Merge "Use consistent helper class for keystore authorization" into main
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 2cac2e1..2f2215f 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -17,7 +17,6 @@
package android.security;
import android.compat.annotation.UnsupportedAppUsage;
-import android.os.StrictMode;
/**
* This class provides some constants and helper methods related to Android's Keystore service.
@@ -38,17 +37,4 @@
public static KeyStore getInstance() {
return KEY_STORE;
}
-
- /**
- * Add an authentication record to the keystore authorization table.
- *
- * @param authToken The packed bytes of a hw_auth_token_t to be provided to keymaster.
- * @return 0 on success, otherwise an error value corresponding to a
- * {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode.
- */
- public int addAuthToken(byte[] authToken) {
- StrictMode.noteDiskWrite();
-
- return Authorization.addAuthToken(authToken);
- }
}
diff --git a/keystore/java/android/security/Authorization.java b/keystore/java/android/security/KeyStoreAuthorization.java
similarity index 82%
rename from keystore/java/android/security/Authorization.java
rename to keystore/java/android/security/KeyStoreAuthorization.java
index 6404c4b..14d715f 100644
--- a/keystore/java/android/security/Authorization.java
+++ b/keystore/java/android/security/KeyStoreAuthorization.java
@@ -33,15 +33,21 @@
* @hide This is the client side for IKeystoreAuthorization AIDL.
* It shall only be used by biometric authentication providers and Gatekeeper.
*/
-public class Authorization {
- private static final String TAG = "KeystoreAuthorization";
+public class KeyStoreAuthorization {
+ private static final String TAG = "KeyStoreAuthorization";
public static final int SYSTEM_ERROR = ResponseCode.SYSTEM_ERROR;
+ private static final KeyStoreAuthorization sInstance = new KeyStoreAuthorization();
+
+ public static KeyStoreAuthorization getInstance() {
+ return sInstance;
+ }
+
/**
* @return an instance of IKeystoreAuthorization
*/
- public static IKeystoreAuthorization getService() {
+ private IKeystoreAuthorization getService() {
return IKeystoreAuthorization.Stub.asInterface(
ServiceManager.checkService("android.security.authorization"));
}
@@ -52,7 +58,7 @@
* @param authToken created by Android authenticators.
* @return 0 if successful or {@code ResponseCode.SYSTEM_ERROR}.
*/
- public static int addAuthToken(@NonNull HardwareAuthToken authToken) {
+ public int addAuthToken(@NonNull HardwareAuthToken authToken) {
StrictMode.noteSlowCall("addAuthToken");
try {
getService().addAuthToken(authToken);
@@ -70,7 +76,7 @@
* @param authToken
* @return 0 if successful or a {@code ResponseCode}.
*/
- public static int addAuthToken(@NonNull byte[] authToken) {
+ public int addAuthToken(@NonNull byte[] authToken) {
return addAuthToken(AuthTokenUtils.toHardwareAuthToken(authToken));
}
@@ -82,7 +88,7 @@
* is LSKF (or equivalent) and thus has made the synthetic password available
* @return 0 if successful or a {@code ResponseCode}.
*/
- public static int onDeviceUnlocked(int userId, @Nullable byte[] password) {
+ public int onDeviceUnlocked(int userId, @Nullable byte[] password) {
StrictMode.noteDiskWrite();
try {
getService().onDeviceUnlocked(userId, password);
@@ -103,7 +109,7 @@
* @param weakUnlockEnabled - true if non-strong biometric or trust agent unlock is enabled
* @return 0 if successful or a {@code ResponseCode}.
*/
- public static int onDeviceLocked(int userId, @NonNull long[] unlockingSids,
+ public int onDeviceLocked(int userId, @NonNull long[] unlockingSids,
boolean weakUnlockEnabled) {
StrictMode.noteDiskWrite();
try {
@@ -125,14 +131,17 @@
* @return the last authentication time or
* {@link BiometricConstants#BIOMETRIC_NO_AUTHENTICATION}.
