Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Cleanup Keystore API"

Browse Source
This commit is contained in:
Chad Brubaker
2015-05-15 19:54:32 +00:00
committed by Gerrit Code Review
parent 354be7cd87 d8aacca3a1
commit a194eb9b5d
2 changed files with 45 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
core/java/android/security/IKeystoreService.aidl
View File

@@ -30,33 +30,29 @@ import android.security.KeystoreArguments;
* @hide
*/
interface IKeystoreService {
int test();
int getState(int userId);
byte[] get(String name);
int insert(String name, in byte[] item, int uid, int flags);
int del(String name, int uid);
int exist(String name, int uid);
String[] saw(String namePrefix, int uid);
String[] list(String namePrefix, int uid);
int reset();
int onUserPasswordChanged(int userId, String newPassword);
int lock();
int lock(int userId);
int unlock(int userId, String userPassword);
int zero();
int isEmpty(int userId);
int generate(String name, int uid, int keyType, int keySize, int flags,
in KeystoreArguments args);
int import_key(String name, in byte[] data, int uid, int flags);
byte[] sign(String name, in byte[] data);
int verify(String name, in byte[] data, in byte[] signature);
byte[] get_pubkey(String name);
int del_key(String name, int uid);
int grant(String name, int granteeUid);
int ungrant(String name, int granteeUid);
long getmtime(String name);
int duplicate(String srcKey, int srcUid, String destKey, int destUid);
int is_hardware_backed(String string);
int clear_uid(long uid);
int reset_uid(int uid);
int sync_uid(int sourceUid, int targetUid);
int password_uid(String password, int uid);
// Keymaster 0.4 methods
int addRngEntropy(in byte[] data);

85
keystore/java/android/security/KeyStore.java
View File

@@ -106,10 +106,10 @@ public class KeyStore {
}
}
public State state() {
public State state(int userId) {
final int ret;
try {
ret = mBinder.test();
ret = mBinder.getState(userId);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
throw new AssertionError(e);
@@ -123,6 +123,10 @@ public class KeyStore {
}
}
public State state() {
return state(UserHandle.myUserId());
}
public boolean isUnlocked() {
return state() == State.UNLOCKED;
}
@@ -171,15 +175,26 @@ public class KeyStore {
return contains(key, UID_SELF);
}
public String[] saw(String prefix, int uid) {
/**
* List all entries in the keystore for {@code uid} starting with {@code prefix}.
*/
public String[] list(String prefix, int uid) {
try {
return mBinder.saw(prefix, uid);
return mBinder.list(prefix, uid);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return null;
}
}
public String[] list(String prefix) {
return list(prefix, UID_SELF);
}
public String[] saw(String prefix, int uid) {
return list(prefix, uid);
}
public String[] saw(String prefix) {
return saw(prefix, UID_SELF);
}
@@ -193,15 +208,25 @@ public class KeyStore {
}
}
public boolean lock() {
/**
* Attempt to lock the keystore for {@code user}.
*
* @param user Android user to lock.
* @return whether {@code user}'s keystore was locked.
*/
public boolean lock(int userId) {
try {
return mBinder.lock() == NO_ERROR;
return mBinder.lock(userId) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
public boolean lock() {
return lock(UserHandle.myUserId());
}
/**
* Attempt to unlock the keystore for {@code user} with the password {@code password}.
* This is required before keystore entries created with FLAG_ENCRYPTED can be accessed or
@@ -227,15 +252,22 @@ public class KeyStore {
return unlock(UserHandle.getUserId(Process.myUid()), password);
}
public boolean isEmpty() {
/**
* Check if the keystore for {@code userId} is empty.
*/
public boolean isEmpty(int userId) {
try {
return mBinder.zero() == KEY_NOT_FOUND;
return mBinder.isEmpty(userId) != 0;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
public boolean isEmpty() {
return isEmpty(UserHandle.myUserId());
}
public boolean generate(String key, int uid, int keyType, int keySize, int flags,
byte[][] args) {
try {
@@ -266,12 +298,7 @@ public class KeyStore {
}
public boolean delKey(String key, int uid) {
try {
return mBinder.del_key(key, uid) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
return delete(key, uid);
}
public boolean delKey(String key) {
@@ -364,36 +391,6 @@ public class KeyStore {
}
}
public boolean resetUid(int uid) {
try {
mError = mBinder.reset_uid(uid);
return mError == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
public boolean syncUid(int sourceUid, int targetUid) {
try {
mError = mBinder.sync_uid(sourceUid, targetUid);
return mError == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
public boolean passwordUid(String password, int uid) {
try {
mError = mBinder.password_uid(password, uid);
return mError == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
public int getLastError() {
return mError;
}