Merge "Remove unimplemented RecoverableKeystoreManager APIs." into pi-dev

am: a5b29ffffe

Change-Id: Ida09ae3747db332fcaa4ccb8a2bb774c96ce0caf

core/java/android/security/keystore/RecoveryController.java

@@ -195,17 +195,7 @@ public class RecoveryController {
      */
     public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions()
             throws InternalRecoveryServiceException {
-        try {
+        throw new UnsupportedOperationException();
-            // IPC doesn't support generic Maps.
-            @SuppressWarnings("unchecked")
-            Map<byte[], Integer> result =
-                    (Map<byte[], Integer>) mBinder.getRecoverySnapshotVersions();
-            return result;
-        } catch (RemoteException e) {
-            throw e.rethrowFromSystemServer();
-        } catch (ServiceSpecificException e) {
-            throw wrapUnexpectedServiceSpecificException(e);
-        }
     }
 
     /**
@@ -337,13 +327,7 @@ public class RecoveryController {
     @NonNull
     public @KeychainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes()
             throws InternalRecoveryServiceException {
-        try {
+        throw new UnsupportedOperationException();
-            return mBinder.getPendingRecoverySecretTypes();
-        } catch (RemoteException e) {
-            throw e.rethrowFromSystemServer();
-        } catch (ServiceSpecificException e) {
-            throw wrapUnexpectedServiceSpecificException(e);
-        }
     }
 
     /**

core/java/com/android/internal/widget/ILockSettings.aidl

@@ -67,13 +67,11 @@ interface ILockSettings {
     String getKey(String alias);
     void removeKey(String alias);
     void setSnapshotCreatedPendingIntent(in PendingIntent intent);
-    Map getRecoverySnapshotVersions();
     void setServerParams(in byte[] serverParams);
     void setRecoveryStatus(in String alias, int status);
     Map getRecoveryStatus();
     void setRecoverySecretTypes(in int[] secretTypes);
     int[] getRecoverySecretTypes();
-    int[] getPendingRecoverySecretTypes();
     byte[] startRecoverySession(in String sessionId,
             in byte[] verifierPublicKey, in byte[] vaultParams, in byte[] vaultChallenge,
             in List<KeyChainProtectionParams> secrets);

services/core/java/com/android/server/locksettings/LockSettingsService.java

@@ -1990,19 +1990,16 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     @Override
-    public KeyChainSnapshot getKeyChainSnapshot() throws RemoteException {
+    public @NonNull KeyChainSnapshot getKeyChainSnapshot() throws RemoteException {
         return mRecoverableKeyStoreManager.getKeyChainSnapshot();
     }
 
+    @Override
     public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent)
             throws RemoteException {
         mRecoverableKeyStoreManager.setSnapshotCreatedPendingIntent(intent);
     }
 
-    public Map getRecoverySnapshotVersions() throws RemoteException {
-        return mRecoverableKeyStoreManager.getRecoverySnapshotVersions();
-    }
-
     @Override
     public void setServerParams(byte[] serverParams) throws RemoteException {
         mRecoverableKeyStoreManager.setServerParams(serverParams);
@@ -2013,7 +2010,8 @@ public class LockSettingsService extends ILockSettings.Stub {
         mRecoverableKeyStoreManager.setRecoveryStatus(alias, status);
     }
 
-    public Map getRecoveryStatus() throws RemoteException {
+    @Override
+    public @NonNull Map getRecoveryStatus() throws RemoteException {
         return mRecoverableKeyStoreManager.getRecoveryStatus();
     }
 
@@ -2024,16 +2022,11 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     @Override
-    public int[] getRecoverySecretTypes() throws RemoteException {
+    public @NonNull int[] getRecoverySecretTypes() throws RemoteException {
         return mRecoverableKeyStoreManager.getRecoverySecretTypes();
 
     }
 
-    @Override
-    public int[] getPendingRecoverySecretTypes() throws RemoteException {
-        throw new SecurityException("Not implemented");
-    }
-    
     @Override
     public byte[] startRecoverySession(@NonNull String sessionId,
             @NonNull byte[] verifierPublicKey, @NonNull byte[] vaultParams,
@@ -2044,7 +2037,7 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     @Override
-    public byte[] startRecoverySessionWithCertPath(@NonNull String sessionId,
+    public @NonNull byte[] startRecoverySessionWithCertPath(@NonNull String sessionId,
             @NonNull String rootCertificateAlias, @NonNull RecoveryCertPath verifierCertPath,
             @NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge,
             @NonNull List<KeyChainProtectionParams> secrets)
@@ -2054,6 +2047,7 @@ public class LockSettingsService extends ILockSettings.Stub {
                 secrets);
     }
 