*/
- public static long getLastAuthenticationTime(
- long userId, @HardwareAuthenticatorType int[] authenticatorTypes) {
+ public long getLastAuthTime(long userId, @HardwareAuthenticatorType int[] authenticatorTypes) {
try {
return getService().getLastAuthTime(userId, authenticatorTypes);
} catch (RemoteException | NullPointerException e) {
- Log.w(TAG, "Can not connect to keystore", e);
+ Log.w(TAG, "Error getting last auth time: " + e);
return BiometricConstants.BIOMETRIC_NO_AUTHENTICATION;
} catch (ServiceSpecificException e) {
+ // This is returned when the feature flag test fails in keystore2
+ if (e.errorCode == ResponseCode.PERMISSION_DENIED) {
+ throw new UnsupportedOperationException();
+ }
return BiometricConstants.BIOMETRIC_NO_AUTHENTICATION;
}
}
diff --git a/services/core/java/com/android/server/biometrics/AuthSession.java b/services/core/java/com/android/server/biometrics/AuthSession.java
index c507300..69e87fc 100644
--- a/services/core/java/com/android/server/biometrics/AuthSession.java
+++ b/services/core/java/com/android/server/biometrics/AuthSession.java
@@ -56,7 +56,7 @@
import android.hardware.fingerprint.FingerprintSensorPropertiesInternal;
import android.os.IBinder;
import android.os.RemoteException;
-import android.security.KeyStore;
+import android.security.KeyStoreAuthorization;
import android.util.Slog;
import com.android.internal.annotations.VisibleForTesting;
@@ -111,7 +111,7 @@
@NonNull private final BiometricContext mBiometricContext;
private final IStatusBarService mStatusBarService;
@VisibleForTesting final IBiometricSysuiReceiver mSysuiReceiver;
- private final KeyStore mKeyStore;
+ private final KeyStoreAuthorization mKeyStoreAuthorization;
private final Random mRandom;
private final ClientDeathReceiver mClientDeathReceiver;
final PreAuthInfo mPreAuthInfo;
@@ -158,7 +158,7 @@
@NonNull BiometricContext biometricContext,
@NonNull IStatusBarService statusBarService,
@NonNull IBiometricSysuiReceiver sysuiReceiver,
- @NonNull KeyStore keystore,
+ @NonNull KeyStoreAuthorization keyStoreAuthorization,
@NonNull Random random,
@NonNull ClientDeathReceiver clientDeathReceiver,
@NonNull PreAuthInfo preAuthInfo,
@@ -172,8 +172,8 @@
@NonNull PromptInfo promptInfo,
boolean debugEnabled,
@NonNull List<FingerprintSensorPropertiesInternal> fingerprintSensorProperties) {
- this(context, biometricContext, statusBarService, sysuiReceiver, keystore, random,
- clientDeathReceiver, preAuthInfo, token, requestId, operationId, userId,
+ this(context, biometricContext, statusBarService, sysuiReceiver, keyStoreAuthorization,
+ random, clientDeathReceiver, preAuthInfo, token, requestId, operationId, userId,
sensorReceiver, clientReceiver, opPackageName, promptInfo, debugEnabled,
fingerprintSensorProperties, BiometricFrameworkStatsLogger.getInstance());
}
@@ -183,7 +183,7 @@
@NonNull BiometricContext biometricContext,
@NonNull IStatusBarService statusBarService,
@NonNull IBiometricSysuiReceiver sysuiReceiver,
- @NonNull KeyStore keystore,
+ @NonNull KeyStoreAuthorization keyStoreAuthorization,
@NonNull Random random,
@NonNull ClientDeathReceiver clientDeathReceiver,
@NonNull PreAuthInfo preAuthInfo,
@@ -203,7 +203,7 @@
mBiometricContext = biometricContext;
mStatusBarService = statusBarService;
mSysuiReceiver = sysuiReceiver;
