Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3b0450d4 authored by Aseem Kumar's avatar Aseem Kumar Committed by Android (Google) Code Review
Browse files

Merge "Unhide getKey() and importKey() and the whole class of... 

Merge "Unhide getKey() and importKey() and the whole class of RecoveryController. Added @RequiresPermission(android.permission.RECOVER_KEYSTORE) on all public APIs of RecoveryController." into pi-dev
parents 6344ffd4 c1742e51

api/system-current.txt

+3 −0
Original line number Diff line number Diff line
@@ -4327,11 +4327,14 @@ package android.security.keystore.recovery { 
    method public deprecated java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public java.util.List<java.lang.String> getAliases() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public static android.security.keystore.recovery.RecoveryController getInstance(android.content.Context);

    method public java.security.Key getKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException, java.security.UnrecoverableKeyException;

    method public android.security.keystore.recovery.KeyChainSnapshot getKeyChainSnapshot() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public int[] getPendingRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public deprecated android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public int[] getRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public deprecated int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public int getRecoveryStatus(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public java.security.Key importKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;

    method public deprecated void initRecoveryService(java.lang.String, byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException;

    method public void initRecoveryService(java.lang.String, byte[], byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException;

    method public void recoverySecretAvailable(android.security.keystore.recovery.KeyChainProtectionParams) throws android.security.keystore.recovery.InternalRecoveryServiceException;

core/java/android/security/keystore/recovery/KeyChainProtectionParams.java

+2 −2
Original line number Diff line number Diff line
@@ -215,8 +215,8 @@ public final class KeyChainProtectionParams implements Parcelable { 


        /**

         * Creates a new {@link KeyChainProtectionParams} instance.

         * The instance will include default values, if {@link setSecret}

         * or {@link setUserSecretType} were not called.

         * The instance will include default values, if {@link #setSecret}

         * or {@link #setUserSecretType} were not called.

         *

         * @return new instance

         * @throws NullPointerException if some required fields were not set.

core/java/android/security/keystore/recovery/KeyDerivationParams.java

+1 −1
Original line number Diff line number Diff line
@@ -30,7 +30,7 @@ import java.lang.annotation.RetentionPolicy; 


/**

 * Collection of parameters which define a key derivation function.

 * Currently only supports salted SHA-256

 * Currently only supports salted SHA-256.

 *

 * @hide

 */

core/java/android/security/keystore/recovery/RecoveryController.java

+18 −6
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ import com.android.internal.widget.ILockSettings; 


import java.security.Key;

import java.security.UnrecoverableKeyException;

import java.security.cert.CertPath;

import java.security.cert.CertificateException;

import java.util.ArrayList;

import java.util.List;
@@ -156,6 +157,7 @@ public class RecoveryController { 
    /**

     * Gets a new instance of the class.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public static RecoveryController getInstance(Context context) {

        ILockSettings lockSettings =

                ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings"));
@@ -245,8 +247,6 @@ public class RecoveryController { 
     * @return Data necessary to recover keystore or {@code null} if snapshot is not available.

     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     *

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public @Nullable KeyChainSnapshot getKeyChainSnapshot()
@@ -288,7 +288,7 @@ public class RecoveryController { 
    /**

     * Server parameters used to generate new recovery key blobs. This value will be included in

     * {@code KeyChainSnapshot.getEncryptedRecoveryKeyBlob()}. The same value must be included

     * in vaultParams {@link #startRecoverySession}

     * in vaultParams {@link RecoverySession#start(CertPath, byte[], byte[], List)}.

     *

     * @param serverParams included in recovery key blob.

     * @see #getRecoveryData
@@ -310,6 +310,7 @@ public class RecoveryController { 
     * @deprecated Use {@link #getAliases()}.

     */

    @Deprecated

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public List<String> getAliases(@Nullable String packageName)

            throws InternalRecoveryServiceException {

        return getAliases();
@@ -318,6 +319,7 @@ public class RecoveryController { 
    /**

     * Returns a list of aliases of keys belonging to the application.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public List<String> getAliases() throws InternalRecoveryServiceException {

        try {

            Map<String, Integer> allStatuses = mBinder.getRecoveryStatus();
@@ -367,6 +369,7 @@ public class RecoveryController { 
     * @deprecated Use {@link #getRecoveryStatus(String)}.

     */

    @Deprecated

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public int getRecoveryStatus(String packageName, String alias)

            throws InternalRecoveryServiceException {

        return getRecoveryStatus(alias);
@@ -385,6 +388,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public int getRecoveryStatus(String alias) throws InternalRecoveryServiceException {

        try {

            Map<String, Integer> allStatuses = mBinder.getRecoveryStatus();
@@ -410,6 +414,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public void setRecoverySecretTypes(

            @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes)

            throws InternalRecoveryServiceException {
@@ -431,6 +436,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public @NonNull @KeyChainProtectionParams.UserSecretType int[] getRecoverySecretTypes()

            throws InternalRecoveryServiceException {

        try {
@@ -452,6 +458,7 @@ public class RecoveryController { 
     *     service.

     */

    @NonNull

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public @KeyChainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes()

            throws InternalRecoveryServiceException {

        try {
@@ -474,6 +481,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public void recoverySecretAvailable(@NonNull KeyChainProtectionParams recoverySecret)

            throws InternalRecoveryServiceException {

        try {
@@ -498,6 +506,7 @@ public class RecoveryController { 
     *     to generate recoverable keys, as the snapshots are encrypted using a key derived from the

     *     lock screen.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public byte[] generateAndStoreKey(@NonNull String alias, byte[] account)

            throws InternalRecoveryServiceException, LockScreenRequiredException {

        try {
@@ -512,11 +521,11 @@ public class RecoveryController { 
        }

    }



    // TODO: Unhide the following APIs, generateKey(), importKey(), and getKey()

    /**

     * @deprecated Use {@link #generateKey(String)}.

     */

    @Deprecated

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public Key generateKey(@NonNull String alias, byte[] account)

            throws InternalRecoveryServiceException, LockScreenRequiredException {

        return generateKey(alias);
@@ -530,6 +539,7 @@ public class RecoveryController { 
     * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock

     *     screen is required to generate recoverable keys.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException,

            LockScreenRequiredException {

        try {
@@ -562,8 +572,8 @@ public class RecoveryController { 
     * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock

     *     screen is required to generate recoverable keys.

     *

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public Key importKey(@NonNull String alias, byte[] keyBytes)

            throws InternalRecoveryServiceException, LockScreenRequiredException {

        try {
@@ -595,8 +605,8 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     * @throws UnrecoverableKeyException if key is permanently invalidated or not found.

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public @Nullable Key getKey(@NonNull String alias)

            throws InternalRecoveryServiceException, UnrecoverableKeyException {

        try {
@@ -622,6 +632,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public void removeKey(@NonNull String alias) throws InternalRecoveryServiceException {

        try {

            mBinder.removeKey(alias);
@@ -637,6 +648,7 @@ public class RecoveryController { 
     *

     * <p>A recovery session is required to restore keys from a remote store.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public RecoverySession createRecoverySession() {

        return RecoverySession.newInstance(this);

    }