Merge "[ActivityManager] Finish the failed-to-pause activity"
diff --git a/api/current.txt b/api/current.txt
index 144f292..ed80e38 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -547,6 +547,7 @@
field public static final int expandableListViewWhiteStyle = 16843446; // 0x10102b6
field public static final int exported = 16842768; // 0x1010010
field public static final int extraTension = 16843371; // 0x101026b
+ field public static final int extractNativeLibs = 16843990; // 0x10104d6
field public static final int factor = 16843219; // 0x10101d3
field public static final int fadeDuration = 16843384; // 0x1010278
field public static final int fadeEnabled = 16843390; // 0x101027e
@@ -8368,6 +8369,7 @@
field public static final int FLAG_ALLOW_TASK_REPARENTING = 32; // 0x20
field public static final int FLAG_DEBUGGABLE = 2; // 0x2
field public static final int FLAG_EXTERNAL_STORAGE = 262144; // 0x40000
+ field public static final int FLAG_EXTRACT_NATIVE_LIBS = 268435456; // 0x10000000
field public static final int FLAG_FACTORY_TEST = 16; // 0x10
field public static final int FLAG_FULL_BACKUP_ONLY = 67108864; // 0x4000000
field public static final int FLAG_HAS_CODE = 4; // 0x4
@@ -17515,7 +17517,7 @@
method public static android.net.http.HttpResponseCache getInstalled();
method public int getNetworkCount();
method public int getRequestCount();
- method public static android.net.http.HttpResponseCache install(java.io.File, long) throws java.io.IOException;
+ method public static synchronized android.net.http.HttpResponseCache install(java.io.File, long) throws java.io.IOException;
method public long maxSize();
method public java.net.CacheRequest put(java.net.URI, java.net.URLConnection) throws java.io.IOException;
method public long size();
@@ -41519,7 +41521,7 @@
method public static double nextUp(double);
method public static float nextUp(float);
method public static double pow(double, double);
- method public static synchronized double random();
+ method public static double random();
method public static double rint(double);
method public static long round(double);
method public static int round(float);
diff --git a/api/system-current.txt b/api/system-current.txt
index 7ab0e48..8f1b8b2 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -617,6 +617,7 @@
field public static final int expandableListViewWhiteStyle = 16843446; // 0x10102b6
field public static final int exported = 16842768; // 0x1010010
field public static final int extraTension = 16843371; // 0x101026b
+ field public static final int extractNativeLibs = 16843990; // 0x10104d6
field public static final int factor = 16843219; // 0x10101d3
field public static final int fadeDuration = 16843384; // 0x1010278
field public static final int fadeEnabled = 16843390; // 0x101027e
@@ -8616,6 +8617,7 @@
field public static final int FLAG_ALLOW_TASK_REPARENTING = 32; // 0x20
field public static final int FLAG_DEBUGGABLE = 2; // 0x2
field public static final int FLAG_EXTERNAL_STORAGE = 262144; // 0x40000
+ field public static final int FLAG_EXTRACT_NATIVE_LIBS = 268435456; // 0x10000000
field public static final int FLAG_FACTORY_TEST = 16; // 0x10
field public static final int FLAG_FULL_BACKUP_ONLY = 67108864; // 0x4000000
field public static final int FLAG_HAS_CODE = 4; // 0x4
@@ -18843,7 +18845,7 @@
method public static android.net.http.HttpResponseCache getInstalled();
method public int getNetworkCount();
method public int getRequestCount();
- method public static android.net.http.HttpResponseCache install(java.io.File, long) throws java.io.IOException;
+ method public static synchronized android.net.http.HttpResponseCache install(java.io.File, long) throws java.io.IOException;
method public long maxSize();
method public java.net.CacheRequest put(java.net.URI, java.net.URLConnection) throws java.io.IOException;
method public long size();
@@ -44055,7 +44057,7 @@
method public static double nextUp(double);
method public static float nextUp(float);
method public static double pow(double, double);
- method public static synchronized double random();
+ method public static double random();
method public static double rint(double);
method public static long round(double);
method public static int round(float);
diff --git a/cmds/app_process/app_main.cpp b/cmds/app_process/app_main.cpp
index c86fd53..c5af992 100644
--- a/cmds/app_process/app_main.cpp
+++ b/cmds/app_process/app_main.cpp
@@ -7,6 +7,12 @@
#define LOG_TAG "appproc"
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/prctl.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
#include <binder/IPCThreadState.h>
#include <binder/ProcessState.h>
#include <utils/Log.h>
@@ -17,11 +23,6 @@
#include <android_runtime/AndroidRuntime.h>
#include <private/android_filesystem_config.h> // for AID_SYSTEM
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/prctl.h>
-
namespace android {
static void app_usage()
diff --git a/cmds/idmap/scan.cpp b/cmds/idmap/scan.cpp
index 197e36b..84158d3 100644
--- a/cmds/idmap/scan.cpp
+++ b/cmds/idmap/scan.cpp
@@ -1,3 +1,6 @@
+#include <dirent.h>
+#include <sys/stat.h>
+
#include "idmap.h"
#include <UniquePtr.h>
@@ -9,8 +12,6 @@
#include <utils/String16.h>
#include <utils/String8.h>
-#include <dirent.h>
-
#define NO_OVERLAY_TAG (-1000)
using namespace android;
diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index bdd9e41..9269f60 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -97,7 +97,7 @@
import android.view.Window;
import android.view.WindowManager;
import android.view.WindowManagerGlobal;
-import android.renderscript.RenderScript;
+import android.renderscript.RenderScriptCacheDir;
import android.security.AndroidKeyStoreProvider;
import com.android.internal.app.IVoiceInteractor;
@@ -257,18 +257,21 @@
}
}
+ static final class AcquiringProviderRecord {
+ IActivityManager.ContentProviderHolder holder;
+ boolean acquiring = true;
+ int requests = 1;
+ }
+
// The lock of mProviderMap protects the following variables.
- final ArrayMap<ProviderKey, ProviderClientRecord> mProviderMap
- = new ArrayMap<ProviderKey, ProviderClientRecord>();
- final ArrayMap<IBinder, ProviderRefCount> mProviderRefCountMap
- = new ArrayMap<IBinder, ProviderRefCount>();
- final ArrayMap<IBinder, ProviderClientRecord> mLocalProviders
- = new ArrayMap<IBinder, ProviderClientRecord>();
- final ArrayMap<ComponentName, ProviderClientRecord> mLocalProvidersByName
- = new ArrayMap<ComponentName, ProviderClientRecord>();
+ final ArrayMap<ProviderKey, ProviderClientRecord> mProviderMap = new ArrayMap<>();
+ final ArrayMap<ProviderKey, AcquiringProviderRecord> mAcquiringProviderMap = new ArrayMap<>();
+ final ArrayMap<IBinder, ProviderRefCount> mProviderRefCountMap = new ArrayMap<>();
+ final ArrayMap<IBinder, ProviderClientRecord> mLocalProviders = new ArrayMap<>();
+ final ArrayMap<ComponentName, ProviderClientRecord> mLocalProvidersByName = new ArrayMap<>();
final ArrayMap<Activity, ArrayList<OnActivityPausedListener>> mOnPauseListeners
- = new ArrayMap<Activity, ArrayList<OnActivityPausedListener>>();
+ = new ArrayMap<>();
final GcIdler mGcIdler = new GcIdler();
boolean mGcIdlerScheduled = false;
@@ -345,7 +348,7 @@
}
}
- final class ProviderClientRecord {
+ static final class ProviderClientRecord {
final String[] mNames;
final IContentProvider mProvider;
final ContentProvider mLocalProvider;
@@ -3184,7 +3187,7 @@
if (cv == null) {
mThumbnailCanvas = cv = new Canvas();
}
-
+
cv.setBitmap(thumbnail);
if (!r.activity.onCreateThumbnail(thumbnail, cv)) {
mAvailThumbnailBitmap = thumbnail;
@@ -3482,12 +3485,12 @@
private void handleWindowVisibility(IBinder token, boolean show) {
ActivityClientRecord r = mActivities.get(token);
-
+
if (r == null) {
Log.w(TAG, "handleWindowVisibility: no activity for token " + token);
return;
}
-
+
if (!show && !r.stopped) {
performStopActivityInner(r, null, show, false);
} else if (show && r.stopped) {
@@ -3915,10 +3918,10 @@
}
}
}
-
+
if (DEBUG_CONFIGURATION) Slog.v(TAG, "Relaunching activity "
+ tmp.token + ": changedConfig=" + changedConfig);
-
+
// If there was a pending configuration change, execute it first.
if (changedConfig != null) {
mCurDefaultDisplayDpi = changedConfig.densityDpi;
@@ -4115,7 +4118,7 @@
if (config == null) {
return;
}
-
+
if (DEBUG_CONFIGURATION) Slog.v(TAG, "Handle configuration changed: "
+ config);
@@ -4163,7 +4166,7 @@
if (DEBUG_CONFIGURATION) Slog.v(TAG, "Handle activity config changed: "
+ r.activityInfo.name);
-
+
performConfigurationChanged(r.activity, mCompatConfiguration);
freeTextLayoutCachesIfNeeded(r.activity.mCurrentConfig.diff(mCompatConfiguration));
@@ -4244,7 +4247,7 @@
ApplicationPackageManager.handlePackageBroadcast(cmd, packages,
hasPkgInfo);
}
-
+
final void handleLowMemory() {
ArrayList<ComponentCallbacks2> callbacks = collectComponentCallbacks(true, null);
@@ -4291,10 +4294,10 @@
String[] packages = getPackageManager().getPackagesForUid(uid);
// If there are several packages in this application we won't
- // initialize the graphics disk caches
+ // initialize the graphics disk caches
if (packages != null && packages.length == 1) {
HardwareRenderer.setupDiskCache(cacheDir);
- RenderScript.setupDiskCache(cacheDir);
+ RenderScriptCacheDir.setupDiskCache(cacheDir);
}
} catch (RemoteException e) {
// Ignore
@@ -4648,22 +4651,57 @@
public final IContentProvider acquireProvider(
Context c, String auth, int userId, boolean stable) {
- final IContentProvider provider = acquireExistingProvider(c, auth, userId, stable);
+ final ProviderKey key = new ProviderKey(auth, userId);
+ final IContentProvider provider = acquireExistingProvider(c, key, stable);
if (provider != null) {
return provider;
}
+ AcquiringProviderRecord r;
+ boolean first = false;
+ synchronized (mAcquiringProviderMap) {
+ r = mAcquiringProviderMap.get(key);
+ if (r == null) {
+ r = new AcquiringProviderRecord();
+ mAcquiringProviderMap.put(key, r);
+ first = true;
+ } else {
+ r.requests++;
+ }
+ }
- // There is a possible race here. Another thread may try to acquire
- // the same provider at the same time. When this happens, we want to ensure
- // that the first one wins.
- // Note that we cannot hold the lock while acquiring and installing the
- // provider since it might take a long time to run and it could also potentially
- // be re-entrant in the case where the provider is in the same process.
IActivityManager.ContentProviderHolder holder = null;
- try {
- holder = ActivityManagerNative.getDefault().getContentProvider(
- getApplicationThread(), auth, userId, stable);
- } catch (RemoteException ex) {
+ if (first) {
+ // Multiple threads may try to acquire the same provider at the same time.
+ // When this happens, we only let the first one really gets provider.
+ // Other threads just wait for its result.
+ // Note that we cannot hold the lock while acquiring and installing the
+ // provider since it might take a long time to run and it could also potentially
+ // be re-entrant in the case where the provider is in the same process.
+ try {
+ holder = ActivityManagerNative.getDefault().getContentProvider(
+ getApplicationThread(), auth, userId, stable);
+ } catch (RemoteException ex) {
+ }
+ synchronized (r) {
+ r.holder = holder;
+ r.acquiring = false;
+ r.notifyAll();
+ }
+ } else {
+ synchronized (r) {
+ while (r.acquiring) {
+ try {
+ r.wait();
+ } catch (InterruptedException e) {
+ }
+ }
+ holder = r.holder;
+ }
+ }
+ synchronized (mAcquiringProviderMap) {
+ if (--r.requests == 0) {
+ mAcquiringProviderMap.remove(key);
+ }
}
if (holder == null) {
Slog.e(TAG, "Failed to find provider info for " + auth);
@@ -4747,8 +4785,12 @@
public final IContentProvider acquireExistingProvider(
Context c, String auth, int userId, boolean stable) {
+ return acquireExistingProvider(c, new ProviderKey(auth, userId), stable);
+ }
+
+ final IContentProvider acquireExistingProvider(
+ Context c, ProviderKey key, boolean stable) {
synchronized (mProviderMap) {
- final ProviderKey key = new ProviderKey(auth, userId);
final ProviderClientRecord pr = mProviderMap.get(key);
if (pr == null) {
return null;
@@ -4759,7 +4801,7 @@
if (!jBinder.isBinderAlive()) {
// The hosting process of the provider has died; we can't
// use this one.
