Merge "Fix Watchdog HeartbeatHandler to run on correct thread"
diff --git a/core/java/android/security/IKeystoreService.java b/core/java/android/security/IKeystoreService.java
index 651693a..2ae3c64 100644
--- a/core/java/android/security/IKeystoreService.java
+++ b/core/java/android/security/IKeystoreService.java
@@ -148,6 +148,10 @@
for (int i = 0; i < size; i++) {
_result[i] = _reply.readString();
}
+ int _ret = _reply.readInt();
+ if (_ret != 1) {
+ return null;
+ }
} finally {
_reply.recycle();
_data.recycle();
@@ -401,6 +405,25 @@
}
return _result;
}
+
+ @Override
+ public int migrate(String name, int targetUid) throws RemoteException {
+ Parcel _data = Parcel.obtain();
+ Parcel _reply = Parcel.obtain();
+ int _result;
+ try {
+ _data.writeInterfaceToken(DESCRIPTOR);
+ _data.writeString(name);
+ _data.writeInt(targetUid);
+ mRemote.transact(Stub.TRANSACTION_migrate, _data, _reply, 0);
+ _reply.readException();
+ _result = _reply.readInt();
+ } finally {
+ _reply.recycle();
+ _data.recycle();
+ }
+ return _result;
+ }
}
private static final String DESCRIPTOR = "android.security.keystore";
@@ -425,6 +448,7 @@
static final int TRANSACTION_grant = IBinder.FIRST_CALL_TRANSACTION + 17;
static final int TRANSACTION_ungrant = IBinder.FIRST_CALL_TRANSACTION + 18;
static final int TRANSACTION_getmtime = IBinder.FIRST_CALL_TRANSACTION + 19;
+ static final int TRANSACTION_migrate = IBinder.FIRST_CALL_TRANSACTION + 20;
/**
* Cast an IBinder object into an IKeystoreService interface, generating
@@ -509,4 +533,6 @@
public int ungrant(String name, int granteeUid) throws RemoteException;
public long getmtime(String name) throws RemoteException;
+
+ public int migrate(String name, int targetUid) throws RemoteException;
}
diff --git a/core/jni/android_os_SELinux.cpp b/core/jni/android_os_SELinux.cpp
index b12fdfc..0a97f39 100644
--- a/core/jni/android_os_SELinux.cpp
+++ b/core/jni/android_os_SELinux.cpp
@@ -23,428 +23,407 @@
#include "selinux/selinux.h"
#include "selinux/android.h"
#include <errno.h>
+#include <ScopedLocalRef.h>
+#include <ScopedUtfChars.h>
+#include <UniquePtr.h>
namespace android {
- static jboolean isSELinuxDisabled = true;
+struct SecurityContext_Delete {
+ void operator()(security_context_t p) const {
+ freecon(p);
+ }
+};
+typedef UniquePtr<char[], SecurityContext_Delete> Unique_SecurityContext;
- static void throw_NullPointerException(JNIEnv *env, const char* msg) {
- jclass clazz;
- clazz = env->FindClass("java/lang/NullPointerException");
- env->ThrowNew(clazz, msg);
- }
+static jboolean isSELinuxDisabled = true;
- /*
- * Function: isSELinuxEnabled
- * Purpose: checks whether SELinux is enabled/disbaled
- * Parameters: none
- * Return value : true (enabled) or false (disabled)
- * Exceptions: none
- */
- static jboolean isSELinuxEnabled(JNIEnv *env, jobject classz) {
-
+/*
+ * Function: isSELinuxEnabled
+ * Purpose: checks whether SELinux is enabled/disbaled
+ * Parameters: none
+ * Return value : true (enabled) or false (disabled)
+ * Exceptions: none
+ */
+static jboolean isSELinuxEnabled(JNIEnv *env, jobject) {
return !isSELinuxDisabled;
- }
+}
- /*
- * Function: isSELinuxEnforced
- * Purpose: return the current SELinux enforce mode
- * Parameters: none
- * Return value: true (enforcing) or false (permissive)
- * Exceptions: none
- */
- static jboolean isSELinuxEnforced(JNIEnv *env, jobject clazz) {
+/*
+ * Function: isSELinuxEnforced
+ * Purpose: return the current SELinux enforce mode
+ * Parameters: none
+ * Return value: true (enforcing) or false (permissive)
+ * Exceptions: none
+ */
+static jboolean isSELinuxEnforced(JNIEnv *env, jobject) {
return (security_getenforce() == 1) ? true : false;
- }
+}
- /*
- * Function: setSELinuxEnforce
- * Purpose: set the SE Linux enforcing mode
- * Parameters: true (enforcing) or false (permissive)
- * Return value: true (success) or false (fail)
- * Exceptions: none
- */
- static jboolean setSELinuxEnforce(JNIEnv *env, jobject clazz, jboolean value) {
- if (isSELinuxDisabled)
- return false;
+/*
+ * Function: setSELinuxEnforce
+ * Purpose: set the SE Linux enforcing mode
+ * Parameters: true (enforcing) or false (permissive)
+ * Return value: true (success) or false (fail)
+ * Exceptions: none
+ */
+static jboolean setSELinuxEnforce(JNIEnv *env, jobject, jboolean value) {
+ if (isSELinuxDisabled) {
+ return false;
+ }
- int enforce = (value) ? 1 : 0;
+ int enforce = value ? 1 : 0;
