9f49e8df2a6574460b26eb0d9c20111449623760 - platform/frameworks/base

commit	9f49e8df2a6574460b26eb0d9c20111449623760	[log] [tgz]
author	Kevin Chyn <kchyn@google.com>	Thu Mar 05 11:04:15 2020 -0800
committer	Kevin Chyn <kchyn@google.com>	Thu Mar 05 11:17:22 2020 -0800
tree	9c23ef5ba4200072628b658884afa9f5115f4c49
parent	abe3d7bde45371c10345b06c691ff1d163279b84 [diff]

Do not allow -1 duration in setUserAuthenticationParameters

This is a completely new API so callers can follow the new pattern of
using 0 to require auth for every use of the key.

Supporting both -1 and 0 to require auth for every use of the key
increases CtsVerifier complexity exponentially (strongbox,
invalidated by enrollment, etc).

Fixes: 150823346
Test: builds
Change-Id: Ieef53a8b50f5119c5e52656e930bf16b1e8e3d89

api/current.txt[diff]
keystore/java/android/security/keystore/KeyGenParameterSpec.java[diff]
keystore/java/android/security/keystore/KeyProtection.java[diff]

3 files changed