- Log.i(TAG, "Acquiring provider " + auth + " for user " + userId
+ Log.i(TAG, "Acquiring provider " + key.authority + " for user " + key.userId
+ ": existing object's process dead");
handleUnstableProviderDiedLocked(jBinder, true);
return null;
@@ -5081,18 +5123,12 @@
if (DEBUG_PROVIDER) {
Slog.v(TAG, "installProvider: lost the race, updating ref count");
}
- // We need to transfer our new reference to the existing
- // ref count, releasing the old one... but only if
- // release is needed (that is, it is not running in the
- // system process).
+ // The provider has already been installed, so we need
+ // to increase reference count to the existing one, but
+ // only if release is needed (that is, it is not running
+ // in the system process or local to the process).
if (!noReleaseNeeded) {
incProviderRefLocked(prc, stable);
- try {
- ActivityManagerNative.getDefault().removeContentProvider(
- holder.connection, stable);
- } catch (RemoteException e) {
- //do nothing content provider object is dead any way
- }
}
} else {
ProviderClientRecord client = installProviderAuthoritiesLocked(
@@ -5186,7 +5222,7 @@
if (mPendingConfiguration == null ||
mPendingConfiguration.isOtherSeqNewer(newConfig)) {
mPendingConfiguration = newConfig;
-
+
sendMessage(H.CONFIGURATION_CHANGED, newConfig);
}
}
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 05c19db..4a087da 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -346,6 +346,11 @@
public static final int FLAG_USES_CLEARTEXT_TRAFFIC = 1<<27;
/**
+ * When set installer extracts native libs from .apk files.
+ */
+ public static final int FLAG_EXTRACT_NATIVE_LIBS = 1<<28;
+
+ /**
* Value for {@link #flags}: true if code from this application will need to be
* loaded into other applications' processes. On devices that support multiple
* instruction sets, this implies the code might be loaded into a process that's
@@ -900,6 +905,20 @@
/**
* @hide
*/
+ public boolean isSystemApp() {
+ return (flags & ApplicationInfo.FLAG_SYSTEM) != 0;
+ }
+
+ /**
+ * @hide
+ */
+ public boolean isUpdatedSystemApp() {
+ return (flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
+ }
+
+ /**
+ * @hide
+ */
@Override protected ApplicationInfo getApplicationInfo() {
return this;
}
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 4952ba1..53aa6ff 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -268,6 +268,7 @@
public final boolean coreApp;
public final boolean multiArch;
+ public final boolean extractNativeLibs;
public PackageLite(String codePath, ApkLite baseApk, String[] splitNames,
String[] splitCodePaths, int[] splitRevisionCodes) {
@@ -283,6 +284,7 @@
this.splitRevisionCodes = splitRevisionCodes;
this.coreApp = baseApk.coreApp;
this.multiArch = baseApk.multiArch;
+ this.extractNativeLibs = baseApk.extractNativeLibs;
}
public List<String> getAllCodePaths() {
@@ -309,10 +311,12 @@
public final Signature[] signatures;
public final boolean coreApp;
public final boolean multiArch;
+ public final boolean extractNativeLibs;
public ApkLite(String codePath, String packageName, String splitName, int versionCode,
int revisionCode, int installLocation, List<VerifierInfo> verifiers,
- Signature[] signatures, boolean coreApp, boolean multiArch) {
+ Signature[] signatures, boolean coreApp, boolean multiArch,
+ boolean extractNativeLibs) {
this.codePath = codePath;
this.packageName = packageName;
this.splitName = splitName;
@@ -323,6 +327,7 @@
this.signatures = signatures;
this.coreApp = coreApp;
this.multiArch = multiArch;
+ this.extractNativeLibs = extractNativeLibs;
}
}
@@ -1269,6 +1274,7 @@
int revisionCode = 0;
boolean coreApp = false;
boolean multiArch = false;
+ boolean extractNativeLibs = true;
for (int i = 0; i < attrs.getAttributeCount(); i++) {
final String attr = attrs.getAttributeName(i);
@@ -1307,14 +1313,17 @@
final String attr = attrs.getAttributeName(i);
if ("multiArch".equals(attr)) {
multiArch = attrs.getAttributeBooleanValue(i, false);
- break;
+ }
+ if ("extractNativeLibs".equals(attr)) {
+ extractNativeLibs = attrs.getAttributeBooleanValue(i, true);
}
}
}
}
return new ApkLite(codePath, packageSplit.first, packageSplit.second, versionCode,
- revisionCode, installLocation, verifiers, signatures, coreApp, multiArch);
+ revisionCode, installLocation, verifiers, signatures, coreApp, multiArch,
+ extractNativeLibs);
}
/**
@@ -2567,6 +2576,12 @@
ai.flags |= ApplicationInfo.FLAG_MULTIARCH;
}
+ if (sa.getBoolean(
+ com.android.internal.R.styleable.AndroidManifestApplication_extractNativeLibs,
+ true)) {
+ ai.flags |= ApplicationInfo.FLAG_EXTRACT_NATIVE_LIBS;
+ }
+
String str;
str = sa.getNonConfigurationString(
com.android.internal.R.styleable.AndroidManifestApplication_permission, 0);
@@ -4444,6 +4459,20 @@
return applicationInfo.isForwardLocked();
}
+ /**
+ * @hide
+ */
+ public boolean isSystemApp() {
+ return applicationInfo.isSystemApp();
+ }
+
+ /**
+ * @hide
+ */
+ public boolean isUpdatedSystemApp() {
+ return applicationInfo.isUpdatedSystemApp();
+ }
+
public String toString() {
return "Package{"
+ Integer.toHexString(System.identityHashCode(this))
diff --git a/core/java/android/inputmethodservice/ExtractEditLayout.java b/core/java/android/inputmethodservice/ExtractEditLayout.java
index 5696839..e902443 100644
--- a/core/java/android/inputmethodservice/ExtractEditLayout.java
+++ b/core/java/android/inputmethodservice/ExtractEditLayout.java
@@ -163,6 +163,8 @@
mCallback.onDestroyActionMode(this);
mCallback = null;
+ mMenu.close();
+
mExtractActionButton.setVisibility(VISIBLE);
mEditButton.setVisibility(INVISIBLE);
diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
index 2099c3f..fb2f445 100644
--- a/core/java/android/net/Uri.java
+++ b/core/java/android/net/Uri.java
@@ -384,6 +384,11 @@
}
}
return builder.toString();
+ } else if (scheme.equalsIgnoreCase("http") || scheme.equalsIgnoreCase("https")
+ || scheme.equalsIgnoreCase("ftp")) {
+ ssp = "//" + ((getHost() != null) ? getHost() : "")
+ + ((getPort() != -1) ? (":" + getPort()) : "")
+ + "/...";
}
}
// Not a sensitive scheme, but let's still be conservative about
diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java
index e94a312..6176399 100644
--- a/core/java/android/security/keymaster/KeymasterDefs.java
+++ b/core/java/android/security/keymaster/KeymasterDefs.java
@@ -171,6 +171,9 @@
public static final int KM_KEY_FORMAT_PKCS12 = 2;
public static final int KM_KEY_FORMAT_RAW = 3;
+ // User authenticators.
+ public static final int HW_AUTH_PASSWORD = 1 << 0;
+
// Error codes.
public static final int KM_ERROR_OK = 0;
public static final int KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1;
diff --git a/core/java/android/text/SpanSet.java b/core/java/android/text/SpanSet.java
index 3ca6033..00f1493 100644
--- a/core/java/android/text/SpanSet.java
+++ b/core/java/android/text/SpanSet.java
@@ -17,6 +17,7 @@
package android.text;
import java.lang.reflect.Array;
+import java.util.Arrays;
/**
* A cached set of spans. Caches the result of {@link Spanned#getSpans(int, int, Class)} and then
@@ -54,6 +55,7 @@
spanFlags = new int[length];
}
+ int prevNumberOfSpans = numberOfSpans;
numberOfSpans = 0;
for (int i = 0; i < length; i++) {
final E span = allSpans[i];
@@ -71,6 +73,12 @@
numberOfSpans++;
}
+
+ // cleanup extra spans left over from previous init() call
+ if (numberOfSpans < prevNumberOfSpans) {
+ // prevNumberofSpans was > 0, therefore spans != null
+ Arrays.fill(spans, numberOfSpans, prevNumberOfSpans, null);
+ }
}
/**
@@ -103,9 +111,8 @@
* Removes all internal references to the spans to avoid memory leaks.
*/
public void recycle() {
- // The spans array is guaranteed to be not null when numberOfSpans is > 0
- for (int i = 0; i < numberOfSpans; i++) {
- spans[i] = null; // prevent a leak: no reference kept when TextLine is recycled
+ if (spans != null) {
+ Arrays.fill(spans, 0, numberOfSpans, null);
}
}
}
diff --git a/core/java/android/widget/ProgressBar.java b/core/java/android/widget/ProgressBar.java
index de1bbc7..358dbde 100644
--- a/core/java/android/widget/ProgressBar.java
+++ b/core/java/android/widget/ProgressBar.java
@@ -1812,9 +1812,7 @@
}
if (mRefreshProgressRunnable != null) {
removeCallbacks(mRefreshProgressRunnable);
- }
- if (mRefreshProgressRunnable != null && mRefreshIsPosted) {
- removeCallbacks(mRefreshProgressRunnable);
+ mRefreshIsPosted = false;
}
if (mAccessibilityEventSender != null) {
removeCallbacks(mAccessibilityEventSender);
diff --git a/core/java/android/widget/RemoteViewsAdapter.java b/core/java/android/widget/RemoteViewsAdapter.java
index 56bdb9b..5eaf20c 100644
--- a/core/java/android/widget/RemoteViewsAdapter.java
+++ b/core/java/android/widget/RemoteViewsAdapter.java
@@ -817,12 +817,12 @@
mContext = context;
mIntent = intent;
- mAppWidgetId = intent.getIntExtra(RemoteViews.EXTRA_REMOTEADAPTER_APPWIDGET_ID, -1);
-
- mLayoutInflater = LayoutInflater.from(context);
if (mIntent == null) {
throw new IllegalArgumentException("Non-null Intent must be specified.");
}
+
+ mAppWidgetId = intent.getIntExtra(RemoteViews.EXTRA_REMOTEADAPTER_APPWIDGET_ID, -1);
+ mLayoutInflater = LayoutInflater.from(context);
mRequestedViews = new RemoteViewsFrameLayoutRefSet();
// Strip the previously injected app widget id from service intent
diff --git a/core/java/com/android/internal/content/NativeLibraryHelper.java b/core/java/com/android/internal/content/NativeLibraryHelper.java
index 02f675c..f479f4f 100644
--- a/core/java/com/android/internal/content/NativeLibraryHelper.java
+++ b/core/java/com/android/internal/content/NativeLibraryHelper.java
@@ -33,6 +33,7 @@
import android.content.pm.PackageParser.PackageParserException;
import android.os.Build;
import android.os.SELinux;
+import android.os.SystemProperties;
import android.system.ErrnoException;
import android.system.Os;
import android.util.Slog;
@@ -74,6 +75,7 @@
final long[] apkHandles;
final boolean multiArch;
+ final boolean extractNativeLibs;
public static Handle create(File packageFile) throws IOException {
try {
@@ -86,14 +88,16 @@
public static Handle create(Package pkg) throws IOException {
return create(pkg.getAllCodePaths(),
- (pkg.applicationInfo.flags & ApplicationInfo.FLAG_MULTIARCH) != 0);
+ (pkg.applicationInfo.flags & ApplicationInfo.FLAG_MULTIARCH) != 0,
+ (pkg.applicationInfo.flags & ApplicationInfo.FLAG_EXTRACT_NATIVE_LIBS) != 0);
}
public static Handle create(PackageLite lite) throws IOException {
- return create(lite.getAllCodePaths(), lite.multiArch);
+ return create(lite.getAllCodePaths(), lite.multiArch, lite.extractNativeLibs);
}
- private static Handle create(List<String> codePaths, boolean multiArch) throws IOException {
+ private static Handle create(List<String> codePaths, boolean multiArch,
+ boolean extractNativeLibs) throws IOException {
final int size = codePaths.size();
final long[] apkHandles = new long[size];
for (int i = 0; i < size; i++) {
@@ -108,12 +112,13 @@
}
}
- return new Handle(apkHandles, multiArch);
+ return new Handle(apkHandles, multiArch, extractNativeLibs);
}
- Handle(long[] apkHandles, boolean multiArch) {
+ Handle(long[] apkHandles, boolean multiArch, boolean extractNativeLibs) {
this.apkHandles = apkHandles;
this.multiArch = multiArch;
+ this.extractNativeLibs = extractNativeLibs;
mGuard.open("close");
}
@@ -146,8 +151,8 @@
private static native long nativeSumNativeBinaries(long handle, String cpuAbi);
- private native static int nativeCopyNativeBinaries(long handle,
- String sharedLibraryPath, String abiToCopy);
+ private native static int nativeCopyNativeBinaries(long handle, String sharedLibraryPath,
+ String abiToCopy, boolean extractNativeLibs, boolean hasNativeBridge);
private static long sumNativeBinaries(Handle handle, String abi) {
long sum = 0;
@@ -167,7 +172,8 @@
*/
public static int copyNativeBinaries(Handle handle, File sharedLibraryDir, String abi) {
for (long apkHandle : handle.apkHandles) {
- int res = nativeCopyNativeBinaries(apkHandle, sharedLibraryDir.getPath(), abi);
+ int res = nativeCopyNativeBinaries(apkHandle, sharedLibraryDir.getPath(), abi,
+ handle.extractNativeLibs, HAS_NATIVE_BRIDGE);
if (res != INSTALL_SUCCEEDED) {
return res;
}
@@ -218,7 +224,8 @@
/**
* Remove the native binaries of a given package. This deletes the files
*/
- public static void removeNativeBinariesFromDirLI(File nativeLibraryRoot, boolean deleteRootDir) {
+ public static void removeNativeBinariesFromDirLI(File nativeLibraryRoot,
+ boolean deleteRootDir) {
if (DEBUG_NATIVE) {
Slog.w(TAG, "Deleting native binaries from: " + nativeLibraryRoot.getPath());
}
@@ -247,7 +254,8 @@
// asked to or this will prevent installation of future updates.