- mKeyStore = keystore;
+ mKeyStoreAuthorization = keyStoreAuthorization;
mRandom = random;
mClientDeathReceiver = clientDeathReceiver;
mPreAuthInfo = preAuthInfo;
@@ -814,14 +814,14 @@
switch (reason) {
case BiometricPrompt.DISMISSED_REASON_CREDENTIAL_CONFIRMED:
if (credentialAttestation != null) {
- mKeyStore.addAuthToken(credentialAttestation);
+ mKeyStoreAuthorization.addAuthToken(credentialAttestation);
} else {
Slog.e(TAG, "credentialAttestation is null");
}
case BiometricPrompt.DISMISSED_REASON_BIOMETRIC_CONFIRMED:
case BiometricPrompt.DISMISSED_REASON_BIOMETRIC_CONFIRM_NOT_REQUIRED:
if (mTokenEscrow != null) {
- final int result = mKeyStore.addAuthToken(mTokenEscrow);
+ final int result = mKeyStoreAuthorization.addAuthToken(mTokenEscrow);
Slog.d(TAG, "addAuthToken: " + result);
} else {
Slog.e(TAG, "mTokenEscrow is null");
diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java
index 91a68ea..bccbee9 100644
--- a/services/core/java/com/android/server/biometrics/BiometricService.java
+++ b/services/core/java/com/android/server/biometrics/BiometricService.java
@@ -65,15 +65,11 @@
import android.os.Looper;
import android.os.RemoteException;
import android.os.ServiceManager;
-import android.os.ServiceSpecificException;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
-import android.security.Authorization;
import android.security.GateKeeper;
-import android.security.KeyStore;
-import android.security.authorization.IKeystoreAuthorization;
-import android.security.authorization.ResponseCode;
+import android.security.KeyStoreAuthorization;
import android.service.gatekeeper.IGateKeeperService;
import android.text.TextUtils;
import android.util.ArraySet;
@@ -123,11 +119,9 @@
@VisibleForTesting
IStatusBarService mStatusBarService;
@VisibleForTesting
- KeyStore mKeyStore;
- @VisibleForTesting
ITrustManager mTrustManager;
@VisibleForTesting
- IKeystoreAuthorization mKeystoreAuthorization;
+ KeyStoreAuthorization mKeyStoreAuthorization;
@VisibleForTesting
IGateKeeperService mGateKeeper;
@@ -672,19 +666,7 @@
int[] authTypesArray = hardwareAuthenticators.stream()
.mapToInt(Integer::intValue)
.toArray();
- try {
- return mKeystoreAuthorization.getLastAuthTime(secureUserId, authTypesArray);
- } catch (RemoteException e) {
- Slog.w(TAG, "Error getting last auth time: " + e);
- return BiometricConstants.BIOMETRIC_NO_AUTHENTICATION;
- } catch (ServiceSpecificException e) {
- // This is returned when the feature flag test fails in keystore2
- if (e.errorCode == ResponseCode.PERMISSION_DENIED) {
- throw new UnsupportedOperationException();
- }
-
- return BiometricConstants.BIOMETRIC_NO_AUTHENTICATION;
- }
+ return mKeyStoreAuthorization.getLastAuthTime(secureUserId, authTypesArray);
}
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@@ -1009,8 +991,8 @@
return ActivityManager.getService();
}
- public IKeystoreAuthorization getKeystoreAuthorizationService() {
- return Authorization.getService();
+ public KeyStoreAuthorization getKeyStoreAuthorization() {
+ return KeyStoreAuthorization.getInstance();
}
public IGateKeeperService getGateKeeperService() {
@@ -1034,10 +1016,6 @@
return new SettingObserver(context, handler, callbacks);
}
- public KeyStore getKeyStore() {
- return KeyStore.getInstance();
- }
-
/**
* Allows to enable/disable debug logs.