return (security_setenforce(enforce) != -1) ? true : false;
- }
+}
- /*
- * Function: getPeerCon
- * Purpose: retrieves security context of peer socket
- * Parameters:
- * fileDescriptor: peer socket file as a FileDescriptor object
- * Returns: jstring representing the security_context of socket or NULL if error
- * Exceptions: NullPointerException if fileDescriptor object is NULL
- */
- static jstring getPeerCon(JNIEnv *env, jobject clazz, jobject fileDescriptor) {
- if (isSELinuxDisabled)
- return NULL;
+/*
+ * Function: getPeerCon
+ * Purpose: retrieves security context of peer socket
+ * Parameters:
+ * fileDescriptor: peer socket file as a FileDescriptor object
+ * Returns: jstring representing the security_context of socket or NULL if error
+ * Exceptions: NullPointerException if fileDescriptor object is NULL
+ */
+static jstring getPeerCon(JNIEnv *env, jobject, jobject fileDescriptor) {
+ if (isSELinuxDisabled) {
+ return NULL;
+ }
if (fileDescriptor == NULL) {
- throw_NullPointerException(env, "Trying to check security context of a null peer socket.");
- return NULL;
+ jniThrowNullPointerException(env,
+ "Trying to check security context of a null peer socket.");
+ return NULL;
}
- security_context_t context = NULL;
- jstring securityString = NULL;
-
int fd = jniGetFDFromFileDescriptor(env, fileDescriptor);
-
if (env->ExceptionOccurred() != NULL) {
- ALOGE("There was an issue with retrieving the file descriptor");
- goto bail;
+ ALOGE("getPeerCon => getFD for %p failed", fileDescriptor);
+ return NULL;
}
- if (getpeercon(fd, &context) == -1)
- goto bail;
+ security_context_t tmp;
+ int ret = getpeercon(fd, &tmp);
+ Unique_SecurityContext context(tmp);
- ALOGV("getPeerCon: Successfully retrived context of peer socket '%s'", context);
-
- securityString = env->NewStringUTF(context);
-
- bail:
- if (context != NULL)
- freecon(context);
-
- return securityString;
- }
-
- /*
- * Function: setFSCreateCon
- * Purpose: set security context used for creating a new file system object
- * Parameters:
- * context: security_context_t representing the new context of a file system object,
- * set to NULL to return to the default policy behavior
- * Returns: true on success, false on error
- * Exception: none
- */
- static jboolean setFSCreateCon(JNIEnv *env, jobject clazz, jstring context) {
- if (isSELinuxDisabled)
- return false;
-
- char * securityContext = NULL;
- const char *constant_securityContext = NULL;
-
- if (context != NULL) {
- constant_securityContext = env->GetStringUTFChars(context, NULL);
-
- // GetStringUTFChars returns const char * yet setfscreatecon needs char *
- securityContext = const_cast<char *>(constant_securityContext);
+ ScopedLocalRef<jstring> contextStr(env, NULL);
+ if (ret != -1) {
+ contextStr.reset(env->NewStringUTF(context.get()));
}
- int ret;
- if ((ret = setfscreatecon(securityContext)) == -1)
- goto bail;
+ ALOGV("getPeerCon(%d) => %s", fd, contextStr.get());
+ return contextStr.release();
+}
- ALOGV("setFSCreateCon: set new security context to '%s' ", context == NULL ? "default", context);
+/*
+ * Function: setFSCreateCon
+ * Purpose: set security context used for creating a new file system object
+ * Parameters:
+ * context: security_context_t representing the new context of a file system object,
+ * set to NULL to return to the default policy behavior
+ * Returns: true on success, false on error
+ * Exception: none
+ */
+static jboolean setFSCreateCon(JNIEnv *env, jobject, jstring contextStr) {
+ if (isSELinuxDisabled) {
+ return false;
+ }
- bail:
- if (constant_securityContext != NULL)
- env->ReleaseStringUTFChars(context, constant_securityContext);
+ UniquePtr<ScopedUtfChars> context;
+ const char* context_c_str = NULL;
+ if (contextStr != NULL) {
+ context.reset(new ScopedUtfChars(env, contextStr));
+ context_c_str = context->c_str();
+ if (context_c_str == NULL) {
+ return false;
+ }
+ }
+
+ int ret = setfscreatecon(const_cast<char *>(context_c_str));
+
+ ALOGV("setFSCreateCon(%s) => %d", context_c_str, ret);
return (ret == 0) ? true : false;
- }
+}
- /*
- * Function: setFileCon
- * Purpose: set the security context of a file object
- * Parameters:
- * path: the location of the file system object
- * con: the new security context of the file system object
- * Returns: true on success, false on error
- * Exception: NullPointerException is thrown if either path or context strign are NULL
- */
- static jboolean setFileCon(JNIEnv *env, jobject clazz, jstring path, jstring con) {