if (deleteRootDir) {
if (!nativeLibraryRoot.delete()) {
- Slog.w(TAG, "Could not delete native binary directory: " + nativeLibraryRoot.getPath());
+ Slog.w(TAG, "Could not delete native binary directory: " +
+ nativeLibraryRoot.getPath());
}
}
}
@@ -416,6 +424,9 @@
// We don't care about the other return values for now.
private static final int BITCODE_PRESENT = 1;
+ private static final boolean HAS_NATIVE_BRIDGE =
+ !"0".equals(SystemProperties.get("ro.dalvik.vm.native.bridge", "0"));
+
private static native int hasRenderscriptBitcode(long apkHandle);
public static boolean hasRenderscriptBitcode(Handle handle) throws IOException {
diff --git a/core/java/com/android/internal/os/InstallerConnection.java b/core/java/com/android/internal/os/InstallerConnection.java
index 433a54b..a4cdf19 100644
--- a/core/java/com/android/internal/os/InstallerConnection.java
+++ b/core/java/com/android/internal/os/InstallerConnection.java
@@ -91,11 +91,11 @@
}
public int dexopt(String apkPath, int uid, boolean isPublic, String instructionSet) {
- return dexopt(apkPath, uid, isPublic, "*", instructionSet, false, false);
+ return dexopt(apkPath, uid, isPublic, "*", instructionSet, false, false, null);
}
public int dexopt(String apkPath, int uid, boolean isPublic, String pkgName,
- String instructionSet, boolean vmSafeMode, boolean debuggable) {
+ String instructionSet, boolean vmSafeMode, boolean debuggable, String outputPath) {
StringBuilder builder = new StringBuilder("dexopt");
builder.append(' ');
builder.append(apkPath);
@@ -108,6 +108,8 @@
builder.append(instructionSet);
builder.append(vmSafeMode ? " 1" : " 0");
builder.append(debuggable ? " 1" : " 0");
+ builder.append(' ');
+ builder.append(outputPath != null ? outputPath : "!");
return execute(builder.toString());
}
diff --git a/core/jni/AndroidRuntime.cpp b/core/jni/AndroidRuntime.cpp
index 0582513..0bfc0c9 100644
--- a/core/jni/AndroidRuntime.cpp
+++ b/core/jni/AndroidRuntime.cpp
@@ -536,7 +536,6 @@
*/
int AndroidRuntime::startVm(JavaVM** pJavaVM, JNIEnv** pEnv)
{
- int result = -1;
JavaVMInitArgs initArgs;
char propBuf[PROPERTY_VALUE_MAX];
char stackTraceFileBuf[sizeof("-Xstacktracefile:")-1 + PROPERTY_VALUE_MAX];
@@ -552,6 +551,7 @@
char gctypeOptsBuf[sizeof("-Xgc:")-1 + PROPERTY_VALUE_MAX];
char backgroundgcOptsBuf[sizeof("-XX:BackgroundGC=")-1 + PROPERTY_VALUE_MAX];
char heaptargetutilizationOptsBuf[sizeof("-XX:HeapTargetUtilization=")-1 + PROPERTY_VALUE_MAX];
+ char cachePruneBuf[sizeof("-Xzygote-max-boot-retry=")-1 + PROPERTY_VALUE_MAX];
char dex2oatXmsImageFlagsBuf[sizeof("-Xms")-1 + PROPERTY_VALUE_MAX];
char dex2oatXmxImageFlagsBuf[sizeof("-Xmx")-1 + PROPERTY_VALUE_MAX];
char dex2oatXmsFlagsBuf[sizeof("-Xms")-1 + PROPERTY_VALUE_MAX];
@@ -560,6 +560,10 @@
char dex2oatImageCompilerFilterBuf[sizeof("--compiler-filter=")-1 + PROPERTY_VALUE_MAX];
char dex2oatThreadsBuf[sizeof("-j")-1 + PROPERTY_VALUE_MAX];
char dex2oatThreadsImageBuf[sizeof("-j")-1 + PROPERTY_VALUE_MAX];
+ char dex2oat_isa_variant_key[PROPERTY_KEY_MAX];
+ char dex2oat_isa_variant[sizeof("--instruction-set-variant=") -1 + PROPERTY_VALUE_MAX];
+ char dex2oat_isa_features_key[PROPERTY_KEY_MAX];
+ char dex2oat_isa_features[sizeof("--instruction-set-features=") -1 + PROPERTY_VALUE_MAX];
char dex2oatFlagsBuf[PROPERTY_VALUE_MAX];
char dex2oatImageFlagsBuf[PROPERTY_VALUE_MAX];
char extraOptsBuf[PROPERTY_VALUE_MAX];
@@ -582,6 +586,7 @@
char localeOption[sizeof("-Duser.locale=") + PROPERTY_VALUE_MAX];
char lockProfThresholdBuf[sizeof("-Xlockprofthreshold:")-1 + PROPERTY_VALUE_MAX];
char nativeBridgeLibrary[sizeof("-XX:NativeBridge=") + PROPERTY_VALUE_MAX];
+ char cpuAbiListBuf[sizeof("--cpu-abilist=") + PROPERTY_VALUE_MAX];
bool checkJni = false;
property_get("dalvik.vm.checkjni", propBuf, "");
@@ -700,7 +705,7 @@
if (!hasFile("/system/etc/preloaded-classes")) {
ALOGE("Missing preloaded-classes file, /system/etc/preloaded-classes not found: %s\n",
strerror(errno));
- goto bail;
+ return -1;
}
addOption("-Ximage-compiler-option");
addOption("--image-classes=/system/etc/preloaded-classes");
@@ -737,6 +742,43 @@
parseCompilerOption("dalvik.vm.dex2oat-threads", dex2oatThreadsBuf, "-j", "-Xcompiler-option");
parseCompilerOption("dalvik.vm.image-dex2oat-threads", dex2oatThreadsImageBuf, "-j",
"-Ximage-compiler-option");
+
+ // The runtime will compile a boot image, when necessary, not using installd. Thus, we need to
+ // pass the instruction-set-features/variant as an image-compiler-option.
+ // TODO: Find a better way for the instruction-set.
+#if defined(__arm__)
+ constexpr const char* instruction_set = "arm";
+#elif defined(__aarch64__)
+ constexpr const char* instruction_set = "arm64";
+#elif defined(__mips__) && !defined(__LP64__)
+ constexpr const char* instruction_set = "mips";
+#elif defined(__mips__) && defined(__LP64__)
+ constexpr const char* instruction_set = "mips64";
+#elif defined(__i386__)
+ constexpr const char* instruction_set = "x86";
+#elif defined(__x86_64__)
+ constexpr const char* instruction_set = "x86_64";
+#else
+ constexpr const char* instruction_set = "unknown";
+#endif
+ // Note: it is OK to reuse the buffer, as the values are exactly the same between
+ // * compiler-option, used for runtime compilation (DexClassLoader)
+ // * image-compiler-option, used for boot-image compilation on device
+
+ // Copy the variant.
+ sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set);
+ parseCompilerOption(dex2oat_isa_variant_key, dex2oat_isa_variant,
+ "--instruction-set-variant=", "-Ximage-compiler-option");
+ parseCompilerOption(dex2oat_isa_variant_key, dex2oat_isa_variant,
+ "--instruction-set-variant=", "-Xcompiler-option");
+ // Copy the features.
+ sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set);
+ parseCompilerOption(dex2oat_isa_features_key, dex2oat_isa_features,
+ "--instruction-set-features=", "-Ximage-compiler-option");
+ parseCompilerOption(dex2oat_isa_features_key, dex2oat_isa_features,
+ "--instruction-set-features=", "-Xcompiler-option");
+
+
property_get("dalvik.vm.dex2oat-flags", dex2oatFlagsBuf, "");
parseExtraOpts(dex2oatFlagsBuf, "-Xcompiler-option");
@@ -815,6 +857,22 @@
addOption(nativeBridgeLibrary);
}
+ // Dalvik-cache pruning counter.
+ parseRuntimeOption("dalvik.vm.zygote.max-boot-retry", cachePruneBuf,
+ "-Xzygote-max-boot-retry=");
+#if defined(__LP64__)
+ const char* cpu_abilist_property_name = "ro.product.cpu.abilist64";
+#else
+ const char* cpu_abilist_property_name = "ro.product.cpu.abilist32";
+#endif // defined(__LP64__)
+ property_get(cpu_abilist_property_name, propBuf, "");
+ if (propBuf[0] == '\0') {
+ ALOGE("%s is not expected to be empty", cpu_abilist_property_name);
+ return -1;
+ }
+ snprintf(cpuAbiListBuf, sizeof(cpuAbiListBuf), "--cpu-abilist=%s", propBuf);
+ addOption(cpuAbiListBuf);
+
initArgs.version = JNI_VERSION_1_4;
initArgs.options = mOptions.editArray();
initArgs.nOptions = mOptions.size();
@@ -829,13 +887,10 @@
*/
if (JNI_CreateJavaVM(pJavaVM, pEnv, &initArgs) < 0) {
ALOGE("JNI_CreateJavaVM failed\n");
- goto bail;
+ return -1;
}
- result = 0;
-
-bail:
- return result;
+ return 0;
}
char* AndroidRuntime::toSlashClassName(const char* className)
diff --git a/core/jni/com_android_internal_content_NativeLibraryHelper.cpp b/core/jni/com_android_internal_content_NativeLibraryHelper.cpp
index 3c1993e..9307ff9 100644
--- a/core/jni/com_android_internal_content_NativeLibraryHelper.cpp
+++ b/core/jni/com_android_internal_content_NativeLibraryHelper.cpp
@@ -33,6 +33,7 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
+#include <inttypes.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -173,7 +174,11 @@
static install_status_t
copyFileIfChanged(JNIEnv *env, void* arg, ZipFileRO* zipFile, ZipEntryRO zipEntry, const char* fileName)
{
- jstring* javaNativeLibPath = (jstring*) arg;
+ void** args = reinterpret_cast<void**>(arg);
+ jstring* javaNativeLibPath = (jstring*) args[0];
+ jboolean extractNativeLibs = *(jboolean*) args[1];
+ jboolean hasNativeBridge = *(jboolean*) args[2];
+
ScopedUtfChars nativeLibPath(env, *javaNativeLibPath);
size_t uncompLen;
@@ -181,13 +186,31 @@
long crc;
time_t modTime;
- if (!zipFile->getEntryInfo(zipEntry, NULL, &uncompLen, NULL, NULL, &when, &crc)) {
+ int method;
+ off64_t offset;
+
+ if (!zipFile->getEntryInfo(zipEntry, &method, &uncompLen, NULL, &offset, &when, &crc)) {
ALOGD("Couldn't read zip entry info\n");
return INSTALL_FAILED_INVALID_APK;
- } else {
- struct tm t;
- ZipUtils::zipTimeToTimespec(when, &t);
- modTime = mktime(&t);
+ }
+
+ if (!extractNativeLibs) {
+ // check if library is uncompressed and page-aligned
+ if (method != ZipFileRO::kCompressStored) {
+ ALOGD("Library '%s' is compressed - will not be able to open it directly from apk.\n",
+ fileName);
+ return INSTALL_FAILED_INVALID_APK;
+ }
+
+ if (offset % PAGE_SIZE != 0) {
+ ALOGD("Library '%s' is not page-aligned - will not be able to open it directly from"
+ " apk.\n", fileName);
+ return INSTALL_FAILED_INVALID_APK;
+ }
+
+ if (!hasNativeBridge) {
+ return INSTALL_SUCCEEDED;
+ }
}
// Build local file path
@@ -208,6 +231,9 @@
}
// Only copy out the native file if it's different.