*/
@@ -1130,7 +1108,7 @@
mBiometricContext = injector.getBiometricContext(context);
mUserManager = injector.getUserManager(context);
mBiometricCameraManager = injector.getBiometricCameraManager(context);
- mKeystoreAuthorization = injector.getKeystoreAuthorizationService();
+ mKeyStoreAuthorization = injector.getKeyStoreAuthorization();
mGateKeeper = injector.getGateKeeperService();
try {
@@ -1150,7 +1128,6 @@
@Override
public void onStart() {
- mKeyStore = mInjector.getKeyStore();
mStatusBarService = mInjector.getStatusBarService();
mTrustManager = mInjector.getTrustManager();
mInjector.publishBinderService(this, mImpl);
@@ -1458,7 +1435,7 @@
final boolean debugEnabled = mInjector.isDebugEnabled(getContext(), userId);
mAuthSession = new AuthSession(getContext(), mBiometricContext, mStatusBarService,
- createSysuiReceiver(requestId), mKeyStore, mRandom,
+ createSysuiReceiver(requestId), mKeyStoreAuthorization, mRandom,
createClientDeathReceiver(requestId), preAuthInfo, token, requestId,
operationId, userId, createBiometricSensorReceiver(requestId), receiver,
opPackageName, promptInfo, debugEnabled,
diff --git a/services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java b/services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java
index 6eba23f..749e12b 100644
--- a/services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java
+++ b/services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java
@@ -30,7 +30,7 @@
import android.hardware.biometrics.BiometricRequestConstants;
import android.os.IBinder;
import android.os.RemoteException;
-import android.security.KeyStore;
+import android.security.KeyStoreAuthorization;
import android.util.EventLog;
import android.util.Slog;
@@ -255,7 +255,7 @@
// For BP, BiometricService will add the authToken to Keystore.
if (!isBiometricPrompt() && mIsStrongBiometric) {
- final int result = KeyStore.getInstance().addAuthToken(byteToken);
+ final int result = KeyStoreAuthorization.getInstance().addAuthToken(byteToken);
if (result != 0) {
Slog.d(TAG, "Error adding auth token : " + result);
} else {
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index a9a9d87b..ba99d2e 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -103,7 +103,7 @@
import android.provider.DeviceConfig;
import android.provider.Settings;
import android.security.AndroidKeyStoreMaintenance;
-import android.security.Authorization;
+import android.security.KeyStoreAuthorization;
import android.security.keystore.KeyProperties;
import android.security.keystore.KeyProtection;
import android.security.keystore.recovery.KeyChainProtectionParams;
@@ -289,6 +289,7 @@
private final SyntheticPasswordManager mSpManager;
private final KeyStore mKeyStore;
+ private final KeyStoreAuthorization mKeyStoreAuthorization;
private final RecoverableKeyStoreManager mRecoverableKeyStoreManager;
private final UnifiedProfilePasswordCache mUnifiedProfilePasswordCache;
@@ -623,6 +624,10 @@
}
}
+ public KeyStoreAuthorization getKeyStoreAuthorization() {
+ return KeyStoreAuthorization.getInstance();
+ }
+
public @NonNull UnifiedProfilePasswordCache getUnifiedProfilePasswordCache(KeyStore ks) {
return new UnifiedProfilePasswordCache(ks);
}
@@ -646,6 +651,7 @@
mInjector = injector;
mContext = injector.getContext();
mKeyStore = injector.getKeyStore();
+ mKeyStoreAuthorization = injector.getKeyStoreAuthorization();
mRecoverableKeyStoreManager = injector.getRecoverableKeyStoreManager();
mHandler = injector.getHandler(injector.getServiceThread());
mStrongAuth = injector.getStrongAuth();
@@ -1434,7 +1440,7 @@
}
private void unlockKeystore(int userId, SyntheticPassword sp) {
- Authorization.onDeviceUnlocked(userId, sp.deriveKeyStorePassword());
+ mKeyStoreAuthorization.onDeviceUnlocked(userId, sp.deriveKeyStorePassword());
}
@VisibleForTesting /** Note: this method is overridden in unit tests */
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index e5a8a6d..7794048 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -61,7 +61,7 @@
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
-import android.security.Authorization;
+import android.security.KeyStoreAuthorization;
import android.service.trust.GrantTrustResult;
import android.service.trust.TrustAgentService;
import android.text.TextUtils;
@@ -156,6 +156,7 @@
/* package */ final TrustArchive mArchive = new TrustArchive();
private final Context mContext;
private final LockPatternUtils mLockPatternUtils;
+ private final KeyStoreAuthorization mKeyStoreAuthorization;
private final UserManager mUserManager;
private final ActivityManager mActivityManager;
private FingerprintManager mFingerprintManager;
@@ -249,25 +250,27 @@
* cases.
