage.isDestroyed()) {
return false;
}
- try (KeyChain.KeyChainConnection keyChainConnection = KeyChain.bind(
- credentialStorage)) {
+ try (KeyChain.KeyChainConnection keyChainConnection = KeyChain.bindAsUser(
+ credentialStorage, getUserHandleToUse(credentialStorage.mUserManager))) {
keyChainConnection.getService().setUserSelectable(mAlias, true);
return true;
} catch (RemoteException e) {
@@ -370,4 +380,9 @@
credentialStorage.finish();
}
}
+
+ private static UserHandle getUserHandleToUse(UserManager userManager) {
+ return userManager.isHeadlessSystemUserMode()
+ ? UserHandle.SYSTEM : UserHandle.of(ActivityManager.getCurrentUser());
+ }
}