diff options
| -rw-r--r-- | core/java/android/security/IKeystoreService.aidl | 12 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyStore.java | 85 |
2 files changed, 45 insertions, 52 deletions
diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl index b0779c0b8ff7..30ea8e7e81d3 100644 --- a/core/java/android/security/IKeystoreService.aidl +++ b/core/java/android/security/IKeystoreService.aidl @@ -30,33 +30,29 @@ import android.security.KeystoreArguments; * @hide */ interface IKeystoreService { - int test(); + int getState(int userId); byte[] get(String name); int insert(String name, in byte[] item, int uid, int flags); int del(String name, int uid); int exist(String name, int uid); - String[] saw(String namePrefix, int uid); + String[] list(String namePrefix, int uid); int reset(); int onUserPasswordChanged(int userId, String newPassword); - int lock(); + int lock(int userId); int unlock(int userId, String userPassword); - int zero(); + int isEmpty(int userId); int generate(String name, int uid, int keyType, int keySize, int flags, in KeystoreArguments args); int import_key(String name, in byte[] data, int uid, int flags); byte[] sign(String name, in byte[] data); int verify(String name, in byte[] data, in byte[] signature); byte[] get_pubkey(String name); - int del_key(String name, int uid); int grant(String name, int granteeUid); int ungrant(String name, int granteeUid); long getmtime(String name); int duplicate(String srcKey, int srcUid, String destKey, int destUid); int is_hardware_backed(String string); int clear_uid(long uid); - int reset_uid(int uid); - int sync_uid(int sourceUid, int targetUid); - int password_uid(String password, int uid); // Keymaster 0.4 methods int addRngEntropy(in byte[] data); diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 513212bcdcfd..2558929632e3 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -106,10 +106,10 @@ public class KeyStore { } } - public State state() { + public State state(int userId) { final int ret; try { - ret = mBinder.test(); + ret = mBinder.getState(userId); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); throw new AssertionError(e); @@ -123,6 +123,10 @@ public class KeyStore { } } + public State state() { + return state(UserHandle.myUserId()); + } + public boolean isUnlocked() { return state() == State.UNLOCKED; } @@ -171,15 +175,26 @@ public class KeyStore { return contains(key, UID_SELF); } - public String[] saw(String prefix, int uid) { + /** + * List all entries in the keystore for {@code uid} starting with {@code prefix}. + */ + public String[] list(String prefix, int uid) { try { - return mBinder.saw(prefix, uid); + return mBinder.list(prefix, uid); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; } } + public String[] list(String prefix) { + return list(prefix, UID_SELF); + } + + public String[] saw(String prefix, int uid) { + return list(prefix, uid); + } + public String[] saw(String prefix) { return saw(prefix, UID_SELF); } @@ -193,15 +208,25 @@ public class KeyStore { } } - public boolean lock() { + /** + * Attempt to lock the keystore for {@code user}. + * + * @param user Android user to lock. + * @return whether {@code user}'s keystore was locked. + */ + public boolean lock(int userId) { try { - return mBinder.lock() == NO_ERROR; + return mBinder.lock(userId) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; } } + public boolean lock() { + return lock(UserHandle.myUserId()); + } + /** * Attempt to unlock the keystore for {@code user} with the password {@code password}. * This is required before keystore entries created with FLAG_ENCRYPTED can be accessed or @@ -227,15 +252,22 @@ public class KeyStore { return unlock(UserHandle.getUserId(Process.myUid()), password); } - public boolean isEmpty() { + /** + * Check if the keystore for {@code userId} is empty. + */ + public boolean isEmpty(int userId) { try { - return mBinder.zero() == KEY_NOT_FOUND; + return mBinder.isEmpty(userId) != 0; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; } } + public boolean isEmpty() { + return isEmpty(UserHandle.myUserId()); + } + public boolean generate(String key, int uid, int keyType, int keySize, int flags, byte[][] args) { try { @@ -266,12 +298,7 @@ public class KeyStore { } public boolean delKey(String key, int uid) { - try { - return mBinder.del_key(key, uid) == NO_ERROR; - } catch (RemoteException e) { - Log.w(TAG, "Cannot connect to keystore", e); - return false; - } + return delete(key, uid); } public boolean delKey(String key) { @@ -364,36 +391,6 @@ public class KeyStore { } } - public boolean resetUid(int uid) { - try { - mError = mBinder.reset_uid(uid); - return mError == NO_ERROR; - } catch (RemoteException e) { - Log.w(TAG, "Cannot connect to keystore", e); - return false; - } - } - - public boolean syncUid(int sourceUid, int targetUid) { - try { - mError = mBinder.sync_uid(sourceUid, targetUid); - return mError == NO_ERROR; - } catch (RemoteException e) { - Log.w(TAG, "Cannot connect to keystore", e); - return false; - } - } - - public boolean passwordUid(String password, int uid) { - try { - mError = mBinder.password_uid(password, uid); - return mError == NO_ERROR; - } catch (RemoteException e) { - Log.w(TAG, "Cannot connect to keystore", e); - return false; - } - } - public int getLastError() { return mError; } |