Merge "Fixes attestation id gathering from secondary android user"
diff --git a/core/java/android/os/Process.java b/core/java/android/os/Process.java
index f69c996..3137658 100644
--- a/core/java/android/os/Process.java
+++ b/core/java/android/os/Process.java
@@ -92,6 +92,12 @@
public static final int VPN_UID = 1016;
/**
+ * Defines the UID/GID for keystore.
+ * @hide
+ */
+ public static final int KEYSTORE_UID = 1017;
+
+ /**
* Defines the UID/GID for the NFC service process.
* @hide
*/
diff --git a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
index 0b80d81..ab9ab67 100644
--- a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
+++ b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
@@ -21,6 +21,7 @@
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
+import android.os.Binder;
import android.os.RemoteException;
import android.os.UserHandle;
import android.security.keymaster.KeyAttestationPackageInfo;
@@ -45,14 +46,19 @@
public KeyAttestationApplicationId getKeyAttestationApplicationId(int uid)
throws RemoteException {
- String[] packageNames = mPackageManager.getPackagesForUid(uid);
- if (packageNames == null) {
- throw new RemoteException("No packages for uid");
+ if (Binder.getCallingUid() != android.os.Process.KEYSTORE_UID) {
+ throw new SecurityException("This service can only be used by Keystore");
}
- int userId = UserHandle.getUserId(uid);
- KeyAttestationPackageInfo[] keyAttestationPackageInfos =
- new KeyAttestationPackageInfo[packageNames.length];
+ KeyAttestationPackageInfo[] keyAttestationPackageInfos = null;
+ final long token = Binder.clearCallingIdentity();
try {
+ String[] packageNames = mPackageManager.getPackagesForUid(uid);
+ if (packageNames == null) {
+ throw new RemoteException("No packages for uid");
+ }
+ int userId = UserHandle.getUserId(uid);
+ keyAttestationPackageInfos = new KeyAttestationPackageInfo[packageNames.length];
+
for (int i = 0; i < packageNames.length; ++i) {
PackageInfo packageInfo = mPackageManager.getPackageInfoAsUser(packageNames[i],
PackageManager.GET_SIGNATURES, userId);
@@ -61,6 +67,8 @@
}
} catch (NameNotFoundException nnfe) {
throw new RemoteException(nnfe.getMessage());
+ } finally {
+ Binder.restoreCallingIdentity(token);
}
return new KeyAttestationApplicationId(keyAttestationPackageInfos);
}