Loading api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -6451,6 +6451,7 @@ package android.app.admin { method public void setDeviceOwnerLockScreenInfo(android.content.ComponentName, java.lang.CharSequence); method public void setGlobalSetting(android.content.ComponentName, java.lang.String, java.lang.String); method public void setKeepUninstalledPackages(android.content.ComponentName, java.util.List<java.lang.String>); method public boolean setKeyPairCertificate(android.content.ComponentName, java.lang.String, java.util.List<java.security.cert.Certificate>, boolean); method public boolean setKeyguardDisabled(android.content.ComponentName, boolean); method public void setKeyguardDisabledFeatures(android.content.ComponentName, int); method public void setLockTaskFeatures(android.content.ComponentName, int); core/java/android/app/admin/DevicePolicyManager.java +46 −0 Original line number Diff line number Diff line Loading @@ -4174,6 +4174,52 @@ public class DevicePolicyManager { return null; } /** * Called by a device or profile owner, or delegated certificate installer, to associate * certificates with a key pair that was generated using {@link #generateKeyPair}, and * set whether the key is available for the user to choose in the certificate selection * prompt. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with, or * {@code null} if calling from a delegated certificate installer. * @param alias The private key alias under which to install the certificate. The {@code alias} * should denote an existing private key. If a certificate with that alias already * exists, it will be overwritten. * @param certs The certificate chain to install. The chain should start with the leaf * certificate and include the chain of trust in order. This will be returned by * {@link android.security.KeyChain#getCertificateChain}. * @param isUserSelectable {@code true} to indicate that a user can select this key via the * certificate selection prompt, {@code false} to indicate that this key can only be * granted access by implementing * {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}. * @return {@code true} if the provided {@code alias} exists and the certificates has been * successfully associated with it, {@code false} otherwise. * @throws SecurityException if {@code admin} is not {@code null} and not a device or profile * owner, or {@code admin} is null but the calling application is not a delegated * certificate installer. */ public boolean setKeyPairCertificate(@Nullable ComponentName admin, @NonNull String alias, @NonNull List<Certificate> certs, boolean isUserSelectable) { throwIfParentInstance("setKeyPairCertificate"); try { final byte[] pemCert = Credentials.convertToPem(certs.get(0)); byte[] pemChain = null; if (certs.size() > 1) { pemChain = Credentials.convertToPem( certs.subList(1, certs.size()).toArray(new Certificate[0])); } return mService.setKeyPairCertificate(admin, mContext.getPackageName(), alias, pemCert, pemChain, isUserSelectable); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (CertificateException | IOException e) { Log.w(TAG, "Could not pem-encode certificate", e); } return false; } /** * @return the alias of a given CA certificate in the certificate store, or {@code null} if it * doesn't exist. Loading core/java/android/app/admin/IDevicePolicyManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -175,6 +175,8 @@ interface IDevicePolicyManager { boolean generateKeyPair(in ComponentName who, in String callerPackage, in String algorithm, in ParcelableKeyGenParameterSpec keySpec, out KeymasterCertificateChain attestationChain); boolean setKeyPairCertificate(in ComponentName who, in String callerPackage, in String alias, in byte[] certBuffer, in byte[] certChainBuffer, boolean isUserSelectable); void choosePrivateKeyAlias(int uid, in Uri uri, in String alias, IBinder aliasCallback); void setDelegatedScopes(in ComponentName who, in String delegatePackage, in List<String> scopes); Loading keystore/java/android/security/IKeyChainService.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,7 @@ interface IKeyChainService { boolean generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec); boolean attestKey(in String alias, in byte[] challenge, out KeymasterCertificateChain chain); boolean setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain); // APIs used by CertInstaller and DevicePolicyManager String installCaCertificate(in byte[] caCertificate); Loading services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +5 −0 Original line number Diff line number Diff line Loading @@ -91,4 +91,9 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { public boolean isUsingUnifiedPassword(ComponentName who) { return true; } public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias, byte[] cert, byte[] chain, boolean isUserSelectable) { return false; } } Loading