+ struct tm t;
+ ZipUtils::zipTimeToTimespec(when, &t);
+ modTime = mktime(&t);
struct stat64 st;
if (!isFileDifferent(localFileName, uncompLen, modTime, crc, &st)) {
return INSTALL_SUCCEEDED;
@@ -465,10 +491,12 @@
static jint
com_android_internal_content_NativeLibraryHelper_copyNativeBinaries(JNIEnv *env, jclass clazz,
- jlong apkHandle, jstring javaNativeLibPath, jstring javaCpuAbi)
+ jlong apkHandle, jstring javaNativeLibPath, jstring javaCpuAbi,
+ jboolean extractNativeLibs, jboolean hasNativeBridge)
{
+ void* args[] = { &javaNativeLibPath, &extractNativeLibs, &hasNativeBridge };
return (jint) iterateOverNativeFiles(env, apkHandle, javaCpuAbi,
- copyFileIfChanged, &javaNativeLibPath);
+ copyFileIfChanged, reinterpret_cast<void*>(args));
}
static jlong
@@ -548,7 +576,7 @@
"(J)V",
(void *)com_android_internal_content_NativeLibraryHelper_close},
{"nativeCopyNativeBinaries",
- "(JLjava/lang/String;Ljava/lang/String;)I",
+ "(JLjava/lang/String;Ljava/lang/String;ZZ)I",
(void *)com_android_internal_content_NativeLibraryHelper_copyNativeBinaries},
{"nativeSumNativeBinaries",
"(JLjava/lang/String;)J",
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index ea592cf..f69772a 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -1021,6 +1021,10 @@
<p>The default value of this attribute is <code>false</code>. -->
<attr name="resumeWhilePausing" format="boolean" />
+ <!-- When set installer will extract native libraries. If set to false
+ libraries in the apk must be stored and page-aligned. -->
+ <attr name="extractNativeLibs" format="boolean"/>
+
<!-- The <code>manifest</code> tag is the root of an
<code>AndroidManifest.xml</code> file,
describing the contents of an Android package (.apk) file. One
@@ -1151,8 +1155,8 @@
@hide -->
<attr name="usesCleartextTraffic" />
<attr name="multiArch" />
+ <attr name="extractNativeLibs" />
</declare-styleable>
-
<!-- The <code>permission</code> tag declares a security permission that can be
used to control access from other packages to specific components or
features in your package (or other packages). See the
diff --git a/core/res/res/values/public.xml b/core/res/res/values/public.xml
index 2bb9aa8..bfd0d26 100644
--- a/core/res/res/values/public.xml
+++ b/core/res/res/values/public.xml
@@ -2598,4 +2598,5 @@
<public type="style" name="Theme.DeviceDefault.Dialog.Alert" />
<public type="style" name="Theme.DeviceDefault.Light.Dialog.Alert" />
+ <public type="attr" name="extractNativeLibs" />
</resources>
diff --git a/core/tests/coretests/apks/install_jni_lib/Android.mk b/core/tests/coretests/apks/install_jni_lib/Android.mk
index b61ea8e..7322e8d 100644
--- a/core/tests/coretests/apks/install_jni_lib/Android.mk
+++ b/core/tests/coretests/apks/install_jni_lib/Android.mk
@@ -23,6 +23,14 @@
libnativehelper
LOCAL_MODULE := libframeworks_coretests_jni
+
+# this does not prevent build system
+# from installing library to /system/lib
LOCAL_MODULE_TAGS := tests
+# .. we want to avoid that... so we put it somewhere
+# bionic linker cant find it without outside help (nativetests):
+LOCAL_MODULE_PATH_32 := $($(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_NATIVE_TESTS)/$(LOCAL_MODULE)
+LOCAL_MODULE_PATH_64 := $(TARGET_OUT_DATA_NATIVE_TESTS)/$(LOCAL_MODULE)
+
include $(BUILD_SHARED_LIBRARY)
diff --git a/core/tests/coretests/apks/install_jni_lib/com_android_frameworks_coretests_JNITest.cpp b/core/tests/coretests/apks/install_jni_lib/com_android_frameworks_coretests_JNITest.cpp
index 957fc4a..e0b616c 100644
--- a/core/tests/coretests/apks/install_jni_lib/com_android_frameworks_coretests_JNITest.cpp
+++ b/core/tests/coretests/apks/install_jni_lib/com_android_frameworks_coretests_JNITest.cpp
@@ -27,8 +27,8 @@
{ "checkFunction", "()I", (void*) checkFunction },
};
-int register_com_android_framework_coretests_JNITests(JNIEnv* env) {
- return jniRegisterNativeMethods(env, "com/android/framework/coretests/JNITests", sMethods,
+int register_com_android_frameworks_coretests_JNITests(JNIEnv* env) {
+ return jniRegisterNativeMethods(env, "com/android/frameworks/coretests/JNITests", sMethods,
NELEM(sMethods));
}
@@ -46,7 +46,7 @@
return JNI_ERR;
}
- if ((status = android::register_com_android_framework_coretests_JNITests(e)) < 0) {
+ if ((status = android::register_com_android_frameworks_coretests_JNITests(e)) < 0) {
return JNI_ERR;
}
diff --git a/core/tests/coretests/apks/install_jni_lib_open_from_apk/Android.mk b/core/tests/coretests/apks/install_jni_lib_open_from_apk/Android.mk
new file mode 100644
index 0000000..5fa2405
--- /dev/null
+++ b/core/tests/coretests/apks/install_jni_lib_open_from_apk/Android.mk
@@ -0,0 +1,11 @@
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := $(call all-subdir-java-files)
+
+LOCAL_PACKAGE_NAME := install_jni_lib_open_from_apk
+
+LOCAL_JNI_SHARED_LIBRARIES_ZIP_OPTIONS := -0
+LOCAL_PAGE_ALIGN_JNI_SHARED_LIBRARIES := true
+
+include $(FrameworkCoreTests_BUILD_PACKAGE)
diff --git a/core/tests/coretests/apks/install_jni_lib_open_from_apk/AndroidManifest.xml b/core/tests/coretests/apks/install_jni_lib_open_from_apk/AndroidManifest.xml
new file mode 100644
index 0000000..190f894
--- /dev/null
+++ b/core/tests/coretests/apks/install_jni_lib_open_from_apk/AndroidManifest.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2014 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.frameworks.coretests.install_jni_lib_open_from_apk">
+
+ <application android:hasCode="true" android:label="@string/app_name" android:extractNativeLibs="false">
+ <activity android:name="com.android.frameworks.coretests.OpenFromApkActivity"
+ android:label="@string/app_name">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+ </application>
+</manifest>
diff --git a/core/tests/coretests/apks/install_jni_lib_open_from_apk/res/values/strings.xml b/core/tests/coretests/apks/install_jni_lib_open_from_apk/res/values/strings.xml
new file mode 100644
index 0000000..8c2a0bf
--- /dev/null
+++ b/core/tests/coretests/apks/install_jni_lib_open_from_apk/res/values/strings.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
+ <string name="app_name">Load From Apk Test</string>
+</resources>
diff --git a/core/tests/coretests/apks/install_jni_lib_open_from_apk/src/com/android/frameworks/coretests/JNITests.java b/core/tests/coretests/apks/install_jni_lib_open_from_apk/src/com/android/frameworks/coretests/JNITests.java
new file mode 100644
index 0000000..4f9176c
--- /dev/null
+++ b/core/tests/coretests/apks/install_jni_lib_open_from_apk/src/com/android/frameworks/coretests/JNITests.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package com.android.frameworks.coretests;
+
+public class JNITests {
+ static {
+ System.loadLibrary("frameworks_coretests_jni");
+ }
+
+ public static native int checkFunction();
+}
diff --git a/core/tests/coretests/apks/install_jni_lib_open_from_apk/src/com/android/frameworks/coretests/OpenFromApkActivity.java b/core/tests/coretests/apks/install_jni_lib_open_from_apk/src/com/android/frameworks/coretests/OpenFromApkActivity.java
new file mode 100644
index 0000000..524cad7c
--- /dev/null
+++ b/core/tests/coretests/apks/install_jni_lib_open_from_apk/src/com/android/frameworks/coretests/OpenFromApkActivity.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package com.android.frameworks.coretests;
+
+import android.app.Activity;
+import android.widget.TextView;
+import android.os.Bundle;
+
+public class OpenFromApkActivity extends Activity {
+ @Override
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ TextView tv = new TextView(this);
+
+ int i = JNITests.checkFunction();
+
+ tv.setText("All is well: i=" + i);
+
+ setContentView(tv);
+ }
+
+}
diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
index cd45017..6fa28b1 100644
--- a/core/tests/coretests/src/android/net/UriTest.java
+++ b/core/tests/coretests/src/android/net/UriTest.java
@@ -804,4 +804,56 @@
assertFalse(Uri.parse("content://com.example/path/path").isPathPrefixMatch(
Uri.parse("content://com.example/path%2Fpath")));
}
+
+ public void testToSafeString() {
+ checkToSafeString("tel:xxxxxx", "tel:Google");
+ checkToSafeString("tel:xxxxxxxxxx", "tel:1234567890");
+ checkToSafeString("tEl:xxx.xxx-xxxx", "tEl:123.456-7890");
+
+ checkToSafeString("sms:xxxxxx", "sms:123abc");
+ checkToSafeString("smS:xxx.xxx-xxxx", "smS:123.456-7890");
+
+ checkToSafeString("smsto:xxxxxx", "smsto:123abc");
+ checkToSafeString("SMSTo:xxx.xxx-xxxx", "SMSTo:123.456-7890");
+
+ checkToSafeString("mailto:xxxxxxx@xxxxxxx.xxx", "mailto:android@android.com");
+ checkToSafeString("Mailto:xxxxxxx@xxxxxxx.xxxxxxxxxx",
+ "Mailto:android@android.com/secret");
+
+ checkToSafeString("sip:xxxxxxx@xxxxxxx.xxxxxxxx", "sip:android@android.com:1234");
+ checkToSafeString("sIp:xxxxxxx@xxxxxxx.xxx", "sIp:android@android.com");
+
+ checkToSafeString("http://www.android.com/...", "http://www.android.com");
+ checkToSafeString("HTTP://www.android.com/...", "HTTP://www.android.com");
+ checkToSafeString("http://www.android.com/...", "http://www.android.com/");
+ checkToSafeString("http://www.android.com/...", "http://www.android.com/secretUrl?param");
+ checkToSafeString("http://www.android.com/...",
+ "http://user:pwd@www.android.com/secretUrl?param");
+ checkToSafeString("http://www.android.com/...",
+ "http://user@www.android.com/secretUrl?param");
+ checkToSafeString("http://www.android.com/...", "http://www.android.com/secretUrl?param");
+ checkToSafeString("http:///...", "http:///path?param");
+ checkToSafeString("http:///...", "http://");
+ checkToSafeString("http://:12345/...", "http://:12345/");
+
+ checkToSafeString("https://www.android.com/...", "https://www.android.com/secretUrl?param");
+ checkToSafeString("https://www.android.com:8443/...",
+ "https://user:pwd@www.android.com:8443/secretUrl?param");
+ checkToSafeString("https://www.android.com/...", "https://user:pwd@www.android.com");
+ checkToSafeString("Https://www.android.com/...", "Https://user:pwd@www.android.com");
+
+ checkToSafeString("ftp://ftp.android.com/...", "ftp://ftp.android.com/");
+ checkToSafeString("ftP://ftp.android.com/...", "ftP://anonymous@ftp.android.com/");
+ checkToSafeString("ftp://ftp.android.com:2121/...",
+ "ftp://root:love@ftp.android.com:2121/");
+
+ checkToSafeString("unsupported://ajkakjah/askdha/secret?secret",
+ "unsupported://ajkakjah/askdha/secret?secret");
+ checkToSafeString("unsupported:ajkakjah/askdha/secret?secret",
+ "unsupported:ajkakjah/askdha/secret?secret");
+ }
+
+ private void checkToSafeString(String expectedSafeString, String original) {
+ assertEquals(expectedSafeString, Uri.parse(original).toSafeString());
+ }
}
diff --git a/keystore/java/android/security/AndroidKeyStore.java b/keystore/java/android/security/AndroidKeyStore.java
index 846d1f1..f72c7acd 100644
--- a/keystore/java/android/security/AndroidKeyStore.java
+++ b/keystore/java/android/security/AndroidKeyStore.java
@@ -466,96 +466,84 @@
throw new KeyStoreException("Unsupported secret key algorithm: " + keyAlgorithmString);
}
- if ((params.getAlgorithm() != null) && (params.getAlgorithm() != keyAlgorithm)) {
- throw new KeyStoreException("Key algorithm mismatch. Key: " + keyAlgorithmString
- + ", parameter spec: "
- + KeyStoreKeyConstraints.Algorithm.toString(params.getAlgorithm()));
- }
-
KeymasterArguments args = new KeymasterArguments();
args.addInt(KeymasterDefs.KM_TAG_ALGORITHM,
KeyStoreKeyConstraints.Algorithm.toKeymaster(keyAlgorithm));
- if (digest != null) {
- // Digest available from JCA key algorithm
- if (params.getDigest() != null) {
- // Digest also specified in parameters -- check that these two match
- if (digest != params.getDigest()) {
- throw new KeyStoreException("Key digest mismatch. Key: " + keyAlgorithmString
+ @KeyStoreKeyConstraints.DigestEnum int digests;
+ if (params.isDigestsSpecified()) {
+ // Digest(s) specified in parameters
+ if (digest != null) {
+ // Digest also specified in the JCA key algorithm name.