*/
protected static class Injector {
- private final LockPatternUtils mLockPatternUtils;
- private final Looper mLooper;
+ private final Context mContext;
- public Injector(LockPatternUtils lockPatternUtils, Looper looper) {
- mLockPatternUtils = lockPatternUtils;
- mLooper = looper;
+ public Injector(Context context) {
+ mContext = context;
}
LockPatternUtils getLockPatternUtils() {
- return mLockPatternUtils;
+ return new LockPatternUtils(mContext);
+ }
+
+ KeyStoreAuthorization getKeyStoreAuthorization() {
+ return KeyStoreAuthorization.getInstance();
}
Looper getLooper() {
- return mLooper;
+ return Looper.myLooper();
}
}
public TrustManagerService(Context context) {
- this(context, new Injector(new LockPatternUtils(context), Looper.myLooper()));
+ this(context, new Injector(context));
}
protected TrustManagerService(Context context, Injector injector) {
@@ -277,6 +280,7 @@
mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
mLockPatternUtils = injector.getLockPatternUtils();
+ mKeyStoreAuthorization = injector.getKeyStoreAuthorization();
mStrongAuthTracker = new StrongAuthTracker(context, injector.getLooper());
mAlarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE);
}
@@ -908,16 +912,16 @@
int authUserId = mLockPatternUtils.isProfileWithUnifiedChallenge(userId)
? resolveProfileParent(userId) : userId;
- Authorization.onDeviceLocked(userId, getBiometricSids(authUserId),
+ mKeyStoreAuthorization.onDeviceLocked(userId, getBiometricSids(authUserId),
isWeakUnlockMethodEnabled(authUserId));
} else {
- Authorization.onDeviceLocked(userId, getBiometricSids(userId), false);
+ mKeyStoreAuthorization.onDeviceLocked(userId, getBiometricSids(userId), false);
}
} else {
// Notify Keystore that the device is now unlocked for the user. Note that for unlocks
// with LSKF, this is redundant with the call from LockSettingsService which provides
// the password. However, for unlocks with biometric or trust agent, this is required.
- Authorization.onDeviceUnlocked(userId, /* password= */ null);
+ mKeyStoreAuthorization.onDeviceUnlocked(userId, /* password= */ null);
}
}
diff --git a/services/tests/mockingservicestests/src/com/android/server/trust/TrustManagerServiceTest.java b/services/tests/mockingservicestests/src/com/android/server/trust/TrustManagerServiceTest.java
index b415682..0532e04 100644
--- a/services/tests/mockingservicestests/src/com/android/server/trust/TrustManagerServiceTest.java
+++ b/services/tests/mockingservicestests/src/com/android/server/trust/TrustManagerServiceTest.java
@@ -55,6 +55,7 @@
import android.os.Handler;
import android.os.HandlerThread;
import android.os.IBinder;
+import android.os.Looper;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.UserHandle;
@@ -63,8 +64,7 @@
import android.platform.test.flag.junit.CheckFlagsRule;
import android.platform.test.flag.junit.DeviceFlagsValueProvider;
import android.provider.Settings;
-import android.security.Authorization;
-import android.security.authorization.IKeystoreAuthorization;
+import android.security.KeyStoreAuthorization;
import android.service.trust.TrustAgentService;
import android.testing.TestableContext;
import android.view.IWindowManager;
@@ -96,7 +96,6 @@
@Rule
public final ExtendedMockitoRule mExtendedMockitoRule = new ExtendedMockitoRule.Builder(this)
.spyStatic(ActivityManager.class)
- .spyStatic(Authorization.class)
.mockStatic(ServiceManager.class)
.mockStatic(WindowManagerGlobal.class)
.build();
@@ -126,14 +125,13 @@
private @Mock DevicePolicyManager mDevicePolicyManager;
private @Mock FaceManager mFaceManager;
private @Mock FingerprintManager mFingerprintManager;
- private @Mock IKeystoreAuthorization mKeystoreAuthorization;
+ private @Mock KeyStoreAuthorization mKeyStoreAuthorization;
private @Mock LockPatternUtils mLockPatternUtils;
private @Mock PackageManager mPackageManager;
private @Mock UserManager mUserManager;
private @Mock IWindowManager mWindowManager;
private HandlerThread mHandlerThread;
- private TrustManagerService.Injector mInjector;
private TrustManagerService mService;
private ITrustManager mTrustManager;
@@ -145,8 +143,6 @@
when(mFaceManager.getSensorProperties()).thenReturn(List.of());
when(mFingerprintManager.getSensorProperties()).thenReturn(List.of());
- doReturn(mKeystoreAuthorization).when(() -> Authorization.getService());
-
when(mLockPatternUtils.getDevicePolicyManager()).thenReturn(mDevicePolicyManager);
when(mLockPatternUtils.isSecure(TEST_USER_ID)).thenReturn(true);
when(mLockPatternUtils.getKnownTrustAgents(TEST_USER_ID)).thenReturn(mKnownTrustAgents);
@@ -193,8 +189,7 @@
mHandlerThread = new HandlerThread("handler");
mHandlerThread.start();
- mInjector = new TrustManagerService.Injector(mLockPatternUtils, mHandlerThread.getLooper());
- mService = new TrustManagerService(mMockContext, mInjector);
+ mService = new TrustManagerService(mMockContext, new MockInjector(mMockContext));
// Get the ITrustManager from the new TrustManagerService.
