Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Unhide RecoverableKeyStoreLoader API.

Browse Source 
Bug: 66499222
Test: GTS tests under development
Change-Id: I4285beaa26bc94d92f6213a34eb1e41ad0994d7a
This commit is contained in:
Dmitry Dementyev
2018-01-08 18:08:23 -08:00
parent d2c4f7f610
commit f8ae5deba2
17 changed files with 168 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/java/android/security/keystore/KeychainProtectionParams.java
View File

@@ -260,9 +260,6 @@ public final class KeychainProtectionParams implements Parcelable {
}
};
/**
* @hide
*/
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mUserSecretType);

5
core/java/android/security/keystore/KeychainSnapshot.java
View File

@@ -151,6 +151,8 @@ public final class KeychainSnapshot implements Parcelable {
/**
* Builder for creating {@link KeychainSnapshot}.
*
* @hide
*/
public static class Builder {
private KeychainSnapshot mInstance = new KeychainSnapshot();
@@ -263,9 +265,6 @@ public final class KeychainSnapshot implements Parcelable {
}
}
/**
* @hide
*/
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mSnapshotVersion);

1
core/java/android/security/keystore/recovery/BadCertificateFormatException.java
View File

@@ -20,6 +20,7 @@ package android.security.keystore.recovery;
* Error thrown when the recovery agent supplies an invalid X509 certificate.
*
* @hide
* Deprecated
*/
public class BadCertificateFormatException extends RecoveryControllerException {
public BadCertificateFormatException(String msg) {

4
core/java/android/security/keystore/recovery/DecryptionFailedException.java
View File

@@ -16,6 +16,8 @@
package android.security.keystore.recovery;
import android.annotation.SystemApi;
import java.security.GeneralSecurityException;
/**
@@ -24,8 +26,8 @@ import java.security.GeneralSecurityException;
*
* @hide
*/
@SystemApi
public class DecryptionFailedException extends GeneralSecurityException {
public DecryptionFailedException(String msg) {
super(msg);
}

4
core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java
View File

@@ -16,8 +16,9 @@
package android.security.keystore.recovery;
import java.security.GeneralSecurityException;
import android.annotation.SystemApi;
import java.security.GeneralSecurityException;
/**
* An error thrown when something went wrong internally in the recovery service.
*
@@ -26,6 +27,7 @@ import java.security.GeneralSecurityException;
*
* @hide
*/
@SystemApi
public class InternalRecoveryServiceException extends GeneralSecurityException {
public InternalRecoveryServiceException(String msg) {
super(msg);

5
core/java/android/security/keystore/recovery/KeyChainProtectionParams.java
View File

@@ -18,6 +18,7 @@ package android.security.keystore.recovery;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
@@ -47,6 +48,7 @@ import java.util.Arrays;
*
* @hide
*/
@SystemApi
public final class KeyChainProtectionParams implements Parcelable {
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -260,9 +262,6 @@ public final class KeyChainProtectionParams implements Parcelable {
}
};
/**
* @hide
*/
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mUserSecretType);

9
core/java/android/security/keystore/recovery/KeyChainSnapshot.java
View File

@@ -17,6 +17,7 @@
package android.security.keystore.recovery;
import android.annotation.NonNull;
import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
@@ -42,6 +43,7 @@ import java.util.List;
*
* @hide
*/
@SystemApi
public final class KeyChainSnapshot implements Parcelable {
private static final int DEFAULT_MAX_ATTEMPTS = 10;
private static final long DEFAULT_COUNTER_ID = 1L;
@@ -151,10 +153,10 @@ public final class KeyChainSnapshot implements Parcelable {
/**
* Builder for creating {@link KeyChainSnapshot}.
* @hide
*/
public static class Builder {
private KeyChainSnapshot
mInstance = new KeyChainSnapshot();
private KeyChainSnapshot mInstance = new KeyChainSnapshot();
/**
* Snapshot version for given account.
@@ -264,9 +266,6 @@ public final class KeyChainSnapshot implements Parcelable {
}
}
/**
* @hide
*/
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mSnapshotVersion);

9
core/java/android/security/keystore/recovery/KeyDerivationParams.java
View File

@@ -18,9 +18,11 @@ package android.security.keystore.recovery;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
import com.android.internal.util.Preconditions;
import java.lang.annotation.Retention;
@@ -32,6 +34,7 @@ import java.lang.annotation.RetentionPolicy;
*
* @hide
*/
@SystemApi
public final class KeyDerivationParams implements Parcelable {
private final int mAlgorithm;
private byte[] mSalt;
@@ -61,6 +64,9 @@ public final class KeyDerivationParams implements Parcelable {
return new KeyDerivationParams(ALGORITHM_SHA256, salt);
}
/**
* @hide
*/
// TODO: Make private once legacy API is removed
public KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) {
mAlgorithm = algorithm;
@@ -92,9 +98,6 @@ public final class KeyDerivationParams implements Parcelable {
}
};
/**
* @hide
*/
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mAlgorithm);