api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -6451,6 +6451,7 @@ package android.app.admin { method public void setDeviceOwnerLockScreenInfo(android.content.ComponentName, java.lang.CharSequence); method public void setGlobalSetting(android.content.ComponentName, java.lang.String, java.lang.String); method public void setKeepUninstalledPackages(android.content.ComponentName, java.util.List<java.lang.String>); method public boolean setKeyPairCertificate(android.content.ComponentName, java.lang.String, java.util.List<java.security.cert.Certificate>, boolean); method public boolean setKeyguardDisabled(android.content.ComponentName, boolean); method public void setKeyguardDisabledFeatures(android.content.ComponentName, int); method public void setLockTaskFeatures(android.content.ComponentName, int);
core/java/android/app/admin/DevicePolicyManager.java +46 −0 Original line number Diff line number Diff line Loading @@ -4174,6 +4174,52 @@ public class DevicePolicyManager { return null; } /** * Called by a device or profile owner, or delegated certificate installer, to associate * certificates with a key pair that was generated using {@link #generateKeyPair}, and * set whether the key is available for the user to choose in the certificate selection * prompt. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with, or * {@code null} if calling from a delegated certificate installer. * @param alias The private key alias under which to install the certificate. The {@code alias} * should denote an existing private key. If a certificate with that alias already * exists, it will be overwritten. * @param certs The certificate chain to install. The chain should start with the leaf * certificate and include the chain of trust in order. This will be returned by * {@link android.security.KeyChain#getCertificateChain}. * @param isUserSelectable {@code true} to indicate that a user can select this key via the * certificate selection prompt, {@code false} to indicate that this key can only be * granted access by implementing * {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}. * @return {@code true} if the provided {@code alias} exists and the certificates has been * successfully associated with it, {@code false} otherwise. * @throws SecurityException if {@code admin} is not {@code null} and not a device or profile * owner, or {@code admin} is null but the calling application is not a delegated * certificate installer. */ public boolean setKeyPairCertificate(@Nullable ComponentName admin, @NonNull String alias, @NonNull List<Certificate> certs, boolean isUserSelectable) { throwIfParentInstance("setKeyPairCertificate"); try { final byte[] pemCert = Credentials.convertToPem(certs.get(0)); byte[] pemChain = null; if (certs.size() > 1) { pemChain = Credentials.convertToPem( certs.subList(1, certs.size()).toArray(new Certificate[0])); } return mService.setKeyPairCertificate(admin, mContext.getPackageName(), alias, pemCert, pemChain, isUserSelectable); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (CertificateException | IOException e) { Log.w(TAG, "Could not pem-encode certificate", e); } return false; } /** * @return the alias of a given CA certificate in the certificate store, or {@code null} if it * doesn't exist. Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -175,6 +175,8 @@ interface IDevicePolicyManager { boolean generateKeyPair(in ComponentName who, in String callerPackage, in String algorithm, in ParcelableKeyGenParameterSpec keySpec, out KeymasterCertificateChain attestationChain); boolean setKeyPairCertificate(in ComponentName who, in String callerPackage, in String alias, in byte[] certBuffer, in byte[] certChainBuffer, boolean isUserSelectable); void choosePrivateKeyAlias(int uid, in Uri uri, in String alias, IBinder aliasCallback); void setDelegatedScopes(in ComponentName who, in String delegatePackage, in List<String> scopes); Loading
keystore/java/android/security/IKeyChainService.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,7 @@ interface IKeyChainService { boolean generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec); boolean attestKey(in String alias, in byte[] challenge, out KeymasterCertificateChain chain); boolean setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain); // APIs used by CertInstaller and DevicePolicyManager String installCaCertificate(in byte[] caCertificate); Loading
services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +5 −0 Original line number Diff line number Diff line Loading @@ -91,4 +91,9 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { public boolean isUsingUnifiedPassword(ComponentName who) { return true; } public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias, byte[] cert, byte[] chain, boolean isUserSelectable) { return false; } }