mService.onStart();
@@ -204,6 +199,27 @@
mTrustManager = ITrustManager.Stub.asInterface(binderArgumentCaptor.getValue());
}
+ private class MockInjector extends TrustManagerService.Injector {
+ MockInjector(Context context) {
+ super(context);
+ }
+
+ @Override
+ LockPatternUtils getLockPatternUtils() {
+ return mLockPatternUtils;
+ }
+
+ @Override
+ KeyStoreAuthorization getKeyStoreAuthorization() {
+ return mKeyStoreAuthorization;
+ }
+
+ @Override
+ Looper getLooper() {
+ return mHandlerThread.getLooper();
+ }
+ }
+
@After
public void tearDown() {
LocalServices.removeServiceForTest(SystemServiceManager.class);
@@ -371,14 +387,14 @@
when(mWindowManager.isKeyguardLocked()).thenReturn(false);
mTrustManager.reportKeyguardShowingChanged();
- verify(mKeystoreAuthorization).onDeviceUnlocked(PARENT_USER_ID, null);
- verify(mKeystoreAuthorization).onDeviceUnlocked(PROFILE_USER_ID, null);
+ verify(mKeyStoreAuthorization).onDeviceUnlocked(PARENT_USER_ID, null);
+ verify(mKeyStoreAuthorization).onDeviceUnlocked(PROFILE_USER_ID, null);
when(mWindowManager.isKeyguardLocked()).thenReturn(true);
mTrustManager.reportKeyguardShowingChanged();
- verify(mKeystoreAuthorization)
+ verify(mKeyStoreAuthorization)
.onDeviceLocked(eq(PARENT_USER_ID), eq(PARENT_BIOMETRIC_SIDS), eq(false));
- verify(mKeystoreAuthorization)
+ verify(mKeyStoreAuthorization)
.onDeviceLocked(eq(PROFILE_USER_ID), eq(PARENT_BIOMETRIC_SIDS), eq(false));
}
@@ -392,10 +408,10 @@
setupMocksForProfile(/* unifiedChallenge= */ false);
mTrustManager.setDeviceLockedForUser(PROFILE_USER_ID, false);
- verify(mKeystoreAuthorization).onDeviceUnlocked(PROFILE_USER_ID, null);
+ verify(mKeyStoreAuthorization).onDeviceUnlocked(PROFILE_USER_ID, null);
mTrustManager.setDeviceLockedForUser(PROFILE_USER_ID, true);
- verify(mKeystoreAuthorization)
+ verify(mKeyStoreAuthorization)
.onDeviceLocked(eq(PROFILE_USER_ID), eq(PROFILE_BIOMETRIC_SIDS), eq(false));
}
@@ -572,11 +588,11 @@
private void verifyWeakUnlockValue(boolean expectedWeakUnlockEnabled) throws Exception {
when(mWindowManager.isKeyguardLocked()).thenReturn(false);
mTrustManager.reportKeyguardShowingChanged();
- verify(mKeystoreAuthorization).onDeviceUnlocked(TEST_USER_ID, null);
+ verify(mKeyStoreAuthorization).onDeviceUnlocked(TEST_USER_ID, null);
when(mWindowManager.isKeyguardLocked()).thenReturn(true);
mTrustManager.reportKeyguardShowingChanged();
- verify(mKeystoreAuthorization).onDeviceLocked(eq(TEST_USER_ID), any(),
+ verify(mKeyStoreAuthorization).onDeviceLocked(eq(TEST_USER_ID), any(),
eq(expectedWeakUnlockEnabled));
}
diff --git a/services/tests/servicestests/src/com/android/server/biometrics/AuthSessionTest.java b/services/tests/servicestests/src/com/android/server/biometrics/AuthSessionTest.java
index 74eb79d..34092b6 100644
--- a/services/tests/servicestests/src/com/android/server/biometrics/AuthSessionTest.java
+++ b/services/tests/servicestests/src/com/android/server/biometrics/AuthSessionTest.java
@@ -68,7 +68,7 @@
