Merge "Unhide RecoverableKeyStoreLoader API."

api/current.txt

@@ -11545,15 +11545,15 @@ package android.content.res {
 
   public final class AssetManager implements java.lang.AutoCloseable {
     method public void close();
-    method public java.lang.String[] getLocales();
-    method public java.lang.String[] list(java.lang.String) throws java.io.IOException;
-    method public java.io.InputStream open(java.lang.String) throws java.io.IOException;
-    method public java.io.InputStream open(java.lang.String, int) throws java.io.IOException;
-    method public android.content.res.AssetFileDescriptor openFd(java.lang.String) throws java.io.IOException;
-    method public android.content.res.AssetFileDescriptor openNonAssetFd(java.lang.String) throws java.io.IOException;
-    method public android.content.res.AssetFileDescriptor openNonAssetFd(int, java.lang.String) throws java.io.IOException;
-    method public android.content.res.XmlResourceParser openXmlResourceParser(java.lang.String) throws java.io.IOException;
-    method public android.content.res.XmlResourceParser openXmlResourceParser(int, java.lang.String) throws java.io.IOException;
+    method public final java.lang.String[] getLocales();
+    method public final java.lang.String[] list(java.lang.String) throws java.io.IOException;
+    method public final java.io.InputStream open(java.lang.String) throws java.io.IOException;
+    method public final java.io.InputStream open(java.lang.String, int) throws java.io.IOException;
+    method public final android.content.res.AssetFileDescriptor openFd(java.lang.String) throws java.io.IOException;
+    method public final android.content.res.AssetFileDescriptor openNonAssetFd(java.lang.String) throws java.io.IOException;
+    method public final android.content.res.AssetFileDescriptor openNonAssetFd(int, java.lang.String) throws java.io.IOException;
+    method public final android.content.res.XmlResourceParser openXmlResourceParser(java.lang.String) throws java.io.IOException;
+    method public final android.content.res.XmlResourceParser openXmlResourceParser(int, java.lang.String) throws java.io.IOException;
     field public static final int ACCESS_BUFFER = 3; // 0x3
     field public static final int ACCESS_RANDOM = 1; // 0x1
     field public static final int ACCESS_STREAMING = 2; // 0x2

