Merge "identity: Add multi-document presentation support." am: 91b96e3454 am: ae0d53c78d (62c776a7) · Commits · e / os / android_frameworks_base

core/api/current.txt

+80 −25

Original line number	Original line	Diff line number	Diff line
	@@ -17980,10 +17980,12 @@ package android.hardware.biometrics {
	ctor public BiometricPrompt.CryptoObject(@NonNull java.security.Signature);		ctor public BiometricPrompt.CryptoObject(@NonNull java.security.Signature);
	ctor public BiometricPrompt.CryptoObject(@NonNull javax.crypto.Cipher);		ctor public BiometricPrompt.CryptoObject(@NonNull javax.crypto.Cipher);
	ctor public BiometricPrompt.CryptoObject(@NonNull javax.crypto.Mac);		ctor public BiometricPrompt.CryptoObject(@NonNull javax.crypto.Mac);
	ctor public BiometricPrompt.CryptoObject(@NonNull android.security.identity.IdentityCredential);		ctor @Deprecated public BiometricPrompt.CryptoObject(@NonNull android.security.identity.IdentityCredential);
			ctor public BiometricPrompt.CryptoObject(@NonNull android.security.identity.PresentationSession);
	method public javax.crypto.Cipher getCipher();		method public javax.crypto.Cipher getCipher();
	method @Nullable public android.security.identity.IdentityCredential getIdentityCredential();		method @Deprecated @Nullable public android.security.identity.IdentityCredential getIdentityCredential();
	method public javax.crypto.Mac getMac();		method public javax.crypto.Mac getMac();
			method @Nullable public android.security.identity.PresentationSession getPresentationSession();
	method public java.security.Signature getSignature();		method public java.security.Signature getSignature();
	}		}

	@@ -37550,6 +37552,51 @@ package android.security.identity {
	ctor public CipherSuiteNotSupportedException(@NonNull String, @NonNull Throwable);		ctor public CipherSuiteNotSupportedException(@NonNull String, @NonNull Throwable);
	}		}

			public class CredentialDataRequest {
			method @NonNull public java.util.Map<java.lang.String,java.util.Collection<java.lang.String>> getDeviceSignedEntriesToRequest();
			method @NonNull public java.util.Map<java.lang.String,java.util.Collection<java.lang.String>> getIssuerSignedEntriesToRequest();
			method @Nullable public byte[] getReaderSignature();
			method @Nullable public byte[] getRequestMessage();
			method public boolean isAllowUsingExhaustedKeys();
			method public boolean isAllowUsingExpiredKeys();
			method public boolean isIncrementUseCount();
			}

			public static final class CredentialDataRequest.Builder {
			ctor public CredentialDataRequest.Builder();
			method @NonNull public android.security.identity.CredentialDataRequest build();
			method @NonNull public android.security.identity.CredentialDataRequest.Builder setAllowUsingExhaustedKeys(boolean);
			method @NonNull public android.security.identity.CredentialDataRequest.Builder setAllowUsingExpiredKeys(boolean);
			method @NonNull public android.security.identity.CredentialDataRequest.Builder setDeviceSignedEntriesToRequest(@NonNull java.util.Map<java.lang.String,java.util.Collection<java.lang.String>>);
			method @NonNull public android.security.identity.CredentialDataRequest.Builder setIncrementUseCount(boolean);
			method @NonNull public android.security.identity.CredentialDataRequest.Builder setIssuerSignedEntriesToRequest(@NonNull java.util.Map<java.lang.String,java.util.Collection<java.lang.String>>);
			method @NonNull public android.security.identity.CredentialDataRequest.Builder setReaderSignature(@NonNull byte[]);
			method @NonNull public android.security.identity.CredentialDataRequest.Builder setRequestMessage(@NonNull byte[]);
			}

			public abstract class CredentialDataResult {
			method @Nullable public abstract byte[] getDeviceMac();
			method @NonNull public abstract byte[] getDeviceNameSpaces();
			method @NonNull public abstract android.security.identity.CredentialDataResult.Entries getDeviceSignedEntries();
			method @NonNull public abstract android.security.identity.CredentialDataResult.Entries getIssuerSignedEntries();
			method @NonNull public abstract byte[] getStaticAuthenticationData();
			}

