Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Keystore 2.0: Add @IntDef for Keystore namespaces."

Browse Source
This commit is contained in:
Janis Danisevskis
2021-03-23 19:35:00 +00:00
committed by Gerrit Code Review
parent fe4b99ee22 68570cc5a7
commit faabd1a836
4 changed files with 30 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
keystore/java/android/security/keystore/KeyGenParameterSpec.java
View File

@@ -288,7 +288,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
private static final Date DEFAULT_CERT_NOT_AFTER = new Date(2461449600000L); // Jan 1 2048 private static final Date DEFAULT_CERT_NOT_AFTER = new Date(2461449600000L); // Jan 1 2048
private final String mKeystoreAlias; private final String mKeystoreAlias;
private final int mNamespace; private final @KeyProperties.Namespace int mNamespace;
private final int mKeySize; private final int mKeySize;
private final AlgorithmParameterSpec mSpec; private final AlgorithmParameterSpec mSpec;
private final X500Principal mCertificateSubject; private final X500Principal mCertificateSubject;
@@ -331,7 +331,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
*/ */
public KeyGenParameterSpec( public KeyGenParameterSpec(
String keyStoreAlias, String keyStoreAlias,
int namespace, @KeyProperties.Namespace int namespace,
int keySize, int keySize,
AlgorithmParameterSpec spec, AlgorithmParameterSpec spec,
X500Principal certificateSubject, X500Principal certificateSubject,
@@ -472,7 +472,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
* @hide * @hide
*/ */
@SystemApi @SystemApi
public int getNamespace() { public @KeyProperties.Namespace int getNamespace() {
return mNamespace; return mNamespace;
} }
@@ -896,7 +896,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
private final String mKeystoreAlias; private final String mKeystoreAlias;
private @KeyProperties.PurposeEnum int mPurposes; private @KeyProperties.PurposeEnum int mPurposes;
private int mNamespace = KeyProperties.NAMESPACE_APPLICATION; private @KeyProperties.Namespace int mNamespace = KeyProperties.NAMESPACE_APPLICATION;
private int mKeySize = -1; private int mKeySize = -1;
private AlgorithmParameterSpec mSpec; private AlgorithmParameterSpec mSpec;
private X500Principal mCertificateSubject; private X500Principal mCertificateSubject;
@@ -1051,7 +1051,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
*/ */
@SystemApi @SystemApi
@NonNull @NonNull
public Builder setNamespace(int namespace) { public Builder setNamespace(@KeyProperties.Namespace int namespace) {
mNamespace = namespace; mNamespace = namespace;
return this; return this;
} }

