diff options
author | Robin Lee <rgl@google.com> | 2016-02-22 13:52:17 +0000 |
---|---|---|
committer | The Android Automerger <android-build@android.com> | 2016-03-01 17:16:47 -0800 |
commit | ae7438eda7c9cf6f30323f6fb59c3aea4007bac3 (patch) | |
tree | 9572bf9f74d8d31b8c3ceebda4fb8a36a8a45a8b | |
parent | cab79670a3342ce04a5bd6d76c35c2746e405c3f (diff) | |
download | android_packages_apps_CertInstaller-ae7438eda7c9cf6f30323f6fb59c3aea4007bac3.tar.gz android_packages_apps_CertInstaller-ae7438eda7c9cf6f30323f6fb59c3aea4007bac3.tar.bz2 android_packages_apps_CertInstaller-ae7438eda7c9cf6f30323f6fb59c3aea4007bac3.zip |
Trust CA certificates added for the whole OS only
Excludes any CA certificates installed for wifi-only from being used for
anything else. Does not take effect retroactively against certs which
were already installed.
The CAs will continue to be saved to a part of the keystore accessible
by services running under WIFI_UID.
Bug: 26324357
Bug: 25780055
Change-Id: Ifeb9daf24c9f9a22b2b2daf247d5622c707c9885
Merge conflict resolution to ag/871740 with changes in ag/871667 to mnc-dr1.5-release
-rw-r--r-- | src/com/android/certinstaller/CertInstaller.java | 3 | ||||
-rw-r--r-- | src/com/android/certinstaller/CredentialHelper.java | 7 |
2 files changed, 9 insertions, 1 deletions
diff --git a/src/com/android/certinstaller/CertInstaller.java b/src/com/android/certinstaller/CertInstaller.java index 0a6049e..dd334cb 100644 --- a/src/com/android/certinstaller/CertInstaller.java +++ b/src/com/android/certinstaller/CertInstaller.java @@ -181,7 +181,8 @@ public class CertInstaller extends Activity { Toast.makeText(this, getString(R.string.cert_is_added, mCredentials.getName()), Toast.LENGTH_LONG).show(); - if (mCredentials.hasCaCerts()) { + if (mCredentials.hasCaCerts() + && mCredentials.getInstallAsUid() == KeyStore.UID_SELF) { // more work to do, don't finish just yet new InstallCaCertsToKeyChainTask().execute(); return; diff --git a/src/com/android/certinstaller/CredentialHelper.java b/src/com/android/certinstaller/CredentialHelper.java index a3e2e27..0ef50bf 100644 --- a/src/com/android/certinstaller/CredentialHelper.java +++ b/src/com/android/certinstaller/CredentialHelper.java @@ -101,6 +101,7 @@ class CredentialHelper { try { outStates.putSerializable(DATA_KEY, mBundle); outStates.putString(KeyChain.EXTRA_NAME, mName); + outStates.putInt(Credentials.EXTRA_INSTALL_AS_UID, mUid); if (mUserKey != null) { outStates.putByteArray(Credentials.USER_PRIVATE_KEY, mUserKey.getEncoded()); @@ -121,6 +122,7 @@ class CredentialHelper { void onRestoreStates(Bundle savedStates) { mBundle = (HashMap) savedStates.getSerializable(DATA_KEY); mName = savedStates.getString(KeyChain.EXTRA_NAME); + mUid = savedStates.getInt(Credentials.EXTRA_INSTALL_AS_UID, -1); byte[] bytes = savedStates.getByteArray(Credentials.USER_PRIVATE_KEY); if (bytes != null) { setPrivateKey(bytes); @@ -257,6 +259,11 @@ class CredentialHelper { return mUid != -1; } + + int getInstallAsUid() { + return mUid; + } + Intent createSystemInstallIntent(final Context context) { Intent intent = new Intent("com.android.credentials.INSTALL"); // To prevent the private key from being sniffed, we explicitly spell |