Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 685bbb18 authored by Pavel Grafov's avatar Pavel Grafov
Browse files

Allow WiFi module to request grants from KeyChain 

Bug: 160457441
Test: atest MixedDeviceOwnerTest#testAddNetworkWithKeychainKey_granted
Test: atest MixedDeviceOwnerTest#testAddNetworkWithKeychainKey_notGranted
Test: atest MixedManagedProfileOwnerTest#testAddNetworkWithKeychainKey_granted
Change-Id: I89d753f9000ef2616ffbe3df11c003ac54ddee26
parent bf528538

core/api/system-current.txt

+9 −0
Original line number Diff line number Diff line
@@ -9218,6 +9218,15 @@ package android.se.omapi { 














}



























package android.security {

























  public final class KeyChain {













    method @Nullable @WorkerThread public static String getWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String);













    method @WorkerThread public static boolean hasWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String);













  }

























}



























package android.security.keystore {





























  public class AndroidKeyStoreProvider extends java.security.Provider {

























keystore/java/android/security/IKeyChainService.aidl



+3
−0




























Original line number
Diff line number
Diff line








@@ -68,4 +68,7 @@ interface IKeyChainService {













    // APIs used by KeyChainActivity















    void setGrant(int uid, String alias, boolean value);















    boolean hasGrant(int uid, String alias);



























    // API used by Wifi













    String getWifiKeyGrantAsUser(String alias);















}
























keystore/java/android/security/KeyChain.java



+49
−0




























Original line number
Diff line number
Diff line








@@ -23,6 +23,7 @@ import android.annotation.Nullable;













import android.annotation.RequiresPermission;















import android.annotation.SdkConstant;















import android.annotation.SdkConstant.SdkConstantType;













import android.annotation.SystemApi;















import android.annotation.TestApi;















import android.annotation.WorkerThread;















import android.app.Activity;










@@ -1012,6 +1013,54 @@ public final class KeyChain {













        return bindAsUser(context, null, user);















    }





























    /**













     * Returns a persistable grant string that allows WiFi stack to access the key using Keystore













     * SSL engine.













     *













     * @return grant string or null if key is not granted or doesn't exist.













     *













     * The key should be granted to Process.WIFI_UID.













     * @hide













     */













    @SystemApi













    @Nullable













    @WorkerThread













    public static String getWifiKeyGrantAsUser(













            @NonNull Context context, @NonNull UserHandle user, @NonNull String alias) {













        try (KeyChainConnection keyChainConnection =













                     bindAsUser(context.getApplicationContext(), user)) {













            return keyChainConnection.getService().getWifiKeyGrantAsUser(alias);













        } catch (RemoteException | RuntimeException e) {













            Log.i(LOG, "Couldn't get grant for wifi", e);













            return null;













        } catch (InterruptedException e) {













            Thread.currentThread().interrupt();













            Log.i(LOG, "Interrupted while getting grant for wifi", e);













            return null;













        }













    }



























    /**













     * Returns whether the key is granted to WiFi stack.













     * @hide













     */













    @SystemApi













    @WorkerThread













    public static boolean hasWifiKeyGrantAsUser(













            @NonNull Context context, @NonNull UserHandle user, @NonNull String alias) {













        try (KeyChainConnection keyChainConnection =













                     bindAsUser(context.getApplicationContext(), user)) {













            return keyChainConnection.getService().hasGrant(Process.WIFI_UID, alias);













        } catch (RemoteException | RuntimeException e) {













            Log.i(LOG, "Couldn't query grant for wifi", e);













            return false;













        } catch (InterruptedException e) {













            Thread.currentThread().interrupt();













            Log.i(LOG, "Interrupted while querying grant for wifi", e);













            return false;













        }













    }





























    /**















     * Bind to KeyChainService in the target user.















     * Caller should call unbindService on the result when finished.