Merge "Remove unimplemented RecoverableKeystoreManager APIs." into pi-dev (a5b29fff) · Commits · e / os / android_frameworks_base

core/java/android/security/keystore/RecoveryController.java

+2 −18

Original line number	Diff line number	Diff line
		@@ -195,17 +195,7 @@ public class RecoveryController {
		*/
		public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions()
		throws InternalRecoveryServiceException {
		try {
		// IPC doesn't support generic Maps.
		@SuppressWarnings("unchecked")
		Map<byte[], Integer> result =
		(Map<byte[], Integer>) mBinder.getRecoverySnapshotVersions();
		return result;
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (ServiceSpecificException e) {
		throw wrapUnexpectedServiceSpecificException(e);
		}
		throw new UnsupportedOperationException();
		}

		/**
		@@ -337,13 +327,7 @@ public class RecoveryController {
		@NonNull
		public @KeychainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes()
		throws InternalRecoveryServiceException {
		try {
		return mBinder.getPendingRecoverySecretTypes();
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (ServiceSpecificException e) {
		throw wrapUnexpectedServiceSpecificException(e);
		}
		throw new UnsupportedOperationException();
		}

		/**

core/java/com/android/internal/widget/ILockSettings.aidl

+0 −2

Original line number	Diff line number	Diff line
		@@ -67,13 +67,11 @@ interface ILockSettings {
		String getKey(String alias);
		void removeKey(String alias);
		void setSnapshotCreatedPendingIntent(in PendingIntent intent);
		Map getRecoverySnapshotVersions();
		void setServerParams(in byte[] serverParams);
		void setRecoveryStatus(in String alias, int status);
		Map getRecoveryStatus();
		void setRecoverySecretTypes(in int[] secretTypes);
		int[] getRecoverySecretTypes();
		int[] getPendingRecoverySecretTypes();
		byte[] startRecoverySession(in String sessionId,
		in byte[] verifierPublicKey, in byte[] vaultParams, in byte[] vaultChallenge,
		in List<KeyChainProtectionParams> secrets);

services/core/java/com/android/server/locksettings/LockSettingsService.java

+11 −17

Original line number	Diff line number	Diff line
		@@ -1990,19 +1990,16 @@ public class LockSettingsService extends ILockSettings.Stub {
		}

		@Override
		public KeyChainSnapshot getKeyChainSnapshot() throws RemoteException {
		public @NonNull KeyChainSnapshot getKeyChainSnapshot() throws RemoteException {
		return mRecoverableKeyStoreManager.getKeyChainSnapshot();
		}

		@Override
		public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent)
		throws RemoteException {
		mRecoverableKeyStoreManager.setSnapshotCreatedPendingIntent(intent);
		}

		public Map getRecoverySnapshotVersions() throws RemoteException {
		return mRecoverableKeyStoreManager.getRecoverySnapshotVersions();
		}

		@Override
		public void setServerParams(byte[] serverParams) throws RemoteException {
		mRecoverableKeyStoreManager.setServerParams(serverParams);
		@@ -2013,7 +2010,8 @@ public class LockSettingsService extends ILockSettings.Stub {
		mRecoverableKeyStoreManager.setRecoveryStatus(alias, status);
		}

		public Map getRecoveryStatus() throws RemoteException {
		@Override
		public @NonNull Map getRecoveryStatus() throws RemoteException {
		return mRecoverableKeyStoreManager.getRecoveryStatus();
		}

		@@ -2024,16 +2022,11 @@ public class LockSettingsService extends ILockSettings.Stub {
		}

		@Override
		public int[] getRecoverySecretTypes() throws RemoteException {
		public @NonNull int[] getRecoverySecretTypes() throws RemoteException {
		return mRecoverableKeyStoreManager.getRecoverySecretTypes();

		}

		@Override
		public int[] getPendingRecoverySecretTypes() throws RemoteException {
		throw new SecurityException("Not implemented");
		}

		@Override
		public byte[] startRecoverySession(@NonNull String sessionId,
		@NonNull byte[] verifierPublicKey, @NonNull byte[] vaultParams,
		@@ -2044,7 +2037,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		}

		@Override
		public byte[] startRecoverySessionWithCertPath(@NonNull String sessionId,
		public @NonNull byte[] startRecoverySessionWithCertPath(@NonNull String sessionId,
		@NonNull String rootCertificateAlias, @NonNull RecoveryCertPath verifierCertPath,
		@NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge,
		@NonNull List<KeyChainProtectionParams> secrets)
		@@ -2054,6 +2047,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		secrets);
		}

		@Override
		public void closeSession(@NonNull String sessionId) throws RemoteException {
		mRecoverableKeyStoreManager.closeSession(sessionId);
		}
		@@ -2068,7 +2062,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		}

		@Override
		public Map<String, byte[]> recoverKeys(@NonNull String sessionId,
		public @NonNull Map<String, byte[]> recoverKeys(@NonNull String sessionId,
		@NonNull byte[] recoveryKeyBlob, @NonNull List<WrappedApplicationKey> applicationKeys)
		throws RemoteException {
		return mRecoverableKeyStoreManager.recoverKeys(sessionId, recoveryKeyBlob, applicationKeys);
		@@ -2085,17 +2079,17 @@ public class LockSettingsService extends ILockSettings.Stub {
		}

