KeyChain: Unify manual and programmatic key installation flows
Unify the manual certificate installation flow (via "Install from
storage" in the Settings app) with the programmatic one (using
DevicePolicyManager.installKeyPair).
The unification is achieved by extending the KeyChainService API to take
in the UID for which the key is designated (so WiFi keys can be
installed with the unified flow), and making the CredentialStorage
activity call the KeyChainService rather than poke into Keystore
directly.
Framework-related changes to support this:
* Add new constant for specifying the key alias as an extra to the
install activity, and remove obsolete constants from the Credentials
class.
* Make KeyChainService definition include key destination UID.
* Make the call to KeyChainService.installKeyPair from the
DevicePolicyManagerService specify the "self" UID.
Test: Manual CtsVerifier tests: KeyChain Storage Test, CA Cert Notification Test
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Bug: 138375478
Change-Id: Ib317f85fa6719c70ee3b1da4255c44754fbfa789
3 files changed