- if (isSELinuxDisabled)
- return false;
-
- if (path == NULL) {
- throw_NullPointerException(env, "Trying to change the security context of a NULL file object.");
- return false;
+/*
+ * Function: setFileCon
+ * Purpose: set the security context of a file object
+ * Parameters:
+ * path: the location of the file system object
+ * context: the new security context of the file system object
+ * Returns: true on success, false on error
+ * Exception: NullPointerException is thrown if either path or context strign are NULL
+ */
+static jboolean setFileCon(JNIEnv *env, jobject, jstring pathStr, jstring contextStr) {
+ if (isSELinuxDisabled) {
+ return false;
}
- if (con == NULL) {
- throw_NullPointerException(env, "Trying to set the security context of a file object with NULL.");
- return false;
+ ScopedUtfChars path(env, pathStr);
+ if (path.c_str() == NULL) {
+ return false;
}
- const char *objectPath = env->GetStringUTFChars(path, NULL);
- const char *constant_con = env->GetStringUTFChars(con, NULL);
+ ScopedUtfChars context(env, contextStr);
+ if (context.c_str() == NULL) {
+ return false;
+ }
// GetStringUTFChars returns const char * yet setfilecon needs char *
- char *newCon = const_cast<char *>(constant_con);
+ char *tmp = const_cast<char *>(context.c_str());
+ int ret = setfilecon(path.c_str(), tmp);
- int ret;
- if ((ret = setfilecon(objectPath, newCon)) == -1)
- goto bail;
-
- ALOGV("setFileCon: Succesfully set security context '%s' for '%s'", newCon, objectPath);
-
- bail:
- env->ReleaseStringUTFChars(path, objectPath);
- env->ReleaseStringUTFChars(con, constant_con);
+ ALOGV("setFileCon(%s, %s) => %d", path.c_str(), context.c_str(), ret);
return (ret == 0) ? true : false;
- }
+}
- /*
- * Function: getFileCon
- * Purpose: retrieves the context associated with the given path in the file system
- * Parameters:
- * path: given path in the file system
- * Returns:
- * string representing the security context string of the file object
- * the string may be NULL if an error occured
- * Exceptions: NullPointerException if the path object is null
- */
- static jstring getFileCon(JNIEnv *env, jobject clazz, jstring path) {
- if (isSELinuxDisabled)
- return NULL;
-
- if (path == NULL) {
- throw_NullPointerException(env, "Trying to check security context of a null path.");
- return NULL;
+/*
+ * Function: getFileCon
+ * Purpose: retrieves the context associated with the given path in the file system
+ * Parameters:
+ * path: given path in the file system
+ * Returns:
+ * string representing the security context string of the file object
+ * the string may be NULL if an error occured
+ * Exceptions: NullPointerException if the path object is null
+ */
+static jstring getFileCon(JNIEnv *env, jobject, jstring pathStr) {
+ if (isSELinuxDisabled) {
+ return NULL;
}
- const char *objectPath = env->GetStringUTFChars(path, NULL);
+ ScopedUtfChars path(env, pathStr);
+ if (path.c_str() == NULL) {
+ return NULL;
+ }
- security_context_t context = NULL;
- jstring securityString = NULL;
+ security_context_t tmp;
+ int ret = getfilecon(path.c_str(), &tmp);
+ Unique_SecurityContext context(tmp);
- if (getfilecon(objectPath, &context) == -1)
- goto bail;
+ ScopedLocalRef<jstring> securityString(env, NULL);
+ if (ret != -1) {
+ securityString.reset(env->NewStringUTF(context.get()));
+ }
- ALOGV("getFileCon: Successfully retrived context '%s' for file '%s'", context, objectPath);
+ ALOGV("getFileCon(%s) => %s", path.c_str(), context.get());
+ return securityString.release();
+}
- securityString = env->NewStringUTF(context);
+/*
+ * Function: getCon
+ * Purpose: Get the context of the current process.
+ * Parameters: none
+ * Returns: a jstring representing the security context of the process,
+ * the jstring may be NULL if there was an error
+ * Exceptions: none
+ */
+static jstring getCon(JNIEnv *env, jobject) {
+ if (isSELinuxDisabled) {
+ return NULL;
+ }
- bail:
- if (context != NULL)
- freecon(context);
+ security_context_t tmp;
+ int ret = getcon(&tmp);
+ Unique_SecurityContext context(tmp);
- env->ReleaseStringUTFChars(path, objectPath);
+ ScopedLocalRef<jstring> securityString(env, NULL);
+ if (ret != -1) {
+ securityString.reset(env->NewStringUTF(context.get()));
+ }
- return securityString;
- }
+ ALOGV("getCon() => %s", context.get());
+ return securityString.release();
+}
- /*
- * Function: getCon
- * Purpose: Get the context of the current process.