api/system-current.txt

@@ -3903,6 +3903,120 @@ package android.security.keystore {
 
 }
 
+package android.security.keystore.recovery {
+
+  public class DecryptionFailedException extends java.security.GeneralSecurityException {
+    ctor public DecryptionFailedException(java.lang.String);
+  }
+
+  public class InternalRecoveryServiceException extends java.security.GeneralSecurityException {
+    ctor public InternalRecoveryServiceException(java.lang.String);
+    ctor public InternalRecoveryServiceException(java.lang.String, java.lang.Throwable);
+  }
+
+  public final class KeyChainProtectionParams implements android.os.Parcelable {
+    method public void clearSecret();
+    method public int describeContents();
+    method public android.security.keystore.recovery.KeyDerivationParams getKeyDerivationParams();
+    method public int getLockScreenUiFormat();
+    method public byte[] getSecret();
+    method public int getUserSecretType();
+    method public void writeToParcel(android.os.Parcel, int);
+    field public static final android.os.Parcelable.Creator<android.security.keystore.recovery.KeyChainProtectionParams> CREATOR;
+    field public static final int TYPE_CUSTOM_PASSWORD = 101; // 0x65
+    field public static final int TYPE_LOCKSCREEN = 100; // 0x64
+    field public static final int UI_FORMAT_PASSWORD = 2; // 0x2
+    field public static final int UI_FORMAT_PATTERN = 3; // 0x3
+    field public static final int UI_FORMAT_PIN = 1; // 0x1
+  }
+
+  public static class KeyChainProtectionParams.Builder {
+    ctor public KeyChainProtectionParams.Builder();
+    method public android.security.keystore.recovery.KeyChainProtectionParams build();
+    method public android.security.keystore.recovery.KeyChainProtectionParams.Builder setKeyDerivationParams(android.security.keystore.recovery.KeyDerivationParams);
+    method public android.security.keystore.recovery.KeyChainProtectionParams.Builder setLockScreenUiFormat(int);
+    method public android.security.keystore.recovery.KeyChainProtectionParams.Builder setSecret(byte[]);
+    method public android.security.keystore.recovery.KeyChainProtectionParams.Builder setUserSecretType(int);
+  }
+
+  public final class KeyChainSnapshot implements android.os.Parcelable {
+    method public int describeContents();
+    method public long getCounterId();
+    method public byte[] getEncryptedRecoveryKeyBlob();
+    method public java.util.List<android.security.keystore.recovery.KeyChainProtectionParams> getKeyChainProtectionParams();
+    method public int getMaxAttempts();
+    method public byte[] getServerParams();
+    method public int getSnapshotVersion();
+    method public byte[] getTrustedHardwarePublicKey();
+    method public java.util.List<android.security.keystore.recovery.WrappedApplicationKey> getWrappedApplicationKeys();
+    method public void writeToParcel(android.os.Parcel, int);
+    field public static final android.os.Parcelable.Creator<android.security.keystore.recovery.KeyChainSnapshot> CREATOR;
+  }
+
+  public final class KeyDerivationParams implements android.os.Parcelable {
+    method public static android.security.keystore.recovery.KeyDerivationParams createSha256Params(byte[]);
+    method public int describeContents();
+    method public int getAlgorithm();
+    method public byte[] getSalt();
+    method public void writeToParcel(android.os.Parcel, int);
+    field public static final int ALGORITHM_SHA256 = 1; // 0x1
+    field public static final android.os.Parcelable.Creator<android.security.keystore.recovery.KeyDerivationParams> CREATOR;
+  }
+
+  public class LockScreenRequiredException extends java.security.GeneralSecurityException {
+    ctor public LockScreenRequiredException(java.lang.String);
+  }
+
+  public class RecoveryController {
+    method public byte[] generateAndStoreKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;
+    method public java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public static android.security.keystore.recovery.RecoveryController getInstance(android.content.Context);
+    method public int[] getPendingRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public int[] getRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public void initRecoveryService(java.lang.String, byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public void recoverySecretAvailable(android.security.keystore.recovery.KeyChainProtectionParams) throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public void removeKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public void setRecoverySecretTypes(int[]) throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public void setRecoveryStatus(java.lang.String, java.lang.String, int) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.content.pm.PackageManager.NameNotFoundException;
+    method public void setServerParams(byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    method public void setSnapshotCreatedPendingIntent(android.app.PendingIntent) throws android.security.keystore.recovery.InternalRecoveryServiceException;
+    field public static final int RECOVERY_STATUS_MISSING_ACCOUNT = 2; // 0x2
+    field public static final int RECOVERY_STATUS_PERMANENT_FAILURE = 3; // 0x3
+    field public static final int RECOVERY_STATUS_SYNCED = 0; // 0x0
+    field public static final int RECOVERY_STATUS_SYNC_IN_PROGRESS = 1; // 0x1
+  }
+
+  public class RecoverySession implements java.lang.AutoCloseable {
+    method public void close();
+    method public java.util.Map<java.lang.String, byte[]> recoverKeys(byte[], java.util.List<android.security.keystore.recovery.WrappedApplicationKey>) throws android.security.keystore.recovery.DecryptionFailedException, android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.SessionExpiredException;
+    method public byte[] start(byte[], byte[], byte[], java.util.List<android.security.keystore.recovery.KeyChainProtectionParams>) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException;
+  }
+
+  public class SessionExpiredException extends java.security.GeneralSecurityException {
+    ctor public SessionExpiredException(java.lang.String);
+  }
+
+  public final class WrappedApplicationKey implements android.os.Parcelable {
+    method public int describeContents();
+    method public byte[] getAccount();
+    method public java.lang.String getAlias();
+    method public byte[] getEncryptedKeyMaterial();
+    method public void writeToParcel(android.os.Parcel, int);
+    field public static final android.os.Parcelable.Creator<android.security.keystore.recovery.WrappedApplicationKey> CREATOR;
+  }
+
+  public static class WrappedApplicationKey.Builder {
+    ctor public WrappedApplicationKey.Builder();
+    method public android.security.keystore.recovery.WrappedApplicationKey build();
+    method public android.security.keystore.recovery.WrappedApplicationKey.Builder setAccount(byte[]);
+    method public android.security.keystore.recovery.WrappedApplicationKey.Builder setAlias(java.lang.String);
+    method public android.security.keystore.recovery.WrappedApplicationKey.Builder setEncryptedKeyMaterial(byte[]);
+  }
+
+}
+
 package android.service.autofill {
 
