Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c1742e51 authored by Aseem Kumar's avatar Aseem Kumar
Browse files

Unhide getKey() and importKey() and the whole class of RecoveryController. 

Added @RequiresPermission(android.permission.RECOVER_KEYSTORE) on all
public APIs of RecoveryController.

Bug: 73900159
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner

Change-Id: I1047c038603869307d7a2462a2e5635fcd1c94c2
parent f836c894

api/system-current.txt

+3 −0
Original line number Diff line number Diff line
@@ -4327,11 +4327,14 @@ package android.security.keystore.recovery { 
    method public deprecated java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public java.util.List<java.lang.String> getAliases() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public static android.security.keystore.recovery.RecoveryController getInstance(android.content.Context);

    method public java.security.Key getKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException, java.security.UnrecoverableKeyException;

    method public android.security.keystore.recovery.KeyChainSnapshot getKeyChainSnapshot() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public int[] getPendingRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public deprecated android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public int[] getRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public deprecated int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public int getRecoveryStatus(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;

    method public java.security.Key importKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;

    method public deprecated void initRecoveryService(java.lang.String, byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException;

    method public void initRecoveryService(java.lang.String, byte[], byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException;

    method public void recoverySecretAvailable(android.security.keystore.recovery.KeyChainProtectionParams) throws android.security.keystore.recovery.InternalRecoveryServiceException;

core/java/android/security/keystore/recovery/KeyChainProtectionParams.java

+2 −2
Original line number Diff line number Diff line
@@ -215,8 +215,8 @@ public final class KeyChainProtectionParams implements Parcelable { 


        /**

         * Creates a new {@link KeyChainProtectionParams} instance.

         * The instance will include default values, if {@link setSecret}

         * or {@link setUserSecretType} were not called.

         * The instance will include default values, if {@link #setSecret}

         * or {@link #setUserSecretType} were not called.

         *

         * @return new instance

         * @throws NullPointerException if some required fields were not set.

core/java/android/security/keystore/recovery/KeyDerivationParams.java

+1 −1
Original line number Diff line number Diff line
@@ -30,7 +30,7 @@ import java.lang.annotation.RetentionPolicy; 


/**

 * Collection of parameters which define a key derivation function.

 * Currently only supports salted SHA-256

 * Currently only supports salted SHA-256.

 *

 * @hide

 */

core/java/android/security/keystore/recovery/RecoveryController.java

+18 −6
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ import com.android.internal.widget.ILockSettings; 


import java.security.Key;

import java.security.UnrecoverableKeyException;

import java.security.cert.CertPath;

import java.security.cert.CertificateException;

import java.util.ArrayList;

import java.util.List;
@@ -156,6 +157,7 @@ public class RecoveryController { 
    /**

     * Gets a new instance of the class.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public static RecoveryController getInstance(Context context) {

        ILockSettings lockSettings =

                ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings"));
@@ -245,8 +247,6 @@ public class RecoveryController { 
     * @return Data necessary to recover keystore or {@code null} if snapshot is not available.

     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     *

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public @Nullable KeyChainSnapshot getKeyChainSnapshot()
@@ -288,7 +288,7 @@ public class RecoveryController { 
    /**

     * Server parameters used to generate new recovery key blobs. This value will be included in

     * {@code KeyChainSnapshot.getEncryptedRecoveryKeyBlob()}. The same value must be included

     * in vaultParams {@link #startRecoverySession}

     * in vaultParams {@link RecoverySession#start(CertPath, byte[], byte[], List)}.

     *

     * @param serverParams included in recovery key blob.

     * @see #getRecoveryData
@@ -310,6 +310,7 @@ public class RecoveryController { 
     * @deprecated Use {@link #getAliases()}.

     */

    @Deprecated

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public List<String> getAliases(@Nullable String packageName)

            throws InternalRecoveryServiceException {

        return getAliases();
@@ -318,6 +319,7 @@ public class RecoveryController { 
    /**

     * Returns a list of aliases of keys belonging to the application.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public List<String> getAliases() throws InternalRecoveryServiceException {

        try {

            Map<String, Integer> allStatuses = mBinder.getRecoveryStatus();
@@ -367,6 +369,7 @@ public class RecoveryController { 
     * @deprecated Use {@link #getRecoveryStatus(String)}.

     */

    @Deprecated

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public int getRecoveryStatus(String packageName, String alias)

            throws InternalRecoveryServiceException {

        return getRecoveryStatus(alias);
@@ -385,6 +388,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public int getRecoveryStatus(String alias) throws InternalRecoveryServiceException {

        try {

            Map<String, Integer> allStatuses = mBinder.getRecoveryStatus();
@@ -410,6 +414,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public void setRecoverySecretTypes(

            @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes)

            throws InternalRecoveryServiceException {
@@ -431,6 +436,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public @NonNull @KeyChainProtectionParams.UserSecretType int[] getRecoverySecretTypes()

            throws InternalRecoveryServiceException {

        try {
@@ -452,6 +458,7 @@ public class RecoveryController { 
     *     service.

     */

    @NonNull

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public @KeyChainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes()

            throws InternalRecoveryServiceException {

        try {
@@ -474,6 +481,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public void recoverySecretAvailable(@NonNull KeyChainProtectionParams recoverySecret)

            throws InternalRecoveryServiceException {

        try {
@@ -498,6 +506,7 @@ public class RecoveryController { 
     *     to generate recoverable keys, as the snapshots are encrypted using a key derived from the

     *     lock screen.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public byte[] generateAndStoreKey(@NonNull String alias, byte[] account)

            throws InternalRecoveryServiceException, LockScreenRequiredException {

        try {
@@ -512,11 +521,11 @@ public class RecoveryController { 
        }

    }



    // TODO: Unhide the following APIs, generateKey(), importKey(), and getKey()

    /**

     * @deprecated Use {@link #generateKey(String)}.

     */

    @Deprecated

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public Key generateKey(@NonNull String alias, byte[] account)

            throws InternalRecoveryServiceException, LockScreenRequiredException {

        return generateKey(alias);
@@ -530,6 +539,7 @@ public class RecoveryController { 
     * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock

     *     screen is required to generate recoverable keys.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException,

            LockScreenRequiredException {

        try {
@@ -562,8 +572,8 @@ public class RecoveryController { 
     * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock

     *     screen is required to generate recoverable keys.

     *

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public Key importKey(@NonNull String alias, byte[] keyBytes)

            throws InternalRecoveryServiceException, LockScreenRequiredException {

        try {
@@ -595,8 +605,8 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     * @throws UnrecoverableKeyException if key is permanently invalidated or not found.

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public @Nullable Key getKey(@NonNull String alias)

            throws InternalRecoveryServiceException, UnrecoverableKeyException {

        try {
@@ -622,6 +632,7 @@ public class RecoveryController { 
     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery

     *     service.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public void removeKey(@NonNull String alias) throws InternalRecoveryServiceException {

        try {

            mBinder.removeKey(alias);
@@ -637,6 +648,7 @@ public class RecoveryController { 
     *

     * <p>A recovery session is required to restore keys from a remote store.

     */

    @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

    public RecoverySession createRecoverySession() {

        return RecoverySession.newInstance(this);

    }