- * Parameters: none
- * Returns: a jstring representing the security context of the process,
- * the jstring may be NULL if there was an error
- * Exceptions: none
- */
- static jstring getCon(JNIEnv *env, jobject clazz) {
- if (isSELinuxDisabled)
- return NULL;
+/*
+ * Function: getPidCon
+ * Purpose: Get the context of a process identified by its pid
+ * Parameters:
+ * pid: a jint representing the process
+ * Returns: a jstring representing the security context of the pid,
+ * the jstring may be NULL if there was an error
+ * Exceptions: none
+ */
+static jstring getPidCon(JNIEnv *env, jobject, jint pid) {
+ if (isSELinuxDisabled) {
+ return NULL;
+ }
- security_context_t context = NULL;
- jstring securityString = NULL;
+ security_context_t tmp;
+ int ret = getpidcon(static_cast<pid_t>(pid), &tmp);
+ Unique_SecurityContext context(tmp);
- if (getcon(&context) == -1)
- goto bail;
+ ScopedLocalRef<jstring> securityString(env, NULL);
+ if (ret != -1) {
+ securityString.reset(env->NewStringUTF(context.get()));
+ }
- ALOGV("getCon: Successfully retrieved context '%s'", context);
+ ALOGV("getPidCon(%d) => %s", pid, context.get());
+ return securityString.release();
+}
- securityString = env->NewStringUTF(context);
-
- bail:
- if (context != NULL)
- freecon(context);
-
- return securityString;
- }
-
- /*
- * Function: getPidCon
- * Purpose: Get the context of a process identified by its pid
- * Parameters:
- * pid: a jint representing the process
- * Returns: a jstring representing the security context of the pid,
- * the jstring may be NULL if there was an error
- * Exceptions: none
- */
- static jstring getPidCon(JNIEnv *env, jobject clazz, jint pid) {
- if (isSELinuxDisabled)
- return NULL;
-
- security_context_t context = NULL;
- jstring securityString = NULL;
-
- pid_t checkPid = (pid_t)pid;
-
- if (getpidcon(checkPid, &context) == -1)
- goto bail;
-
- ALOGV("getPidCon: Successfully retrived context '%s' for pid '%d'", context, checkPid);
-
- securityString = env->NewStringUTF(context);
-
- bail:
- if (context != NULL)
- freecon(context);
-
- return securityString;
- }
-
- /*
- * Function: getBooleanNames
- * Purpose: Gets a list of the SELinux boolean names.
- * Parameters: None
- * Returns: an array of strings containing the SELinux boolean names.
- * returns NULL string on error
- * Exceptions: None
- */
- static jobjectArray getBooleanNames(JNIEnv *env, JNIEnv clazz) {
- if (isSELinuxDisabled)
- return NULL;
+/*
+ * Function: getBooleanNames
+ * Purpose: Gets a list of the SELinux boolean names.
+ * Parameters: None
+ * Returns: an array of strings containing the SELinux boolean names.
+ * returns NULL string on error
+ * Exceptions: None
+ */
+static jobjectArray getBooleanNames(JNIEnv *env, JNIEnv) {
+ if (isSELinuxDisabled) {
+ return NULL;
+ }
char **list;
- int i, len, ret;
- jclass stringClass;
- jobjectArray stringArray = NULL;
+ int len;
+ if (security_get_boolean_names(&list, &len) == -1) {
+ return NULL;
+ }
- if (security_get_boolean_names(&list, &len) == -1)
- return NULL;
-
- stringClass = env->FindClass("java/lang/String");
- stringArray = env->NewObjectArray(len, stringClass, env->NewStringUTF(""));
- for (i = 0; i < len; i++) {
- jstring obj;
- obj = env->NewStringUTF(list[i]);
- env->SetObjectArrayElement(stringArray, i, obj);
- env->DeleteLocalRef(obj);
- free(list[i]);
+ jclass stringClass = env->FindClass("java/lang/String");
+ jobjectArray stringArray = env->NewObjectArray(len, stringClass, NULL);
+ for (int i = 0; i < len; i++) {
+ ScopedLocalRef<jstring> obj(env, env->NewStringUTF(list[i]));
+ env->SetObjectArrayElement(stringArray, i, obj.get());
+ free(list[i]);
}
free(list);
return stringArray;
- }
+}
- /*
- * Function: getBooleanValue
- * Purpose: Gets the value for the given SELinux boolean name.
- * Parameters:
- * String: The name of the SELinux boolean.
- * Returns: a boolean: (true) boolean is set or (false) it is not.
- * Exceptions: None
- */
- static jboolean getBooleanValue(JNIEnv *env, jobject clazz, jstring name) {
- if (isSELinuxDisabled)
- return false;
+/*
+ * Function: getBooleanValue
+ * Purpose: Gets the value for the given SELinux boolean name.
+ * Parameters:
+ * String: The name of the SELinux boolean.
+ * Returns: a boolean: (true) boolean is set or (false) it is not.
+ * Exceptions: None
+ */
+static jboolean getBooleanValue(JNIEnv *env, jobject, jstring nameStr) {
+ if (isSELinuxDisabled) {
+ return false;
+ }
- const char *boolean_name;
- int ret;
+ if (nameStr == NULL) {
+ return false;
+ }
- if (name == NULL)
- return false;
- boolean_name = env->GetStringUTFChars(name, NULL);
- ret = security_get_boolean_active(boolean_name);
- env->ReleaseStringUTFChars(name, boolean_name);
+ ScopedUtfChars name(env, nameStr);
+ int ret = security_get_boolean_active(name.c_str());
+
+ ALOGV("getBooleanValue(%s) => %d", name.c_str(), ret);
return (ret == 1) ? true : false;
- }
+}
- /*
- * Function: setBooleanNames
- * Purpose: Sets the value for the given SELinux boolean name.
- * Parameters:
- * String: The name of the SELinux boolean.
- * Boolean: The new value of the SELinux boolean.
- * Returns: a boolean indicating whether or not the operation succeeded.
- * Exceptions: None
- */
- static jboolean setBooleanValue(JNIEnv *env, jobject clazz, jstring name, jboolean value) {
- if (isSELinuxDisabled)
- return false;
+/*
+ * Function: setBooleanNames
+ * Purpose: Sets the value for the given SELinux boolean name.
+ * Parameters:
+ * String: The name of the SELinux boolean.