import android.os.IBinder;
import android.os.RemoteException;
import android.platform.test.annotations.Presubmit;
-import android.security.KeyStore;
+import android.security.KeyStoreAuthorization;
import androidx.test.filters.SmallTest;
@@ -105,7 +105,7 @@
@Mock private IBiometricServiceReceiver mClientReceiver;
@Mock private IStatusBarService mStatusBarService;
@Mock private IBiometricSysuiReceiver mSysuiReceiver;
- @Mock private KeyStore mKeyStore;
+ @Mock private KeyStoreAuthorization mKeyStoreAuthorization;
@Mock private AuthSession.ClientDeathReceiver mClientDeathReceiver;
@Mock private BiometricFrameworkStatsLogger mBiometricFrameworkStatsLogger;
@Mock private BiometricCameraManager mBiometricCameraManager;
@@ -665,9 +665,10 @@
final PreAuthInfo preAuthInfo = createPreAuthInfo(sensors, userId, promptInfo,
checkDevicePolicyManager);
return new AuthSession(mContext, mBiometricContext, mStatusBarService, mSysuiReceiver,
- mKeyStore, mRandom, mClientDeathReceiver, preAuthInfo, mToken, requestId,
- operationId, userId, mSensorReceiver, mClientReceiver, TEST_PACKAGE, promptInfo,
- false /* debugEnabled */, mFingerprintSensorProps, mBiometricFrameworkStatsLogger);
+ mKeyStoreAuthorization, mRandom, mClientDeathReceiver, preAuthInfo, mToken,
+ requestId, operationId, userId, mSensorReceiver, mClientReceiver, TEST_PACKAGE,
+ promptInfo, false /* debugEnabled */, mFingerprintSensorProps,
+ mBiometricFrameworkStatsLogger);
}
private PromptInfo createPromptInfo(@Authenticators.Types int authenticators) {
diff --git a/services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java b/services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java
index 408442b..3eaf9af 100644
--- a/services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java
@@ -80,8 +80,7 @@
import android.platform.test.annotations.Presubmit;
import android.platform.test.flag.junit.SetFlagsRule;
import android.security.GateKeeper;
-import android.security.KeyStore;
-import android.security.authorization.IKeystoreAuthorization;
+import android.security.KeyStoreAuthorization;
import android.service.gatekeeper.IGateKeeperService;
import android.view.Display;
import android.view.DisplayInfo;
@@ -173,7 +172,7 @@
private BiometricCameraManager mBiometricCameraManager;
@Mock
- private IKeystoreAuthorization mKeystoreAuthService;
+ private KeyStoreAuthorization mKeyStoreAuthorization;
@Mock
private IGateKeeperService mGateKeeperService;
@@ -195,7 +194,7 @@
when(mInjector.getStatusBarService()).thenReturn(mock(IStatusBarService.class));
when(mInjector.getSettingObserver(any(), any(), any()))
.thenReturn(mock(BiometricService.SettingObserver.class));
- when(mInjector.getKeyStore()).thenReturn(mock(KeyStore.class));
+ when(mInjector.getKeyStoreAuthorization()).thenReturn(mock(KeyStoreAuthorization.class));
when(mInjector.isDebugEnabled(any(), anyInt())).thenReturn(false);
when(mInjector.getBiometricStrengthController(any()))
.thenReturn(mock(BiometricStrengthController.class));
