KeyChain: Do not validate policy-provided aliases
The KeyChainActivity validated, before granting access to an alias,
that it is user-selectable. This is a defense-in-depth mechanism
to avoid granting access to non-user-selectable keys due to bugs
or race conditions.
However, that check does not make sense if the alias was chosen
programatically by the DeviceAdminReceiver implementation.
Avoid performing the user-selectability check for policy-provided
aliases by propagating the origin of the alias and skipping the
check if it was provided programatically.
Part of the fix for b/69337278
Bug: 69337278
Test: m -j RunKeyChainRoboTests && cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
Change-Id: I4a22e193eaf73595745ac41d9b53a064d3f41830
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java
index 09bdc6c..419da2e 100644
--- a/src/com/android/keychain/KeyChainService.java
+++ b/src/com/android/keychain/KeyChainService.java
@@ -206,7 +206,7 @@
if (!Credentials.deleteAllTypesForAlias(mKeyStore, alias)) {
return false;
}
- mGrantsDb.removeGrantsForAlias(alias);
+ mGrantsDb.removeAliasInformation(alias);
broadcastKeychainChange();
broadcastLegacyStorageChange();
return true;
@@ -220,7 +220,7 @@
@Override public boolean reset() {
// only Settings should be able to reset
checkSystemCaller();
- mGrantsDb.removeAllGrants();
+ mGrantsDb.removeAllAliasesInformation();
boolean ok = true;
synchronized (mTrustedCertificateStore) {
// delete user-installed CA certs