		@Override
		public String generateKey(@NonNull String alias) throws RemoteException {
		public @Nullable String generateKey(@NonNull String alias) throws RemoteException {
		return mRecoverableKeyStoreManager.generateKey(alias);
		}

		@Override
		public String importKey(@NonNull String alias, byte[] keyBytes) throws RemoteException {
		public @Nullable String importKey(@NonNull String alias, byte[] keyBytes) throws RemoteException {
		return mRecoverableKeyStoreManager.importKey(alias, keyBytes);
		}

		@Override
		public String getKey(@NonNull String alias) throws RemoteException {
		public @Nullable String getKey(@NonNull String alias) throws RemoteException {
		return mRecoverableKeyStoreManager.getKey(alias);
		}

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+5 −40

Original line number	Diff line number	Diff line
		@@ -317,18 +317,6 @@ public class RecoverableKeyStoreManager {
		mListenersStorage.setSnapshotListener(uid, intent);
		}

		/**
		* Gets recovery snapshot versions for all accounts. Note that snapshot may have 0 application
		* keys, but it still needs to be synced, if previous versions were not empty.
		*
		* @return Map from Recovery agent account to snapshot version.
		*/
		public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions()
		throws RemoteException {
		checkRecoverKeyStorePermission();
		throw new UnsupportedOperationException();
		}

		public void setServerParams(@NonNull byte[] serverParams) throws RemoteException {
		checkRecoverKeyStorePermission();
		int userId = UserHandle.getCallingUserId();
		@@ -391,29 +379,6 @@ public class RecoverableKeyStoreManager {
		Binder.getCallingUid());
		}

		/**
		* Gets secret types RecoveryManagers is waiting for to create new Recovery Data.
		*
		* @return secret types
		* @hide
		*/
		public @NonNull int[] getPendingRecoverySecretTypes() throws RemoteException {
		checkRecoverKeyStorePermission();
		throw new UnsupportedOperationException();
		}

		public void recoverySecretAvailable(
		@NonNull KeyChainProtectionParams recoverySecret) throws RemoteException {
		int uid = Binder.getCallingUid();
		if (recoverySecret.getLockScreenUiFormat() == KeyChainProtectionParams.TYPE_LOCKSCREEN) {
		throw new SecurityException(
		"Caller " + uid + " is not allowed to set lock screen secret");
		}
		checkRecoverKeyStorePermission();
		// TODO: add hook from LockSettingsService to set lock screen secret.
		throw new UnsupportedOperationException();
		}

		/**
		* Initializes recovery session given the X509-encoded public key of the recovery service.
		*
		@@ -549,7 +514,7 @@ public class RecoverableKeyStoreManager {
		* @return Map from alias to raw key material.
		* @throws RemoteException if an error occurred recovering the keys.
		*/
		public Map<String, byte[]> recoverKeys(
		public @NonNull Map<String, byte[]> recoverKeys(
		@NonNull String sessionId,
		@NonNull byte[] encryptedRecoveryKey,
		@NonNull List<WrappedApplicationKey> applicationKeys)
		@@ -643,7 +608,7 @@ public class RecoverableKeyStoreManager {
		* @param alias The alias of the key.
		* @return The alias in the calling process's keystore.
		*/
		private String getAlias(int userId, int uid, String alias) {
		private @Nullable String getAlias(int userId, int uid, String alias) {
		return mApplicationKeyStorage.getGrantAlias(userId, uid, alias);
		}

		@@ -748,7 +713,7 @@ public class RecoverableKeyStoreManager {
		*
		* @hide
		*/
		public String importKey(@NonNull String alias, @NonNull byte[] keyBytes)
		public @Nullable String importKey(@NonNull String alias, @NonNull byte[] keyBytes)
		throws RemoteException {
		checkRecoverKeyStorePermission();
		Preconditions.checkNotNull(alias, "alias is null");
		@@ -795,7 +760,7 @@ public class RecoverableKeyStoreManager {
		*
		* @return grant alias, which caller can use to access the key.
		*/
		public String getKey(@NonNull String alias) throws RemoteException {
		public @Nullable String getKey(@NonNull String alias) throws RemoteException {
		checkRecoverKeyStorePermission();
		Preconditions.checkNotNull(alias, "alias is null");
		int uid = Binder.getCallingUid();
		@@ -847,7 +812,7 @@ public class RecoverableKeyStoreManager {
		* @return Map from alias to raw key material.
		* @throws RemoteException if an error occurred decrypting the keys.
		*/
		private Map<String, byte[]> recoverApplicationKeys(
		private @NonNull Map<String, byte[]> recoverApplicationKeys(
		@NonNull byte[] recoveryKey,
		@NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException {
		HashMap<String, byte[]> keyMaterialByAlias = new HashMap<>();