diff options
4 files changed, 24 insertions, 9 deletions
diff --git a/api/system-current.txt b/api/system-current.txt index af783caf7c12..41d57bc5c22e 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -4327,11 +4327,14 @@ package android.security.keystore.recovery { method public deprecated java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public java.util.List<java.lang.String> getAliases() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public static android.security.keystore.recovery.RecoveryController getInstance(android.content.Context); + method public java.security.Key getKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException, java.security.UnrecoverableKeyException; + method public android.security.keystore.recovery.KeyChainSnapshot getKeyChainSnapshot() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public int[] getPendingRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public deprecated android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public int[] getRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public deprecated int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public int getRecoveryStatus(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; + method public java.security.Key importKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; method public deprecated void initRecoveryService(java.lang.String, byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; method public void initRecoveryService(java.lang.String, byte[], byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; method public void recoverySecretAvailable(android.security.keystore.recovery.KeyChainProtectionParams) throws android.security.keystore.recovery.InternalRecoveryServiceException; diff --git a/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java index aa09f10de070..3d3b6d565577 100644 --- a/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java +++ b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java @@ -215,8 +215,8 @@ public final class KeyChainProtectionParams implements Parcelable { /** * Creates a new {@link KeyChainProtectionParams} instance. - * The instance will include default values, if {@link setSecret} - * or {@link setUserSecretType} were not called. + * The instance will include default values, if {@link #setSecret} + * or {@link #setUserSecretType} were not called. * * @return new instance * @throws NullPointerException if some required fields were not set. diff --git a/core/java/android/security/keystore/recovery/KeyDerivationParams.java b/core/java/android/security/keystore/recovery/KeyDerivationParams.java index fc909a0aac9e..ef5e90c89944 100644 --- a/core/java/android/security/keystore/recovery/KeyDerivationParams.java +++ b/core/java/android/security/keystore/recovery/KeyDerivationParams.java @@ -30,7 +30,7 @@ import java.lang.annotation.RetentionPolicy; /** * Collection of parameters which define a key derivation function. - * Currently only supports salted SHA-256 + * Currently only supports salted SHA-256. * * @hide */ diff --git a/core/java/android/security/keystore/recovery/RecoveryController.java b/core/java/android/security/keystore/recovery/RecoveryController.java index 48813757aaa8..7523afdf8041 100644 --- a/core/java/android/security/keystore/recovery/RecoveryController.java +++ b/core/java/android/security/keystore/recovery/RecoveryController.java @@ -33,6 +33,7 @@ import com.android.internal.widget.ILockSettings; import java.security.Key; import java.security.UnrecoverableKeyException; +import java.security.cert.CertPath; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; @@ -156,6 +157,7 @@ public class RecoveryController { /** * Gets a new instance of the class. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public static RecoveryController getInstance(Context context) { ILockSettings lockSettings = ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings")); @@ -245,8 +247,6 @@ public class RecoveryController { * @return Data necessary to recover keystore or {@code null} if snapshot is not available. * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. - * - * @hide */ @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public @Nullable KeyChainSnapshot getKeyChainSnapshot() @@ -288,7 +288,7 @@ public class RecoveryController { /** * Server parameters used to generate new recovery key blobs. This value will be included in * {@code KeyChainSnapshot.getEncryptedRecoveryKeyBlob()}. The same value must be included - * in vaultParams {@link #startRecoverySession} + * in vaultParams {@link RecoverySession#start(CertPath, byte[], byte[], List)}. * * @param serverParams included in recovery key blob. * @see #getRecoveryData @@ -310,6 +310,7 @@ public class RecoveryController { * @deprecated Use {@link #getAliases()}. */ @Deprecated + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public List<String> getAliases(@Nullable String packageName) throws InternalRecoveryServiceException { return getAliases(); @@ -318,6 +319,7 @@ public class RecoveryController { /** * Returns a list of aliases of keys belonging to the application. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public List<String> getAliases() throws InternalRecoveryServiceException { try { Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(); @@ -367,6 +369,7 @@ public class RecoveryController { * @deprecated Use {@link #getRecoveryStatus(String)}. */ @Deprecated + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public int getRecoveryStatus(String packageName, String alias) throws InternalRecoveryServiceException { return getRecoveryStatus(alias); @@ -385,6 +388,7 @@ public class RecoveryController { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public int getRecoveryStatus(String alias) throws InternalRecoveryServiceException { try { Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(); @@ -410,6 +414,7 @@ public class RecoveryController { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public void setRecoverySecretTypes( @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) throws InternalRecoveryServiceException { @@ -431,6 +436,7 @@ public class RecoveryController { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public @NonNull @KeyChainProtectionParams.UserSecretType int[] getRecoverySecretTypes() throws InternalRecoveryServiceException { try { @@ -452,6 +458,7 @@ public class RecoveryController { * service. */ @NonNull + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public @KeyChainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes() throws InternalRecoveryServiceException { try { @@ -474,6 +481,7 @@ public class RecoveryController { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public void recoverySecretAvailable(@NonNull KeyChainProtectionParams recoverySecret) throws InternalRecoveryServiceException { try { @@ -498,6 +506,7 @@ public class RecoveryController { * to generate recoverable keys, as the snapshots are encrypted using a key derived from the * lock screen. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException { try { @@ -512,11 +521,11 @@ public class RecoveryController { } } - // TODO: Unhide the following APIs, generateKey(), importKey(), and getKey() /** * @deprecated Use {@link #generateKey(String)}. */ @Deprecated + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public Key generateKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException { return generateKey(alias); @@ -530,6 +539,7 @@ public class RecoveryController { * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock * screen is required to generate recoverable keys. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException, LockScreenRequiredException { try { @@ -562,8 +572,8 @@ public class RecoveryController { * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock * screen is required to generate recoverable keys. * - * @hide */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public Key importKey(@NonNull String alias, byte[] keyBytes) throws InternalRecoveryServiceException, LockScreenRequiredException { try { @@ -595,8 +605,8 @@ public class RecoveryController { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. * @throws UnrecoverableKeyException if key is permanently invalidated or not found. - * @hide */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public @Nullable Key getKey(@NonNull String alias) throws InternalRecoveryServiceException, UnrecoverableKeyException { try { @@ -622,6 +632,7 @@ public class RecoveryController { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public void removeKey(@NonNull String alias) throws InternalRecoveryServiceException { try { mBinder.removeKey(alias); @@ -637,6 +648,7 @@ public class RecoveryController { * * <p>A recovery session is required to restore keys from a remote store. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public RecoverySession createRecoverySession() { return RecoverySession.newInstance(this); } |