+ if ((params.getDigests() & digest) != digest) {
+ throw new KeyStoreException("Key digest mismatch"
+ + ". Key: " + keyAlgorithmString
+ ", parameter spec: "
- + KeyStoreKeyConstraints.Digest.toString(params.getDigest()));
+ + KeyStoreKeyConstraints.Digest.allToString(params.getDigests()));
}
}
+ digests = params.getDigests();
} else {
- // Digest not available from JCA key algorithm
- digest = params.getDigest();
+ // No digest specified in parameters
+ if (digest != null) {
+ // Digest specified in the JCA key algorithm name.
+ digests = digest;
+ } else {
+ digests = 0;
+ }
}
- if (digest != null) {
- args.addInt(KeymasterDefs.KM_TAG_DIGEST,
- KeyStoreKeyConstraints.Digest.toKeymaster(digest));
+ for (int keymasterDigest : KeyStoreKeyConstraints.Digest.allToKeymaster(digests)) {
+ args.addInt(KeymasterDefs.KM_TAG_DIGEST, keymasterDigest);
+ }
+ if (digests != 0) {
+ // TODO: Remove MAC length constraint once Keymaster API no longer requires it.
+ // This code will blow up if mode than one digest is specified.
Integer digestOutputSizeBytes =
KeyStoreKeyConstraints.Digest.getOutputSizeBytes(digest);
if (digestOutputSizeBytes != null) {
- // TODO: Remove MAC length constraint once Keymaster API no longer requires it.
// TODO: Switch to bits instead of bytes, once this is fixed in Keymaster
args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, digestOutputSizeBytes);
}
}
if (keyAlgorithm == KeyStoreKeyConstraints.Algorithm.HMAC) {
- if (digest == null) {
- throw new IllegalStateException("Digest algorithm must be specified for key"
- + " algorithm " + keyAlgorithmString);
+ if (digests == 0) {
+ throw new KeyStoreException("At least one digest algorithm must be specified"
+ + " for key algorithm " + keyAlgorithmString);
}
}
- @KeyStoreKeyConstraints.PurposeEnum int purposes = (params.getPurposes() != null)
- ? params.getPurposes()
- : (KeyStoreKeyConstraints.Purpose.ENCRYPT
- | KeyStoreKeyConstraints.Purpose.DECRYPT
- | KeyStoreKeyConstraints.Purpose.SIGN
- | KeyStoreKeyConstraints.Purpose.VERIFY);
- for (int keymasterPurpose :
- KeyStoreKeyConstraints.Purpose.allToKeymaster(purposes)) {
+ int purposes = params.getPurposes();
+ for (int keymasterPurpose : KeyStoreKeyConstraints.Purpose.allToKeymaster(purposes)) {
args.addInt(KeymasterDefs.KM_TAG_PURPOSE, keymasterPurpose);
}
- if (params.getBlockMode() != null) {
- args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE,
- KeyStoreKeyConstraints.BlockMode.toKeymaster(params.getBlockMode()));
+ for (int keymasterBlockMode :
+ KeyStoreKeyConstraints.BlockMode.allToKeymaster(params.getBlockModes())) {
+ args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, keymasterBlockMode);
}
- if (params.getPadding() != null) {
- args.addInt(KeymasterDefs.KM_TAG_PADDING,
- KeyStoreKeyConstraints.Padding.toKeymaster(params.getPadding()));
+ for (int keymasterPadding :
+ KeyStoreKeyConstraints.Padding.allToKeymaster(params.getPaddings())) {
+ args.addInt(KeymasterDefs.KM_TAG_PADDING, keymasterPadding);
}
- if (params.getMaxUsesPerBoot() != null) {
- args.addInt(KeymasterDefs.KM_TAG_MAX_USES_PER_BOOT, params.getMaxUsesPerBoot());
- }
- if (params.getMinSecondsBetweenOperations() != null) {
- args.addInt(KeymasterDefs.KM_TAG_MIN_SECONDS_BETWEEN_OPS,
- params.getMinSecondsBetweenOperations());
- }
- if (params.getUserAuthenticators().isEmpty()) {
+ if (params.getUserAuthenticators() == 0) {
args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
} else {
- // TODO: Pass-in user authenticator IDs once the Keymaster API has stabilized
-// for (int userAuthenticatorId : params.getUserAuthenticators()) {
-// args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_ID, userAuthenticatorId);
-// }
+ args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE,
+ KeyStoreKeyConstraints.UserAuthenticator.allToKeymaster(
+ params.getUserAuthenticators()));
}
- if (params.getUserAuthenticationValidityDurationSeconds() != null) {
+ if (params.getUserAuthenticationValidityDurationSeconds() != -1) {
args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT,
params.getUserAuthenticationValidityDurationSeconds());
}
- if (params.getKeyValidityStart() != null) {
- args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, params.getKeyValidityStart());
- }
- if (params.getKeyValidityForOriginationEnd() != null) {
- args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
- params.getKeyValidityForOriginationEnd());
- }
- if (params.getKeyValidityForConsumptionEnd() != null) {
- args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
- params.getKeyValidityForConsumptionEnd());
- }
+ args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
+ (params.getKeyValidityStart() != null)
+ ? params.getKeyValidityStart() : new Date(0));
+ args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
+ (params.getKeyValidityForOriginationEnd() != null)
+ ? params.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
+ args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
+ (params.getKeyValidityForConsumptionEnd() != null)
+ ? params.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
// TODO: Remove this once keymaster does not require us to specify the size of imported key.
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keyMaterial.length * 8);
diff --git a/keystore/java/android/security/AndroidKeyStoreProvider.java b/keystore/java/android/security/AndroidKeyStoreProvider.java
index 39f9d9c..a59927d 100644
--- a/keystore/java/android/security/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/AndroidKeyStoreProvider.java
@@ -18,6 +18,9 @@
import java.security.Provider;
+import javax.crypto.Cipher;
+import javax.crypto.Mac;
+
/**
* A provider focused on providing JCA interfaces for the Android KeyStore.
*
@@ -26,49 +29,89 @@
public class AndroidKeyStoreProvider extends Provider {
public static final String PROVIDER_NAME = "AndroidKeyStore";
+ // IMPLEMENTATION NOTE: Class names are hard-coded in this provider to avoid loading these
+ // classes when this provider is instantiated and installed early on during each app's
+ // initialization process.
+
+ private static final String PACKAGE_NAME = "android.security";
+ private static final String KEYSTORE_SECRET_KEY_CLASS_NAME =
+ PACKAGE_NAME + ".KeyStoreSecretKey";
+
public AndroidKeyStoreProvider() {
super(PROVIDER_NAME, 1.0, "Android KeyStore security provider");
// java.security.KeyStore
- put("KeyStore." + AndroidKeyStore.NAME, AndroidKeyStore.class.getName());
+ put("KeyStore.AndroidKeyStore", PACKAGE_NAME + ".AndroidKeyStore");
// java.security.KeyPairGenerator
- put("KeyPairGenerator.EC", AndroidKeyPairGenerator.EC.class.getName());
- put("KeyPairGenerator.RSA", AndroidKeyPairGenerator.RSA.class.getName());
+ put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyPairGenerator$EC");
+ put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyPairGenerator$RSA");
// javax.crypto.KeyGenerator
- put("KeyGenerator.AES", KeyStoreKeyGeneratorSpi.AES.class.getName());
- put("KeyGenerator.HmacSHA256", KeyStoreKeyGeneratorSpi.HmacSHA256.class.getName());
+ put("KeyGenerator.AES", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$AES");
+ put("KeyGenerator.HmacSHA256", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA256");
// java.security.SecretKeyFactory
- put("SecretKeyFactory.AES", KeyStoreSecretKeyFactorySpi.class.getName());
- put("SecretKeyFactory.HmacSHA256", KeyStoreSecretKeyFactorySpi.class.getName());
+ put("SecretKeyFactory.AES", PACKAGE_NAME + ".KeyStoreSecretKeyFactorySpi");
+ put("SecretKeyFactory.HmacSHA256", PACKAGE_NAME + ".KeyStoreSecretKeyFactorySpi");
// javax.crypto.Mac
- putMacImpl("HmacSHA256", KeyStoreHmacSpi.HmacSHA256.class.getName());
+ putMacImpl("HmacSHA256", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA256");
// javax.crypto.Cipher
putSymmetricCipherImpl("AES/ECB/NoPadding",
- KeyStoreCipherSpi.AES.ECB.NoPadding.class.getName());
+ PACKAGE_NAME + ".KeyStoreCipherSpi$AES$ECB$NoPadding");
putSymmetricCipherImpl("AES/ECB/PKCS7Padding",
- KeyStoreCipherSpi.AES.ECB.PKCS7Padding.class.getName());
+ PACKAGE_NAME + ".KeyStoreCipherSpi$AES$ECB$PKCS7Padding");
putSymmetricCipherImpl("AES/CBC/NoPadding",
- KeyStoreCipherSpi.AES.CBC.NoPadding.class.getName());
+ PACKAGE_NAME + ".KeyStoreCipherSpi$AES$CBC$NoPadding");
putSymmetricCipherImpl("AES/CBC/PKCS7Padding",
- KeyStoreCipherSpi.AES.CBC.PKCS7Padding.class.getName());
+ PACKAGE_NAME + ".KeyStoreCipherSpi$AES$CBC$PKCS7Padding");
putSymmetricCipherImpl("AES/CTR/NoPadding",
- KeyStoreCipherSpi.AES.CTR.NoPadding.class.getName());
+ PACKAGE_NAME + ".KeyStoreCipherSpi$AES$CTR$NoPadding");
}
private void putMacImpl(String algorithm, String implClass) {
put("Mac." + algorithm, implClass);
- put("Mac." + algorithm + " SupportedKeyClasses", KeyStoreSecretKey.class.getName());
+ put("Mac." + algorithm + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME);
}
private void putSymmetricCipherImpl(String transformation, String implClass) {
put("Cipher." + transformation, implClass);
- put("Cipher." + transformation + " SupportedKeyClasses", KeyStoreSecretKey.class.getName());
+ put("Cipher." + transformation + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME);
+ }
+
+ /**
+ * Gets the {@link KeyStore} operation handle corresponding to the provided JCA crypto
+ * primitive.
+ *
+ * <p>The following primitives are supported: {@link Cipher} and {@link Mac}.
+ *
+ * @return KeyStore operation handle or {@code null} if the provided primitive's KeyStore
+ * operation is not in progress.
+ *
+ * @throws IllegalArgumentException if the provided primitive is not supported or is not backed
+ * by AndroidKeyStore provider.
+ */
+ public static Long getKeyStoreOperationHandle(Object cryptoPrimitive) {
+ if (cryptoPrimitive == null) {
+ throw new NullPointerException();
+ }
+ Object spi;
+ if (cryptoPrimitive instanceof Mac) {
+ spi = ((Mac) cryptoPrimitive).getSpi();
+ } else if (cryptoPrimitive instanceof Cipher) {
+ spi = ((Cipher) cryptoPrimitive).getSpi();
+ } else {
+ throw new IllegalArgumentException("Unsupported crypto primitive: " + cryptoPrimitive);
+ }
+ if (!(spi instanceof KeyStoreCryptoOperation)) {
+ throw new IllegalArgumentException(
+ "Crypto primitive not backed by AndroidKeyStore: " + cryptoPrimitive
+ + ", spi: " + spi);
+ }
+ return ((KeyStoreCryptoOperation) spi).getOperationHandle();
}
}
diff --git a/keystore/java/android/security/KeyExpiredException.java b/keystore/java/android/security/KeyExpiredException.java
new file mode 100644
index 0000000..35a5acc
--- /dev/null
+++ b/keystore/java/android/security/KeyExpiredException.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+/**
+ * Indicates that a cryptographic operation failed because the employed key's validity end date
+ * is in the past.