			public static interface CredentialDataResult.Entries {
			method @Nullable public byte[] getEntry(@NonNull String, @NonNull String);
			method @NonNull public java.util.Collection<java.lang.String> getEntryNames(@NonNull String);
			method @NonNull public java.util.Collection<java.lang.String> getNamespaces();
			method @NonNull public java.util.Collection<java.lang.String> getRetrievedEntryNames(@NonNull String);
			method public int getStatus(@NonNull String, @NonNull String);
			field public static final int STATUS_NOT_IN_REQUEST_MESSAGE = 3; // 0x3
			field public static final int STATUS_NOT_REQUESTED = 2; // 0x2
			field public static final int STATUS_NO_ACCESS_CONTROL_PROFILES = 6; // 0x6
			field public static final int STATUS_NO_SUCH_ENTRY = 1; // 0x1
			field public static final int STATUS_OK = 0; // 0x0
			field public static final int STATUS_READER_AUTHENTICATION_FAILED = 5; // 0x5
			field public static final int STATUS_USER_AUTHENTICATION_FAILED = 4; // 0x4
			}

	public class DocTypeNotSupportedException extends android.security.identity.IdentityCredentialException {		public class DocTypeNotSupportedException extends android.security.identity.IdentityCredentialException {
	ctor public DocTypeNotSupportedException(@NonNull String);		ctor public DocTypeNotSupportedException(@NonNull String);
	ctor public DocTypeNotSupportedException(@NonNull String, @NonNull Throwable);		ctor public DocTypeNotSupportedException(@NonNull String, @NonNull Throwable);
	@@ -37561,19 +37608,19 @@ package android.security.identity {
	}		}

	public abstract class IdentityCredential {		public abstract class IdentityCredential {
	method @NonNull public abstract java.security.KeyPair createEphemeralKeyPair();		method @Deprecated @NonNull public abstract java.security.KeyPair createEphemeralKeyPair();
	method @NonNull public abstract byte[] decryptMessageFromReader(@NonNull byte[]) throws android.security.identity.MessageDecryptionException;		method @Deprecated @NonNull public abstract byte[] decryptMessageFromReader(@NonNull byte[]) throws android.security.identity.MessageDecryptionException;
	method @NonNull public byte[] delete(@NonNull byte[]);		method @NonNull public byte[] delete(@NonNull byte[]);
	method @NonNull public abstract byte[] encryptMessageToReader(@NonNull byte[]);		method @Deprecated @NonNull public abstract byte[] encryptMessageToReader(@NonNull byte[]);
	method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getAuthKeysNeedingCertification();		method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getAuthKeysNeedingCertification();
	method @NonNull public abstract int[] getAuthenticationDataUsageCount();		method @NonNull public abstract int[] getAuthenticationDataUsageCount();
	method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getCredentialKeyCertificateChain();		method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getCredentialKeyCertificateChain();
	method @NonNull public abstract android.security.identity.ResultData getEntries(@Nullable byte[], @NonNull java.util.Map<java.lang.String,java.util.Collection<java.lang.String>>, @Nullable byte[], @Nullable byte[]) throws android.security.identity.EphemeralPublicKeyNotFoundException, android.security.identity.InvalidReaderSignatureException, android.security.identity.InvalidRequestMessageException, android.security.identity.NoAuthenticationKeyAvailableException, android.security.identity.SessionTranscriptMismatchException;		method @Deprecated @NonNull public abstract android.security.identity.ResultData getEntries(@Nullable byte[], @NonNull java.util.Map<java.lang.String,java.util.Collection<java.lang.String>>, @Nullable byte[], @Nullable byte[]) throws android.security.identity.EphemeralPublicKeyNotFoundException, android.security.identity.InvalidReaderSignatureException, android.security.identity.InvalidRequestMessageException, android.security.identity.NoAuthenticationKeyAvailableException, android.security.identity.SessionTranscriptMismatchException;
	method @NonNull public byte[] proveOwnership(@NonNull byte[]);		method @NonNull public byte[] proveOwnership(@NonNull byte[]);
	method public abstract void setAllowUsingExhaustedKeys(boolean);		method @Deprecated public abstract void setAllowUsingExhaustedKeys(boolean);
	method public void setAllowUsingExpiredKeys(boolean);		method @Deprecated public void setAllowUsingExpiredKeys(boolean);
	method public abstract void setAvailableAuthenticationKeys(int, int);		method public abstract void setAvailableAuthenticationKeys(int, int);
	method public abstract void setReaderEphemeralPublicKey(@NonNull java.security.PublicKey) throws java.security.InvalidKeyException;		method @Deprecated public abstract void setReaderEphemeralPublicKey(@NonNull java.security.PublicKey) throws java.security.InvalidKeyException;
	method @Deprecated public abstract void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;		method @Deprecated public abstract void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;
	method public void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull java.time.Instant, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;		method public void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull java.time.Instant, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;
	method @NonNull public byte[] update(@NonNull android.security.identity.PersonalizationData);		method @NonNull public byte[] update(@NonNull android.security.identity.PersonalizationData);
	@@ -37586,6 +37633,7 @@ package android.security.identity {

