From 7dacad8dc88c820cc750495017c11e322ac7309f Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 24 Jan 2018 15:12:11 -0800 Subject: [PATCH] Add confirmation UI protocol to Keystore AIDL definition Test: Manually tested Bug: 63928580 Change-Id: Ief1cdb9a64737d5aac08aa1c48ff60c34218d5ba --- Android.bp | 1 + core/java/Android.bp | 3 +- .../security/IConfirmationPromptCallback.aidl | 27 ++++++++++ .../android/security/IKeystoreService.aidl | 3 ++ keystore/java/android/security/KeyStore.java | 52 +++++++++++++++++++ 5 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 core/java/android/security/IConfirmationPromptCallback.aidl diff --git a/Android.bp b/Android.bp index 704ec8789cb6f..ee2281fe27e57 100644 --- a/Android.bp +++ b/Android.bp @@ -243,6 +243,7 @@ java_library { "core/java/android/os/storage/IStorageEventListener.aidl", "core/java/android/os/storage/IStorageShutdownObserver.aidl", "core/java/android/os/storage/IObbActionListener.aidl", + "core/java/android/security/IConfirmationPromptCallback.aidl", "core/java/android/security/IKeystoreService.aidl", "core/java/android/security/keymaster/IKeyAttestationApplicationIdProvider.aidl", "core/java/android/service/autofill/IAutoFillService.aidl", diff --git a/core/java/Android.bp b/core/java/Android.bp index afa08e65cbaa1..f7c5c57a07e4d 100644 --- a/core/java/Android.bp +++ b/core/java/Android.bp @@ -11,7 +11,8 @@ filegroup { // only used by key_store_service cc_library_shared { name: "libkeystore_aidl", - srcs: ["android/security/IKeystoreService.aidl"], + srcs: ["android/security/IKeystoreService.aidl", + "android/security/IConfirmationPromptCallback.aidl"], aidl: { export_aidl_headers: true, include_dirs: [ diff --git a/core/java/android/security/IConfirmationPromptCallback.aidl b/core/java/android/security/IConfirmationPromptCallback.aidl new file mode 100644 index 0000000000000..96a1a04828b50 --- /dev/null +++ b/core/java/android/security/IConfirmationPromptCallback.aidl @@ -0,0 +1,27 @@ +/** + * Copyright (c) 2017, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security; + +/** + * This must be kept manually in sync with system/security/keystore until AIDL + * can generate both Java and C++ bindings. + * + * @hide + */ +interface IConfirmationPromptCallback { + oneway void onConfirmationPromptCompleted(in int result, in byte[] dataThatWasConfirmed); +} diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl index b5496e4a54dcd..738eb68652301 100644 --- a/core/java/android/security/IKeystoreService.aidl +++ b/core/java/android/security/IKeystoreService.aidl @@ -81,4 +81,7 @@ interface IKeystoreService { in String wrappingKeyAlias, in byte[] maskingKey, in KeymasterArguments arguments, in long rootSid, in long fingerprintSid, out KeyCharacteristics characteristics); + int presentConfirmationPrompt(IBinder listener, String promptText, in byte[] extraData, + in String locale, in int uiOptionsAsFlags); + int cancelConfirmationPrompt(IBinder listener); } diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index e25386baf969f..ffa6b7650f5b0 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -730,6 +730,58 @@ public class KeyStore { } } + // Keep in sync with confirmationui/1.0/types.hal. + public static final int CONFIRMATIONUI_OK = 0; + public static final int CONFIRMATIONUI_CANCELED = 1; + public static final int CONFIRMATIONUI_ABORTED = 2; + public static final int CONFIRMATIONUI_OPERATION_PENDING = 3; + public static final int CONFIRMATIONUI_IGNORED = 4; + public static final int CONFIRMATIONUI_SYSTEM_ERROR = 5; + public static final int CONFIRMATIONUI_UNIMPLEMENTED = 6; + public static final int CONFIRMATIONUI_UNEXPECTED = 7; + public static final int CONFIRMATIONUI_UIERROR = 0x10000; + public static final int CONFIRMATIONUI_UIERROR_MISSING_GLYPH = 0x10001; + public static final int CONFIRMATIONUI_UIERROR_MESSAGE_TOO_LONG = 0x10002; + public static final int CONFIRMATIONUI_UIERROR_MALFORMED_UTF8_ENCODING = 0x10003; + + /** + * Requests keystore call into the confirmationui HAL to display a prompt. + * + * @param listener the binder to use for callbacks. + * @param promptText the prompt to display. + * @param extraData extra data / nonce from application. + * @param locale the locale as a BCP 47 langauge tag. + * @param uiOptionsAsFlags the UI options to use, as flags. + * @return one of the {@code CONFIRMATIONUI_*} constants, for + * example {@code KeyStore.CONFIRMATIONUI_OK}. + */ + public int presentConfirmationPrompt(IBinder listener, String promptText, byte[] extraData, + String locale, int uiOptionsAsFlags) { + try { + return mBinder.presentConfirmationPrompt(listener, promptText, extraData, locale, + uiOptionsAsFlags); + } catch (RemoteException e) { + Log.w(TAG, "Cannot connect to keystore", e); + return CONFIRMATIONUI_SYSTEM_ERROR; + } + } + + /** + * Requests keystore call into the confirmationui HAL to cancel displaying a prompt. + * + * @param listener the binder passed to the {@link #presentConfirmationPrompt} method. + * @return one of the {@code CONFIRMATIONUI_*} constants, for + * example {@code KeyStore.CONFIRMATIONUI_OK}. + */ + public int cancelConfirmationPrompt(IBinder listener) { + try { + return mBinder.cancelConfirmationPrompt(listener); + } catch (RemoteException e) { + Log.w(TAG, "Cannot connect to keystore", e); + return CONFIRMATIONUI_SYSTEM_ERROR; + } + } + /** * Returns a {@link KeyStoreException} corresponding to the provided keystore/keymaster error * code.