Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ac51bf8a authored by Rubin Xu's avatar Rubin Xu
Browse files

[DO NOT MERGE] Rollup changes from R related to CertInstaller and KeyChain 

This change includes the following commits that are related to
CertInstaller and KeyChain:

7a5c8fe4afd KeyChain: Unify manual and programmatic key installation flows
a894225c7da Added functionality to select type of certificate to be installed from the Settings app
a9131939a35 Add KeyChain.KEY_ALIAS_SELECTION_DENIED constant.
485be505f19 Fix KeyChain.KEY_ALIAS_SELECTION_DENIED

Bug: 161347472
Test: builds & manual testing
Change-Id: I560bade479b41a5b88f81ea6dfdecba689c2f4ad
parent 944082ec

api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -41088,6 +41088,7 @@ package android.security { 
    field public static final String EXTRA_KEY_ALIAS = "android.security.extra.KEY_ALIAS";

    field public static final String EXTRA_NAME = "name";

    field public static final String EXTRA_PKCS12 = "PKCS12";

    field public static final String KEY_ALIAS_SELECTION_DENIED = "android:alias-selection-denied";

  }















  public interface KeyChainAliasCallback {

























core/java/android/app/admin/DelegatedAdminReceiver.java



+4
−0




























Original line number
Diff line number
Diff line








@@ -63,6 +63,10 @@ public class DelegatedAdminReceiver extends BroadcastReceiver {













     * Allows this receiver to select the alias for a private key and certificate pair for















     * authentication.  If this method returns null, the default {@link android.app.Activity} will















     * be shown that lets the user pick a private key and certificate pair.













     * If this method returns {@link KeyChain#KEY_ALIAS_SELECTION_DENIED},













     * the default {@link android.app.Activity} will not be shown and the user will not be allowed













     * to pick anything. And the app, that called {@link KeyChain#choosePrivateKeyAlias}, will













     * receive {@code null} back.















     *















     * <p> This callback is only applicable if the delegated app has















     * {@link DevicePolicyManager#DELEGATION_CERT_SELECTION} capability. Additionally, it must

































core/java/android/app/admin/DeviceAdminReceiver.java



+4
−0




























Original line number
Diff line number
Diff line








@@ -791,6 +791,10 @@ public class DeviceAdminReceiver extends BroadcastReceiver {













     * Allows this receiver to select the alias for a private key and certificate pair for















     * authentication. If this method returns null, the default {@link android.app.Activity} will be















     * shown that lets the user pick a private key and certificate pair.













     * If this method returns {@link KeyChain#KEY_ALIAS_SELECTION_DENIED},













     * the default {@link android.app.Activity} will not be shown and the user will not be allowed













     * to pick anything. And the app, that called {@link KeyChain#choosePrivateKeyAlias}, will













     * receive {@code null} back.















     *















     * @param context The running context as per {@link #onReceive}.















     * @param intent The received intent as per {@link #onReceive}.

































core/proto/android/app/settings_enums.proto



+5
−0




























Original line number
Diff line number
Diff line








@@ -2422,6 +2422,11 @@ enum PageId {













    // OS: Q















    SETTINGS_GESTURE_TAP = 1751;





























    // OPEN: Settings > Security & screen lock -> Encryption & credentials > Install a certificate













    // CATEGORY: SETTINGS













    // OS: R













    INSTALL_CERTIFICATE_FROM_STORAGE = 1803;





























    // OPEN: Settings > Developer Options > Platform Compat















    // CATEGORY: SETTINGS















    // OS: R

































keystore/java/android/security/Credentials.java



+15
−11




























Original line number
Diff line number
Diff line








@@ -74,6 +74,15 @@ public class Credentials {













    /** Key containing suffix of lockdown VPN profile. */















    public static final String LOCKDOWN_VPN = "LOCKDOWN_VPN";





























    /** Name of CA certificate usage. */













    public static final String CERTIFICATE_USAGE_CA = "ca";



























    /** Name of User certificate usage. */













    public static final String CERTIFICATE_USAGE_USER = "user";



























    /** Name of WIFI certificate usage. */













    public static final String CERTIFICATE_USAGE_WIFI = "wifi";





























    /** Data type for public keys. */















    public static final String EXTRA_PUBLIC_KEY = "KEY";

























@@ -94,30 +103,25 @@ public class Credentials {













    public static final String EXTRA_INSTALL_AS_UID = "install_as_uid";































    /**













     * Intent extra: name for the user's private key.













     * Intent extra: type of the certificate to install















     */













    public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name";













    public static final String EXTRA_CERTIFICATE_USAGE = "certificate_install_usage";































    /**













     * Intent extra: data for the user's private key in PEM-encoded PKCS#8.













     * Intent extra: name for the user's key pair.















     */













    public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data";













    public static final String EXTRA_USER_KEY_ALIAS = "user_key_pair_name";































    /**













     * Intent extra: name for the user's certificate.













     * Intent extra: data for the user's private key in PEM-encoded PKCS#8.















     */













    public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name";













    public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data";































    /**















     * Intent extra: data for the user's certificate in PEM-encoded X.509.















     */















    public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data";





























    /**













     * Intent extra: name for CA certificate chain













     */













    public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name";





























    /**















     * Intent extra: data for CA certificate chain in PEM-encoded X.509.















     */