+ *
+ * @hide
+ */
+public class KeyExpiredException extends CryptoOperationException {
+
+ /**
+ * Constructs a new {@code KeyExpiredException} without detail message and cause.
+ */
+ public KeyExpiredException() {
+ super("Key expired");
+ }
+
+ /**
+ * Constructs a new {@code KeyExpiredException} with the provided detail message and no cause.
+ */
+ public KeyExpiredException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs a new {@code KeyExpiredException} with the provided detail message and cause.
+ */
+ public KeyExpiredException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
diff --git a/keystore/java/android/security/KeyGeneratorSpec.java b/keystore/java/android/security/KeyGeneratorSpec.java
index 9122d8e..3ada7f6 100644
--- a/keystore/java/android/security/KeyGeneratorSpec.java
+++ b/keystore/java/android/security/KeyGeneratorSpec.java
@@ -19,12 +19,8 @@
import android.content.Context;
import android.text.TextUtils;
-import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Collections;
import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
@@ -33,13 +29,13 @@
* {@link AlgorithmParameterSpec} for initializing a {@code KeyGenerator} that works with
* <a href="{@docRoot}training/articles/keystore.html">Android KeyStore facility</a>.
*
- * <p>The Android KeyStore facility is accessed through a {@link KeyGenerator} API
- * using the {@code AndroidKeyStore} provider. The {@code context} passed in may be used to pop up
- * some UI to ask the user to unlock or initialize the Android KeyStore facility.
+ * <p>The Android KeyStore facility is accessed through a {@link KeyGenerator} API using the
+ * {@code AndroidKeyStore} provider. The {@code context} passed in may be used to pop up some UI to
+ * ask the user to unlock or initialize the Android KeyStore facility.
*
* <p>After generation, the {@code keyStoreAlias} is used with the
* {@link java.security.KeyStore#getEntry(String, java.security.KeyStore.ProtectionParameter)}
- * interface to retrieve the {@link SecretKey} and its associated {@link Certificate} chain.
+ * interface to retrieve the {@link SecretKey}.
*
* @hide
*/
@@ -52,13 +48,11 @@
private final Date mKeyValidityStart;
private final Date mKeyValidityForOriginationEnd;
private final Date mKeyValidityForConsumptionEnd;
- private final @KeyStoreKeyConstraints.PurposeEnum Integer mPurposes;
- private final @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
- private final @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
- private final Integer mMinSecondsBetweenOperations;
- private final Integer mMaxUsesPerBoot;
- private final Set<Integer> mUserAuthenticators;
- private final Integer mUserAuthenticationValidityDurationSeconds;
+ private final @KeyStoreKeyConstraints.PurposeEnum int mPurposes;
+ private final @KeyStoreKeyConstraints.PaddingEnum int mPaddings;
+ private final @KeyStoreKeyConstraints.BlockModeEnum int mBlockModes;
+ private final @KeyStoreKeyConstraints.UserAuthenticatorEnum int mUserAuthenticators;
+ private final int mUserAuthenticationValidityDurationSeconds;
private KeyGeneratorSpec(
Context context,
@@ -68,19 +62,17 @@
Date keyValidityStart,
Date keyValidityForOriginationEnd,
Date keyValidityForConsumptionEnd,
- @KeyStoreKeyConstraints.PurposeEnum Integer purposes,
- @KeyStoreKeyConstraints.PaddingEnum Integer padding,
- @KeyStoreKeyConstraints.BlockModeEnum Integer blockMode,
- Integer minSecondsBetweenOperations,
- Integer maxUsesPerBoot,
- Set<Integer> userAuthenticators,
- Integer userAuthenticationValidityDurationSeconds) {
+ @KeyStoreKeyConstraints.PurposeEnum int purposes,
+ @KeyStoreKeyConstraints.PaddingEnum int paddings,
+ @KeyStoreKeyConstraints.BlockModeEnum int blockModes,
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators,
+ int userAuthenticationValidityDurationSeconds) {
if (context == null) {
throw new IllegalArgumentException("context == null");
} else if (TextUtils.isEmpty(keyStoreAlias)) {
throw new IllegalArgumentException("keyStoreAlias must not be empty");
- } else if ((userAuthenticationValidityDurationSeconds != null)
- && (userAuthenticationValidityDurationSeconds < 0)) {
+ } else if ((userAuthenticationValidityDurationSeconds < 0)
+ && (userAuthenticationValidityDurationSeconds != -1)) {
throw new IllegalArgumentException(
"userAuthenticationValidityDurationSeconds must not be negative");
}
@@ -93,13 +85,9 @@
mKeyValidityForOriginationEnd = keyValidityForOriginationEnd;
mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;
mPurposes = purposes;
- mPadding = padding;
- mBlockMode = blockMode;
- mMinSecondsBetweenOperations = minSecondsBetweenOperations;
- mMaxUsesPerBoot = maxUsesPerBoot;
- mUserAuthenticators = (userAuthenticators != null)
- ? new HashSet<Integer>(userAuthenticators)
- : Collections.<Integer>emptySet();
+ mPaddings = paddings;
+ mBlockModes = blockModes;
+ mUserAuthenticators = userAuthenticators;
mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
}
@@ -142,18 +130,16 @@
}
/**
- * Gets the time instant after which the key is no long valid for decryption and verification.
+ * Gets the time instant after which the key is no longer valid for decryption and verification.
*
* @return instant or {@code null} if not restricted.
- *
- * @hide
*/
public Date getKeyValidityForConsumptionEnd() {
return mKeyValidityForConsumptionEnd;
}
/**
- * Gets the time instant after which the key is no long valid for encryption and signing.
+ * Gets the time instant after which the key is no longer valid for encryption and signing.
*
* @return instant or {@code null} if not restricted.
*/
@@ -163,78 +149,43 @@
/**
* Gets the set of purposes for which the key can be used.
- *
- * @return set of purposes or {@code null} if the key can be used for any purpose.
*/
- public @KeyStoreKeyConstraints.PurposeEnum Integer getPurposes() {
+ public @KeyStoreKeyConstraints.PurposeEnum int getPurposes() {
return mPurposes;
}
/**
- * Gets the padding scheme to which the key is restricted.
- *
- * @return padding scheme or {@code null} if the padding scheme is not restricted.
+ * Gets the set of padding schemes to which the key is restricted.
*/
- public @KeyStoreKeyConstraints.PaddingEnum Integer getPadding() {
- return mPadding;
+ public @KeyStoreKeyConstraints.PaddingEnum int getPaddings() {
+ return mPaddings;
}
/**
- * Gets the block mode to which the key is restricted when used for encryption or decryption.
- *
- * @return block more or {@code null} if block mode is not restricted.
- *
- * @hide
+ * Gets the set of block modes to which the key is restricted.
*/
- public @KeyStoreKeyConstraints.BlockModeEnum Integer getBlockMode() {
- return mBlockMode;
+ public @KeyStoreKeyConstraints.BlockModeEnum int getBlockModes() {
+ return mBlockModes;
}
/**
- * Gets the minimum number of seconds that must expire since the most recent use of the key
- * before it can be used again.
+ * Gets the set of user authenticators which protect access to this key. The key can only be
+ * used iff the user has authenticated to at least one of these user authenticators.
*
- * @return number of seconds or {@code null} if there is no restriction on how frequently a key
- * can be used.
- *
- * @hide
+ * @return user authenticators or {@code 0} if the key can be used without user authentication.
*/
- public Integer getMinSecondsBetweenOperations() {
- return mMinSecondsBetweenOperations;
- }
-
- /**
- * Gets the number of times the key can be used without rebooting the device.
- *
- * @return maximum number of times or {@code null} if there is no restriction.
- * @hide
- */
- public Integer getMaxUsesPerBoot() {
- return mMaxUsesPerBoot;
- }
-
- /**
- * Gets the user authenticators which protect access to this key. The key can only be used iff
- * the user has authenticated to at least one of these user authenticators.
- *
- * @return user authenticators or empty set if the key can be used without user authentication.
- *
- * @hide
- */
- public Set<Integer> getUserAuthenticators() {
- return new HashSet<Integer>(mUserAuthenticators);
+ public @KeyStoreKeyConstraints.UserAuthenticatorEnum int getUserAuthenticators() {
+ return mUserAuthenticators;
}
/**
* Gets the duration of time (seconds) for which this key can be used after the user
* successfully authenticates to one of the associated user authenticators.
*
- * @return duration in seconds or {@code null} if not restricted. {@code 0} means authentication
+ * @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
* is required for every use of the key.
- *
- * @hide
*/
- public Integer getUserAuthenticationValidityDurationSeconds() {
+ public int getUserAuthenticationValidityDurationSeconds() {
return mUserAuthenticationValidityDurationSeconds;
}
@@ -253,13 +204,11 @@
private Date mKeyValidityStart;
private Date mKeyValidityForOriginationEnd;
private Date mKeyValidityForConsumptionEnd;
- private @KeyStoreKeyConstraints.PurposeEnum Integer mPurposes;
- private @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
- private @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
- private Integer mMinSecondsBetweenOperations;
- private Integer mMaxUsesPerBoot;
- private Set<Integer> mUserAuthenticators;
- private Integer mUserAuthenticationValidityDurationSeconds;
+ private @KeyStoreKeyConstraints.PurposeEnum int mPurposes;
+ private @KeyStoreKeyConstraints.PaddingEnum int mPaddings;
+ private @KeyStoreKeyConstraints.BlockModeEnum int mBlockModes;
+ private @KeyStoreKeyConstraints.UserAuthenticatorEnum int mUserAuthenticators;
+ private int mUserAuthenticationValidityDurationSeconds = -1;
/**
* Creates a new instance of the {@code Builder} with the given {@code context}. The
@@ -318,8 +267,6 @@
* <b>By default, the key is valid at any instant.
*
* @see #setKeyValidityEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityStart(Date startDate) {
mKeyValidityStart = startDate;
@@ -334,8 +281,6 @@
* @see #setKeyValidityStart(Date)
* @see #setKeyValidityForConsumptionEnd(Date)
* @see #setKeyValidityForOriginationEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityEnd(Date endDate) {
setKeyValidityForOriginationEnd(endDate);
@@ -349,8 +294,6 @@
* <b>By default, the key is valid at any instant.
*
* @see #setKeyValidityForConsumptionEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityForOriginationEnd(Date endDate) {
mKeyValidityForOriginationEnd = endDate;
@@ -364,8 +307,6 @@
* <b>By default, the key is valid at any instant.
*
* @see #setKeyValidityForOriginationEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityForConsumptionEnd(Date endDate) {
mKeyValidityForConsumptionEnd = endDate;
@@ -373,11 +314,9 @@
}
/**
- * Restricts the purposes for which the key can be used to the provided set of purposes.
+ * Restricts the key to being used only for the provided set of purposes.
*
- * <p>By default, the key can be used for encryption, decryption, signing, and verification.
- *
- * @hide
+ * <p>This restriction must be specified. There is no default.
*/
public Builder setPurposes(@KeyStoreKeyConstraints.PurposeEnum int purposes) {
mPurposes = purposes;
@@ -385,53 +324,24 @@
}
/**
- * Restricts the key to being used only with the provided padding scheme. Attempts to use
+ * Restricts the key to being used only with the provided padding schemes. Attempts to use
* the key with any other padding will be rejected.
*
* <p>This restriction must be specified for keys which are used for encryption/decryption.
- *
- * @hide
*/
- public Builder setPadding(@KeyStoreKeyConstraints.PaddingEnum int padding) {
- mPadding = padding;
+ public Builder setPaddings(@KeyStoreKeyConstraints.PaddingEnum int paddings) {
+ mPaddings = paddings;
return this;
}
/**
- * Restricts the key to being used only with the provided block mode when encrypting or
- * decrypting. Attempts to use the key with any other block modes will be rejected.
+ * Restricts the key to being used only with the provided block modes. Attempts to use the
+ * key with any other block modes will be rejected.
*
* <p>This restriction must be specified for keys which are used for encryption/decryption.
- *
- * @hide
*/
- public Builder setBlockMode(@KeyStoreKeyConstraints.BlockModeEnum int blockMode) {
- mBlockMode = blockMode;
- return this;
- }
-
- /**
- * Sets the minimum number of seconds that must expire since the most recent use of the key
- * before it can be used again.
- *
- * <p>By default, there is no restriction on how frequently a key can be used.
- *
- * @hide
- */
- public Builder setMinSecondsBetweenOperations(int seconds) {
- mMinSecondsBetweenOperations = seconds;
- return this;
- }
-
- /**
- * Sets the maximum number of times a key can be used without rebooting the device.
- *
- * <p>By default, the key can be used for an unlimited number of times.
