Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 336b5db80970f5539ced3cd2f0b73c8b7a6aa116
commit336b5db80970f5539ced3cd2f0b73c8b7a6aa116[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Thu Apr 08 17:33:31 2021 -0700
committerPaul Crowley <paulcrowley@google.com>Tue Apr 27 10:34:33 2021 -0700
treecbaadfe977f3a56cbec4ffd2933b72d8031592c8
parent4459123d4932a2f4091115a5141d2ca63747ca09 [diff]
Tell keystore which SIDs can unlock this user

If biometric unlock is enabled, we tell keystore at lock time so that
a key can be set up in KM which unlocks UNLOCKED_DEVICE_REQUIRED keys
based on auth tokens carrying those SIDs. This also has the effect that
if there is no biometric unlock, UNLOCKED_DEVICE_REQUIRED keys have
full cryptographic protection, per NIAP requirements.

Test: aosp/1686345
Bug: 163866361
Change-Id: Ia4d01faa998c76b2b33ad3520730466ac59e6d8d
3 files changed
tree: cbaadfe977f3a56cbec4ffd2933b72d8031592c8
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. lowpan/
  19. media/
  20. mime/
  21. mms/
  22. native/
  23. nfc-extras/
  24. obex/
  25. opengl/
  26. packages/
  27. proto/
  28. rs/
  29. samples/
  30. sax/
  31. services/
  32. startop/
  33. telecomm/
  34. telephony/
  35. test-base/
  36. test-legacy/
  37. test-mock/
  38. test-runner/
  39. tests/
  40. tools/
  41. wifi/
  42. .clang-format
  43. .gitignore
  44. .mailmap
  45. Android.bp
  46. Android.mk
  47. ApiDocs.bp
  48. BATTERY_STATS_OWNERS
  49. CleanSpec.mk
  50. framework-jarjar-rules.txt
  51. METADATA
  52. MODULE_LICENSE_APACHE2
  53. MULTIUSER_OWNERS
  54. NOTICE
  55. OWNERS
  56. OWNERS.md
  57. pathmap.mk
  58. PREUPLOAD.cfg
  59. ProtoLibraries.bp
  60. StubLibraries.bp
  61. TEST_MAPPING
  62. ZYGOTE_OWNERS