   public abstract class AutofillFieldClassificationService extends android.app.Service {

core/java/android/security/keystore/KeychainProtectionParams.java

@@ -260,9 +260,6 @@ public final class KeychainProtectionParams implements Parcelable {
         }
     };
 
-    /**
-     * @hide
-     */
     @Override
     public void writeToParcel(Parcel out, int flags) {
         out.writeInt(mUserSecretType);

core/java/android/security/keystore/KeychainSnapshot.java

@@ -151,6 +151,8 @@ public final class KeychainSnapshot implements Parcelable {
 
     /**
      * Builder for creating {@link KeychainSnapshot}.
+     *
+     * @hide
      */
     public static class Builder {
         private KeychainSnapshot mInstance = new KeychainSnapshot();
@@ -263,9 +265,6 @@ public final class KeychainSnapshot implements Parcelable {
         }
     }
 
-    /**
-     * @hide
-     */
     @Override
     public void writeToParcel(Parcel out, int flags) {
         out.writeInt(mSnapshotVersion);

core/java/android/security/keystore/recovery/BadCertificateFormatException.java

@@ -20,6 +20,7 @@ package android.security.keystore.recovery;
  * Error thrown when the recovery agent supplies an invalid X509 certificate.
  *
  * @hide
+ * Deprecated
  */
 public class BadCertificateFormatException extends RecoveryControllerException {
     public BadCertificateFormatException(String msg) {

core/java/android/security/keystore/recovery/DecryptionFailedException.java

@@ -16,6 +16,8 @@
 
 package android.security.keystore.recovery;
 
+import android.annotation.SystemApi;
+
 import java.security.GeneralSecurityException;
 
 /**
@@ -24,8 +26,8 @@ import java.security.GeneralSecurityException;
  *
  * @hide
  */
+@SystemApi
 public class DecryptionFailedException extends GeneralSecurityException {
-
     public DecryptionFailedException(String msg) {
         super(msg);
     }

core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java

@@ -16,8 +16,9 @@
 
 package android.security.keystore.recovery;
 
-import java.security.GeneralSecurityException;
+import android.annotation.SystemApi;
 
+import java.security.GeneralSecurityException;
 /**
  * An error thrown when something went wrong internally in the recovery service.
  *
@@ -26,6 +27,7 @@ import java.security.GeneralSecurityException;
  *
  * @hide
  */
+@SystemApi
 public class InternalRecoveryServiceException extends GeneralSecurityException {
     public InternalRecoveryServiceException(String msg) {
         super(msg);

core/java/android/security/keystore/recovery/KeyChainProtectionParams.java

@@ -18,6 +18,7 @@ package android.security.keystore.recovery;
 
 import android.annotation.IntDef;
 import android.annotation.NonNull;
+import android.annotation.SystemApi;
 import android.os.Parcel;
 import android.os.Parcelable;
 
@@ -47,6 +48,7 @@ import java.util.Arrays;
  *
  * @hide
  */
+@SystemApi
 public final class KeyChainProtectionParams implements Parcelable {
     /** @hide */
     @Retention(RetentionPolicy.SOURCE)
@@ -260,9 +262,6 @@ public final class KeyChainProtectionParams implements Parcelable {
         }
     };
 
-    /**
-     * @hide
-     */
     @Override
     public void writeToParcel(Parcel out, int flags) {
         out.writeInt(mUserSecretType);

core/java/android/security/keystore/recovery/KeyChainSnapshot.java

@@ -17,6 +17,7 @@
 package android.security.keystore.recovery;
 
 import android.annotation.NonNull;
+import android.annotation.SystemApi;
 import android.os.Parcel;
 import android.os.Parcelable;
 