- *
- * @hide
- */
- public Builder setMaxUsesPerBoot(int count) {
- mMaxUsesPerBoot = count;
+ public Builder setBlockModes(@KeyStoreKeyConstraints.BlockModeEnum int blockModes) {
+ mBlockModes = blockModes;
return this;
}
@@ -445,12 +355,10 @@
* without user authentication.
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
- *
- * @hide
*/
- public Builder setUserAuthenticators(Set<Integer> userAuthenticators) {
- mUserAuthenticators =
- (userAuthenticators != null) ? new HashSet<Integer>(userAuthenticators) : null;
+ public Builder setUserAuthenticators(
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators) {
+ mUserAuthenticators = userAuthenticators;
return this;
}
@@ -463,9 +371,7 @@
* @param seconds duration in seconds or {@code 0} if the user needs to authenticate for
* every use of the key.
*
- * @see #setUserAuthenticators(Set)
- *
- * @hide
+ * @see #setUserAuthenticators(int)
*/
public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
mUserAuthenticationValidityDurationSeconds = seconds;
@@ -478,10 +384,18 @@
* @throws IllegalArgumentException if a required field is missing or violates a constraint.
*/
public KeyGeneratorSpec build() {
- return new KeyGeneratorSpec(mContext, mKeystoreAlias, mFlags, mKeySize,
- mKeyValidityStart, mKeyValidityForOriginationEnd, mKeyValidityForConsumptionEnd,
- mPurposes, mPadding, mBlockMode, mMinSecondsBetweenOperations, mMaxUsesPerBoot,
- mUserAuthenticators, mUserAuthenticationValidityDurationSeconds);
+ return new KeyGeneratorSpec(mContext,
+ mKeystoreAlias,
+ mFlags,
+ mKeySize,
+ mKeyValidityStart,
+ mKeyValidityForOriginationEnd,
+ mKeyValidityForConsumptionEnd,
+ mPurposes,
+ mPaddings,
+ mBlockModes,
+ mUserAuthenticators,
+ mUserAuthenticationValidityDurationSeconds);
}
}
}
diff --git a/keystore/java/android/security/KeyNotYetValidException.java b/keystore/java/android/security/KeyNotYetValidException.java
new file mode 100644
index 0000000..f1c2cac
--- /dev/null
+++ b/keystore/java/android/security/KeyNotYetValidException.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+/**
+ * Indicates that a cryptographic operation failed because the employed key's validity start date
+ * is in the future.
+ *
+ * @hide
+ */
+public class KeyNotYetValidException extends CryptoOperationException {
+
+ /**
+ * Constructs a new {@code KeyNotYetValidException} without detail message and cause.
+ */
+ public KeyNotYetValidException() {
+ super("Key not yet valid");
+ }
+
+ /**
+ * Constructs a new {@code KeyNotYetValidException} with the provided detail message and no
+ * cause.
+ */
+ public KeyNotYetValidException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs a new {@code KeyNotYetValidException} with the provided detail message and cause.
+ */
+ public KeyNotYetValidException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
diff --git a/keystore/java/android/security/KeyPairGeneratorSpec.java b/keystore/java/android/security/KeyPairGeneratorSpec.java
index cc097aa..edaa9a54 100644
--- a/keystore/java/android/security/KeyPairGeneratorSpec.java
+++ b/keystore/java/android/security/KeyPairGeneratorSpec.java
@@ -72,6 +72,24 @@
private final int mFlags;
+ private final Date mKeyValidityStart;
+
+ private final Date mKeyValidityForOriginationEnd;
+
+ private final Date mKeyValidityForConsumptionEnd;
+
+ private final @KeyStoreKeyConstraints.PurposeEnum int mPurposes;
+
+ private final @KeyStoreKeyConstraints.DigestEnum int mDigests;
+
+ private final @KeyStoreKeyConstraints.PaddingEnum int mPaddings;
+
+ private final @KeyStoreKeyConstraints.BlockModeEnum int mBlockModes;
+
+ private final @KeyStoreKeyConstraints.UserAuthenticatorEnum int mUserAuthenticators;
+
+ private final int mUserAuthenticationValidityDurationSeconds;
+
/**
* Parameter specification for the "{@code AndroidKeyPairGenerator}"
* instance of the {@link java.security.KeyPairGenerator} API. The
@@ -106,7 +124,16 @@
*/
public KeyPairGeneratorSpec(Context context, String keyStoreAlias, String keyType, int keySize,
AlgorithmParameterSpec spec, X500Principal subjectDN, BigInteger serialNumber,
- Date startDate, Date endDate, int flags) {
+ Date startDate, Date endDate, int flags,
+ Date keyValidityStart,
+ Date keyValidityForOriginationEnd,
+ Date keyValidityForConsumptionEnd,
+ @KeyStoreKeyConstraints.PurposeEnum int purposes,
+ @KeyStoreKeyConstraints.DigestEnum int digests,
+ @KeyStoreKeyConstraints.PaddingEnum int paddings,
+ @KeyStoreKeyConstraints.BlockModeEnum int blockModes,
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators,
+ int userAuthenticationValidityDurationSeconds) {
if (context == null) {
throw new IllegalArgumentException("context == null");
} else if (TextUtils.isEmpty(keyStoreAlias)) {
@@ -121,6 +148,10 @@
throw new IllegalArgumentException("endDate == null");
} else if (endDate.before(startDate)) {
throw new IllegalArgumentException("endDate < startDate");
+ } else if ((userAuthenticationValidityDurationSeconds < 0)
+ && (userAuthenticationValidityDurationSeconds != -1)) {
+ throw new IllegalArgumentException(
+ "userAuthenticationValidityDurationSeconds must not be negative");
}
mContext = context;
@@ -133,6 +164,26 @@
mStartDate = startDate;
mEndDate = endDate;
mFlags = flags;
+ mKeyValidityStart = keyValidityStart;
+ mKeyValidityForOriginationEnd = keyValidityForOriginationEnd;
+ mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;
+ mPurposes = purposes;
+ mDigests = digests;
+ mPaddings = paddings;
+ mBlockModes = blockModes;
+ mUserAuthenticators = userAuthenticators;
+ mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
+ }
+
+ /**
+ * TODO: Remove this constructor once tests are switched over to the new one above.
+ * @hide
+ */
+ public KeyPairGeneratorSpec(Context context, String keyStoreAlias, String keyType, int keySize,
+ AlgorithmParameterSpec spec, X500Principal subjectDN, BigInteger serialNumber,
+ Date startDate, Date endDate, int flags) {
+ this(context, keyStoreAlias, keyType, keySize, spec, subjectDN, serialNumber, startDate,
+ endDate, flags, startDate, endDate, endDate, 0, 0, 0, 0, 0, -1);
}
/**
@@ -222,6 +273,107 @@
}
/**
+ * Gets the time instant before which the key pair is not yet valid.
+ *
+ * @return instant or {@code null} if not restricted.
+ *
+ * @hide
+ */
+ public Date getKeyValidityStart() {
+ return mKeyValidityStart;
+ }
+
+ /**
+ * Gets the time instant after which the key pair is no longer valid for decryption and
+ * verification.
+ *
+ * @return instant or {@code null} if not restricted.
+ *
+ * @hide
+ */
+ public Date getKeyValidityForConsumptionEnd() {
+ return mKeyValidityForConsumptionEnd;
+ }
+
+ /**
+ * Gets the time instant after which the key pair is no longer valid for encryption and signing.
+ *
+ * @return instant or {@code null} if not restricted.
+ *
+ * @hide
+ */
+ public Date getKeyValidityForOriginationEnd() {
+ return mKeyValidityForOriginationEnd;
+ }
+
+ /**
+ * Gets the set of purposes for which the key can be used.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.PurposeEnum int getPurposes() {
+ return mPurposes;
+ }
+
+ /**
+ * Gets the set of digests to which the key is restricted.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.DigestEnum int getDigests() {
+ return mDigests;
+ }
+
+ /**
+ * Gets the set of padding schemes to which the key is restricted.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.PaddingEnum int getPaddings() {
+ return mPaddings;
+ }
+
+ /**
+ * Gets the set of block modes to which the key is restricted.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.BlockModeEnum int getBlockModes() {
+ return mBlockModes;
+ }
+
+ /**
+ * Gets the set of user authenticators which protect access to the private key. The key can only
+ * be used iff the user has authenticated to at least one of these user authenticators.
+ *
+ * <p>This restriction applies only to private key operations. Public key operations are not
+ * restricted.
+ *
+ * @return user authenticators or {@code 0} if the key can be used without user authentication.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.UserAuthenticatorEnum int getUserAuthenticators() {
+ return mUserAuthenticators;
+ }
+
+ /**
+ * Gets the duration of time (seconds) for which the private key can be used after the user
+ * successfully authenticates to one of the associated user authenticators.
+ *
+ * <p>This restriction applies only to private key operations. Public key operations are not
+ * restricted.
+ *
+ * @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
+ * is required for every use of the key.
+ *
+ * @hide
+ */
+ public int getUserAuthenticationValidityDurationSeconds() {
+ return mUserAuthenticationValidityDurationSeconds;
+ }
+
+ /**
* Builder class for {@link KeyPairGeneratorSpec} objects.
* <p>
* This will build a parameter spec for use with the <a href="{@docRoot}
@@ -263,6 +415,24 @@
private int mFlags;
+ private Date mKeyValidityStart;
+
+ private Date mKeyValidityForOriginationEnd;
+
+ private Date mKeyValidityForConsumptionEnd;
+
+ private @KeyStoreKeyConstraints.PurposeEnum int mPurposes;
+
+ private @KeyStoreKeyConstraints.DigestEnum int mDigests;
+
+ private @KeyStoreKeyConstraints.PaddingEnum int mPaddings;
+
+ private @KeyStoreKeyConstraints.BlockModeEnum int mBlockModes;
+
+ private @KeyStoreKeyConstraints.UserAuthenticatorEnum int mUserAuthenticators;
+
+ private int mUserAuthenticationValidityDurationSeconds = -1;
+
/**
* Creates a new instance of the {@code Builder} with the given
* {@code context}. The {@code context} passed in may be used to pop up
@@ -389,14 +559,185 @@
}
/**
+ * Sets the time instant before which the key is not yet valid.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityStart(Date startDate) {
+ mKeyValidityStart = startDate;
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityStart(Date)
+ * @see #setKeyValidityForConsumptionEnd(Date)
+ * @see #setKeyValidityForOriginationEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityEnd(Date endDate) {
+ setKeyValidityForOriginationEnd(endDate);
+ setKeyValidityForConsumptionEnd(endDate);
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid for encryption and signing.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityForConsumptionEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityForOriginationEnd(Date endDate) {
+ mKeyValidityForOriginationEnd = endDate;
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid for decryption and
+ * verification.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityForOriginationEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityForConsumptionEnd(Date endDate) {
+ mKeyValidityForConsumptionEnd = endDate;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only for the provided set of purposes.
+ *
+ * <p>This restriction must be specified. There is no default.
+ *
+ * @hide
+ */
+ public Builder setPurposes(@KeyStoreKeyConstraints.PurposeEnum int purposes) {
+ mPurposes = purposes;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only with the provided digests. Attempts to use the key
+ * with any other digests be rejected.
+ *
+ * <p>This restriction must be specified for keys which are used for signing/verification.
+ *
+ * @hide
+ */
+ public Builder setDigests(@KeyStoreKeyConstraints.DigestEnum int digests) {
+ mDigests = digests;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only with the provided padding schemes. Attempts to use
+ * the key with any other padding will be rejected.
+ *
+ * <p>This restriction must be specified for keys which are used for encryption/decryption.
+ *
+ * @hide
+ */
+ public Builder setPaddings(@KeyStoreKeyConstraints.PaddingEnum int paddings) {
+ mPaddings = paddings;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only with the provided block mode when encrypting or
+ * decrypting. Attempts to use the key with any other block modes will be rejected.
+ *
+ * <p>This restriction must be specified for keys which are used for encryption/decryption.
+ *
+ * @hide
+ */
+ public Builder setBlockModes(@KeyStoreKeyConstraints.BlockModeEnum int blockModes) {
+ mBlockModes = blockModes;
+ return this;
+ }
+
+ /**
+ * Sets the user authenticators which protect access to this key. The key can only be used
+ * iff the user has authenticated to at least one of these user authenticators.
+ *
+ * <p>By default, the key can be used without user authentication.
+ *
+ * <p>This restriction applies only to private key operations. Public key operations are not
+ * restricted.
+ *
+ * @param userAuthenticators user authenticators or {@code 0} if this key can be accessed
+ * without user authentication.
+ *
+ * @see #setUserAuthenticationValidityDurationSeconds(int)
+ *
+ * @hide
+ */
+ public Builder setUserAuthenticators(
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators) {
+ mUserAuthenticators = userAuthenticators;
+ return this;
+ }
+
+ /**
+ * Sets the duration of time (seconds) for which this key can be used after the user
+ * successfully authenticates to one of the associated user authenticators.
