Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Keystore 2.0: Add key migration API." am: d42f1be8eb

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1676925

Change-Id: I4c2b7f4d9405d912d10d9dbd77944b74ada1b877
This commit is contained in:
Rubin Xu
2021-04-21 16:00:36 +00:00
committed by Automerger Merge Worker
parent 3d46fe5294 d42f1be8eb
commit a48b43ec42
1 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
keystore/java/android/security/AndroidKeyStoreMaintenance.java
View File

@@ -22,6 +22,7 @@ import android.os.ServiceManager;
import android.os.ServiceSpecificException; import android.os.ServiceSpecificException;
import android.security.maintenance.IKeystoreMaintenance; import android.security.maintenance.IKeystoreMaintenance;
import android.system.keystore2.Domain; import android.system.keystore2.Domain;
import android.system.keystore2.KeyDescriptor;
import android.system.keystore2.ResponseCode; import android.system.keystore2.ResponseCode;
import android.util.Log; import android.util.Log;
@@ -33,6 +34,9 @@ public class AndroidKeyStoreMaintenance {
private static final String TAG = "AndroidKeyStoreMaintenance"; private static final String TAG = "AndroidKeyStoreMaintenance";
public static final int SYSTEM_ERROR = ResponseCode.SYSTEM_ERROR; public static final int SYSTEM_ERROR = ResponseCode.SYSTEM_ERROR;
public static final int INVALID_ARGUMENT = ResponseCode.INVALID_ARGUMENT;
public static final int PERMISSION_DENIED = ResponseCode.PERMISSION_DENIED;
public static final int KEY_NOT_FOUND = ResponseCode.KEY_NOT_FOUND;
private static IKeystoreMaintenance getService() { private static IKeystoreMaintenance getService() {
return IKeystoreMaintenance.Stub.asInterface( return IKeystoreMaintenance.Stub.asInterface(
@@ -148,4 +152,35 @@ public class AndroidKeyStoreMaintenance {
Log.e(TAG, "Error while reporting device off body event.", e); Log.e(TAG, "Error while reporting device off body event.", e);
} }
} }
/**
* Migrates a key given by the source descriptor to the location designated by the destination
* descriptor.
*
* @param source - The key to migrate may be specified by Domain.APP, Domain.SELINUX, or
* Domain.KEY_ID. The caller needs the permissions use, delete, and grant for the
* source namespace.
* @param destination - The new designation for the key may be specified by Domain.APP or
* Domain.SELINUX. The caller need the permission rebind for the destination
* namespace.
*
* @return * 0 on success
* * KEY_NOT_FOUND if the source did not exists.
* * PERMISSION_DENIED if any of the required permissions was missing.
* * INVALID_ARGUMENT if the destination was occupied or any domain value other than
* the allowed once were specified.
* * SYSTEM_ERROR if an unexpected error occurred.
*/
public static int migrateKeyNamespace(KeyDescriptor source, KeyDescriptor destination) {
try {
getService().migrateKeyNamespace(source, destination);
return 0;
} catch (ServiceSpecificException e) {
Log.e(TAG, "migrateKeyNamespace failed", e);
return e.errorCode;
} catch (Exception e) {
Log.e(TAG, "Can not connect to keystore", e);
return SYSTEM_ERROR;
}
}
} }