diff options
| -rw-r--r-- | api/current.txt | 4 | ||||
| -rw-r--r-- | core/java/android/app/admin/DevicePolicyManager.java | 43 |
2 files changed, 36 insertions, 11 deletions
diff --git a/api/current.txt b/api/current.txt index 406ebac6c5eb..83069008800c 100644 --- a/api/current.txt +++ b/api/current.txt @@ -6501,7 +6501,7 @@ package android.app.admin { method public boolean installExistingPackage(android.content.ComponentName, java.lang.String); method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate, java.lang.String); method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate[], java.lang.String, boolean); - method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate[], java.lang.String, boolean, boolean); + method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate[], java.lang.String, int); method public boolean isActivePasswordSufficient(); method public boolean isAdminActive(android.content.ComponentName); method public boolean isAffiliatedUser(); @@ -6685,6 +6685,8 @@ package android.app.admin { field public static final int ID_TYPE_IMEI = 4; // 0x4 field public static final int ID_TYPE_MEID = 8; // 0x8 field public static final int ID_TYPE_SERIAL = 2; // 0x2 + field public static final int INSTALLKEY_REQUEST_CREDENTIALS_ACCESS = 1; // 0x1 + field public static final int INSTALLKEY_SET_USER_SELECTABLE = 2; // 0x2 field public static final int KEYGUARD_DISABLE_BIOMETRICS = 416; // 0x1a0 field public static final int KEYGUARD_DISABLE_FACE = 128; // 0x80 field public static final int KEYGUARD_DISABLE_FEATURES_ALL = 2147483647; // 0x7fffffff diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 106b42fba40d..9b4036fc8d0a 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -124,6 +124,7 @@ import java.util.concurrent.Executor; @SystemService(Context.DEVICE_POLICY_SERVICE) @RequiresFeature(PackageManager.FEATURE_DEVICE_ADMIN) public class DevicePolicyManager { + private static String TAG = "DevicePolicyManager"; private final Context mContext; @@ -1751,6 +1752,25 @@ public class DevicePolicyManager { public static final int ID_TYPE_MEID = 8; /** + * Specifies that the calling app should be granted access to the installed credentials + * immediately. Otherwise, access to the credentials will be gated by user approval. + * For use with {@link #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)} + * + * @see #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int) + */ + public static final int INSTALLKEY_REQUEST_CREDENTIALS_ACCESS = 1; + + /** + * Specifies that a user can select the key via the Certificate Selection prompt. + * If this flag is not set when calling {@link #installKeyPair}, the key can only be granted + * access by implementing {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}. + * For use with {@link #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)} + * + * @see #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int) + */ + public static final int INSTALLKEY_SET_USER_SELECTABLE = 2; + + /** * Broadcast action: sent when the profile owner is set, changed or cleared. * * This broadcast is sent only to the user managed by the new profile owner. @@ -4126,7 +4146,11 @@ public class DevicePolicyManager { */ public boolean installKeyPair(@Nullable ComponentName admin, @NonNull PrivateKey privKey, @NonNull Certificate[] certs, @NonNull String alias, boolean requestAccess) { - return installKeyPair(admin, privKey, certs, alias, requestAccess, true); + int flags = INSTALLKEY_SET_USER_SELECTABLE; + if (requestAccess) { + flags |= INSTALLKEY_REQUEST_CREDENTIALS_ACCESS; + } + return installKeyPair(admin, privKey, certs, alias, flags); } /** @@ -4150,13 +4174,9 @@ public class DevicePolicyManager { * {@link android.security.KeyChain#getCertificateChain}. * @param alias The private key alias under which to install the certificate. If a certificate * with that alias already exists, it will be overwritten. - * @param requestAccess {@code true} to request that the calling app be granted access to the - * credentials immediately. Otherwise, access to the credentials will be gated by user - * approval. - * @param isUserSelectable {@code true} to indicate that a user can select this key via the - * Certificate Selection prompt, false to indicate that this key can only be granted - * access by implementing - * {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}. + * @param flags Flags to request that the calling app be granted access to the credentials + * and set the key to be user-selectable. See {@link #INSTALLKEY_SET_USER_SELECTABLE} and + * {@link #INSTALLKEY_REQUEST_CREDENTIALS_ACCESS}. * @return {@code true} if the keys were installed, {@code false} otherwise. * @throws SecurityException if {@code admin} is not {@code null} and not a device or profile * owner. @@ -4165,9 +4185,12 @@ public class DevicePolicyManager { * @see #DELEGATION_CERT_INSTALL */ public boolean installKeyPair(@Nullable ComponentName admin, @NonNull PrivateKey privKey, - @NonNull Certificate[] certs, @NonNull String alias, boolean requestAccess, - boolean isUserSelectable) { + @NonNull Certificate[] certs, @NonNull String alias, int flags) { throwIfParentInstance("installKeyPair"); + boolean requestAccess = (flags & INSTALLKEY_REQUEST_CREDENTIALS_ACCESS) + == INSTALLKEY_REQUEST_CREDENTIALS_ACCESS; + boolean isUserSelectable = (flags & INSTALLKEY_SET_USER_SELECTABLE) + == INSTALLKEY_SET_USER_SELECTABLE; try { final byte[] pemCert = Credentials.convertToPem(certs[0]); byte[] pemChain = null; |