	public abstract class IdentityCredentialStore {		public abstract class IdentityCredentialStore {
	method @NonNull public abstract android.security.identity.WritableIdentityCredential createCredential(@NonNull String, @NonNull String) throws android.security.identity.AlreadyPersonalizedException, android.security.identity.DocTypeNotSupportedException;		method @NonNull public abstract android.security.identity.WritableIdentityCredential createCredential(@NonNull String, @NonNull String) throws android.security.identity.AlreadyPersonalizedException, android.security.identity.DocTypeNotSupportedException;
			method @NonNull public android.security.identity.PresentationSession createPresentationSession(int) throws android.security.identity.CipherSuiteNotSupportedException;
	method @Deprecated @Nullable public abstract byte[] deleteCredentialByName(@NonNull String);		method @Deprecated @Nullable public abstract byte[] deleteCredentialByName(@NonNull String);
	method @Nullable public abstract android.security.identity.IdentityCredential getCredentialByName(@NonNull String, int) throws android.security.identity.CipherSuiteNotSupportedException;		method @Nullable public abstract android.security.identity.IdentityCredential getCredentialByName(@NonNull String, int) throws android.security.identity.CipherSuiteNotSupportedException;
	method @Nullable public static android.security.identity.IdentityCredentialStore getDirectAccessInstance(@NonNull android.content.Context);		method @Nullable public static android.security.identity.IdentityCredentialStore getDirectAccessInstance(@NonNull android.content.Context);
	@@ -37624,22 +37672,29 @@ package android.security.identity {
	method @NonNull public android.security.identity.PersonalizationData.Builder putEntry(@NonNull String, @NonNull String, @NonNull java.util.Collection<android.security.identity.AccessControlProfileId>, @NonNull byte[]);		method @NonNull public android.security.identity.PersonalizationData.Builder putEntry(@NonNull String, @NonNull String, @NonNull java.util.Collection<android.security.identity.AccessControlProfileId>, @NonNull byte[]);
	}		}

