Merge "Add Framework APIs for Identity Credential." (70485380) · Commits · e / os / android_frameworks_base

Android.bp

+11 −0

Original line number	Diff line number	Diff line
		@@ -73,6 +73,14 @@ filegroup {
		path: "graphics/java",
		}

		filegroup {
		name: "framework-identity-sources",
		srcs: [
		"identity/java/*/.java",
		],
		path: "identity/java",
		}

		filegroup {
		name: "framework-keystore-sources",
		srcs: [
		@@ -217,6 +225,7 @@ filegroup {
		":framework-drm-sources",
		":framework-graphics-sources",
		":framework-keystore-sources",
		":framework-identity-sources",
		":framework-location-sources",
		":framework-lowpan-sources",
		":framework-media-sources",
		@@ -239,6 +248,7 @@ filegroup {
		":platform-compat-native-aidl",

		// AIDL sources from external directories
		":credstore_aidl",
		":dumpstate_aidl",
		":framework_native_aidl",
		":gatekeeper_aidl",
		@@ -290,6 +300,7 @@ java_defaults {
		"core/java",
		"drm/java",
		"graphics/java",
		"identity/java",
		"keystore/java",
		"location/java",
		"lowpan/java",

api/current.txt

+137 −0

Original line number	Diff line number	Diff line
		@@ -16637,7 +16637,9 @@ package android.hardware.biometrics {
		ctor public BiometricPrompt.CryptoObject(@NonNull java.security.Signature);
		ctor public BiometricPrompt.CryptoObject(@NonNull javax.crypto.Cipher);
		ctor public BiometricPrompt.CryptoObject(@NonNull javax.crypto.Mac);
		ctor public BiometricPrompt.CryptoObject(@NonNull android.security.identity.IdentityCredential);
		method public javax.crypto.Cipher getCipher();
		method @Nullable public android.security.identity.IdentityCredential getIdentityCredential();
		method public javax.crypto.Mac getMac();
		method public java.security.Signature getSignature();
		}
		@@ -17575,7 +17577,9 @@ package android.hardware.fingerprint {
		ctor @Deprecated public FingerprintManager.CryptoObject(@NonNull java.security.Signature);
		ctor @Deprecated public FingerprintManager.CryptoObject(@NonNull javax.crypto.Cipher);
		ctor @Deprecated public FingerprintManager.CryptoObject(@NonNull javax.crypto.Mac);
		ctor @Deprecated public FingerprintManager.CryptoObject(@NonNull android.security.identity.IdentityCredential);
		method @Deprecated public javax.crypto.Cipher getCipher();
		method @Deprecated @Nullable public android.security.identity.IdentityCredential getIdentityCredential();
		method @Deprecated public javax.crypto.Mac getMac();
		method @Deprecated public java.security.Signature getSignature();
		}
		@@ -41059,6 +41063,139 @@ package android.security {

		}

		package android.security.identity {

		public class AccessControlProfile {
		}

		public static final class AccessControlProfile.Builder {
		ctor public AccessControlProfile.Builder(@NonNull android.security.identity.AccessControlProfileId);
		method @NonNull public android.security.identity.AccessControlProfile build();
		method @NonNull public android.security.identity.AccessControlProfile.Builder setReaderCertificate(@NonNull java.security.cert.X509Certificate);
		method @NonNull public android.security.identity.AccessControlProfile.Builder setUserAuthenticationRequired(boolean);
		method @NonNull public android.security.identity.AccessControlProfile.Builder setUserAuthenticationTimeout(long);
		}

		public class AccessControlProfileId {
		ctor public AccessControlProfileId(int);
		method public int getId();
		}

		public class AlreadyPersonalizedException extends android.security.identity.IdentityCredentialException {
		ctor public AlreadyPersonalizedException(@NonNull String);
		ctor public AlreadyPersonalizedException(@NonNull String, @NonNull Throwable);
		}

		public class CipherSuiteNotSupportedException extends android.security.identity.IdentityCredentialException {
		ctor public CipherSuiteNotSupportedException(@NonNull String);
		ctor public CipherSuiteNotSupportedException(@NonNull String, @NonNull Throwable);
		}

		public class DocTypeNotSupportedException extends android.security.identity.IdentityCredentialException {
		ctor public DocTypeNotSupportedException(@NonNull String);
		ctor public DocTypeNotSupportedException(@NonNull String, @NonNull Throwable);
		}

		public class EphemeralPublicKeyNotFoundException extends android.security.identity.IdentityCredentialException {
		ctor public EphemeralPublicKeyNotFoundException(@NonNull String);
		ctor public EphemeralPublicKeyNotFoundException(@NonNull String, @NonNull Throwable);
		}

