Cleanup Keystore API (d8aacca3) · Commits · e / os / android_frameworks_base

core/java/android/security/IKeystoreService.aidl

+4 −8

Original line number	Diff line number	Diff line
		@@ -30,33 +30,29 @@ import android.security.KeystoreArguments;
		* @hide
		*/
		interface IKeystoreService {
		int test();
		int getState(int userId);
		byte[] get(String name);
		int insert(String name, in byte[] item, int uid, int flags);
		int del(String name, int uid);
		int exist(String name, int uid);
		String[] saw(String namePrefix, int uid);
		String[] list(String namePrefix, int uid);
		int reset();
		int onUserPasswordChanged(int userId, String newPassword);
		int lock();
		int lock(int userId);
		int unlock(int userId, String userPassword);
		int zero();
		int isEmpty(int userId);
		int generate(String name, int uid, int keyType, int keySize, int flags,
		in KeystoreArguments args);
		int import_key(String name, in byte[] data, int uid, int flags);
		byte[] sign(String name, in byte[] data);
		int verify(String name, in byte[] data, in byte[] signature);
		byte[] get_pubkey(String name);
		int del_key(String name, int uid);
		int grant(String name, int granteeUid);
		int ungrant(String name, int granteeUid);
		long getmtime(String name);
		int duplicate(String srcKey, int srcUid, String destKey, int destUid);
		int is_hardware_backed(String string);
		int clear_uid(long uid);
		int reset_uid(int uid);
		int sync_uid(int sourceUid, int targetUid);
		int password_uid(String password, int uid);

		// Keymaster 0.4 methods
		int addRngEntropy(in byte[] data);

keystore/java/android/security/KeyStore.java

+41 −44

Original line number	Diff line number	Diff line
		@@ -106,10 +106,10 @@ public class KeyStore {
		}
		}

		public State state() {
		public State state(int userId) {
		final int ret;
		try {
		ret = mBinder.test();
		ret = mBinder.getState(userId);
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		throw new AssertionError(e);
		@@ -123,6 +123,10 @@ public class KeyStore {
		}
		}

		public State state() {
		return state(UserHandle.myUserId());
		}

		public boolean isUnlocked() {
		return state() == State.UNLOCKED;
		}
		@@ -171,15 +175,26 @@ public class KeyStore {
		return contains(key, UID_SELF);
		}

		public String[] saw(String prefix, int uid) {
		/**
		* List all entries in the keystore for {@code uid} starting with {@code prefix}.
		*/
		public String[] list(String prefix, int uid) {
		try {
		return mBinder.saw(prefix, uid);
		return mBinder.list(prefix, uid);
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return null;
		}
		}

		public String[] list(String prefix) {
		return list(prefix, UID_SELF);
		}

		public String[] saw(String prefix, int uid) {
		return list(prefix, uid);
		}

		public String[] saw(String prefix) {
		return saw(prefix, UID_SELF);
		}
		@@ -193,15 +208,25 @@ public class KeyStore {
		}
		}

		public boolean lock() {
		/**
		* Attempt to lock the keystore for {@code user}.
		*
		* @param user Android user to lock.
		* @return whether {@code user}'s keystore was locked.
		*/
		public boolean lock(int userId) {
		try {
		return mBinder.lock() == NO_ERROR;
		return mBinder.lock(userId) == NO_ERROR;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return false;
		}
		}

		public boolean lock() {
		return lock(UserHandle.myUserId());
		}

		/**
		* Attempt to unlock the keystore for {@code user} with the password {@code password}.
		* This is required before keystore entries created with FLAG_ENCRYPTED can be accessed or
		@@ -227,15 +252,22 @@ public class KeyStore {
		return unlock(UserHandle.getUserId(Process.myUid()), password);
		}

		public boolean isEmpty() {
		/**
		* Check if the keystore for {@code userId} is empty.
		*/
		public boolean isEmpty(int userId) {
		try {
		return mBinder.zero() == KEY_NOT_FOUND;
		return mBinder.isEmpty(userId) != 0;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return false;
		}
		}

		public boolean isEmpty() {
		return isEmpty(UserHandle.myUserId());
		}

		public boolean generate(String key, int uid, int keyType, int keySize, int flags,
		byte[][] args) {
		try {
		@@ -266,12 +298,7 @@ public class KeyStore {
		}

		public boolean delKey(String key, int uid) {
		try {
		return mBinder.del_key(key, uid) == NO_ERROR;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return false;
		}
		return delete(key, uid);
		}

		public boolean delKey(String key) {
		@@ -364,36 +391,6 @@ public class KeyStore {
		}
		}

		public boolean resetUid(int uid) {
		try {
		mError = mBinder.reset_uid(uid);
		return mError == NO_ERROR;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return false;
		}
		}

		public boolean syncUid(int sourceUid, int targetUid) {
		try {
		mError = mBinder.sync_uid(sourceUid, targetUid);
		return mError == NO_ERROR;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return false;
		}
		}

		public boolean passwordUid(String password, int uid) {
		try {
		mError = mBinder.password_uid(password, uid);
		return mError == NO_ERROR;
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);
		return false;
		}
		}

		public int getLastError() {
		return mError;
		}