Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 3876b1be27e3aefde9a72eb2e4f856e94fc5f946
commit3876b1be27e3aefde9a72eb2e4f856e94fc5f946[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Wed Sep 09 14:55:03 2015 -0700
committerAlex Klyubin <klyubin@google.com>Thu Sep 10 15:35:06 2015 -0700
tree5783b18f074f1971a83a615ef805f5483f6cfb90
parent435acfc88917e3535462ea520b01d0868266acd2 [diff]
Support cross-UID access from AndroidKeyStore.

This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.

To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).

To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.

This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.

Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
27 files changed
tree: 5783b18f074f1971a83a615ef805f5483f6cfb90
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. rs/
  19. samples/
  20. sax/
  21. services/
  22. telecomm/
  23. telephony/
  24. test-runner/
  25. tests/
  26. tools/
  27. wifi/
  28. Android.mk
  29. CleanSpec.mk
  30. MODULE_LICENSE_APACHE2
  31. NOTICE
  32. preloaded-classes