diff options
4 files changed, 18 insertions, 77 deletions
diff --git a/core/java/android/security/keystore/RecoveryController.java b/core/java/android/security/keystore/RecoveryController.java index 145261e3b71d..d50424db4e56 100644 --- a/core/java/android/security/keystore/RecoveryController.java +++ b/core/java/android/security/keystore/RecoveryController.java @@ -195,17 +195,7 @@ public class RecoveryController { */ public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions() throws InternalRecoveryServiceException { - try { - // IPC doesn't support generic Maps. - @SuppressWarnings("unchecked") - Map<byte[], Integer> result = - (Map<byte[], Integer>) mBinder.getRecoverySnapshotVersions(); - return result; - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } catch (ServiceSpecificException e) { - throw wrapUnexpectedServiceSpecificException(e); - } + throw new UnsupportedOperationException(); } /** @@ -337,13 +327,7 @@ public class RecoveryController { @NonNull public @KeychainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes() throws InternalRecoveryServiceException { - try { - return mBinder.getPendingRecoverySecretTypes(); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } catch (ServiceSpecificException e) { - throw wrapUnexpectedServiceSpecificException(e); - } + throw new UnsupportedOperationException(); } /** diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl index bff34ca23956..59b14f18eb07 100644 --- a/core/java/com/android/internal/widget/ILockSettings.aidl +++ b/core/java/com/android/internal/widget/ILockSettings.aidl @@ -67,13 +67,11 @@ interface ILockSettings { String getKey(String alias); void removeKey(String alias); void setSnapshotCreatedPendingIntent(in PendingIntent intent); - Map getRecoverySnapshotVersions(); void setServerParams(in byte[] serverParams); void setRecoveryStatus(in String alias, int status); Map getRecoveryStatus(); void setRecoverySecretTypes(in int[] secretTypes); int[] getRecoverySecretTypes(); - int[] getPendingRecoverySecretTypes(); byte[] startRecoverySession(in String sessionId, in byte[] verifierPublicKey, in byte[] vaultParams, in byte[] vaultChallenge, in List<KeyChainProtectionParams> secrets); diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index b5eb8bf3e2a7..7c56f4d20864 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -1990,19 +1990,16 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public KeyChainSnapshot getKeyChainSnapshot() throws RemoteException { + public @NonNull KeyChainSnapshot getKeyChainSnapshot() throws RemoteException { return mRecoverableKeyStoreManager.getKeyChainSnapshot(); } + @Override public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent) throws RemoteException { mRecoverableKeyStoreManager.setSnapshotCreatedPendingIntent(intent); } - public Map getRecoverySnapshotVersions() throws RemoteException { - return mRecoverableKeyStoreManager.getRecoverySnapshotVersions(); - } - @Override public void setServerParams(byte[] serverParams) throws RemoteException { mRecoverableKeyStoreManager.setServerParams(serverParams); @@ -2013,7 +2010,8 @@ public class LockSettingsService extends ILockSettings.Stub { mRecoverableKeyStoreManager.setRecoveryStatus(alias, status); } - public Map getRecoveryStatus() throws RemoteException { + @Override + public @NonNull Map getRecoveryStatus() throws RemoteException { return mRecoverableKeyStoreManager.getRecoveryStatus(); } @@ -2024,17 +2022,12 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public int[] getRecoverySecretTypes() throws RemoteException { + public @NonNull int[] getRecoverySecretTypes() throws RemoteException { return mRecoverableKeyStoreManager.getRecoverySecretTypes(); } @Override - public int[] getPendingRecoverySecretTypes() throws RemoteException { - throw new SecurityException("Not implemented"); - } - - @Override public byte[] startRecoverySession(@NonNull String sessionId, @NonNull byte[] verifierPublicKey, @NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) @@ -2044,7 +2037,7 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public byte[] startRecoverySessionWithCertPath(@NonNull String sessionId, + public @NonNull byte[] startRecoverySessionWithCertPath(@NonNull String sessionId, @NonNull String rootCertificateAlias, @NonNull RecoveryCertPath verifierCertPath, @NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) @@ -2054,6 +2047,7 @@ public class LockSettingsService extends ILockSettings.Stub { secrets); } + @Override public void closeSession(@NonNull String sessionId) throws RemoteException { mRecoverableKeyStoreManager.closeSession(sessionId); } @@ -2068,7 +2062,7 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public Map<String, byte[]> recoverKeys(@NonNull String sessionId, + public @NonNull Map<String, byte[]> recoverKeys(@NonNull String