	public abstract class ResultData {		public abstract class PresentationSession {
	method @NonNull public abstract byte[] getAuthenticatedData();		method @Nullable public abstract android.security.identity.CredentialDataResult getCredentialData(@NonNull String, @NonNull android.security.identity.CredentialDataRequest) throws android.security.identity.EphemeralPublicKeyNotFoundException, android.security.identity.InvalidReaderSignatureException, android.security.identity.InvalidRequestMessageException, android.security.identity.NoAuthenticationKeyAvailableException;
	method @Nullable public abstract byte[] getEntry(@NonNull String, @NonNull String);		method @NonNull public abstract java.security.KeyPair getEphemeralKeyPair();
	method @Nullable public abstract java.util.Collection<java.lang.String> getEntryNames(@NonNull String);		method public abstract void setReaderEphemeralPublicKey(@NonNull java.security.PublicKey) throws java.security.InvalidKeyException;
	method @Nullable public abstract byte[] getMessageAuthenticationCode();		method public abstract void setSessionTranscript(@NonNull byte[]);
	method @NonNull public abstract java.util.Collection<java.lang.String> getNamespaces();		}
	method @Nullable public abstract java.util.Collection<java.lang.String> getRetrievedEntryNames(@NonNull String);
	method @NonNull public abstract byte[] getStaticAuthenticationData();		@Deprecated public abstract class ResultData {
	method public abstract int getStatus(@NonNull String, @NonNull String);		method @Deprecated @NonNull public abstract byte[] getAuthenticatedData();
	field public static final int STATUS_NOT_IN_REQUEST_MESSAGE = 3; // 0x3		method @Deprecated @Nullable public abstract byte[] getEntry(@NonNull String, @NonNull String);
	field public static final int STATUS_NOT_REQUESTED = 2; // 0x2		method @Deprecated @Nullable public abstract java.util.Collection<java.lang.String> getEntryNames(@NonNull String);
	field public static final int STATUS_NO_ACCESS_CONTROL_PROFILES = 6; // 0x6		method @Deprecated @Nullable public abstract byte[] getMessageAuthenticationCode();
	field public static final int STATUS_NO_SUCH_ENTRY = 1; // 0x1		method @Deprecated @NonNull public abstract java.util.Collection<java.lang.String> getNamespaces();
	field public static final int STATUS_OK = 0; // 0x0		method @Deprecated @Nullable public abstract java.util.Collection<java.lang.String> getRetrievedEntryNames(@NonNull String);
	field public static final int STATUS_READER_AUTHENTICATION_FAILED = 5; // 0x5		method @Deprecated @NonNull public abstract byte[] getStaticAuthenticationData();
	field public static final int STATUS_USER_AUTHENTICATION_FAILED = 4; // 0x4		method @Deprecated public abstract int getStatus(@NonNull String, @NonNull String);
			field @Deprecated public static final int STATUS_NOT_IN_REQUEST_MESSAGE = 3; // 0x3
			field @Deprecated public static final int STATUS_NOT_REQUESTED = 2; // 0x2
			field @Deprecated public static final int STATUS_NO_ACCESS_CONTROL_PROFILES = 6; // 0x6
			field @Deprecated public static final int STATUS_NO_SUCH_ENTRY = 1; // 0x1
			field @Deprecated public static final int STATUS_OK = 0; // 0x0
			field @Deprecated public static final int STATUS_READER_AUTHENTICATION_FAILED = 5; // 0x5
			field @Deprecated public static final int STATUS_USER_AUTHENTICATION_FAILED = 4; // 0x4
	}		}

	public class SessionTranscriptMismatchException extends android.security.identity.IdentityCredentialException {		public class SessionTranscriptMismatchException extends android.security.identity.IdentityCredentialException {

core/java/android/content/pm/PackageManager.java

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -2485,6 +2485,8 @@ public abstract class PackageManager {
	* API shipped in Android 11.		* API shipped in Android 11.
	* <li><code>202101</code>: corresponds to the features included in the Identity Credential		* <li><code>202101</code>: corresponds to the features included in the Identity Credential
	* API shipped in Android 12.		* API shipped in Android 12.
			* <li><code>202201</code>: corresponds to the features included in the Identity Credential
			* API shipped in Android 13.
	* </ul>		* </ul>
	*/		*/
	@SdkConstant(SdkConstantType.FEATURE)		@SdkConstant(SdkConstantType.FEATURE)

