Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Remove unimplemented RecoverableKeystoreManager APIs." into pi-dev

Browse Source 
am: a5b29ffffe

Change-Id: Ida09ae3747db332fcaa4ccb8a2bb774c96ce0caf
This commit is contained in:
Dmitry Dementyev
2018-03-26 02:43:28 +00:00
committed by android-build-merger
parent 47ae32d079 a5b29ffffe
commit 55d2139ec6
4 changed files with 18 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
core/java/android/security/keystore/RecoveryController.java
View File

@@ -195,17 +195,7 @@ public class RecoveryController {
*/
public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions()
throws InternalRecoveryServiceException {
try {
// IPC doesn't support generic Maps.
@SuppressWarnings("unchecked")
Map<byte[], Integer> result =
(Map<byte[], Integer>) mBinder.getRecoverySnapshotVersions();
return result;
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (ServiceSpecificException e) {
throw wrapUnexpectedServiceSpecificException(e);
}
throw new UnsupportedOperationException();
}
/**
@@ -337,13 +327,7 @@ public class RecoveryController {
@NonNull
public @KeychainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes()
throws InternalRecoveryServiceException {
try {
return mBinder.getPendingRecoverySecretTypes();
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (ServiceSpecificException e) {
throw wrapUnexpectedServiceSpecificException(e);
}
throw new UnsupportedOperationException();
}
/**

2
core/java/com/android/internal/widget/ILockSettings.aidl
View File

@@ -67,13 +67,11 @@ interface ILockSettings {
String getKey(String alias);
void removeKey(String alias);
void setSnapshotCreatedPendingIntent(in PendingIntent intent);
Map getRecoverySnapshotVersions();
void setServerParams(in byte[] serverParams);
void setRecoveryStatus(in String alias, int status);
Map getRecoveryStatus();
void setRecoverySecretTypes(in int[] secretTypes);
int[] getRecoverySecretTypes();
int[] getPendingRecoverySecretTypes();
byte[] startRecoverySession(in String sessionId,
in byte[] verifierPublicKey, in byte[] vaultParams, in byte[] vaultChallenge,
in List<KeyChainProtectionParams> secrets);

28
services/core/java/com/android/server/locksettings/LockSettingsService.java
View File

@@ -1990,19 +1990,16 @@ public class LockSettingsService extends ILockSettings.Stub {
}
@Override
public KeyChainSnapshot getKeyChainSnapshot() throws RemoteException {
public @NonNull KeyChainSnapshot getKeyChainSnapshot() throws RemoteException {
return mRecoverableKeyStoreManager.getKeyChainSnapshot();
}
@Override
public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent)
throws RemoteException {
mRecoverableKeyStoreManager.setSnapshotCreatedPendingIntent(intent);
}
public Map getRecoverySnapshotVersions() throws RemoteException {
return mRecoverableKeyStoreManager.getRecoverySnapshotVersions();
}
@Override
public void setServerParams(byte[] serverParams) throws RemoteException {
mRecoverableKeyStoreManager.setServerParams(serverParams);
@@ -2013,7 +2010,8 @@ public class LockSettingsService extends ILockSettings.Stub {
mRecoverableKeyStoreManager.setRecoveryStatus(alias, status);
}
public Map getRecoveryStatus() throws RemoteException {
@Override
public @NonNull Map getRecoveryStatus() throws RemoteException {
return mRecoverableKeyStoreManager.getRecoveryStatus();
}
@@ -2024,16 +2022,11 @@ public class LockSettingsService extends ILockSettings.Stub {
}
@Override
public int[] getRecoverySecretTypes() throws RemoteException {
public @NonNull int[] getRecoverySecretTypes() throws RemoteException {
return mRecoverableKeyStoreManager.getRecoverySecretTypes();
}
@Override
public int[] getPendingRecoverySecretTypes() throws RemoteException {
throw new SecurityException("Not implemented");
}
@Override
public byte[] startRecoverySession(@NonNull String sessionId,
@NonNull byte[] verifierPublicKey, @NonNull byte[] vaultParams,
@@ -2044,7 +2037,7 @@ public class LockSettingsService extends ILockSettings.Stub {
}
@Override
public byte[] startRecoverySessionWithCertPath(@NonNull String sessionId,
public @NonNull byte[] startRecoverySessionWithCertPath(@NonNull String sessionId,
@NonNull String rootCertificateAlias, @NonNull RecoveryCertPath verifierCertPath,
@NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge,
@NonNull List<KeyChainProtectionParams> secrets)
@@ -2054,6 +2047,7 @@ public class LockSettingsService extends ILockSettings.Stub {
secrets);
}
@Override
public void closeSession(@NonNull String sessionId) throws RemoteException {
mRecoverableKeyStoreManager.closeSession(sessionId);
}
@@ -2068,7 +2062,7 @@ public class LockSettingsService extends ILockSettings.Stub {
}
@Override
public Map<String, byte[]> recoverKeys(@NonNull String sessionId,
public @NonNull Map<String, byte[]> recoverKeys(@NonNull String sessionId,
@NonNull byte[] recoveryKeyBlob, @NonNull List<WrappedApplicationKey> applicationKeys)
throws RemoteException {
return mRecoverableKeyStoreManager.recoverKeys(sessionId, recoveryKeyBlob, applicationKeys);
@@ -2085,17 +2079,17 @@ public class LockSettingsService extends ILockSettings.Stub {
}
@Override
public String generateKey(@NonNull String alias) throws RemoteException {
public @Nullable String generateKey(@NonNull String alias) throws RemoteException {
return mRecoverableKeyStoreManager.generateKey(alias);
}
@Override
public String importKey(@NonNull String alias, byte[] keyBytes) throws RemoteException {
public @Nullable String importKey(@NonNull String alias, byte[] keyBytes) throws RemoteException {
return mRecoverableKeyStoreManager.importKey(alias, keyBytes);
}
@Override
public String getKey(@NonNull String alias) throws RemoteException {
public @Nullable String getKey(@NonNull String alias) throws RemoteException {
return mRecoverableKeyStoreManager.getKey(alias);
}

