Loading core/api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -6920,6 +6920,7 @@ package android.app.admin { method public int getGlobalPrivateDnsMode(@NonNull android.content.ComponentName); method @NonNull public java.util.List<byte[]> getInstalledCaCerts(@Nullable android.content.ComponentName); method @Nullable public java.util.List<java.lang.String> getKeepUninstalledPackages(@Nullable android.content.ComponentName); method @NonNull public java.util.Set<java.util.Set<java.lang.String>> getKeyPairGrants(@NonNull String); method public int getKeyguardDisabledFeatures(@Nullable android.content.ComponentName); method public int getLockTaskFeatures(@NonNull android.content.ComponentName); method @NonNull public String[] getLockTaskPackages(@NonNull android.content.ComponentName); core/java/android/app/admin/DevicePolicyManager.java +45 −1 Original line number Diff line number Diff line Loading @@ -5758,7 +5758,6 @@ public class DevicePolicyManager { return null; } /** * Called by a device or profile owner, or delegated certificate chooser (an app that has been * delegated the {@link #DELEGATION_CERT_SELECTION} privilege), to grant an application access Loading Loading @@ -5794,6 +5793,51 @@ public class DevicePolicyManager { return false; } /** * Called by a device or profile owner, or delegated certificate chooser (an app that has been * delegated the {@link #DELEGATION_CERT_SELECTION} privilege), to query which apps have access * to a given KeyChain key. * * Key are granted on a per-UID basis, so if several apps share the same UID, granting access to * one of them automatically grants it to others. This method returns a set of sets of package * names, where each internal set contains all packages sharing the same UID. Grantee packages * that don't share UID with other packages are represented by singleton sets. * * @param alias The alias of the key to grant access to. * @return package names of apps that have access to a given key, grouped by UIDs * * @throws SecurityException if the caller is not a device owner, a profile owner or * delegated certificate chooser. * @throws IllegalArgumentException if {@code alias} doesn't correspond to an existing key. * * @see #grantKeyPairToApp(ComponentName, String, String) */ public @NonNull Set<Set<String>> getKeyPairGrants(@NonNull String alias) { throwIfParentInstance("getKeyPairGrants"); try { // Set of sets is flattened into a null-separated list. final List<String> flattened = mService.getKeyPairGrants(mContext.getPackageName(), alias); final Set<Set<String>> result = new HashSet<>(); Set<String> pkgsForOneUid = new HashSet<>(); for (final String pkg : flattened) { if (pkg == null) { result.add(pkgsForOneUid); pkgsForOneUid = new HashSet<>(); } else { pkgsForOneUid.add(pkg); } } if (!pkgsForOneUid.isEmpty()) { result.add(pkgsForOneUid); } return result; } catch (RemoteException e) { e.rethrowFromSystemServer(); } return null; } /** * Called by a device or profile owner, or delegated certificate chooser (an app that has been * delegated the {@link #DELEGATION_CERT_SELECTION} privilege), to revoke an application's Loading core/java/android/app/admin/IDevicePolicyManager.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -471,6 +471,7 @@ interface IDevicePolicyManager { boolean startViewCalendarEventInManagedProfile(String packageName, long eventId, long start, long end, boolean allDay, int flags); boolean setKeyGrantForApp(in ComponentName admin, String callerPackage, String alias, String packageName, boolean hasGrant); List<String> getKeyPairGrants(in String callerPackage, in String alias); void setUserControlDisabledPackages(in ComponentName admin, in List<String> packages); Loading keystore/java/android/security/IKeyChainService.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,7 @@ interface IKeyChainService { in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias, int uid); boolean removeKeyPair(String alias); boolean containsKeyPair(String alias); int[] getGrants(String alias); // APIs used by Settings boolean deleteCaCertificate(String alias); Loading services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +7 −0 Original line number Diff line number Diff line Loading @@ -22,6 +22,8 @@ import android.util.Slog; import com.android.server.SystemService; import java.util.List; /** * Defines the required interface for IDevicePolicyManager implemenation. * Loading Loading @@ -101,4 +103,9 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { public boolean canProfileOwnerResetPasswordWhenLocked(int userId) { return false; } public List<String> getKeyPairGrants(String callerPackage, String alias) { // STOPSHIP: implement delegation code in ArcDevicePolicyManagerWrapperService & nuke this. return null; } } Loading