core/java/android/hardware/biometrics/BiometricPrompt.java

+24 −2

Original line number	Original line	Diff line number	Diff line
	@@ -38,6 +38,7 @@ import android.os.Parcel;
	import android.os.RemoteException;		import android.os.RemoteException;
	import android.os.ServiceManager;		import android.os.ServiceManager;
	import android.security.identity.IdentityCredential;		import android.security.identity.IdentityCredential;
			import android.security.identity.PresentationSession;
	import android.security.keystore.KeyProperties;		import android.security.keystore.KeyProperties;
	import android.text.TextUtils;		import android.text.TextUtils;
	import android.util.Log;		import android.util.Log;
	@@ -653,8 +654,8 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan
	/**		/**
	* A wrapper class for the cryptographic operations supported by BiometricPrompt.		* A wrapper class for the cryptographic operations supported by BiometricPrompt.
	*		*
	* <p>Currently the framework supports {@link Signature}, {@link Cipher}, {@link Mac}, and		* <p>Currently the framework supports {@link Signature}, {@link Cipher}, {@link Mac},
	* {@link IdentityCredential}.		* {@link IdentityCredential}, and {@link PresentationSession}.
	*		*
	* <p>Cryptographic operations in Android can be split into two categories: auth-per-use and		* <p>Cryptographic operations in Android can be split into two categories: auth-per-use and
	* time-based. This is specified during key creation via the timeout parameter of the		* time-based. This is specified during key creation via the timeout parameter of the
	@@ -684,10 +685,21 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan
	super(mac);		super(mac);
	}		}

			/**
			* Create from a {@link IdentityCredential} object.
			*
			* @param credential a {@link IdentityCredential} object.
			* @deprecated Use {@link PresentationSession} instead of {@link IdentityCredential}.
			*/
			@Deprecated
	public CryptoObject(@NonNull IdentityCredential credential) {		public CryptoObject(@NonNull IdentityCredential credential) {
	super(credential);		super(credential);
	}		}

			public CryptoObject(@NonNull PresentationSession session) {
			super(session);
			}

	/**		/**
	* Get {@link Signature} object.		* Get {@link Signature} object.
	* @return {@link Signature} object or null if this doesn't contain one.		* @return {@link Signature} object or null if this doesn't contain one.
	@@ -715,10 +727,20 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan
	/**		/**
	* Get {@link IdentityCredential} object.		* Get {@link IdentityCredential} object.
	* @return {@link IdentityCredential} object or null if this doesn't contain one.		* @return {@link IdentityCredential} object or null if this doesn't contain one.
			* @deprecated Use {@link PresentationSession} instead of {@link IdentityCredential}.
	*/		*/
			@Deprecated
	public @Nullable IdentityCredential getIdentityCredential() {		public @Nullable IdentityCredential getIdentityCredential() {
	return super.getIdentityCredential();		return super.getIdentityCredential();
	}		}

			/**
			* Get {@link PresentationSession} object.
			* @return {@link PresentationSession} object or null if this doesn't contain one.
			*/
			public @Nullable PresentationSession getPresentationSession() {
			return super.getPresentationSession();
			}
	}		}

	/**		/**

core/java/android/hardware/biometrics/CryptoObject.java

+26 −2

Original line number	Original line	Diff line number	Diff line
	@@ -18,6 +18,7 @@ package android.hardware.biometrics;

	import android.annotation.NonNull;		import android.annotation.NonNull;
	import android.security.identity.IdentityCredential;		import android.security.identity.IdentityCredential;
			import android.security.identity.PresentationSession;
	import android.security.keystore2.AndroidKeyStoreProvider;		import android.security.keystore2.AndroidKeyStoreProvider;

	import java.security.Signature;		import java.security.Signature;
	@@ -27,8 +28,8 @@ import javax.crypto.Mac;

	/**		/**
	* A wrapper class for the crypto objects supported by BiometricPrompt and FingerprintManager.		* A wrapper class for the crypto objects supported by BiometricPrompt and FingerprintManager.
	* Currently the framework supports {@link Signature}, {@link Cipher}, {@link Mac} and		* Currently the framework supports {@link Signature}, {@link Cipher}, {@link Mac},
	* {@link IdentityCredential} objects.		* {@link IdentityCredential}, and {@link PresentationSession} objects.
	* @hide		* @hide
	*/		*/
	public class CryptoObject {		public class CryptoObject {
	@@ -46,10 +47,21 @@ public class CryptoObject {
	mCrypto = mac;		mCrypto = mac;
	}		}

