Add the onDeviceOffBody API method to KeyStore

This is necessary for allowing the KeyStore to lock keys that remain
authorized as long as the device is on-body.

Bug 28911985

Change-Id: If50bc84d5a1cb23f9b01b1950c3676d1519cc4f5

2 files changed, 11 insertions, 0 deletions

diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl
index 8689dce3fef5..641e1ada6eaa 100644
--- a/core/java/android/security/IKeystoreService.aidl
+++ b/core/java/android/security/IKeystoreService.aidl
@@ -76,4 +76,5 @@ interface IKeystoreService {
     int onUserAdded(int userId, int parentId);
     int onUserRemoved(int userId);
     int attestKey(String alias, in KeymasterArguments params, out KeymasterCertificateChain chain);
+    int onDeviceOffBody();
 }
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 70e4b6ff2e59..00d786a93626 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -626,6 +626,16 @@ public class KeyStore {
         }
     }
 
+    /**
+     * Notify keystore that the device went off-body.
+     */
+    public void onDeviceOffBody() {
+        try {
+            mBinder.onDeviceOffBody();
+        } catch (RemoteException e) {
+            Log.w(TAG, "Cannot connect to keystore", e);
+        }
+    }
 
     /**
      * Returns a {@link KeyStoreException} corresponding to the provided keystore/keymaster error