		public abstract class IdentityCredential {
		method @NonNull public abstract java.security.KeyPair createEphemeralKeyPair();
		method @NonNull public abstract byte[] decryptMessageFromReader(@NonNull byte[]) throws android.security.identity.MessageDecryptionException;
		method @NonNull public abstract byte[] encryptMessageToReader(@NonNull byte[]);
		method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getAuthKeysNeedingCertification();
		method @NonNull public abstract int[] getAuthenticationDataUsageCount();
		method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getCredentialKeyCertificateChain();
		method @NonNull public abstract android.security.identity.ResultData getEntries(@Nullable byte[], @NonNull java.util.Map<java.lang.String,java.util.Collection<java.lang.String>>, @Nullable byte[], @Nullable byte[]) throws android.security.identity.EphemeralPublicKeyNotFoundException, android.security.identity.InvalidReaderSignatureException, android.security.identity.InvalidRequestMessageException, android.security.identity.NoAuthenticationKeyAvailableException, android.security.identity.SessionTranscriptMismatchException;
		method public abstract void setAllowUsingExhaustedKeys(boolean);
		method public abstract void setAvailableAuthenticationKeys(int, int);
		method public abstract void setReaderEphemeralPublicKey(@NonNull java.security.PublicKey) throws java.security.InvalidKeyException;
		method public abstract void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;
		}

		public class IdentityCredentialException extends java.lang.Exception {
		ctor public IdentityCredentialException(@NonNull String);
		ctor public IdentityCredentialException(@NonNull String, @NonNull Throwable);
		}

		public abstract class IdentityCredentialStore {
		method @NonNull public abstract android.security.identity.WritableIdentityCredential createCredential(@NonNull String, @NonNull String) throws android.security.identity.AlreadyPersonalizedException, android.security.identity.DocTypeNotSupportedException;
		method @Nullable public abstract byte[] deleteCredentialByName(@NonNull String);
		method @Nullable public abstract android.security.identity.IdentityCredential getCredentialByName(@NonNull String, int) throws android.security.identity.CipherSuiteNotSupportedException;
		method @Nullable public static android.security.identity.IdentityCredentialStore getDirectAccessInstance(@NonNull android.content.Context);
		method @Nullable public static android.security.identity.IdentityCredentialStore getInstance(@NonNull android.content.Context);
		method @NonNull public abstract String[] getSupportedDocTypes();
		field public static final int CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 = 1; // 0x1
		}

		public class InvalidReaderSignatureException extends android.security.identity.IdentityCredentialException {
		ctor public InvalidReaderSignatureException(@NonNull String);
		ctor public InvalidReaderSignatureException(@NonNull String, @NonNull Throwable);
		}

		public class InvalidRequestMessageException extends android.security.identity.IdentityCredentialException {
		ctor public InvalidRequestMessageException(@NonNull String);
		ctor public InvalidRequestMessageException(@NonNull String, @NonNull Throwable);
		}

		public class MessageDecryptionException extends android.security.identity.IdentityCredentialException {
		ctor public MessageDecryptionException(@NonNull String);
		ctor public MessageDecryptionException(@NonNull String, @NonNull Throwable);
		}

		public class NoAuthenticationKeyAvailableException extends android.security.identity.IdentityCredentialException {
		ctor public NoAuthenticationKeyAvailableException(@NonNull String);
		ctor public NoAuthenticationKeyAvailableException(@NonNull String, @NonNull Throwable);
		}

		public class PersonalizationData {
		}

		public static final class PersonalizationData.Builder {
		ctor public PersonalizationData.Builder();
		method @NonNull public android.security.identity.PersonalizationData.Builder addAccessControlProfile(@NonNull android.security.identity.AccessControlProfile);
		method @NonNull public android.security.identity.PersonalizationData build();
		method @NonNull public android.security.identity.PersonalizationData.Builder setEntry(@NonNull String, @NonNull String, @NonNull java.util.Collection<android.security.identity.AccessControlProfileId>, @NonNull byte[]);
		}

		public abstract class ResultData {
		method @NonNull public abstract byte[] getAuthenticatedData();
		method @Nullable public abstract byte[] getEntry(@NonNull String, @NonNull String);
		method @Nullable public abstract java.util.Collection<java.lang.String> getEntryNames(@NonNull String);
		method @Nullable public abstract byte[] getMessageAuthenticationCode();
		method @NonNull public abstract java.util.Collection<java.lang.String> getNamespaceNames();
		method @Nullable public abstract java.util.Collection<java.lang.String> getRetrievedEntryNames(@NonNull String);
		method @NonNull public abstract byte[] getStaticAuthenticationData();
		method public abstract int getStatus(@NonNull String, @NonNull String);
		field public static final int STATUS_NOT_IN_REQUEST_MESSAGE = 3; // 0x3
		field public static final int STATUS_NOT_REQUESTED = 2; // 0x2
		field public static final int STATUS_NO_ACCESS_CONTROL_PROFILES = 6; // 0x6
		field public static final int STATUS_NO_SUCH_ENTRY = 1; // 0x1
		field public static final int STATUS_OK = 0; // 0x0
		field public static final int STATUS_READER_AUTHENTICATION_FAILED = 5; // 0x5
		field public static final int STATUS_USER_AUTHENTICATION_FAILED = 4; // 0x4
		}