@@ -42,6 +43,7 @@ import java.util.List;
  *
  * @hide
  */
+@SystemApi
 public final class KeyChainSnapshot implements Parcelable {
     private static final int DEFAULT_MAX_ATTEMPTS = 10;
     private static final long DEFAULT_COUNTER_ID = 1L;
@@ -151,10 +153,10 @@ public final class KeyChainSnapshot implements Parcelable {
 
     /**
      * Builder for creating {@link KeyChainSnapshot}.
+     * @hide
      */
     public static class Builder {
-        private KeyChainSnapshot
-                mInstance = new KeyChainSnapshot();
+        private KeyChainSnapshot mInstance = new KeyChainSnapshot();
 
         /**
          * Snapshot version for given account.
@@ -264,9 +266,6 @@ public final class KeyChainSnapshot implements Parcelable {
         }
     }
 
-    /**
-     * @hide
-     */
     @Override
     public void writeToParcel(Parcel out, int flags) {
         out.writeInt(mSnapshotVersion);

core/java/android/security/keystore/recovery/KeyDerivationParams.java

@@ -18,9 +18,11 @@ package android.security.keystore.recovery;
 
 import android.annotation.IntDef;
 import android.annotation.NonNull;
+import android.annotation.SystemApi;
 import android.os.Parcel;
 import android.os.Parcelable;
 
+
 import com.android.internal.util.Preconditions;
 
 import java.lang.annotation.Retention;
@@ -32,6 +34,7 @@ import java.lang.annotation.RetentionPolicy;
  *
  * @hide
  */
+@SystemApi
 public final class KeyDerivationParams implements Parcelable {
     private final int mAlgorithm;
     private byte[] mSalt;
@@ -61,6 +64,9 @@ public final class KeyDerivationParams implements Parcelable {
         return new KeyDerivationParams(ALGORITHM_SHA256, salt);
     }
 
+    /**
+     * @hide
+     */
     // TODO: Make private once legacy API is removed
     public KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) {
         mAlgorithm = algorithm;
@@ -92,9 +98,6 @@ public final class KeyDerivationParams implements Parcelable {
         }
     };
 
-    /**
-     * @hide
-     */
     @Override
     public void writeToParcel(Parcel out, int flags) {
         out.writeInt(mAlgorithm);

core/java/android/security/keystore/recovery/LockScreenRequiredException.java

@@ -16,6 +16,8 @@
 
 package android.security.keystore.recovery;
 
+import android.annotation.SystemApi;
+
 import java.security.GeneralSecurityException;
 
 /**
@@ -25,6 +27,7 @@ import java.security.GeneralSecurityException;
  *
  * @hide
  */
+@SystemApi
 public class LockScreenRequiredException extends GeneralSecurityException {
     public LockScreenRequiredException(String msg) {
         super(msg);

core/java/android/security/keystore/recovery/RecoveryClaim.java

@@ -20,6 +20,7 @@ package android.security.keystore.recovery;
  * An attempt to recover a keychain protected by remote secure hardware.
  *
  * @hide
+ * Deprecated
  */
 public class RecoveryClaim {
 

core/java/android/security/keystore/recovery/RecoveryController.java

@@ -19,6 +19,7 @@ package android.security.keystore.recovery;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.RequiresPermission;
+import android.annotation.SystemApi;
 import android.app.PendingIntent;
 import android.content.Context;
 import android.content.pm.PackageManager.NameNotFoundException;
@@ -52,6 +53,7 @@ import java.util.Map;
  *
  * @hide
  */
+@SystemApi
 public class RecoveryController {
     private static final String TAG = "RecoveryController";
 
