| 6ab9bb68bafaa2b9a10924f3a7c3a1d164dda752 |
|
08-Mar-2017 |
Janis Danisevskis <jdanis@google.com> |
Fixes attestation id gathering from secondary android user
When Keystore attempts to gather the application attestation
ID for an app that runs not as the primary user/owner of the
device, the PackageManager would deny package manager access
to the required PackageInfo on the grounds that the request
came from a different user
(violates android.permission.INTERACT_ACROSS_USERS)
This patch adds an additional check to
KeyAttestationApplicationIdProviderService, that verifies the
caller is indeed Keystore. Then it drops the caller context
and retrieves the requested PackageInfo, before restoring
the calling context.
Bug: 35719178
Test: install APK [1] and run as secondary user
[1] https://drive.google.com/file/d/0BzV-JgYFLSDIRGY1WENncmFMVW8/view?ts=58d3f3e6
Change-Id: I91f93a56d10498e1ee3bdb983c701033594c3e57
/frameworks/base/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
|