		public class SessionTranscriptMismatchException extends android.security.identity.IdentityCredentialException {
		ctor public SessionTranscriptMismatchException(@NonNull String);
		ctor public SessionTranscriptMismatchException(@NonNull String, @NonNull Throwable);
		}

		public class UnknownAuthenticationKeyException extends android.security.identity.IdentityCredentialException {
		ctor public UnknownAuthenticationKeyException(@NonNull String);
		ctor public UnknownAuthenticationKeyException(@NonNull String, @NonNull Throwable);
		}

		public abstract class WritableIdentityCredential {
		ctor public WritableIdentityCredential();
		method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getCredentialKeyCertificateChain(@NonNull byte[]);
		method @NonNull public abstract byte[] personalize(@NonNull android.security.identity.PersonalizationData);
		}

		}

		package android.security.keystore {

		public class KeyExpiredException extends java.security.InvalidKeyException {

core/java/android/hardware/biometrics/BiometricPrompt.java

+13 −0

Original line number	Diff line number	Diff line
		@@ -32,6 +32,7 @@ import android.os.CancellationSignal;
		import android.os.IBinder;
		import android.os.RemoteException;
		import android.os.ServiceManager;
		import android.security.identity.IdentityCredential;
		import android.text.TextUtils;
		import android.util.Log;

		@@ -401,6 +402,10 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan
		super(mac);
		}

		public CryptoObject(@NonNull IdentityCredential credential) {
		super(credential);
		}

		/**
		* Get {@link Signature} object.
		* @return {@link Signature} object or null if this doesn't contain one.
		@@ -424,6 +429,14 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan
		public Mac getMac() {
		return super.getMac();
		}

		/**
		* Get {@link IdentityCredential} object.
		* @return {@link IdentityCredential} object or null if this doesn't contain one.
		*/
		public @Nullable IdentityCredential getIdentityCredential() {
		return super.getIdentityCredential();
		}
		}

		/**

core/java/android/hardware/biometrics/CryptoObject.java

+21 −3

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		package android.hardware.biometrics;

		import android.annotation.NonNull;
		import android.security.identity.IdentityCredential;
		import android.security.keystore.AndroidKeyStoreProvider;

		import java.security.Signature;
		@@ -26,7 +27,8 @@ import javax.crypto.Mac;

		/**
		* A wrapper class for the crypto objects supported by BiometricPrompt and FingerprintManager.
		* Currently the framework supports {@link Signature}, {@link Cipher} and {@link Mac} objects.
		* Currently the framework supports {@link Signature}, {@link Cipher}, {@link Mac} and
		* {@link IdentityCredential} objects.
		* @hide
		*/
		public class CryptoObject {
		@@ -44,6 +46,10 @@ public class CryptoObject {
		mCrypto = mac;
		}

		public CryptoObject(@NonNull IdentityCredential credential) {
		mCrypto = credential;
		}

		/**
		* Get {@link Signature} object.
		* @return {@link Signature} object or null if this doesn't contain one.
		@@ -68,12 +74,24 @@ public class CryptoObject {
		return mCrypto instanceof Mac ? (Mac) mCrypto : null;
		}

		/**
		* Get {@link IdentityCredential} object.
		* @return {@link IdentityCredential} object or null if this doesn't contain one.
		*/
		public IdentityCredential getIdentityCredential() {
		return mCrypto instanceof IdentityCredential ? (IdentityCredential) mCrypto : null;
		}

		/**
		* @hide
		* @return the opId associated with this object or 0 if none
		*/
		public final long getOpId() {
		return mCrypto != null
		? AndroidKeyStoreProvider.getKeyStoreOperationHandle(mCrypto) : 0;
		if (mCrypto == null) {
		return 0;
		} else if (mCrypto instanceof IdentityCredential) {
		return ((IdentityCredential) mCrypto).getCredstoreOperationHandle();
		}
		return AndroidKeyStoreProvider.getKeyStoreOperationHandle(mCrypto);
		}
		};

core/java/android/hardware/fingerprint/FingerprintManager.java

+13 −0

Original line number	Diff line number	Diff line
		@@ -44,6 +44,7 @@ import android.os.Looper;
		import android.os.PowerManager;
		import android.os.RemoteException;
		import android.os.UserHandle;
		import android.security.identity.IdentityCredential;
		import android.util.Slog;

		import java.security.Signature;
		@@ -125,6 +126,10 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
		super(mac);
		}

		public CryptoObject(@NonNull IdentityCredential credential) {
		super(credential);
		}

		/**
		* Get {@link Signature} object.
		* @return {@link Signature} object or null if this doesn't contain one.
		@@ -148,6 +153,14 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
		public Mac getMac() {
		return super.getMac();
		}

		/**
		* Get {@link IdentityCredential} object.
		* @return {@link IdentityCredential} object or null if this doesn't contain one.
		*/
		public @Nullable IdentityCredential getIdentityCredential() {
		return super.getIdentityCredential();
		}
		}

		/**