+ * Boolean: The new value of the SELinux boolean.
+ * Returns: a boolean indicating whether or not the operation succeeded.
+ * Exceptions: None
+ */
+static jboolean setBooleanValue(JNIEnv *env, jobject, jstring nameStr, jboolean value) {
+ if (isSELinuxDisabled) {
+ return false;
+ }
- const char *boolean_name = NULL;
- int ret;
+ if (nameStr == NULL) {
+ return false;
+ }
- if (name == NULL)
- return false;
- boolean_name = env->GetStringUTFChars(name, NULL);
- ret = security_set_boolean(boolean_name, (value) ? 1 : 0);
- env->ReleaseStringUTFChars(name, boolean_name);
- if (ret)
- return false;
+ ScopedUtfChars name(env, nameStr);
+ int ret = security_set_boolean(name.c_str(), value ? 1 : 0);
+ if (ret) {
+ return false;
+ }
- if (security_commit_booleans() == -1)
- return false;
+ if (security_commit_booleans() == -1) {
+ return false;
+ }
return true;
- }
+}
- /*
- * Function: checkSELinuxAccess
- * Purpose: Check permissions between two security contexts.
- * Parameters: scon: subject security context as a string
- * tcon: object security context as a string
- * tclass: object's security class name as a string
- * perm: permission name as a string
- * Returns: boolean: (true) if permission was granted, (false) otherwise
- * Exceptions: None
- */
- static jboolean checkSELinuxAccess(JNIEnv *env, jobject clazz, jstring scon, jstring tcon, jstring tclass, jstring perm) {
- if (isSELinuxDisabled)
- return true;
+/*
+ * Function: checkSELinuxAccess
+ * Purpose: Check permissions between two security contexts.
+ * Parameters: subjectContextStr: subject security context as a string
+ * objectContextStr: object security context as a string
+ * objectClassStr: object's security class name as a string
+ * permissionStr: permission name as a string
+ * Returns: boolean: (true) if permission was granted, (false) otherwise
+ * Exceptions: None
+ */
+static jboolean checkSELinuxAccess(JNIEnv *env, jobject, jstring subjectContextStr,
+ jstring objectContextStr, jstring objectClassStr, jstring permissionStr) {
+ if (isSELinuxDisabled) {
+ return true;
+ }
- int accessGranted = -1;
+ ScopedUtfChars subjectContext(env, subjectContextStr);
+ if (subjectContext.c_str() == NULL) {
+ return false;
+ }
- const char *const_scon, *const_tcon, *mytclass, *myperm;
- char *myscon, *mytcon;
+ ScopedUtfChars objectContext(env, objectContextStr);
+ if (objectContext.c_str() == NULL) {
+ return false;
+ }
- if (scon == NULL || tcon == NULL || tclass == NULL || perm == NULL)
- goto bail;
+ ScopedUtfChars objectClass(env, objectClassStr);
+ if (objectClass.c_str() == NULL) {
+ return false;
+ }
- const_scon = env->GetStringUTFChars(scon, NULL);
- const_tcon = env->GetStringUTFChars(tcon, NULL);
- mytclass = env->GetStringUTFChars(tclass, NULL);
- myperm = env->GetStringUTFChars(perm, NULL);
+ ScopedUtfChars permission(env, permissionStr);
+ if (permission.c_str() == NULL) {
+ return false;
+ }
- // selinux_check_access needs char* for some
- myscon = const_cast<char *>(const_scon);
- mytcon = const_cast<char *>(const_tcon);
+ char *tmp1 = const_cast<char *>(subjectContext.c_str());
+ char *tmp2 = const_cast<char *>(objectContext.c_str());
+ int accessGranted = selinux_check_access(tmp1, tmp2, objectClass.c_str(), permission.c_str(),
+ NULL);
- accessGranted = selinux_check_access(myscon, mytcon, mytclass, myperm, NULL);
+ ALOGV("checkSELinuxAccess(%s, %s, %s, %s) => %d", subjectContext.c_str(), objectContext.c_str(),
+ objectClass.c_str(), permission.c_str(), accessGranted);
- ALOGV("selinux_check_access returned %d", accessGranted);
-
- env->ReleaseStringUTFChars(scon, const_scon);
- env->ReleaseStringUTFChars(tcon, const_tcon);
- env->ReleaseStringUTFChars(tclass, mytclass);
- env->ReleaseStringUTFChars(perm, myperm);
-
- bail:
return (accessGranted == 0) ? true : false;
- }
+}
- /*
- * Function: native_restorecon
- * Purpose: restore default SELinux security context
- * Parameters: pathname: the pathname for the file to be relabeled
- * Returns: boolean: (true) file label successfully restored, (false) otherwise
- * Exceptions: none
- */
- static jboolean native_restorecon(JNIEnv *env, jobject clazz, jstring pathname) {
- if (isSELinuxDisabled)
- return true;
+/*
+ * Function: native_restorecon
+ * Purpose: restore default SELinux security context
+ * Parameters: pathname: the pathname for the file to be relabeled
+ * Returns: boolean: (true) file label successfully restored, (false) otherwise
+ * Exceptions: none
+ */
+static jboolean native_restorecon(JNIEnv *env, jobject, jstring pathnameStr) {
+ if (isSELinuxDisabled) {
+ return true;
+ }
- const char *file = const_cast<char *>(env->GetStringUTFChars(pathname, NULL));
- int ret = selinux_android_restorecon(file);
- env->ReleaseStringUTFChars(pathname, file);
+ ScopedUtfChars pathname(env, pathnameStr);
+ if (pathname.c_str() == NULL) {
+ ALOGV("restorecon(%p) => threw exception", pathname);
+ return false;
+ }
+
+ int ret = selinux_android_restorecon(pathname.c_str());
+ ALOGV("restorecon(%s) => %d", pathname.c_str(), ret);
return (ret == 0);
- }
+}
- /*
- * JNI registration.
