am 72d66afe: am 12742ab5: Merge "Deprecate KeyChain.isBoundKeyAlgorithm." into mnc-dev

* commit '72d66afef2c8fccd5669e5ee0671dfea48d7a921':
  Deprecate KeyChain.isBoundKeyAlgorithm.

api/current.txt

@@ -28395,7 +28395,7 @@ package android.security {
     method public static android.content.Intent createInstallIntent();
     method public static java.security.cert.X509Certificate[] getCertificateChain(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
     method public static java.security.PrivateKey getPrivateKey(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
-    method public static boolean isBoundKeyAlgorithm(java.lang.String);
+    method public static deprecated boolean isBoundKeyAlgorithm(java.lang.String);
     method public static boolean isKeyAlgorithmSupported(java.lang.String);
     field public static final java.lang.String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED";
     field public static final java.lang.String EXTRA_CERTIFICATE = "CERT";

api/system-current.txt

@@ -30428,7 +30428,7 @@ package android.security {
     method public static android.content.Intent createInstallIntent();
     method public static java.security.cert.X509Certificate[] getCertificateChain(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
     method public static java.security.PrivateKey getPrivateKey(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
-    method public static boolean isBoundKeyAlgorithm(java.lang.String);
+    method public static deprecated boolean isBoundKeyAlgorithm(java.lang.String);
     method public static boolean isKeyAlgorithmSupported(java.lang.String);
     field public static final java.lang.String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED";
     field public static final java.lang.String EXTRA_CERTIFICATE = "CERT";

keystore/java/android/security/KeyChain.java

@@ -29,11 +29,13 @@ import android.os.Looper;
 import android.os.Process;
 import android.os.RemoteException;
 import android.os.UserHandle;
+import android.security.keystore.KeyInfo;
 import android.security.keystore.KeyProperties;
 
 import java.io.ByteArrayInputStream;
 import java.io.Closeable;
 import java.security.InvalidKeyException;
+import java.security.KeyFactory;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
@@ -442,7 +444,20 @@ public final class KeyChain {
      * imported or generated. This can be used to tell if there is special
      * hardware support that can be used to bind keys to the device in a way
      * that makes it non-exportable.
+     *
+     * @deprecated Whether the key is bound to the secure hardware is known only
+     * once the key has been imported. To find out, use:
+     * <pre>{@code
+     * PrivateKey key = ...; // private key from KeyChain
+     *
+     * KeyFactory keyFactory =
+     *     KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore");
+     * KeyInfo keyInfo = keyFactory.getKeySpec(key, KeyInfo.class);
+     * if (keyInfo.isInsideSecureHardware()) &#123;
+     *     // The key is bound to the secure hardware of this Android
+     * &#125;}</pre>
      */
+    @Deprecated
     public static boolean isBoundKeyAlgorithm(
             @NonNull @KeyProperties.KeyAlgorithmEnum String algorithm) {
         if (!isKeyAlgorithmSupported(algorithm)) {

keystore/java/android/security/KeyStore.java

@@ -383,7 +383,7 @@ public class KeyStore {
         }
     }
 
-    // TODO remove this when it's removed from Settings
+    // TODO: remove this when it's removed from Settings
     public boolean isHardwareBacked() {
         return isHardwareBacked("RSA");
     }