[automerger skipped] Import translations. DO NOT MERGE ANYWHERE am: 0949913b0c -s ours
am skip reason: subject contains skip directive
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/KeyChain/+/22794569
Change-Id: I576feed3df98efbc76e650bbc38af52fc591f080
Signed-off-by: Automerger Merge Worker <[email protected]>
diff --git a/src/com/android/keychain/KeyChainActivity.java b/src/com/android/keychain/KeyChainActivity.java
index 54e7d3a..d735044 100644
--- a/src/com/android/keychain/KeyChainActivity.java
+++ b/src/com/android/keychain/KeyChainActivity.java
@@ -714,37 +714,49 @@
mFromPolicy = isFromPolicy;
}
@Override protected Void doInBackground(Void... unused) {
- try {
- if (mAlias != null) {
- KeyChain.KeyChainConnection connection = KeyChain.bind(KeyChainActivity.this);
- try {
- // This is a safety check to make sure an alias was not somehow chosen by
- // the user but is not user-selectable.
- // However, if the alias was selected by the Device Owner / Profile Owner
- // (by implementing DeviceAdminReceiver), then there's no need to check
- // this.
- if (!mFromPolicy && (!connection.getService().isUserSelectable(mAlias))) {
- Log.w(TAG, String.format("Alias %s not user-selectable.", mAlias));
- //TODO: Should we invoke the callback with null here to indicate error?
- return null;
- }
- connection.getService().setGrant(mSenderUid, mAlias, true);
- } finally {
- connection.close();
- }
+ if (mAlias == null) {
+ respondWithAlias(null);
+ return null;
+ }
+ try (KeyChain.KeyChainConnection connection = KeyChain.bind(KeyChainActivity.this)) {
+ // This is a safety check to make sure an alias was not somehow chosen by
+ // the user but is not user-selectable.
+ // However, if the alias was selected by the Device Owner / Profile Owner
+ // (by implementing DeviceAdminReceiver), then there's no need to check
+ // this.
+ if (!mFromPolicy && (!connection.getService().isUserSelectable(mAlias))) {
+ Log.w(TAG, String.format("Alias %s not user-selectable.", mAlias));
+ respondWithAlias(null);
+ return null;
}
- mKeyChainAliasResponse.alias(mAlias);
+ connection.getService().setGrant(mSenderUid, mAlias, true);
+ respondWithAlias(mAlias);
} catch (InterruptedException ignored) {
Thread.currentThread().interrupt();
Log.d(TAG, "interrupted while granting access", ignored);
+ respondWithAlias(null);
+ } catch (IllegalArgumentException ignored) {
+ Log.d(TAG, "attempt to set grant on a non-existent alias", ignored);
+ respondWithAlias(null);
} catch (Exception ignored) {
- // don't just catch RemoteException, caller could
- // throw back a RuntimeException across processes
- // which we should protect against.
+ // Catchall so we always call mKeyChainAliasResponse
Log.e(TAG, "error while granting access", ignored);
+ respondWithAlias(null);
}
return null;
}
+
+ private void respondWithAlias(String alias) {
+ try {
+ mKeyChainAliasResponse.alias(alias);
+ } catch (Exception e) {
+ // don't just catch RemoteException, caller could
+ // throw back a RuntimeException across processes
+ // which we should protect against.
+ Log.e(TAG, "Error while returning alias", e);
+ }
+ }
+
@Override protected void onPostExecute(Void unused) {
finishActivity();
}
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java
index 6686542..7fbd323 100644
--- a/src/com/android/keychain/KeyChainService.java
+++ b/src/com/android/keychain/KeyChainService.java
@@ -59,7 +59,6 @@
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.Preconditions;
-import com.android.internal.widget.LockPatternUtils;
import com.android.keychain.internal.ExistingKeysProvider;
import com.android.keychain.internal.GrantsDatabase;
import com.android.org.conscrypt.TrustedCertificateStore;
@@ -188,10 +187,8 @@
final Enumeration<String> aliases = mKeyStore.aliases();
while (aliases.hasMoreElements()) {
final String alias = aliases.nextElement();
- if (!alias.startsWith(LockPatternUtils.SYNTHETIC_PASSWORD_KEY_PREFIX)) {
- if (mKeyStore.isKeyEntry(alias)) {
- keyStoreAliases.add(alias);
- }
+ if (mKeyStore.isKeyEntry(alias)) {
+ keyStoreAliases.add(alias);
}
}
} catch (KeyStoreException e) {
@@ -745,6 +742,8 @@
@Override public boolean setGrant(int uid, String alias, boolean granted) {
Preconditions.checkCallAuthorization(isSystemUid(getCaller()), MSG_NOT_SYSTEM);
+ Preconditions.checkArgument(containsKeyPair(alias),
+ "Alias not associated with a key.");
mGrantsDb.setGrant(uid, alias, granted);
if (!granted) {
try {
diff --git a/tests/src/com/android/keychain/tests/KeyChainActivityTest.java b/tests/src/com/android/keychain/tests/KeyChainActivityTest.java
index 9acb6de..f3a2bb5 100644
--- a/tests/src/com/android/keychain/tests/KeyChainActivityTest.java
+++ b/tests/src/com/android/keychain/tests/KeyChainActivityTest.java
@@ -47,7 +47,7 @@
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
-import java.util.Arrays;
+import java.util.Collections;
import java.util.concurrent.CancellationException;
import javax.security.auth.x500.X500Principal;
@@ -230,7 +230,7 @@
KeyStore keyStore, X500Principal issuer) {
return new CertificateParametersFilter(
keyStore, new String[] {},
- new ArrayList<byte[]>(Arrays.asList(issuer.getEncoded())));
+ new ArrayList<byte[]>(Collections.singletonList(issuer.getEncoded())));
}
private static X509Certificate parseCertificate(byte[] certificateBytes) {