- */
- static JNINativeMethod method_table[] = {
-
+/*
+ * JNI registration.
+ */
+static JNINativeMethod method_table[] = {
/* name, signature, funcPtr */
{ "checkSELinuxAccess" , "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z" , (void*)checkSELinuxAccess },
{ "getBooleanNames" , "()[Ljava/lang/String;" , (void*)getBooleanNames },
@@ -460,25 +439,25 @@
{ "setFileContext" , "(Ljava/lang/String;Ljava/lang/String;)Z" , (void*)setFileCon },
{ "setFSCreateContext" , "(Ljava/lang/String;)Z" , (void*)setFSCreateCon },
{ "setSELinuxEnforce" , "(Z)Z" , (void*)setSELinuxEnforce},
- };
+};
- static int log_callback(int type, const char *fmt, ...) {
+static int log_callback(int type, const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
LOG_PRI_VA(ANDROID_LOG_ERROR, "SELinux", fmt, ap);
va_end(ap);
return 0;
- }
+}
- int register_android_os_SELinux(JNIEnv *env) {
+int register_android_os_SELinux(JNIEnv *env) {
union selinux_callback cb;
cb.func_log = log_callback;
selinux_set_callback(SELINUX_CB_LOG, cb);
isSELinuxDisabled = (is_selinux_enabled() != 1) ? true : false;
- return AndroidRuntime::registerNativeMethods(
- env, "android/os/SELinux",
- method_table, NELEM(method_table));
- }
+ return AndroidRuntime::registerNativeMethods(env, "android/os/SELinux", method_table,
+ NELEM(method_table));
+}
+
}
diff --git a/keystore/java/android/security/AndroidKeyStore.java b/keystore/java/android/security/AndroidKeyStore.java
index 65d7b8f..8a9826b 100644
--- a/keystore/java/android/security/AndroidKeyStore.java
+++ b/keystore/java/android/security/AndroidKeyStore.java
@@ -453,17 +453,19 @@
* convention.
*/
final String[] certAliases = mKeyStore.saw(Credentials.USER_CERTIFICATE);
- for (String alias : certAliases) {
- final byte[] certBytes = mKeyStore.get(Credentials.USER_CERTIFICATE + alias);
- if (certBytes == null) {
- continue;
- }
+ if (certAliases != null) {
+ for (String alias : certAliases) {
+ final byte[] certBytes = mKeyStore.get(Credentials.USER_CERTIFICATE + alias);
+ if (certBytes == null) {
+ continue;
+ }
- final Certificate c = toCertificate(certBytes);
- nonCaEntries.add(alias);
+ final Certificate c = toCertificate(certBytes);
+ nonCaEntries.add(alias);
- if (cert.equals(c)) {
- return alias;
+ if (cert.equals(c)) {
+ return alias;
+ }
}
}
@@ -472,19 +474,22 @@
* PrivateKeyEntry we looked at above.
*/
final String[] caAliases = mKeyStore.saw(Credentials.CA_CERTIFICATE);
- for (String alias : caAliases) {
- if (nonCaEntries.contains(alias)) {
- continue;
- }
+ if (certAliases != null) {
+ for (String alias : caAliases) {
+ if (nonCaEntries.contains(alias)) {
+ continue;
+ }
- final byte[] certBytes = mKeyStore.get(Credentials.CA_CERTIFICATE + alias);
- if (certBytes == null) {
- continue;
- }
+ final byte[] certBytes = mKeyStore.get(Credentials.CA_CERTIFICATE + alias);
+ if (certBytes == null) {
+ continue;
+ }
- final Certificate c = toCertificate(mKeyStore.get(Credentials.CA_CERTIFICATE + alias));
- if (cert.equals(c)) {
- return alias;
+ final Certificate c =
+ toCertificate(mKeyStore.get(Credentials.CA_CERTIFICATE + alias));
+ if (cert.equals(c)) {
+ return alias;
+ }
}
}
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 4b69317..4dc0beb 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -87,9 +87,22 @@
}
}
- public boolean put(String key, byte[] value) {
+ public boolean put(String key, byte[] value, int uid) {
try {
- return mBinder.insert(key, value, -1) == NO_ERROR;
+ return mBinder.insert(key, value, uid) == NO_ERROR;
+ } catch (RemoteException e) {
+ Log.w(TAG, "Cannot connect to keystore", e);
+ return false;
+ }
+ }
+
+ public boolean put(String key, byte[] value) {
+ return put(key, value, -1);
+ }
+
+ public boolean delete(String key, int uid) {
+ try {
+ return mBinder.del(key, uid) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
@@ -97,8 +110,12 @@
}
public boolean delete(String key) {
+ return delete(key, -1);
+ }
+
+ public boolean contains(String key, int uid) {
try {
- return mBinder.del(key, -1) == NO_ERROR;
+ return mBinder.exist(key, uid) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
@@ -106,23 +123,22 @@
}
public boolean contains(String key) {
- try {
- return mBinder.exist(key, -1) == NO_ERROR;
- } catch (RemoteException e) {
- Log.w(TAG, "Cannot connect to keystore", e);
- return false;
- }
+ return contains(key, -1);
}
- public String[] saw(String prefix) {
+ public String[] saw(String prefix, int uid) {
try {
- return mBinder.saw(prefix, -1);
+ return mBinder.saw(prefix, uid);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return null;
}
}
+ public String[] saw(String prefix) {
+ return saw(prefix, -1);
+ }
+
public boolean reset() {
try {
return mBinder.reset() == NO_ERROR;
@@ -169,9 +185,22 @@
}
}
- public boolean generate(String key) {
+ public boolean generate(String key, int uid) {
try {
- return mBinder.generate(key, -1) == NO_ERROR;
+ return mBinder.generate(key, uid) == NO_ERROR;
+ } catch (RemoteException e) {
+ Log.w(TAG, "Cannot connect to keystore", e);
+ return false;
+ }
+ }
+
+ public boolean generate(String key) {
+ return generate(key, -1);
+ }
+
+ public boolean importKey(String keyName, byte[] key, int uid) {
