Use correct call to get Android user ID
Rather than trying to store the active user ID, use
multiuser_get_user_id to pull the actual ID for the caller. This will
now behave correctly when called by background processes.
Test: CtsKeystoreTestCases, from both owner and guest users
Bug: 113280004
Change-Id: I73fd2ef2ac4b1ceb7ec3792761e827d801d0d905
diff --git a/keystore/Android.bp b/keystore/Android.bp
index 9bf6cf3..ed60596 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -50,6 +50,7 @@
"libbase",
"libbinder",
"libcrypto",
+ "libcutils",
"libhardware",
"libhidlbase",
"libhidltransport",
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 6c3e452..ee13006 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -30,6 +30,7 @@
#include <binder/IPCThreadState.h>
#include <binder/IPermissionController.h>
#include <binder/IServiceManager.h>
+#include <cutils/multiuser.h>
#include <log/log_event_list.h>
#include <private/android_filesystem_config.h>
@@ -862,7 +863,7 @@
// Most Java processes don't have access to this tag
KeyParameter user_id;
user_id.tag = Tag::USER_ID;
- user_id.f.integer = mActiveUserId;
+ user_id.f.integer = multiuser_get_user_id(uid);
keyCharacteristics.push_back(user_id);
}
@@ -995,7 +996,6 @@
const ::std::vector<uint8_t>& keyData, int uid, int flags,
::android::security::keymaster::KeyCharacteristics* outCharacteristics,
int32_t* aidl_return) {
-
uid = getEffectiveUid(uid);
auto logOnScopeExit = android::base::make_scope_guard([&] {
if (__android_log_security()) {
@@ -1103,7 +1103,7 @@
// Most Java processes don't have access to this tag
KeyParameter user_id;
user_id.tag = Tag::USER_ID;
- user_id.f.integer = mActiveUserId;
+ user_id.f.integer = multiuser_get_user_id(uid);
opParams.push_back(user_id);
}
@@ -2294,9 +2294,6 @@
Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
int32_t* aidl_return) {
enforcement_policy.set_device_locked(isShowing, userId);
- if (!isShowing) {
- mActiveUserId = userId;
- }
*aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
return Status::ok();
diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h
index 0056342..8d3f1f2 100644
--- a/keystore/key_store_service.h
+++ b/keystore/key_store_service.h
@@ -39,7 +39,7 @@
public:
explicit KeyStoreService(KeyStore* keyStore)
: mKeyStore(keyStore), mOperationMap(this),
- mConfirmationManager(new ConfirmationManager(this)), mActiveUserId(0) {}
+ mConfirmationManager(new ConfirmationManager(this)) {}
virtual ~KeyStoreService() = default;
void binderDied(const android::wp<android::IBinder>& who);
@@ -300,7 +300,6 @@
android::sp<ConfirmationManager> mConfirmationManager;
keystore::AuthTokenTable mAuthTokenTable;
KeystoreKeymasterEnforcement enforcement_policy;
- int32_t mActiveUserId;
};
}; // namespace keystore