Track active user inside keystore service
The active Android user ID is not generally accessible from native code
- UID is per-app, and PID can be split up even farther than that. Most
processes even on the Java side don't have correct permissions to read
their user ID, but the keyguard does, and we're already getting that
signal from the state change calls. Keep track of that, and write it out
to the saved authorization list that will be read back for the software
authorization.
Bug: 76430246
Test: CtsKeystoreTestCases, both as main and guest user
Change-Id: I39baac7264196318bb42c75964d64b5d3b567b97
diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h
index 8d3f1f2..0056342 100644
--- a/keystore/key_store_service.h
+++ b/keystore/key_store_service.h
@@ -39,7 +39,7 @@
public:
explicit KeyStoreService(KeyStore* keyStore)
: mKeyStore(keyStore), mOperationMap(this),
- mConfirmationManager(new ConfirmationManager(this)) {}
+ mConfirmationManager(new ConfirmationManager(this)), mActiveUserId(0) {}
virtual ~KeyStoreService() = default;
void binderDied(const android::wp<android::IBinder>& who);
@@ -300,6 +300,7 @@
android::sp<ConfirmationManager> mConfirmationManager;
keystore::AuthTokenTable mAuthTokenTable;
KeystoreKeymasterEnforcement enforcement_policy;
+ int32_t mActiveUserId;
};
}; // namespace keystore