@@ -231,7 +230,7 @@
mStatusBarService, null /* handler */,
mAuthSessionCoordinator);
when(mInjector.getBiometricContext(any())).thenReturn(mBiometricContextProvider);
- when(mInjector.getKeystoreAuthorizationService()).thenReturn(mKeystoreAuthService);
+ when(mInjector.getKeyStoreAuthorization()).thenReturn(mKeyStoreAuthorization);
when(mInjector.getGateKeeperService()).thenReturn(mGateKeeperService);
when(mGateKeeperService.getSecureUserId(anyInt())).thenReturn(42L);
@@ -661,9 +660,9 @@
waitForIdle();
// HAT sent to keystore
if (isStrongBiometric) {
- verify(mBiometricService.mKeyStore).addAuthToken(AdditionalMatchers.aryEq(HAT));
+ verify(mKeyStoreAuthorization).addAuthToken(AdditionalMatchers.aryEq(HAT));
} else {
- verify(mBiometricService.mKeyStore, never()).addAuthToken(any(byte[].class));
+ verify(mKeyStoreAuthorization, never()).addAuthToken(any(byte[].class));
}
// Send onAuthenticated to client
verify(mReceiver1).onAuthenticationSucceeded(
@@ -726,7 +725,7 @@
waitForIdle();
// Waiting for SystemUI to send confirmation callback
assertEquals(STATE_AUTH_PENDING_CONFIRM, mBiometricService.mAuthSession.getState());
- verify(mBiometricService.mKeyStore, never()).addAuthToken(any(byte[].class));
+ verify(mKeyStoreAuthorization, never()).addAuthToken(any(byte[].class));
// SystemUI sends confirm, HAT is sent to keystore and client is notified.
mBiometricService.mAuthSession.mSysuiReceiver.onDialogDismissed(
@@ -734,9 +733,9 @@
null /* credentialAttestation */);
waitForIdle();
if (isStrongBiometric) {
- verify(mBiometricService.mKeyStore).addAuthToken(AdditionalMatchers.aryEq(HAT));
+ verify(mKeyStoreAuthorization).addAuthToken(AdditionalMatchers.aryEq(HAT));
} else {
- verify(mBiometricService.mKeyStore, never()).addAuthToken(any(byte[].class));
+ verify(mKeyStoreAuthorization, never()).addAuthToken(any(byte[].class));
}
verify(mReceiver1).onAuthenticationSucceeded(
BiometricPrompt.AUTHENTICATION_RESULT_TYPE_BIOMETRIC);
@@ -1292,7 +1291,7 @@
eq(TYPE_FACE),
eq(BiometricConstants.BIOMETRIC_ERROR_USER_CANCELED),
eq(0 /* vendorCode */));
- verify(mBiometricService.mKeyStore, never()).addAuthToken(any(byte[].class));
+ verify(mKeyStoreAuthorization, never()).addAuthToken(any(byte[].class));
assertNull(mBiometricService.mAuthSession);
}
@@ -1796,7 +1795,7 @@
final long expectedResult = 31337L;
- when(mKeystoreAuthService.getLastAuthTime(eq(secureUserId), eq(hardwareAuthenticators)))
+ when(mKeyStoreAuthorization.getLastAuthTime(eq(secureUserId), eq(hardwareAuthenticators)))
.thenReturn(expectedResult);
mBiometricService = new BiometricService(mContext, mInjector);
@@ -1805,7 +1804,8 @@
Authenticators.BIOMETRIC_STRONG | Authenticators.DEVICE_CREDENTIAL);
assertEquals(expectedResult, result);
- verify(mKeystoreAuthService).getLastAuthTime(eq(secureUserId), eq(hardwareAuthenticators));
+ verify(mKeyStoreAuthorization).getLastAuthTime(eq(secureUserId),
+ eq(hardwareAuthenticators));
}
// Helper methods