			/**
			* Create from a {@link IdentityCredential} object.
			*
			* @param credential a {@link IdentityCredential} object.
			* @deprecated Use {@link PresentationSession} instead of {@link IdentityCredential}.
			*/
			@Deprecated
	public CryptoObject(@NonNull IdentityCredential credential) {		public CryptoObject(@NonNull IdentityCredential credential) {
	mCrypto = credential;		mCrypto = credential;
	}		}

			public CryptoObject(@NonNull PresentationSession session) {
			mCrypto = session;
			}

	/**		/**
	* Get {@link Signature} object.		* Get {@link Signature} object.
	* @return {@link Signature} object or null if this doesn't contain one.		* @return {@link Signature} object or null if this doesn't contain one.
	@@ -77,11 +89,21 @@ public class CryptoObject {
	/**		/**
	* Get {@link IdentityCredential} object.		* Get {@link IdentityCredential} object.
	* @return {@link IdentityCredential} object or null if this doesn't contain one.		* @return {@link IdentityCredential} object or null if this doesn't contain one.
			* @deprecated Use {@link PresentationSession} instead of {@link IdentityCredential}.
	*/		*/
			@Deprecated
	public IdentityCredential getIdentityCredential() {		public IdentityCredential getIdentityCredential() {
	return mCrypto instanceof IdentityCredential ? (IdentityCredential) mCrypto : null;		return mCrypto instanceof IdentityCredential ? (IdentityCredential) mCrypto : null;
	}		}

			/**
			* Get {@link PresentationSession} object.
			* @return {@link PresentationSession} object or null if this doesn't contain one.
			*/
			public PresentationSession getPresentationSession() {
			return mCrypto instanceof PresentationSession ? (PresentationSession) mCrypto : null;
			}

	/**		/**
	* @hide		* @hide
	* @return the opId associated with this object or 0 if none		* @return the opId associated with this object or 0 if none
	@@ -91,6 +113,8 @@ public class CryptoObject {
	return 0;		return 0;
	} else if (mCrypto instanceof IdentityCredential) {		} else if (mCrypto instanceof IdentityCredential) {
	return ((IdentityCredential) mCrypto).getCredstoreOperationHandle();		return ((IdentityCredential) mCrypto).getCredstoreOperationHandle();
			} else if (mCrypto instanceof PresentationSession) {
			return ((PresentationSession) mCrypto).getCredstoreOperationHandle();
	}		}
	return AndroidKeyStoreProvider.getKeyStoreOperationHandle(mCrypto);		return AndroidKeyStoreProvider.getKeyStoreOperationHandle(mCrypto);
	}		}

core/java/android/hardware/fingerprint/FingerprintManager.java

+12 −0

Original line number	Original line	Diff line number	Diff line
	@@ -58,6 +58,7 @@ import android.os.PowerManager;
	import android.os.RemoteException;		import android.os.RemoteException;
	import android.os.UserHandle;		import android.os.UserHandle;
	import android.security.identity.IdentityCredential;		import android.security.identity.IdentityCredential;
			import android.security.identity.PresentationSession;
	import android.util.Slog;		import android.util.Slog;
	import android.view.Surface;		import android.view.Surface;

	@@ -264,10 +265,21 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
	* Get {@link IdentityCredential} object.		* Get {@link IdentityCredential} object.
	* @return {@link IdentityCredential} object or null if this doesn't contain one.		* @return {@link IdentityCredential} object or null if this doesn't contain one.
	* @hide		* @hide
			* @deprecated Use {@link PresentationSession} instead of {@link IdentityCredential}.
	*/		*/
			@Deprecated
	public IdentityCredential getIdentityCredential() {		public IdentityCredential getIdentityCredential() {
	return super.getIdentityCredential();		return super.getIdentityCredential();
	}		}

			/**
			* Get {@link PresentationSession} object.
			* @return {@link PresentationSession} object or null if this doesn't contain one.
			* @hide
			*/
			public PresentationSession getPresentationSession() {
			return super.getPresentationSession();
			}
	}		}

	/**		/**