@@ -236,12 +238,13 @@ public class RecoveryController {
 
     /**
      * Gets aliases of recoverable keys for the application.
+     *
      * @param packageName which recoverable keys' aliases will be returned.
      *
      * @return {@code List} of all aliases.
      */
     public List<String> getAliases(@Nullable String packageName)
-            throws RemoteException, InternalRecoveryServiceException {
+            throws InternalRecoveryServiceException {
         try {
             // TODO: update aidl
             Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(packageName);
@@ -400,8 +403,8 @@ public class RecoveryController {
     }
 
     /**
-     * Generates a key called {@code alias} and loads it into the recoverable key store. Returns the
-     * raw material of the key.
+     * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable
+     * key store. Returns the raw material of the key.
      *
      * @param alias The key alias.
      * @param account The account associated with the key

core/java/android/security/keystore/recovery/RecoveryControllerException.java

@@ -22,6 +22,7 @@ import java.security.GeneralSecurityException;
  * Base exception for errors thrown by {@link RecoveryController}.
  *
  * @hide
+ * Deprecated
  */
 public abstract class RecoveryControllerException extends GeneralSecurityException {
     RecoveryControllerException() { }

core/java/android/security/keystore/recovery/RecoverySession.java

@@ -17,6 +17,8 @@
 package android.security.keystore.recovery;
 
 import android.annotation.NonNull;
+import android.annotation.RequiresPermission;
+import android.annotation.SystemApi;
 import android.os.RemoteException;
 import android.os.ServiceSpecificException;
 import android.util.Log;
@@ -32,6 +34,7 @@ import java.util.Map;
  *
  * @hide
  */
+@SystemApi
 public class RecoverySession implements AutoCloseable {
     private static final String TAG = "RecoverySession";
 
@@ -48,6 +51,7 @@ public class RecoverySession implements AutoCloseable {
     /**
      * A new session, started by {@code recoveryManager}.
      */
+    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
     static RecoverySession newInstance(RecoveryController recoveryController) {
         return new RecoverySession(recoveryController, newSessionId());
     }
@@ -88,6 +92,7 @@ public class RecoverySession implements AutoCloseable {
      * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
      *     service.
      */
+    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
     @NonNull public byte[] start(
             @NonNull byte[] verifierPublicKey,
             @NonNull byte[] vaultParams,
@@ -125,6 +130,7 @@ public class RecoverySession implements AutoCloseable {
      * @throws DecryptionFailedException if unable to decrypt the snapshot.
      * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service.
      */
+    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
     public Map<String, byte[]> recoverKeys(
             @NonNull byte[] recoveryKeyBlob,
             @NonNull List<WrappedApplicationKey> applicationKeys)
@@ -158,9 +164,8 @@ public class RecoverySession implements AutoCloseable {
     /**
      * Deletes all data associated with {@code session}. Should not be invoked directly but via
      * {@link RecoverySession#close()}.
-     *
-     * @hide
      */
+    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
     @Override
     public void close() {
         try {

core/java/android/security/keystore/recovery/SessionExpiredException.java

@@ -16,14 +16,16 @@
 
 package android.security.keystore.recovery;
 
-import java.security.GeneralSecurityException;
+import android.annotation.SystemApi;
 
+import java.security.GeneralSecurityException;
 
 /**
  * Error thrown when attempting to use a {@link RecoverySession} that has since expired.
  *
  * @hide
  */
+@SystemApi
 public class SessionExpiredException extends GeneralSecurityException {
     public SessionExpiredException(String msg) {
         super(msg);

core/java/android/security/keystore/recovery/WrappedApplicationKey.java

@@ -17,6 +17,8 @@
 package android.security.keystore.recovery;
 
 import android.annotation.NonNull;
+import android.annotation.SystemApi;
+
 import android.os.Parcel;
 import android.os.Parcelable;
 
@@ -36,6 +38,7 @@ import com.android.internal.util.Preconditions;
  *
  * @hide
  */
+@SystemApi
 public final class WrappedApplicationKey implements Parcelable {
     private String mAlias;
     // The only supported format is AES-256 symmetric key.
@@ -143,9 +146,6 @@ public final class WrappedApplicationKey implements Parcelable {
                 }
             };
 
-    /**
-     * @hide
-     */
     @Override
     public void writeToParcel(Parcel out, int flags) {
         out.writeString(mAlias);