+ try {
+ return mBinder.import_key(keyName, key, uid) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
@@ -179,12 +208,7 @@
}
public boolean importKey(String keyName, byte[] key) {
- try {
- return mBinder.import_key(keyName, key, -1) == NO_ERROR;
- } catch (RemoteException e) {
- Log.w(TAG, "Cannot connect to keystore", e);
- return false;
- }
+ return importKey(keyName, key, -1);
}
public byte[] getPubkey(String key) {
@@ -196,15 +220,19 @@
}
}
- public boolean delKey(String key) {
+ public boolean delKey(String key, int uid) {
try {
- return mBinder.del_key(key, -1) == NO_ERROR;
+ return mBinder.del_key(key, uid) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
+ public boolean delKey(String key) {
+ return delKey(key, -1);
+ }
+
public byte[] sign(String key, byte[] data) {
try {
return mBinder.sign(key, data);
@@ -259,6 +287,15 @@
}
}
+ public boolean migrate(String key, int uid) {
+ try {
+ return mBinder.migrate(key, uid) == NO_ERROR;
+ } catch (RemoteException e) {
+ Log.w(TAG, "Cannot connect to keystore", e);
+ return false;
+ }
+ }
+
public int getLastError() {
return mError;
}
diff --git a/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java b/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java
index cd031b4..69007c4 100644
--- a/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java
+++ b/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java
@@ -67,7 +67,9 @@
assertTrue(mAndroidKeyStore.password("1111"));
assertTrue(mAndroidKeyStore.isUnlocked());
- assertEquals(0, mAndroidKeyStore.saw("").length);
+ String[] aliases = mAndroidKeyStore.saw("");
+ assertNotNull(aliases);
+ assertEquals(0, aliases.length);
mGenerator = java.security.KeyPairGenerator.getInstance(AndroidKeyPairGenerator.NAME);
}
diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java
index 07a2d7b..8f8ee92 100644
--- a/keystore/tests/src/android/security/KeyStoreTest.java
+++ b/keystore/tests/src/android/security/KeyStoreTest.java
@@ -17,6 +17,7 @@
package android.security;
import android.app.Activity;
+import android.os.Process;
import android.security.KeyStore;
import android.test.ActivityUnitTestCase;
import android.test.AssertionFailedError;
@@ -128,7 +129,7 @@
super.tearDown();
}
- public void teststate() throws Exception {
+ public void testState() throws Exception {
assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state());
}
@@ -154,6 +155,24 @@
assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME)));
}
+ public void testPut_grantedUid_Wifi() throws Exception {
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ mKeyStore.password(TEST_PASSWD);
+ assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ }
+
+ public void testPut_ungrantedUid_Bluetooth() throws Exception {
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ mKeyStore.password(TEST_PASSWD);
+ assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ }
+
public void testI18n() throws Exception {
assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE));
assertFalse(mKeyStore.contains(TEST_I18N_KEY));
@@ -167,22 +186,64 @@
mKeyStore.password(TEST_PASSWD);
assertFalse(mKeyStore.delete(TEST_KEYNAME));
- mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE);
+ assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE));
assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME)));
assertTrue(mKeyStore.delete(TEST_KEYNAME));
assertNull(mKeyStore.get(TEST_KEYNAME));
}
+ public void testDelete_grantedUid_Wifi() throws Exception {
+ assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID));
+ mKeyStore.password(TEST_PASSWD);
+ assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID));
+
+ assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ assertTrue(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ }
+
+ public void testDelete_ungrantedUid_Bluetooth() throws Exception {
+ assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ mKeyStore.password(TEST_PASSWD);
+ assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID));
+
+ assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ }
+
public void testContains() throws Exception {
assertFalse(mKeyStore.contains(TEST_KEYNAME));
- mKeyStore.password(TEST_PASSWD);
+ assertTrue(mKeyStore.password(TEST_PASSWD));
assertFalse(mKeyStore.contains(TEST_KEYNAME));
- mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE);
+ assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE));
assertTrue(mKeyStore.contains(TEST_KEYNAME));
}
+ public void testContains_grantedUid_Wifi() throws Exception {
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+
+ assertTrue(mKeyStore.password(TEST_PASSWD));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+
+ assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ }
+
+ public void testContains_grantedUid_Bluetooth() throws Exception {
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+
+ assertTrue(mKeyStore.password(TEST_PASSWD));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+
+ assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ }
+
public void testSaw() throws Exception {
String[] emptyResult = mKeyStore.saw(TEST_KEYNAME);
assertNotNull(emptyResult);
@@ -198,6 +259,48 @@