sessionId, @NonNull byte[] recoveryKeyBlob, @NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException { return mRecoverableKeyStoreManager.recoverKeys(sessionId, recoveryKeyBlob, applicationKeys); @@ -2085,17 +2079,17 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public String generateKey(@NonNull String alias) throws RemoteException { + public @Nullable String generateKey(@NonNull String alias) throws RemoteException { return mRecoverableKeyStoreManager.generateKey(alias); } @Override - public String importKey(@NonNull String alias, byte[] keyBytes) throws RemoteException { + public @Nullable String importKey(@NonNull String alias, byte[] keyBytes) throws RemoteException { return mRecoverableKeyStoreManager.importKey(alias, keyBytes); } @Override - public String getKey(@NonNull String alias) throws RemoteException { + public @Nullable String getKey(@NonNull String alias) throws RemoteException { return mRecoverableKeyStoreManager.getKey(alias); } diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java index d9c97aef4455..44c589250a1e 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java @@ -317,18 +317,6 @@ public class RecoverableKeyStoreManager { mListenersStorage.setSnapshotListener(uid, intent); } - /** - * Gets recovery snapshot versions for all accounts. Note that snapshot may have 0 application - * keys, but it still needs to be synced, if previous versions were not empty. - * - * @return Map from Recovery agent account to snapshot version. - */ - public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions() - throws RemoteException { - checkRecoverKeyStorePermission(); - throw new UnsupportedOperationException(); - } - public void setServerParams(@NonNull byte[] serverParams) throws RemoteException { checkRecoverKeyStorePermission(); int userId = UserHandle.getCallingUserId(); @@ -392,29 +380,6 @@ public class RecoverableKeyStoreManager { } /** - * Gets secret types RecoveryManagers is waiting for to create new Recovery Data. - * - * @return secret types - * @hide - */ - public @NonNull int[] getPendingRecoverySecretTypes() throws RemoteException { - checkRecoverKeyStorePermission(); - throw new UnsupportedOperationException(); - } - - public void recoverySecretAvailable( - @NonNull KeyChainProtectionParams recoverySecret) throws RemoteException { - int uid = Binder.getCallingUid(); - if (recoverySecret.getLockScreenUiFormat() == KeyChainProtectionParams.TYPE_LOCKSCREEN) { - throw new SecurityException( - "Caller " + uid + " is not allowed to set lock screen secret"); - } - checkRecoverKeyStorePermission(); - // TODO: add hook from LockSettingsService to set lock screen secret. - throw new UnsupportedOperationException(); - } - - /** * Initializes recovery session given the X509-encoded public key of the recovery service. * * @param sessionId A unique ID to identify the recovery session. @@ -549,7 +514,7 @@ public class RecoverableKeyStoreManager { * @return Map from alias to raw key material. * @throws RemoteException if an error occurred recovering the keys. */ - public Map<String, byte[]> recoverKeys( + public @NonNull Map<String, byte[]> recoverKeys( @NonNull String sessionId, @NonNull byte[] encryptedRecoveryKey, @NonNull List<WrappedApplicationKey> applicationKeys) @@ -643,7 +608,7 @@ public class RecoverableKeyStoreManager { * @param alias The alias of the key. * @return The alias in the calling process's keystore. */ - private String getAlias(int userId, int uid, String alias) { + private @Nullable String getAlias(int userId, int uid, String alias) { return mApplicationKeyStorage.getGrantAlias(userId, uid, alias); } @@ -748,7 +713,7 @@ public class RecoverableKeyStoreManager { * * @hide */ - public String importKey(@NonNull String alias, @NonNull byte[] keyBytes) + public @Nullable String importKey(@NonNull String alias, @NonNull byte[] keyBytes) throws RemoteException { checkRecoverKeyStorePermission(); Preconditions.checkNotNull(alias, "alias is null"); @@ -795,7 +760,7 @@ public class RecoverableKeyStoreManager { * * @return grant alias, which caller can use to access the key. */ - public String getKey(@NonNull String alias) throws RemoteException { + public @Nullable String getKey(@NonNull String alias) throws RemoteException { checkRecoverKeyStorePermission(); Preconditions.checkNotNull(alias, "alias is null"); int uid = Binder.getCallingUid(); @@ -847,7 +812,7 @@ public class RecoverableKeyStoreManager { * @return Map from alias to raw key material. * @throws RemoteException if an error occurred decrypting the keys. */ - private Map<String, byte[]> recoverApplicationKeys( + private @NonNull Map<String, byte[]> recoverApplicationKeys( @NonNull byte[] recoveryKey, @NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException { HashMap<String, byte[]> keyMaterialByAlias = new HashMap<>(); |