KeyChain: Do not validate policy-provided aliases
The KeyChainActivity validated, before granting access to an alias,
that it is user-selectable. This is a defense-in-depth mechanism
to avoid granting access to non-user-selectable keys due to bugs
or race conditions.
However, that check does not make sense if the alias was chosen
programatically by the DeviceAdminReceiver implementation.
Avoid performing the user-selectability check for policy-provided
aliases by propagating the origin of the alias and skipping the
check if it was provided programatically.
Part of the fix for b/69337278
Bug: 69337278
Test: m -j RunKeyChainRoboTests && cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
Change-Id: I4a22e193eaf73595745ac41d9b53a064d3f41830
5 files changed