keystore: Expose @SystemApi's to wifi mainline module (780d1172) · Commits · e / os / android_frameworks_base

api/system-current.txt

+8 −0

Original line number	Diff line number	Diff line
		@@ -6410,6 +6410,10 @@ package android.provider {

		package android.security.keystore {

		public class AndroidKeyStoreProvider extends java.security.Provider {
		method @NonNull public static java.security.KeyStore getKeyStoreForUid(int) throws java.security.KeyStoreException, java.security.NoSuchProviderException;
		}

		public abstract class AttestationUtils {
		method @NonNull @RequiresPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) public static java.security.cert.X509Certificate[] attestDeviceIds(android.content.Context, @NonNull int[], @NonNull byte[]) throws android.security.keystore.DeviceIdAttestationException;
		field public static final int ID_TYPE_IMEI = 2; // 0x2
		@@ -6423,6 +6427,10 @@ package android.security.keystore {
		ctor public DeviceIdAttestationException(@Nullable String, @Nullable Throwable);
		}

		public static final class KeyGenParameterSpec.Builder {
		method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUid(int);
		}

		}

		package android.security.keystore.recovery {

keystore/java/android/security/keystore/AndroidKeyStoreProvider.java

+13 −1

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		package android.security.keystore;

		import android.annotation.NonNull;
		import android.annotation.SystemApi;
		import android.annotation.UnsupportedAppUsage;
		import android.security.KeyStore;
		import android.security.keymaster.ExportResult;
		@@ -52,8 +53,9 @@ import javax.crypto.Mac;
		*
		* @hide
		*/
		@SystemApi
		public class AndroidKeyStoreProvider extends Provider {
		public static final String PROVIDER_NAME = "AndroidKeyStore";
		private static final String PROVIDER_NAME = "AndroidKeyStore";

		// IMPLEMENTATION NOTE: Class names are hard-coded in this provider to avoid loading these
		// classes when this provider is instantiated and installed early on during each app's
		@@ -68,6 +70,7 @@ public class AndroidKeyStoreProvider extends Provider {
		private static final String DESEDE_SYSTEM_PROPERTY =
		"ro.hardware.keystore_desede";

		/ @hide /
		public AndroidKeyStoreProvider() {
		super(PROVIDER_NAME, 1.0, "Android KeyStore security provider");

		@@ -111,6 +114,7 @@ public class AndroidKeyStoreProvider extends Provider {
		/**
		* Installs a new instance of this provider (and the
		* {@link AndroidKeyStoreBCWorkaroundProvider}).
		* @hide
		*/
		public static void install() {
		Provider[] providers = Security.getProviders();
		@@ -156,6 +160,7 @@ public class AndroidKeyStoreProvider extends Provider {
		* @throws IllegalArgumentException if the provided primitive is not supported or is not backed
		* by AndroidKeyStore provider.
		* @throws IllegalStateException if the provided primitive is not initialized.
		* @hide
		*/
		@UnsupportedAppUsage
		public static long getKeyStoreOperationHandle(Object cryptoPrimitive) {
		@@ -183,6 +188,7 @@ public class AndroidKeyStoreProvider extends Provider {
		return ((KeyStoreCryptoOperation) spi).getOperationHandle();
		}

		/ @hide /
		@NonNull
		public static AndroidKeyStorePublicKey getAndroidKeyStorePublicKey(
		@NonNull String alias,
		@@ -279,6 +285,7 @@ public class AndroidKeyStoreProvider extends Provider {
		privateKeyAlias, uid, jcaKeyAlgorithm, x509EncodedPublicKey);
		}

		/ @hide /
		@NonNull
		public static AndroidKeyStorePublicKey loadAndroidKeyStorePublicKeyFromKeystore(
		@NonNull KeyStore keyStore, @NonNull String privateKeyAlias, int uid)
		@@ -300,6 +307,7 @@ public class AndroidKeyStoreProvider extends Provider {
		return new KeyPair(publicKey, privateKey);
		}

		/ @hide /
		@NonNull
		public static KeyPair loadAndroidKeyStoreKeyPairFromKeystore(
		@NonNull KeyStore keyStore, @NonNull String privateKeyAlias, int uid)
		@@ -318,6 +326,7 @@ public class AndroidKeyStoreProvider extends Provider {
		return (AndroidKeyStorePrivateKey) keyPair.getPrivate();
		}

		/ @hide /
		@NonNull
		public static AndroidKeyStorePrivateKey loadAndroidKeyStorePrivateKeyFromKeystore(
		@NonNull KeyStore keyStore, @NonNull String privateKeyAlias, int uid)
		@@ -357,6 +366,7 @@ public class AndroidKeyStoreProvider extends Provider {
		return new AndroidKeyStoreSecretKey(secretKeyAlias, uid, keyAlgorithmString);
		}

		/ @hide /
		@NonNull
		public static AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore(
		@NonNull KeyStore keyStore, @NonNull String userKeyAlias, int uid)
		@@ -390,7 +400,9 @@ public class AndroidKeyStoreProvider extends Provider {
		*
		* <p>Note: the returned {@code KeyStore} is already initialized/loaded. Thus, there is
		* no need to invoke {@code load} on it.
		* @hide
		*/
		@SystemApi
		@NonNull
		public static java.security.KeyStore getKeyStoreForUid(int uid)
		throws KeyStoreException, NoSuchProviderException {

keystore/java/android/security/keystore/KeyGenParameterSpec.java

+5 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ package android.security.keystore;
		import android.annotation.IntRange;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.SystemApi;
		import android.annotation.TestApi;
		import android.annotation.UnsupportedAppUsage;
		import android.app.KeyguardManager;
		@@ -808,10 +809,14 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
		/**
		* Sets the UID which will own the key.
		*
		* Such cross-UID access is permitted to a few system UIDs and only to a few other UIDs
		* (e.g., Wi-Fi, VPN) all of which are system.
		*
		* @param uid UID or {@code -1} for the UID of the current process.
		*
		* @hide
		*/
		@SystemApi
		@NonNull
		public Builder setUid(int uid) {
		mUid = uid;