Merge "Relax WiFi cert installation restrictions in HSUM mode" into main

2024-11-15 09:08:46 +00:00
parent 30a4a8c521 25d8e56c53
commit a3cdf47415
2 changed files with 11 additions and 21 deletions
--- a/src/com/android/settings/UserCredentialsSettings.java
+++ b/src/com/android/settings/UserCredentialsSettings.java
@@ -291,23 +291,23 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
            // Certificates can be installed into SYSTEM_UID or WIFI_UID through CertInstaller.
            final int myUserId = UserHandle.myUserId();
            final int systemUid = UserHandle.getUid(myUserId, Process.SYSTEM_UID);
-            final int wifiUid = UserHandle.getUid(myUserId, Process.WIFI_UID);
-
            try {
                KeyStore processKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
                processKeystore.load(null);
                KeyStore wifiKeystore = null;
-                if (myUserId == 0) {
-                    wifiKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
-                    wifiKeystore.load(new AndroidKeyStoreLoadStoreParameter(
-                            KeyProperties.NAMESPACE_WIFI));
-                }

                List<Credential> credentials = new ArrayList<>();
                credentials.addAll(getCredentialsForUid(processKeystore, systemUid).values());
-                if (wifiKeystore != null) {
-                    credentials.addAll(getCredentialsForUid(wifiKeystore, wifiUid).values());
+
+                UserManager userManager = getContext().getSystemService(UserManager.class);
+                if (userManager.isAdminUser()) {
+                    wifiKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
+                    wifiKeystore.load(
+                        new AndroidKeyStoreLoadStoreParameter(KeyProperties.NAMESPACE_WIFI));
+                    credentials.addAll(
+                            getCredentialsForUid(wifiKeystore, Process.WIFI_UID).values());
                }
+
                return credentials;
            } catch (Exception e) {
                throw new RuntimeException("Failed to load credentials from Keystore.", e);
--- a/src/com/android/settings/security/CredentialStorage.java
+++ b/src/com/android/settings/security/CredentialStorage.java
@@ -128,22 +128,12 @@ public final class CredentialStorage extends FragmentActivity {

        final int uid = bundle.getInt(Credentials.EXTRA_INSTALL_AS_UID, KeyProperties.UID_SELF);

-        if (uid != KeyProperties.UID_SELF && !UserHandle.isSameUser(uid, Process.myUid())) {
-            final int dstUserId = UserHandle.getUserId(uid);
-
-            // Restrict install target to the wifi uid.
-            if (uid != Process.WIFI_UID) {
+        if (uid != KeyProperties.UID_SELF && uid != Process.WIFI_UID) {
+            if (!UserHandle.isSameUser(uid, Process.myUid())) {
                Log.e(TAG, "Failed to install credentials as uid " + uid + ": cross-user installs"
                        + " may only target wifi uids");
                return true;
            }
-
-            final Intent installIntent = new Intent(ACTION_INSTALL)
-                    .setPackage(getPackageName())
-                    .setFlags(Intent.FLAG_ACTIVITY_FORWARD_RESULT)
-                    .putExtras(bundle);
-            startActivityAsUser(installIntent, new UserHandle(dstUserId));
-            return true;
        }

        String alias = bundle.getString(Credentials.EXTRA_USER_KEY_ALIAS, null);