45
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
View File

@@ -317,18 +317,6 @@ public class RecoverableKeyStoreManager {
mListenersStorage.setSnapshotListener(uid, intent);
}
/**
* Gets recovery snapshot versions for all accounts. Note that snapshot may have 0 application
* keys, but it still needs to be synced, if previous versions were not empty.
*
* @return Map from Recovery agent account to snapshot version.
*/
public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions()
throws RemoteException {
checkRecoverKeyStorePermission();
throw new UnsupportedOperationException();
}
public void setServerParams(@NonNull byte[] serverParams) throws RemoteException {
checkRecoverKeyStorePermission();
int userId = UserHandle.getCallingUserId();
@@ -391,29 +379,6 @@ public class RecoverableKeyStoreManager {
Binder.getCallingUid());
}
/**
* Gets secret types RecoveryManagers is waiting for to create new Recovery Data.
*
* @return secret types
* @hide
*/
public @NonNull int[] getPendingRecoverySecretTypes() throws RemoteException {
checkRecoverKeyStorePermission();
throw new UnsupportedOperationException();
}
public void recoverySecretAvailable(
@NonNull KeyChainProtectionParams recoverySecret) throws RemoteException {
int uid = Binder.getCallingUid();
if (recoverySecret.getLockScreenUiFormat() == KeyChainProtectionParams.TYPE_LOCKSCREEN) {
throw new SecurityException(
"Caller " + uid + " is not allowed to set lock screen secret");
}
checkRecoverKeyStorePermission();
// TODO: add hook from LockSettingsService to set lock screen secret.
throw new UnsupportedOperationException();
}
/**
* Initializes recovery session given the X509-encoded public key of the recovery service.
*
@@ -549,7 +514,7 @@ public class RecoverableKeyStoreManager {
* @return Map from alias to raw key material.
* @throws RemoteException if an error occurred recovering the keys.
*/
public Map<String, byte[]> recoverKeys(
public @NonNull Map<String, byte[]> recoverKeys(
@NonNull String sessionId,
@NonNull byte[] encryptedRecoveryKey,
@NonNull List<WrappedApplicationKey> applicationKeys)
@@ -643,7 +608,7 @@ public class RecoverableKeyStoreManager {
* @param alias The alias of the key.
* @return The alias in the calling process's keystore.
*/
private String getAlias(int userId, int uid, String alias) {
private @Nullable String getAlias(int userId, int uid, String alias) {
return mApplicationKeyStorage.getGrantAlias(userId, uid, alias);
}
@@ -748,7 +713,7 @@ public class RecoverableKeyStoreManager {
*
* @hide
*/
public String importKey(@NonNull String alias, @NonNull byte[] keyBytes)
public @Nullable String importKey(@NonNull String alias, @NonNull byte[] keyBytes)
throws RemoteException {
checkRecoverKeyStorePermission();
Preconditions.checkNotNull(alias, "alias is null");
@@ -795,7 +760,7 @@ public class RecoverableKeyStoreManager {
*
* @return grant alias, which caller can use to access the key.
*/
public String getKey(@NonNull String alias) throws RemoteException {
public @Nullable String getKey(@NonNull String alias) throws RemoteException {
checkRecoverKeyStorePermission();
Preconditions.checkNotNull(alias, "alias is null");
int uid = Binder.getCallingUid();
@@ -847,7 +812,7 @@ public class RecoverableKeyStoreManager {
* @return Map from alias to raw key material.
* @throws RemoteException if an error occurred decrypting the keys.
*/
private Map<String, byte[]> recoverApplicationKeys(
private @NonNull Map<String, byte[]> recoverApplicationKeys(
@NonNull byte[] recoveryKey,
@NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException {
HashMap<String, byte[]> keyMaterialByAlias = new HashMap<>();