On Fri, Nov 25, 2011 at 11:55 PM, Alex Burkoff <[email protected]>wrote:
> Technically VpnService starts racoon, which then runs as a system user, and > retrieves the PSK from the KeyStore. So KeyStore entries created by other > apps aren't visible to racoon. I've also been digging through the code to > see if there is a way to write to KeyStore as system user, but no luck so > far. > I actually doubt it's doable. > have you looked at keystore.c (or keystore.cpp in 4.0)? The VPN and WiFi UID's effectively act as the system uid. Settings is installing things to the keystore as system. In fact, all keystore entries are owned by system if I recall correctly, unless an app has been using an undocumented API (which I almost removed in 4.0 since nothing internally is using this feature) -bri > > Alex. > > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
