diff options
| author | Brian Carlstrom <bdc@google.com> | 2011-06-27 02:27:16 -0700 |
|---|---|---|
| committer | Brian Carlstrom <bdc@google.com> | 2011-06-27 12:26:20 -0700 |
| commit | 43f5b77dbbff264f7f521dbf5361f07a5e253c70 (patch) | |
| tree | a14989636f6a3172f561427cef64c5c41c8f5c7e /src | |
| parent | df17230fbddfd959658368bcfd3c87d34ce3c097 (diff) | |
| download | android_packages_apps_KeyChain-43f5b77dbbff264f7f521dbf5361f07a5e253c70.tar.gz android_packages_apps_KeyChain-43f5b77dbbff264f7f521dbf5361f07a5e253c70.tar.bz2 android_packages_apps_KeyChain-43f5b77dbbff264f7f521dbf5361f07a5e253c70.zip | |
Add KeyChainService.deleteCaCertificate
Allow system to call KeyChainService.installCaCertificate
Change-Id: Idd3d97d7972f066368079f6b996cf2bc658cca4f
Diffstat (limited to 'src')
| -rw-r--r-- | src/com/android/keychain/KeyChainService.java | 61 |
1 files changed, 43 insertions, 18 deletions
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java index 7ce176f..827f278 100644 --- a/src/com/android/keychain/KeyChainService.java +++ b/src/com/android/keychain/KeyChainService.java @@ -102,12 +102,7 @@ public class KeyChainService extends Service { } @Override public void installCaCertificate(byte[] caCertificate) { - // only the CertInstaller should be able to add new trusted CAs - final String expectedPackage = "com.android.certinstaller"; - final String actualPackage = getPackageManager().getNameForUid(getCallingUid()); - if (!expectedPackage.equals(actualPackage)) { - throw new IllegalStateException(actualPackage); - } + checkCertInstallerOrSystemCaller(); try { synchronized (mTrustedCertificateStore) { mTrustedCertificateStore.installCertificate(parseCertificate(caCertificate)); @@ -126,11 +121,7 @@ public class KeyChainService extends Service { @Override public boolean reset() { // only Settings should be able to reset - final String expectedPackage = "android.uid.system:1000"; - final String actualPackage = getPackageManager().getNameForUid(getCallingUid()); - if (!expectedPackage.equals(actualPackage)) { - throw new IllegalStateException(actualPackage); - } + checkSystemCaller(); boolean ok = true; synchronized (mAccountLock) { @@ -156,13 +147,7 @@ public class KeyChainService extends Service { // delete user-installed CA certs for (String alias : mTrustedCertificateStore.aliases()) { if (TrustedCertificateStore.isUser(alias)) { - try { - mTrustedCertificateStore.deleteCertificateEntry(alias); - } catch (IOException e) { - Log.w(TAG, "Problem removing CA certificate " + alias, e); - ok = false; - } catch (CertificateException e) { - Log.w(TAG, "Problem removing CA certificate " + alias, e); + if (!deleteCertificateEntry(alias)) { ok = false; } } @@ -170,6 +155,46 @@ public class KeyChainService extends Service { return ok; } } + + @Override public boolean deleteCaCertificate(String alias) { + // only Settings should be able to delete + checkSystemCaller(); + return deleteCertificateEntry(alias); + } + + private boolean deleteCertificateEntry(String alias) { + try { + mTrustedCertificateStore.deleteCertificateEntry(alias); + return true; + } catch (IOException e) { + Log.w(TAG, "Problem removing CA certificate " + alias, e); + return false; + } catch (CertificateException e) { + Log.w(TAG, "Problem removing CA certificate " + alias, e); + return false; + } + } + + private void checkCertInstallerOrSystemCaller() { + String actual = checkCaller("com.android.certinstaller"); + if (actual == null) { + return; + } + checkSystemCaller(); + } + private void checkSystemCaller() { + String actual = checkCaller("android.uid.system:1000"); + if (actual != null) { + throw new IllegalStateException(actual); + } + } + /** + * Returns null if actually caller is expected, otherwise return bad package to report + */ + private String checkCaller(String expectedPackage) { + String actualPackage = getPackageManager().getNameForUid(getCallingUid()); + return (!expectedPackage.equals(actualPackage)) ? actualPackage : null; + } }; private class KeyChainAccountAuthenticator extends AbstractAccountAuthenticator { |