Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Revert "Update docs to match encryption requirements"" into pi-dev

Browse Source
This commit is contained in:
Colin Cross
2018-04-11 17:28:39 +00:00
committed by Android (Google) Code Review
parent 68e5f0f242 4da1774894
commit fcbbb72603
3 changed files with 6 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core/java/android/app/backup/BackupAgent.java
View File

@@ -148,17 +148,10 @@ public abstract class BackupAgent extends ContextWrapper {
* Flag for {@link BackupDataOutput#getTransportFlags()} and
* {@link FullBackupDataOutput#getTransportFlags()} only.
*
* <p>The transport has client-side encryption enabled. i.e., the user's backup is encrypted
* with a key known only to the device, and not to the remote storage solution where the backup
* data is stored. The key may be synced to a remote trusted hardware module if it has
* protections equivalent to those described in the
* <a href="https://developer.android.com/preview/features/security/ckv-whitepaper.html">Google
* Cloud Key Vault Service whitepaper</a>. Having direct access to the trusted hardware module
* must be insufficient to decrypt the user's backup data.
*
* <p>The backup data itself must be encrypted using an AES/GCM/NoPadding cipher. The key
* material must be randomly generated using {@link java.security.SecureRandom}, and must have
* at least 256 bits of entropy.
* <p>The transport has client-side encryption enabled. i.e., the user's backup has been
* encrypted with a key known only to the device, and not to the remote storage solution. Even
* if an attacker had root access to the remote storage provider they should not be able to
* decrypt the user's backup data.
*/
public static final int FLAG_CLIENT_SIDE_ENCRYPTION_ENABLED = 1;

6
core/java/android/app/backup/BackupDataOutput.java
View File

@@ -107,12 +107,8 @@ public class BackupDataOutput {
/**
* Returns flags with additional information about the backup transport. For supported flags see
* {@link android.app.backup.BackupAgent}.
* {@link android.app.backup.BackupAgent}
*
* <p>Returns the same flags that {@link BackupTransport#getTransportFlags()} returns.
*
* @see BackupAgent#FLAG_CLIENT_SIDE_ENCRYPTION_ENABLED
* @see BackupAgent#FLAG_DEVICE_TO_DEVICE_TRANSFER
* @see FullBackupDataOutput#getTransportFlags()
*/
public int getTransportFlags() {

6
core/java/android/app/backup/FullBackupDataOutput.java
View File

@@ -26,12 +26,8 @@ public class FullBackupDataOutput {
/**
* Returns flags with additional information about the backup transport. For supported flags see
* {@link android.app.backup.BackupAgent}.
* {@link android.app.backup.BackupAgent}
*
* <p>Returns the same flags that {@link BackupTransport#getTransportFlags()} returns.
*
* @see BackupAgent#FLAG_CLIENT_SIDE_ENCRYPTION_ENABLED
* @see BackupAgent#FLAG_DEVICE_TO_DEVICE_TRANSFER
* @see BackupDataOutput#getTransportFlags()
*/
public int getTransportFlags() {