3
core/java/android/security/keystore/recovery/LockScreenRequiredException.java
View File

@@ -16,6 +16,8 @@
package android.security.keystore.recovery;
import android.annotation.SystemApi;
import java.security.GeneralSecurityException;
/**
@@ -25,6 +27,7 @@ import java.security.GeneralSecurityException;
*
* @hide
*/
@SystemApi
public class LockScreenRequiredException extends GeneralSecurityException {
public LockScreenRequiredException(String msg) {
super(msg);

1
core/java/android/security/keystore/recovery/RecoveryClaim.java
View File

@@ -20,6 +20,7 @@ package android.security.keystore.recovery;
* An attempt to recover a keychain protected by remote secure hardware.
*
* @hide
* Deprecated
*/
public class RecoveryClaim {

9
core/java/android/security/keystore/recovery/RecoveryController.java
View File

@@ -19,6 +19,7 @@ package android.security.keystore.recovery;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
import android.app.PendingIntent;
import android.content.Context;
import android.content.pm.PackageManager.NameNotFoundException;
@@ -52,6 +53,7 @@ import java.util.Map;
*
* @hide
*/
@SystemApi
public class RecoveryController {
private static final String TAG = "RecoveryController";
@@ -236,12 +238,13 @@ public class RecoveryController {
/**
* Gets aliases of recoverable keys for the application.
*
* @param packageName which recoverable keys' aliases will be returned.
*
* @return {@code List} of all aliases.
*/
public List<String> getAliases(@Nullable String packageName)
throws RemoteException, InternalRecoveryServiceException {
throws InternalRecoveryServiceException {
try {
// TODO: update aidl
Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(packageName);
@@ -400,8 +403,8 @@ public class RecoveryController {
}
/**
* Generates a key called {@code alias} and loads it into the recoverable key store. Returns the
* raw material of the key.
* Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable
* key store. Returns the raw material of the key.
*
* @param alias The key alias.
* @param account The account associated with the key

1
core/java/android/security/keystore/recovery/RecoveryControllerException.java
View File

@@ -22,6 +22,7 @@ import java.security.GeneralSecurityException;
* Base exception for errors thrown by {@link RecoveryController}.
*
* @hide
* Deprecated
*/
public abstract class RecoveryControllerException extends GeneralSecurityException {
RecoveryControllerException() { }

9
core/java/android/security/keystore/recovery/RecoverySession.java
View File

@@ -17,6 +17,8 @@
package android.security.keystore.recovery;
import android.annotation.NonNull;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.util.Log;
@@ -32,6 +34,7 @@ import java.util.Map;
*
* @hide
*/
@SystemApi
public class RecoverySession implements AutoCloseable {
private static final String TAG = "RecoverySession";
@@ -48,6 +51,7 @@ public class RecoverySession implements AutoCloseable {
/**
* A new session, started by {@code recoveryManager}.
*/
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
static RecoverySession newInstance(RecoveryController recoveryController) {
return new RecoverySession(recoveryController, newSessionId());
}
@@ -88,6 +92,7 @@ public class RecoverySession implements AutoCloseable {
* @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
* service.
*/
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull public byte[] start(
@NonNull byte[] verifierPublicKey,
@NonNull byte[] vaultParams,
@@ -125,6 +130,7 @@ public class RecoverySession implements AutoCloseable {
* @throws DecryptionFailedException if unable to decrypt the snapshot.
* @throws InternalRecoveryServiceException if an error occurs internal to the recovery service.
*/
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public Map<String, byte[]> recoverKeys(
@NonNull byte[] recoveryKeyBlob,
@NonNull List<WrappedApplicationKey> applicationKeys)
@@ -158,9 +164,8 @@ public class RecoverySession implements AutoCloseable {
/**
* Deletes all data associated with {@code session}. Should not be invoked directly but via
* {@link RecoverySession#close()}.
*
* @hide
*/
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@Override
public void close() {
try {

4
core/java/android/security/keystore/recovery/SessionExpiredException.java
View File

@@ -16,14 +16,16 @@
package android.security.keystore.recovery;
import java.security.GeneralSecurityException;
import android.annotation.SystemApi;
import java.security.GeneralSecurityException;
/**
* Error thrown when attempting to use a {@link RecoverySession} that has since expired.
*
* @hide
*/
@SystemApi
public class SessionExpiredException extends GeneralSecurityException {
public SessionExpiredException(String msg) {
super(msg);

6
core/java/android/security/keystore/recovery/WrappedApplicationKey.java
View File

@@ -17,6 +17,8 @@
package android.security.keystore.recovery;
import android.annotation.NonNull;
import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
@@ -36,6 +38,7 @@ import com.android.internal.util.Preconditions;
*
* @hide
*/
@SystemApi
public final class WrappedApplicationKey implements Parcelable {
private String mAlias;
// The only supported format is AES-256 symmetric key.
@@ -143,9 +146,6 @@ public final class WrappedApplicationKey implements Parcelable {
}
};
/**
* @hide
*/
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeString(mAlias);