core/api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -6920,6 +6920,7 @@ package android.app.admin { method public int getGlobalPrivateDnsMode(@NonNull android.content.ComponentName); method @NonNull public java.util.List<byte[]> getInstalledCaCerts(@Nullable android.content.ComponentName); method @Nullable public java.util.List<java.lang.String> getKeepUninstalledPackages(@Nullable android.content.ComponentName); method @NonNull public java.util.Set<java.util.Set<java.lang.String>> getKeyPairGrants(@NonNull String); method public int getKeyguardDisabledFeatures(@Nullable android.content.ComponentName); method public int getLockTaskFeatures(@NonNull android.content.ComponentName); method @NonNull public String[] getLockTaskPackages(@NonNull android.content.ComponentName);
core/java/android/app/admin/DevicePolicyManager.java +45 −1 Original line number Diff line number Diff line Loading @@ -5758,7 +5758,6 @@ public class DevicePolicyManager { return null; } /** * Called by a device or profile owner, or delegated certificate chooser (an app that has been * delegated the {@link #DELEGATION_CERT_SELECTION} privilege), to grant an application access Loading Loading @@ -5794,6 +5793,51 @@ public class DevicePolicyManager { return false; } /** * Called by a device or profile owner, or delegated certificate chooser (an app that has been * delegated the {@link #DELEGATION_CERT_SELECTION} privilege), to query which apps have access * to a given KeyChain key. * * Key are granted on a per-UID basis, so if several apps share the same UID, granting access to * one of them automatically grants it to others. This method returns a set of sets of package * names, where each internal set contains all packages sharing the same UID. Grantee packages * that don't share UID with other packages are represented by singleton sets. * * @param alias The alias of the key to grant access to. * @return package names of apps that have access to a given key, grouped by UIDs * * @throws SecurityException if the caller is not a device owner, a profile owner or * delegated certificate chooser. * @throws IllegalArgumentException if {@code alias} doesn't correspond to an existing key. * * @see #grantKeyPairToApp(ComponentName, String, String) */ public @NonNull Set<Set<String>> getKeyPairGrants(@NonNull String alias) { throwIfParentInstance("getKeyPairGrants"); try { // Set of sets is flattened into a null-separated list. final List<String> flattened = mService.getKeyPairGrants(mContext.getPackageName(), alias); final Set<Set<String>> result = new HashSet<>(); Set<String> pkgsForOneUid = new HashSet<>(); for (final String pkg : flattened) { if (pkg == null) { result.add(pkgsForOneUid); pkgsForOneUid = new HashSet<>(); } else { pkgsForOneUid.add(pkg); } } if (!pkgsForOneUid.isEmpty()) { result.add(pkgsForOneUid); } return result; } catch (RemoteException e) { e.rethrowFromSystemServer(); } return null; } /** * Called by a device or profile owner, or delegated certificate chooser (an app that has been * delegated the {@link #DELEGATION_CERT_SELECTION} privilege), to revoke an application's Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -471,6 +471,7 @@ interface IDevicePolicyManager { boolean startViewCalendarEventInManagedProfile(String packageName, long eventId, long start, long end, boolean allDay, int flags); boolean setKeyGrantForApp(in ComponentName admin, String callerPackage, String alias, String packageName, boolean hasGrant); List<String> getKeyPairGrants(in String callerPackage, in String alias); void setUserControlDisabledPackages(in ComponentName admin, in List<String> packages); Loading
keystore/java/android/security/IKeyChainService.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,7 @@ interface IKeyChainService { in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias, int uid); boolean removeKeyPair(String alias); boolean containsKeyPair(String alias); int[] getGrants(String alias); // APIs used by Settings boolean deleteCaCertificate(String alias); Loading
services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +7 −0 Original line number Diff line number Diff line Loading @@ -22,6 +22,8 @@ import android.util.Slog; import com.android.server.SystemService; import java.util.List; /** * Defines the required interface for IDevicePolicyManager implemenation. * Loading Loading @@ -101,4 +103,9 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { public boolean canProfileOwnerResetPasswordWhenLocked(int userId) { return false; } public List<String> getKeyPairGrants(String callerPackage, String alias) { // STOPSHIP: implement delegation code in ArcDevicePolicyManagerWrapperService & nuke this. return null; } }
