Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 1a50c524bc6188bbd8206ddeba63bc4f02dfc194^! / .
commit1a50c524bc6188bbd8206ddeba63bc4f02dfc194[log] [tgz]
authorphweiss <phweiss@google.com>Mon Oct 21 19:41:09 2019 +0200
committerphweiss <phweiss@google.com>Tue Oct 22 13:04:41 2019 +0200
treef94cfa5d1fe2f014f63e50f219856b6eb5d70a26
parenta9da1921f05a09bed597cb4c6b13d9e55f384e8c [diff]
[SecurityController] Listen to USER_UNLOCKED

So far, SecurityControllerImpl waits for user switches to update
its certificate cache. Most of the time the certificates are not
ready yet, since it is too early in the boot process.

With this CL, we only check certificates after receiving the
ACTION_USER_UNLOCKED broadcast. This allows us to remove the
retry-mechanism that patched over the above problem.

Bug: 141698830
Test: atest SecurityControllerTest
Change-Id: I2c6cacc6d4ab65c3b4c44f7cc88deaf57cc40789

diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
index d88ae78..39d20ba 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java

@@ -125,6 +125,7 @@
 
         IntentFilter filter = new IntentFilter();
         filter.addAction(KeyChain.ACTION_TRUST_STORE_CHANGED);
+        filter.addAction(Intent.ACTION_USER_UNLOCKED);
         context.registerReceiverAsUser(mBroadcastReceiver, UserHandle.ALL, filter, null,
                 bgHandler);
 
@@ -300,14 +301,11 @@
         } else {
             mVpnUserId = mCurrentUserId;
         }
-        refreshCACerts();
         fireCallbacks();
     }
 
-    private void refreshCACerts() {
-        new CACertLoader().execute(mCurrentUserId);
-        int workProfileId = getWorkProfileUserId(mCurrentUserId);
-        if (workProfileId != UserHandle.USER_NULL) new CACertLoader().execute(workProfileId);
+    private void refreshCACerts(int userId) {
+        new CACertLoader().execute(userId);
     }
 
     private String getNameForVpnConfig(VpnConfig cfg, UserHandle user) {
@@ -403,7 +401,10 @@
     private final BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() {
         @Override public void onReceive(Context context, Intent intent) {
             if (KeyChain.ACTION_TRUST_STORE_CHANGED.equals(intent.getAction())) {
-                refreshCACerts();
+                refreshCACerts(getSendingUserId());
+            } else if (Intent.ACTION_USER_UNLOCKED.equals(intent.getAction())) {
+                int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);
+                if (userId != UserHandle.USER_NULL) refreshCACerts(userId);
             }
         }
     };
@@ -418,9 +419,6 @@
                 return new Pair<Integer, Boolean>(userId[0], hasCACerts);
             } catch (RemoteException | InterruptedException | AssertionError e) {
                 Log.i(TAG, "failed to get CA certs", e);
-                mBgHandler.postDelayed(
-                        () -> new CACertLoader().execute(userId[0]),
-                        CA_CERT_LOADING_RETRY_TIME_IN_MS);
                 return new Pair<Integer, Boolean>(userId[0], null);
             }
         }

diff --git a/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java b/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java
index 854cc2f..97542a9 100644
--- a/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java
+++ b/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java

@@ -93,9 +93,9 @@
         when(mKeyChainService.queryLocalInterface("android.security.IKeyChainService"))
                 .thenReturn(mKeyChainService);
 
-        // Wait for callbacks from 1) the CACertLoader and 2) the onUserSwitched() function in the
+        // Wait for callbacks from the onUserSwitched() function in the
         // constructor of mSecurityController
-        mStateChangedLatch = new CountDownLatch(2);
+        mStateChangedLatch = new CountDownLatch(1);
         // TODO: Migrate this test to TestableLooper and use a handler attached
         // to that.
         mSecurityController = new SecurityControllerImpl(mContext,
@@ -169,7 +169,6 @@
         assertTrue(mSecurityController.hasCACertInCurrentUser());
 
         // Exception
-
         mStateChangedLatch = new CountDownLatch(1);
 
         when(mKeyChainService.getUserCaAliases())
@@ -181,9 +180,12 @@
 
         assertFalse(mStateChangedLatch.await(1, TimeUnit.SECONDS));
         assertTrue(mSecurityController.hasCACertInCurrentUser());
-        // The retry takes 30s
-        //assertTrue(mStateChangedLatch.await(31, TimeUnit.SECONDS));
-        //assertFalse(mSecurityController.hasCACertInCurrentUser());
+
+        mSecurityController.new CACertLoader()
+                           .execute(0);
+
+        assertTrue(mStateChangedLatch.await(1, TimeUnit.SECONDS));
+        assertFalse(mSecurityController.hasCACertInCurrentUser());
     }
 
     @Test