3876b1be27e3aefde9a72eb2e4f856e94fc5f946 |
|
09-Sep-2015 |
Alex Klyubin <klyubin@google.com> |
Support cross-UID access from AndroidKeyStore. This is meant for exposing the pre-existing cross-UID access to keys backed by the keystore service via higher-level JCA API. For example, this lets system_server use Wi-Fi or VPN UID keys via JCA API. To obtain a JCA AndroidKeyStore KeyStore for another UID, use the hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid). To generate a key owned by another UID, invoke setUid(uid) on KeyGenParameterSpec.Builder. This CL does not change the security policy, such as which UID can access/modify which UIDs' keys. The policy is that only certain system UIDs are permitted to access keys of certain other system UIDs. Bug: 23978113 Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreECPublicKey.java
|