+    @Override
     public void closeSession(@NonNull String sessionId) throws RemoteException {
         mRecoverableKeyStoreManager.closeSession(sessionId);
     }
@@ -2068,7 +2062,7 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     @Override
-    public Map<String, byte[]> recoverKeys(@NonNull String sessionId,
+    public @NonNull Map<String, byte[]> recoverKeys(@NonNull String sessionId,
             @NonNull byte[] recoveryKeyBlob, @NonNull List<WrappedApplicationKey> applicationKeys)
             throws RemoteException {
         return mRecoverableKeyStoreManager.recoverKeys(sessionId, recoveryKeyBlob, applicationKeys);
@@ -2085,17 +2079,17 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     @Override
-    public String generateKey(@NonNull String alias) throws RemoteException {
+    public @Nullable String generateKey(@NonNull String alias) throws RemoteException {
         return mRecoverableKeyStoreManager.generateKey(alias);
     }
 
     @Override
-    public String importKey(@NonNull String alias, byte[] keyBytes) throws RemoteException {
+    public @Nullable String importKey(@NonNull String alias, byte[] keyBytes) throws RemoteException {
         return mRecoverableKeyStoreManager.importKey(alias, keyBytes);
     }
 
     @Override
-    public String getKey(@NonNull String alias) throws RemoteException {
+    public @Nullable String getKey(@NonNull String alias) throws RemoteException {
         return mRecoverableKeyStoreManager.getKey(alias);
     }
 

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

@@ -317,18 +317,6 @@ public class RecoverableKeyStoreManager {
         mListenersStorage.setSnapshotListener(uid, intent);
     }
 
-    /**
-     * Gets recovery snapshot versions for all accounts. Note that snapshot may have 0 application
-     * keys, but it still needs to be synced, if previous versions were not empty.
-     *
-     * @return Map from Recovery agent account to snapshot version.
-     */
-    public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions()
-            throws RemoteException {
-        checkRecoverKeyStorePermission();
-        throw new UnsupportedOperationException();
-    }
-
     public void setServerParams(@NonNull byte[] serverParams) throws RemoteException {
         checkRecoverKeyStorePermission();
         int userId = UserHandle.getCallingUserId();
@@ -391,29 +379,6 @@ public class RecoverableKeyStoreManager {
             Binder.getCallingUid());
     }
 
-    /**
-     * Gets secret types RecoveryManagers is waiting for to create new Recovery Data.
-     *
-     * @return secret types
-     * @hide
-     */
-    public @NonNull int[] getPendingRecoverySecretTypes() throws RemoteException {
-        checkRecoverKeyStorePermission();
-        throw new UnsupportedOperationException();
-    }
-
-    public void recoverySecretAvailable(
-            @NonNull KeyChainProtectionParams recoverySecret) throws RemoteException {
-        int uid = Binder.getCallingUid();
-        if (recoverySecret.getLockScreenUiFormat() == KeyChainProtectionParams.TYPE_LOCKSCREEN) {
-            throw new SecurityException(
-                    "Caller " + uid + " is not allowed to set lock screen secret");
-        }
-        checkRecoverKeyStorePermission();
-        // TODO: add hook from LockSettingsService to set lock screen secret.
-        throw new UnsupportedOperationException();
-    }
-
     /**
      * Initializes recovery session given the X509-encoded public key of the recovery service.
      *
@@ -549,7 +514,7 @@ public class RecoverableKeyStoreManager {
      * @return Map from alias to raw key material.
      * @throws RemoteException if an error occurred recovering the keys.
      */
-    public Map<String, byte[]> recoverKeys(
+    public @NonNull Map<String, byte[]> recoverKeys(
             @NonNull String sessionId,
             @NonNull byte[] encryptedRecoveryKey,
             @NonNull List<WrappedApplicationKey> applicationKeys)
@@ -643,7 +608,7 @@ public class RecoverableKeyStoreManager {
      * @param alias The alias of the key.
      * @return The alias in the calling process's keystore.
      */
-    private String getAlias(int userId, int uid, String alias) {
+    private @Nullable String getAlias(int userId, int uid, String alias) {
         return mApplicationKeyStorage.getGrantAlias(userId, uid, alias);
     }
 
@@ -748,7 +713,7 @@ public class RecoverableKeyStoreManager {
      *
      * @hide
      */
-    public String importKey(@NonNull String alias, @NonNull byte[] keyBytes)
+    public @Nullable String importKey(@NonNull String alias, @NonNull byte[] keyBytes)
             throws RemoteException {
         checkRecoverKeyStorePermission();
         Preconditions.checkNotNull(alias, "alias is null");
@@ -795,7 +760,7 @@ public class RecoverableKeyStoreManager {
      *
      * @return grant alias, which caller can use to access the key.
      */
-    public String getKey(@NonNull String alias) throws RemoteException {
+    public @Nullable String getKey(@NonNull String alias) throws RemoteException {
         checkRecoverKeyStorePermission();
         Preconditions.checkNotNull(alias, "alias is null");
         int uid = Binder.getCallingUid();
@@ -847,7 +812,7 @@ public class RecoverableKeyStoreManager {
      * @return Map from alias to raw key material.
      * @throws RemoteException if an error occurred decrypting the keys.
      */
-    private Map<String, byte[]> recoverApplicationKeys(
+    private @NonNull Map<String, byte[]> recoverApplicationKeys(
             @NonNull byte[] recoveryKey,
             @NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException {
         HashMap<String, byte[]> keyMaterialByAlias = new HashMap<>();