Restore "Add "Unlocked device required" parameter to keys"
dd a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit ccb492da4478a11210b1a7aa885ad38958ca837f.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Merged-In: I485e0855c4a09073e067c1a628f7d93eab489483
Change-Id: I485e0855c4a09073e067c1a628f7d93eab489483
(cherry picked from f6125de02d20382521c0d0177479079c5a0371ea)
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 8be07f8..a716498 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -367,6 +367,7 @@
return Status::ok();
}
+ enforcement_policy.set_device_locked(true, userId);
mKeyStore->lock(userId);
*aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
return Status::ok();
@@ -395,6 +396,7 @@
return Status::ok();
}
+ enforcement_policy.set_device_locked(false, userId);
const String8 password8(pw);
// read master key, decrypt with password, initialize mMasterKey*.
*aidl_return = static_cast<int32_t>(mKeyStore->readMasterKey(password8, userId));
@@ -2226,9 +2228,10 @@
return error;
}
-Status KeyStoreService::onKeyguardVisibilityChanged(bool /*isShowing*/, int32_t /*userId*/,
- int32_t* /*aidl_return*/) {
- // TODO(67752510)
+Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
+ int32_t* aidl_return) {
+ enforcement_policy.set_device_locked(isShowing, userId);
+ *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
return Status::ok();
}