PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Relax WiFi cert installation restrictions in HSUM mode" into main

Browse Source
This commit is contained in:
Andreea Costinas
2024-11-15 09:08:46 +00:00
committed by Android (Google) Code Review
parent 30a4a8c521 25d8e56c53
commit a3cdf47415
2 changed files with 11 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/com/android/settings/UserCredentialsSettings.java
View File

@@ -291,23 +291,23 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
// Certificates can be installed into SYSTEM_UID or WIFI_UID through CertInstaller. // Certificates can be installed into SYSTEM_UID or WIFI_UID through CertInstaller.
final int myUserId = UserHandle.myUserId(); final int myUserId = UserHandle.myUserId();
final int systemUid = UserHandle.getUid(myUserId, Process.SYSTEM_UID); final int systemUid = UserHandle.getUid(myUserId, Process.SYSTEM_UID);
final int wifiUid = UserHandle.getUid(myUserId, Process.WIFI_UID);
try { try {
KeyStore processKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER); KeyStore processKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
processKeystore.load(null); processKeystore.load(null);
KeyStore wifiKeystore = null; KeyStore wifiKeystore = null;
if (myUserId == 0) {
wifiKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
wifiKeystore.load(new AndroidKeyStoreLoadStoreParameter(
KeyProperties.NAMESPACE_WIFI));
}
List<Credential> credentials = new ArrayList<>(); List<Credential> credentials = new ArrayList<>();
credentials.addAll(getCredentialsForUid(processKeystore, systemUid).values()); credentials.addAll(getCredentialsForUid(processKeystore, systemUid).values());
if (wifiKeystore != null) {
credentials.addAll(getCredentialsForUid(wifiKeystore, wifiUid).values()); UserManager userManager = getContext().getSystemService(UserManager.class);
if (userManager.isAdminUser()) {
wifiKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
wifiKeystore.load(
new AndroidKeyStoreLoadStoreParameter(KeyProperties.NAMESPACE_WIFI));
credentials.addAll(
getCredentialsForUid(wifiKeystore, Process.WIFI_UID).values());
} }
return credentials; return credentials;
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException("Failed to load credentials from Keystore.", e); throw new RuntimeException("Failed to load credentials from Keystore.", e);

14
src/com/android/settings/security/CredentialStorage.java
View File

@@ -128,22 +128,12 @@ public final class CredentialStorage extends FragmentActivity {
final int uid = bundle.getInt(Credentials.EXTRA_INSTALL_AS_UID, KeyProperties.UID_SELF); final int uid = bundle.getInt(Credentials.EXTRA_INSTALL_AS_UID, KeyProperties.UID_SELF);
if (uid != KeyProperties.UID_SELF && !UserHandle.isSameUser(uid, Process.myUid())) { if (uid != KeyProperties.UID_SELF && uid != Process.WIFI_UID) {
final int dstUserId = UserHandle.getUserId(uid); if (!UserHandle.isSameUser(uid, Process.myUid())) {
// Restrict install target to the wifi uid.
if (uid != Process.WIFI_UID) {
Log.e(TAG, "Failed to install credentials as uid " + uid + ": cross-user installs" Log.e(TAG, "Failed to install credentials as uid " + uid + ": cross-user installs"
+ " may only target wifi uids"); + " may only target wifi uids");
return true; return true;
} }
final Intent installIntent = new Intent(ACTION_INSTALL)
.setPackage(getPackageName())
.setFlags(Intent.FLAG_ACTIVITY_FORWARD_RESULT)
.putExtras(bundle);
startActivityAsUser(installIntent, new UserHandle(dstUserId));
return true;
} }
String alias = bundle.getString(Credentials.EXTRA_USER_KEY_ALIAS, null); String alias = bundle.getString(Credentials.EXTRA_USER_KEY_ALIAS, null);