Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / f2c4c0a08b3923e22054ff09fece6bcff28e4c7a^1..f2c4c0a08b3923e22054ff09fece6bcff28e4c7a / .
commitf2c4c0a08b3923e22054ff09fece6bcff28e4c7a[log] [tgz]
authorTreeHugger Robot <treehugger-gerrit@google.com>Thu Mar 23 23:00:20 2017 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Thu Mar 23 23:00:25 2017 +0000
tree04e44ee507cc8b24e0338178a34ff510382892b9
parentbfe08f7b33800f1487d78f9883628b0902bc1f8c [diff]
parent6ab9bb68bafaa2b9a10924f3a7c3a1d164dda752 [diff]
Merge "Fixes attestation id gathering from secondary android user"
diff --git a/core/java/android/os/Process.java b/core/java/android/os/Process.java
index f69c996..3137658 100644
--- a/core/java/android/os/Process.java
+++ b/core/java/android/os/Process.java

@@ -92,6 +92,12 @@
     public static final int VPN_UID = 1016;
 
     /**
+     * Defines the UID/GID for keystore.
+     * @hide
+     */
+    public static final int KEYSTORE_UID = 1017;
+
+    /**
      * Defines the UID/GID for the NFC service process.
      * @hide
      */

diff --git a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
index 0b80d81..ab9ab67 100644
--- a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
+++ b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java

@@ -21,6 +21,7 @@
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.NameNotFoundException;
+import android.os.Binder;
 import android.os.RemoteException;
 import android.os.UserHandle;
 import android.security.keymaster.KeyAttestationPackageInfo;
@@ -45,14 +46,19 @@
 
     public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)
             throws RemoteException {
-        String[] packageNames = mPackageManager.getPackagesForUid(uid);
-        if (packageNames == null) {
-            throw new RemoteException("No packages for uid");
+        if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {
+            throw new SecurityException("This service can only be used by Keystore");
         }
-        int userId = UserHandle.getUserId(uid);
-        KeyAttestationPackageInfo[] keyAttestationPackageInfos =
-                new KeyAttestationPackageInfo[packageNames.length];
+        KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;
+        final long token = Binder.clearCallingIdentity();
         try {
+            String[] packageNames = mPackageManager.getPackagesForUid(uid);
+            if (packageNames == null) {
+                throw new RemoteException("No packages for uid");
+            }
+            int userId = UserHandle.getUserId(uid);
+            keyAttestationPackageInfos = new KeyAttestationPackageInfo[packageNames.length];
+
             for (int i = 0; i < packageNames.length; ++i) {
                 PackageInfo packageInfo = mPackageManager.getPackageInfoAsUser(packageNames[i],
                         PackageManager.GET_SIGNATURES, userId);
@@ -61,6 +67,8 @@
             }
         } catch (NameNotFoundException nnfe) {
             throw new RemoteException(nnfe.getMessage());
+        } finally {
+            Binder.restoreCallingIdentity(token);
         }
         return new KeyAttestationApplicationId(keyAttestationPackageInfos);
     }