24
keystore/java/android/security/keystore/KeyProperties.java
View File

@@ -891,6 +891,22 @@ public abstract class KeyProperties {
} }
} }
/**
* Namespaces provide system developers and vendors with a way to use keystore without
* requiring an applications uid. Namespaces can be configured using SEPolicy.
* See <a href="https://source.android.com/security/keystore#access-control">
* Keystore 2.0 access-control</a>
* {@See KeyGenParameterSpec.Builder#setNamespace}
* {@See android.security.keystore2.AndroidKeyStoreLoadStoreParameter}
* @hide
*/
@Retention(RetentionPolicy.SOURCE)
@IntDef(prefix = { "NAMESPACE_" }, value = {
NAMESPACE_APPLICATION,
NAMESPACE_WIFI,
})
public @interface Namespace {}
/** /**
* This value indicates the implicit keystore namespace of the calling application. * This value indicates the implicit keystore namespace of the calling application.
* It is used by default. Only select system components can choose a different namespace * It is used by default. Only select system components can choose a different namespace
@@ -912,14 +928,12 @@ public abstract class KeyProperties {
* For legacy support, translate namespaces into known UIDs. * For legacy support, translate namespaces into known UIDs.
* @hide * @hide
*/ */
public static int namespaceToLegacyUid(int namespace) { public static int namespaceToLegacyUid(@Namespace int namespace) {
switch (namespace) { switch (namespace) {
case NAMESPACE_APPLICATION: case NAMESPACE_APPLICATION:
return KeyStore.UID_SELF; return KeyStore.UID_SELF;
case NAMESPACE_WIFI: case NAMESPACE_WIFI:
return Process.WIFI_UID; return Process.WIFI_UID;
// TODO Translate WIFI and VPN UIDs once the namespaces are defined.
// b/171305388 and b/171305607
default: default:
throw new IllegalArgumentException("No UID corresponding to namespace " throw new IllegalArgumentException("No UID corresponding to namespace "
+ namespace); + namespace);
@@ -930,14 +944,12 @@ public abstract class KeyProperties {
* For legacy support, translate namespaces into known UIDs. * For legacy support, translate namespaces into known UIDs.
* @hide * @hide
*/ */
public static int legacyUidToNamespace(int uid) { public static @Namespace int legacyUidToNamespace(int uid) {
switch (uid) { switch (uid) {
case KeyStore.UID_SELF: case KeyStore.UID_SELF:
return NAMESPACE_APPLICATION; return NAMESPACE_APPLICATION;
case Process.WIFI_UID: case Process.WIFI_UID:
return NAMESPACE_WIFI; return NAMESPACE_WIFI;
// TODO Translate WIFI and VPN UIDs once the namespaces are defined.
// b/171305388 and b/171305607
default: default:
throw new IllegalArgumentException("No namespace corresponding to uid " throw new IllegalArgumentException("No namespace corresponding to uid "
+ uid); + uid);

8
keystore/java/android/security/keystore2/AndroidKeyStoreLoadStoreParameter.java
View File

@@ -16,6 +16,8 @@
package android.security.keystore2; package android.security.keystore2;
import android.security.keystore.KeyProperties;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.KeyStore.ProtectionParameter; import java.security.KeyStore.ProtectionParameter;
@@ -24,9 +26,9 @@ import java.security.KeyStore.ProtectionParameter;
*/ */
public class AndroidKeyStoreLoadStoreParameter implements KeyStore.LoadStoreParameter { public class AndroidKeyStoreLoadStoreParameter implements KeyStore.LoadStoreParameter {
private final int mNamespace; private final @KeyProperties.Namespace int mNamespace;
public AndroidKeyStoreLoadStoreParameter(int namespace) { public AndroidKeyStoreLoadStoreParameter(@KeyProperties.Namespace int namespace) {
mNamespace = namespace; mNamespace = namespace;
} }
@@ -35,7 +37,7 @@ public class AndroidKeyStoreLoadStoreParameter implements KeyStore.LoadStorePara
return null; return null;
} }
int getNamespace() { @KeyProperties.Namespace int getNamespace() {
return mNamespace; return mNamespace;
} }
} }

4
keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
View File

@@ -100,7 +100,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
public static final String NAME = "AndroidKeyStore"; public static final String NAME = "AndroidKeyStore";
private KeyStore2 mKeyStore; private KeyStore2 mKeyStore;
private int mNamespace = KeyProperties.NAMESPACE_APPLICATION; private @KeyProperties.Namespace int mNamespace = KeyProperties.NAMESPACE_APPLICATION;
@Override @Override
public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException,
@@ -1125,7 +1125,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
@Override @Override
public void engineLoad(LoadStoreParameter param) throws IOException, public void engineLoad(LoadStoreParameter param) throws IOException,
NoSuchAlgorithmException, CertificateException { NoSuchAlgorithmException, CertificateException {
int namespace = KeyProperties.NAMESPACE_APPLICATION; @KeyProperties.Namespace int namespace = KeyProperties.NAMESPACE_APPLICATION;
if (param != null) { if (param != null) {
if (param instanceof AndroidKeyStoreLoadStoreParameter) { if (param instanceof AndroidKeyStoreLoadStoreParameter) {
namespace = ((AndroidKeyStoreLoadStoreParameter) param).getNamespace(); namespace = ((AndroidKeyStoreLoadStoreParameter) param).getNamespace();