6ab9bb68bafaa2b9a10924f3a7c3a1d164dda752 |
|
08-Mar-2017 |
Janis Danisevskis <jdanis@google.com> |
Fixes attestation id gathering from secondary android user When Keystore attempts to gather the application attestation ID for an app that runs not as the primary user/owner of the device, the PackageManager would deny package manager access to the required PackageInfo on the grounds that the request came from a different user (violates android.permission.INTERACT_ACROSS_USERS) This patch adds an additional check to KeyAttestationApplicationIdProviderService, that verifies the caller is indeed Keystore. Then it drops the caller context and retrieves the requested PackageInfo, before restoring the calling context. Bug: 35719178 Test: install APK [1] and run as secondary user [1] https://drive.google.com/file/d/0BzV-JgYFLSDIRGY1WENncmFMVW8/view?ts=58d3f3e6 Change-Id: I91f93a56d10498e1ee3bdb983c701033594c3e57
/frameworks/base/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
|