new HashSet(Arrays.asList(results)));
}
+ public void testSaw_ungrantedUid_Bluetooth() throws Exception {
+ String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID);
+ assertNull(results1);
+
+ mKeyStore.password(TEST_PASSWD);
+ mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE);
+ mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE);
+
+ String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID);
+ assertNull(results2);
+ }
+
+ public void testSaw_grantedUid_Wifi() throws Exception {
+ String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID);
+ assertNotNull(results1);
+ assertEquals(0, results1.length);
+
+ mKeyStore.password(TEST_PASSWD);
+ mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID);
+ mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID);
+
+ String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID);
+ assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
+ TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
+ new HashSet(Arrays.asList(results2)));
+ }
+
+ public void testSaw_grantedUid_Vpn() throws Exception {
+ String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID);
+ assertNotNull(results1);
+ assertEquals(0, results1.length);
+
+ mKeyStore.password(TEST_PASSWD);
+ mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID);
+ mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID);
+
+ String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID);
+ assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
+ TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
+ new HashSet(Arrays.asList(results2)));
+ }
+
public void testLock() throws Exception {
assertFalse(mKeyStore.lock());
@@ -239,17 +342,57 @@
}
public void testGenerate_Success() throws Exception {
- mKeyStore.password(TEST_PASSWD);
+ assertTrue(mKeyStore.password(TEST_PASSWD));
assertTrue("Should be able to generate key when unlocked",
mKeyStore.generate(TEST_KEYNAME));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ }
+
+ public void testGenerate_grantedUid_Wifi_Success() throws Exception {
+ assertTrue(mKeyStore.password(TEST_PASSWD));
+
+ assertTrue("Should be able to generate key when unlocked",
+ mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME));
+ }
+
+ public void testGenerate_ungrantedUid_Bluetooth_Failure() throws Exception {
+ assertTrue(mKeyStore.password(TEST_PASSWD));
+
+ assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME));
}
public void testImport_Success() throws Exception {
- mKeyStore.password(TEST_PASSWD);
+ assertTrue(mKeyStore.password(TEST_PASSWD));
assertTrue("Should be able to import key when unlocked",
mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ }
+
+ public void testImport_grantedUid_Wifi_Success() throws Exception {
+ assertTrue(mKeyStore.password(TEST_PASSWD));
+
+ assertTrue("Should be able to import key when unlocked",
+ mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.WIFI_UID));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME));
+ }
+
+ public void testImport_ungrantedUid_Bluetooth_Failure() throws Exception {
+ assertTrue(mKeyStore.password(TEST_PASSWD));
+
+ assertFalse(mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME));
}
public void testImport_Failure_BadEncoding() throws Exception {
@@ -257,12 +400,15 @@
assertFalse("Invalid DER-encoded key should not be imported",
mKeyStore.importKey(TEST_KEYNAME, TEST_DATA));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
}
public void testSign_Success() throws Exception {
mKeyStore.password(TEST_PASSWD);
assertTrue(mKeyStore.generate(TEST_KEYNAME));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME));
final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA);
assertNotNull("Signature should not be null", signature);
@@ -272,6 +418,7 @@
mKeyStore.password(TEST_PASSWD);
assertTrue(mKeyStore.generate(TEST_KEYNAME));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME));
final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA);
assertNotNull("Signature should not be null", signature);
@@ -406,6 +553,38 @@
mKeyStore.ungrant(TEST_KEYNAME, 0));
}
+ public void testMigrate_grantedUid_Wifi_Success() throws Exception {
+ assertTrue(mKeyStore.password(TEST_PASSWD));
+
+ assertFalse(mKeyStore.contains(TEST_KEYNAME));
+
+ assertTrue(mKeyStore.generate(TEST_KEYNAME));
+
+ assertTrue(mKeyStore.contains(TEST_KEYNAME));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+
+ assertTrue(mKeyStore.migrate(TEST_KEYNAME, Process.WIFI_UID));
+
+ assertFalse(mKeyStore.contains(TEST_KEYNAME));
+ assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
+ }
+
+ public void testMigrate_ungrantedUid_Bluetooth_Failure() throws Exception {
+ assertTrue(mKeyStore.password(TEST_PASSWD));
+
+ assertFalse(mKeyStore.contains(TEST_KEYNAME));
+
+ assertTrue(mKeyStore.generate(TEST_KEYNAME));
+
+ assertTrue(mKeyStore.contains(TEST_KEYNAME));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+
+ assertFalse(mKeyStore.migrate(TEST_KEYNAME, Process.BLUETOOTH_UID));
+
+ assertTrue(mKeyStore.contains(TEST_KEYNAME));
+ assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
+ }
+
/**
* The amount of time to allow before and after expected time for variance
* in timing tests.