commit 10a9f1786b32f1642f10243f60b3bc4a62d95ea4
author Alex Klyubin <klyubin@google.com> Thu Apr 16 13:41:19 2015 -0700
committer Alex Klyubin <klyubin@google.com> Thu Apr 16 15:18:13 2015 -0700
tree 48bfd3110fd7fb7d1d10cb0d4ce943340ac40332
parent aa0d7f60b6efe093dbf9281ccb89597a421bca1d

Set Secure User ID from app level.

When AndroidKeyStore keys require used authentication, they need to be
bound to a Keymaster's Secure User ID. This ID will be set by keystore
soon. Until then, set it from the framework level (i.e., from apps
which use AndroidKeyStore).

NOTE: Accessing gatekeeper to obtain the Secure User ID will be
blocked by SELinux policy. To test this code, disable SELinux
enforcing mode.

Bug: 18088752
Change-Id: I7a3315eb52f0fc978d14d5d0e9613f2f36c6c01e

keystore/java/android/security/GateKeeper.java

diff --git a/keystore/java/android/security/GateKeeper.java b/keystore/java/android/security/GateKeeper.java
new file mode 100644
index 0000000..c9f06e9
--- /dev/null
+++ b/keystore/java/android/security/GateKeeper.java
@@ -0,0 +1,30 @@
+package android.security;
+
+import android.os.RemoteException;
+import android.os.ServiceManager;
+import android.os.UserHandle;
+import android.service.gatekeeper.IGateKeeperService;
+
+/**
+ * Convenience class for accessing the gatekeeper service.
+ *
+ * @hide
+ */
+public abstract class GateKeeper {
+
+    private GateKeeper() {}
+
+    public static IGateKeeperService getService() {
+        return IGateKeeperService.Stub.asInterface(
+                ServiceManager.getService("android.service.gatekeeper.IGateKeeperService"));
+    }
+
+    public static long getSecureUserId() throws IllegalStateException {
+        try {
+            return GateKeeper.getService().getSecureUserId(UserHandle.myUserId());
+        } catch (RemoteException e) {
+            throw new IllegalStateException(
+                    "Failed to obtain secure user ID from gatekeeper", e);
+        }
+    }
+}