Merge "Unregister cred mng app KeyChain API" into sc-dev am: ef6aa4d213 (1e2e1997) · Commits · e / os / android_frameworks_base

core/api/current.txt

+3 −2

Original line number	Diff line number	Diff line
		@@ -36863,11 +36863,12 @@ package android.security {
		method @NonNull public static android.content.Intent createInstallIntent();
		method @NonNull public static android.content.Intent createManageCredentialsIntent(@NonNull android.security.AppUriAuthenticationPolicy);
		method @Nullable @WorkerThread public static java.security.cert.X509Certificate[] getCertificateChain(@NonNull android.content.Context, @NonNull String) throws java.lang.InterruptedException, android.security.KeyChainException;
		method @NonNull public static android.security.AppUriAuthenticationPolicy getCredentialManagementAppPolicy(@NonNull android.content.Context) throws java.lang.SecurityException;
		method @NonNull @WorkerThread public static android.security.AppUriAuthenticationPolicy getCredentialManagementAppPolicy(@NonNull android.content.Context) throws java.lang.SecurityException;
		method @Nullable @WorkerThread public static java.security.PrivateKey getPrivateKey(@NonNull android.content.Context, @NonNull String) throws java.lang.InterruptedException, android.security.KeyChainException;
		method @Deprecated public static boolean isBoundKeyAlgorithm(@NonNull String);
		method public static boolean isCredentialManagementApp(@NonNull android.content.Context);
		method @WorkerThread public static boolean isCredentialManagementApp(@NonNull android.content.Context);
		method public static boolean isKeyAlgorithmSupported(@NonNull String);
		method @RequiresPermission(value="android.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP", conditional=true) @WorkerThread public static boolean removeCredentialManagementApp(@NonNull android.content.Context);
		field public static final String ACTION_KEYCHAIN_CHANGED = "android.security.action.KEYCHAIN_CHANGED";
		field public static final String ACTION_KEY_ACCESS_CHANGED = "android.security.action.KEY_ACCESS_CHANGED";
		field @Deprecated public static final String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED";

core/api/test-current.txt

+1 −2

Original line number	Diff line number	Diff line
		@@ -1950,8 +1950,7 @@ package android.provider {
		package android.security {

		public final class KeyChain {
		method @RequiresPermission("android.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP") public static boolean removeCredentialManagementApp(@NonNull android.content.Context);
		method @RequiresPermission("android.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP") public static boolean setCredentialManagementApp(@NonNull android.content.Context, @NonNull String, @NonNull android.security.AppUriAuthenticationPolicy);
		method @RequiresPermission("android.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP") @WorkerThread public static boolean setCredentialManagementApp(@NonNull android.content.Context, @NonNull String, @NonNull android.security.AppUriAuthenticationPolicy);
		}

		public class KeyStoreException extends java.lang.Exception {

keystore/java/android/security/KeyChain.java

+16 −5

Original line number	Diff line number	Diff line
		@@ -601,7 +601,7 @@ public final class KeyChain {
		}

		/**
		* Check whether the caller is the credential management app {@link CredentialManagementApp}.
		* Check whether the caller is the credential management app {@code CredentialManagementApp}.
		* The credential management app has the ability to manage the user's KeyChain credentials
		* on unmanaged devices.
		*
		@@ -611,6 +611,7 @@ public final class KeyChain {
		*
		* @return {@code true} if the caller is the credential management app.
		*/
		@WorkerThread
		public static boolean isCredentialManagementApp(@NonNull Context context) {
		boolean isCredentialManagementApp = false;
		try (KeyChainConnection keyChainConnection = KeyChain.bind(context)) {
		@@ -634,6 +635,7 @@ public final class KeyChain {
		* @return the credential management app's authentication policy.
		* @throws SecurityException if the caller is not the credential management app.
		*/
		@WorkerThread
		@NonNull
		public static AppUriAuthenticationPolicy getCredentialManagementAppPolicy(
		@NonNull Context context) throws SecurityException {
		@@ -665,6 +667,7 @@ public final class KeyChain {
		* @hide
		*/
		@TestApi
		@WorkerThread
		@RequiresPermission(Manifest.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP)
		public static boolean setCredentialManagementApp(@NonNull Context context,
		@NonNull String packageName, @NonNull AppUriAuthenticationPolicy authenticationPolicy) {
		@@ -680,13 +683,21 @@ public final class KeyChain {
		}

		/**
		* Remove the user's KeyChain credentials on unmanaged devices.
		* Called by the credential management app {@code CredentialManagementApp} to unregister as
		* the credential management app and stop managing the user's credentials.
		*
		* <p> All credentials previously installed by the credential management app will be removed
		* from the user's device.
		*
		* <p> An app holding {@code MANAGE_CREDENTIAL_MANAGEMENT_APP} permission can also call this
		* method to remove the current credential management app, even if it's not the current
		* credential management app itself.
		*
		* @return {@code true} if the credential management app was successfully removed.
		* @hide
		*/
		@TestApi
		@RequiresPermission(Manifest.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP)
		@WorkerThread
		@RequiresPermission(value = Manifest.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP,
		conditional = true)
		public static boolean removeCredentialManagementApp(@NonNull Context context) {
		try (KeyChainConnection keyChainConnection = KeyChain.bind(context)) {
		keyChainConnection.getService().removeCredentialManagementApp();