+ *
+ * <p>By default, the user needs to authenticate for every use of the key.
+ *
+ * <p>This restriction applies only to private key operations. Public key operations are not
+ * restricted.
+ *
+ * @param seconds duration in seconds or {@code 0} if the user needs to authenticate for
+ * every use of the key.
+ *
+ * @see #setUserAuthenticators(int)
+ *
+ * @hide
+ */
+ public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
+ mUserAuthenticationValidityDurationSeconds = seconds;
+ return this;
+ }
+
+ /**
* Builds the instance of the {@code KeyPairGeneratorSpec}.
*
* @throws IllegalArgumentException if a required field is missing
* @return built instance of {@code KeyPairGeneratorSpec}
*/
public KeyPairGeneratorSpec build() {
- return new KeyPairGeneratorSpec(mContext, mKeystoreAlias, mKeyType, mKeySize, mSpec,
- mSubjectDN, mSerialNumber, mStartDate, mEndDate, mFlags);
+ return new KeyPairGeneratorSpec(mContext,
+ mKeystoreAlias,
+ mKeyType,
+ mKeySize,
+ mSpec,
+ mSubjectDN,
+ mSerialNumber,
+ mStartDate,
+ mEndDate,
+ mFlags,
+ mKeyValidityStart,
+ mKeyValidityForOriginationEnd,
+ mKeyValidityForConsumptionEnd,
+ mPurposes,
+ mDigests,
+ mPaddings,
+ mBlockModes,
+ mUserAuthenticators,
+ mUserAuthenticationValidityDurationSeconds);
}
}
}
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 94a479b..84a664e 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -26,6 +26,7 @@
import android.security.keymaster.KeyCharacteristics;
import android.security.keymaster.KeymasterArguments;
import android.security.keymaster.KeymasterBlob;
+import android.security.keymaster.KeymasterDefs;
import android.security.keymaster.OperationResult;
import android.util.Log;
@@ -506,4 +507,57 @@
return SYSTEM_ERROR;
}
}
+
+ public static KeyStoreException getKeyStoreException(int errorCode) {
+ if (errorCode > 0) {
+ // KeyStore layer error
+ switch (errorCode) {
+ case NO_ERROR:
+ return new KeyStoreException(errorCode, "OK");
+ case LOCKED:
+ return new KeyStoreException(errorCode, "Keystore locked");
+ case UNINITIALIZED:
+ return new KeyStoreException(errorCode, "Keystore not initialized");
+ case SYSTEM_ERROR:
+ return new KeyStoreException(errorCode, "System error");
+ case PERMISSION_DENIED:
+ return new KeyStoreException(errorCode, "Permission denied");
+ case KEY_NOT_FOUND:
+ return new KeyStoreException(errorCode, "Key not found");
+ case VALUE_CORRUPTED:
+ return new KeyStoreException(errorCode, "Key blob corrupted");
+ default:
+ return new KeyStoreException(errorCode, String.valueOf(errorCode));
+ }
+ } else {
+ // Keymaster layer error
+ switch (errorCode) {
+ case KeymasterDefs.KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT:
+ // The name of this parameter significantly differs between Keymaster and
+ // framework APIs. Use the framework wording to make life easier for developers.
+ return new KeyStoreException(errorCode,
+ "Invalid user authentication validity duration");
+ default:
+ return new KeyStoreException(errorCode,
+ KeymasterDefs.getErrorMessage(errorCode));
+ }
+ }
+ }
+
+ public static CryptoOperationException getCryptoOperationException(KeyStoreException e) {
+ switch (e.getErrorCode()) {
+ case KeymasterDefs.KM_ERROR_KEY_EXPIRED:
+ return new KeyExpiredException();
+ case KeymasterDefs.KM_ERROR_KEY_NOT_YET_VALID:
+ return new KeyNotYetValidException();
+ case KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED:
+ return new UserNotAuthenticatedException();
+ default:
+ return new CryptoOperationException("Crypto operation failed", e);
+ }
+ }
+
+ public static CryptoOperationException getCryptoOperationException(int errorCode) {
+ return getCryptoOperationException(getKeyStoreException(errorCode));
+ }
}
diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/KeyStoreCipherSpi.java
index 87f0d8e..ec358d6 100644
--- a/keystore/java/android/security/KeyStoreCipherSpi.java
+++ b/keystore/java/android/security/KeyStoreCipherSpi.java
@@ -45,7 +45,7 @@
*
* @hide
*/
-public abstract class KeyStoreCipherSpi extends CipherSpi {
+public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCryptoOperation {
public abstract static class AES extends KeyStoreCipherSpi {
protected AES(@KeyStoreKeyConstraints.BlockModeEnum int blockMode,
@@ -129,6 +129,7 @@
* error conditions in between.
*/
private IBinder mOperationToken;
+ private Long mOperationHandle;
private KeyStoreCryptoOperationChunkedStreamer mMainDataStreamer;
protected KeyStoreCipherSpi(
@@ -192,6 +193,7 @@
mOperationToken = null;
mKeyStore.abort(operationToken);
}
+ mOperationHandle = null;
mMainDataStreamer = null;
mAdditionalEntropyForBegin = null;
}
@@ -222,14 +224,14 @@
if (opResult == null) {
throw new KeyStoreConnectException();
} else if (opResult.resultCode != KeyStore.NO_ERROR) {
- throw new CryptoOperationException("Failed to start keystore operation",
- KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode));
+ throw KeyStore.getCryptoOperationException(opResult.resultCode);
}
if (opResult.token == null) {
throw new CryptoOperationException("Keystore returned null operation token");
}
mOperationToken = opResult.token;
+ mOperationHandle = opResult.operationHandle;
loadAlgorithmSpecificParametersFromBeginResult(keymasterOutputArgs);
mFirstOperationInitiated = true;
mMainDataStreamer = new KeyStoreCryptoOperationChunkedStreamer(
@@ -248,8 +250,8 @@
byte[] output;
try {
output = mMainDataStreamer.update(input, inputOffset, inputLen);
- } catch (KeymasterException e) {
- throw new CryptoOperationException("Keystore operation failed", e);
+ } catch (KeyStoreException e) {
+ throw KeyStore.getCryptoOperationException(e);
}
if (output.length == 0) {
@@ -262,8 +264,6 @@
@Override
protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output,
int outputOffset) throws ShortBufferException {
- ensureKeystoreOperationInitialized();
-
byte[] outputCopy = engineUpdate(input, inputOffset, inputLen);
if (outputCopy == null) {
return 0;
@@ -285,7 +285,7 @@
byte[] output;
try {
output = mMainDataStreamer.doFinal(input, inputOffset, inputLen);
- } catch (KeymasterException e) {
+ } catch (KeyStoreException e) {
switch (e.getErrorCode()) {
case KeymasterDefs.KM_ERROR_INVALID_INPUT_LENGTH:
throw new IllegalBlockSizeException();
@@ -294,7 +294,7 @@
case KeymasterDefs.KM_ERROR_VERIFICATION_FAILED:
throw new AEADBadTagException();
default:
- throw new CryptoOperationException("Keystore operation failed", e);
+ throw KeyStore.getCryptoOperationException(e);
}
}
@@ -348,6 +348,23 @@
throw new UnsupportedOperationException();
}
+ @Override
+ public void finalize() throws Throwable {
+ try {
+ IBinder operationToken = mOperationToken;
+ if (operationToken != null) {
+ mKeyStore.abort(operationToken);
+ }
+ } finally {
+ super.finalize();
+ }
+ }
+
+ @Override
+ public Long getOperationHandle() {
+ return mOperationHandle;
+ }
+
// The methods below may need to be overridden by subclasses that use algorithm-specific
// parameters.
diff --git a/keystore/java/android/security/KeymasterException.java b/keystore/java/android/security/KeyStoreCryptoOperation.java
similarity index 68%
copy from keystore/java/android/security/KeymasterException.java
copy to keystore/java/android/security/KeyStoreCryptoOperation.java
index 484be12..19abd05 100644
--- a/keystore/java/android/security/KeymasterException.java
+++ b/keystore/java/android/security/KeyStoreCryptoOperation.java
@@ -17,20 +17,15 @@
package android.security;
/**
- * Keymaster exception.
+ * Cryptographic operation backed by {@link KeyStore}.
*
* @hide
*/
-public class KeymasterException extends Exception {
-
- private final int mErrorCode;
-
- public KeymasterException(int errorCode, String message) {
- super(message);
- mErrorCode = errorCode;
- }
-
- public int getErrorCode() {
- return mErrorCode;
- }
+public interface KeyStoreCryptoOperation {
+ /**
+ * Gets the KeyStore operation handle of this crypto operation.
+ *
+ * @return handle or {@code null} if the KeyStore operation is not in progress.
+ */
+ Long getOperationHandle();
}
diff --git a/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java b/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java
index 2b279f6..1f8b7e4 100644
--- a/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java
+++ b/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java
@@ -80,7 +80,7 @@
mMaxChunkSize = maxChunkSize;
}
- public byte[] update(byte[] input, int inputOffset, int inputLength) throws KeymasterException {
+ public byte[] update(byte[] input, int inputOffset, int inputLength) throws KeyStoreException {
if (inputLength == 0) {
// No input provided
return EMPTY_BYTE_ARRAY;
@@ -120,7 +120,7 @@
if (opResult == null) {
throw new KeyStoreConnectException();
} else if (opResult.resultCode != KeyStore.NO_ERROR) {
- throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode);
+ throw KeyStore.getKeyStoreException(opResult.resultCode);
}
if (opResult.inputConsumed == chunk.length) {
@@ -188,7 +188,7 @@
}
public byte[] doFinal(byte[] input, int inputOffset, int inputLength)
- throws KeymasterException {
+ throws KeyStoreException {
if (inputLength == 0) {
// No input provided -- simplify the rest of the code
input = EMPTY_BYTE_ARRAY;
@@ -203,7 +203,7 @@
if (opResult == null) {
throw new KeyStoreConnectException();
} else if (opResult.resultCode != KeyStore.NO_ERROR) {
- throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode);
+ throw KeyStore.getKeyStoreException(opResult.resultCode);
}
return concat(output, opResult.output);
@@ -213,7 +213,7 @@
* Passes all of buffered input into the the KeyStore operation (via the {@code update}
* operation) and returns output.
*/
- public byte[] flush() throws KeymasterException {
+ public byte[] flush() throws KeyStoreException {
if (mBufferedLength <= 0) {
return EMPTY_BYTE_ARRAY;
}
@@ -227,7 +227,7 @@
if (opResult == null) {
throw new KeyStoreConnectException();
} else if (opResult.resultCode != KeyStore.NO_ERROR) {
- throw KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode);
+ throw KeyStore.getKeyStoreException(opResult.resultCode);
}
if (opResult.inputConsumed < chunk.length) {
diff --git a/keystore/java/android/security/KeymasterException.java b/keystore/java/android/security/KeyStoreException.java
similarity index 78%
rename from keystore/java/android/security/KeymasterException.java
rename to keystore/java/android/security/KeyStoreException.java
index 484be12..88e768c 100644
--- a/keystore/java/android/security/KeymasterException.java
+++ b/keystore/java/android/security/KeyStoreException.java
@@ -17,15 +17,16 @@
package android.security;
/**
- * Keymaster exception.
+ * KeyStore/keymaster exception with positive error codes coming from the KeyStore and negative
+ * ones from keymaster.
*
* @hide
*/
-public class KeymasterException extends Exception {
+public class KeyStoreException extends Exception {
private final int mErrorCode;
- public KeymasterException(int errorCode, String message) {
+ public KeyStoreException(int errorCode, String message) {
super(message);
mErrorCode = errorCode;
}
diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java
index 939b41c..a5864a4 100644
--- a/keystore/java/android/security/KeyStoreHmacSpi.java
+++ b/keystore/java/android/security/KeyStoreHmacSpi.java
@@ -33,7 +33,7 @@
*
* @hide
*/
-public abstract class KeyStoreHmacSpi extends MacSpi {
+public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOperation {
public static class HmacSHA256 extends KeyStoreHmacSpi {
public HmacSHA256() {
@@ -50,6 +50,7 @@
// The fields below are reset by the engineReset operation.
private KeyStoreCryptoOperationChunkedStreamer mChunkedStreamer;
private IBinder mOperationToken;
+ private Long mOperationHandle;
protected KeyStoreHmacSpi(@KeyStoreKeyConstraints.DigestEnum int digest, int macSizeBytes) {
mDigest = digest;
@@ -77,7 +78,11 @@
}
mKeyAliasInKeyStore = ((KeyStoreSecretKey) key).getAlias();
+ if (mKeyAliasInKeyStore == null) {
+ throw new InvalidKeyException("Key's KeyStore alias not known");
+ }
engineReset();
+ ensureKeystoreOperationInitialized();
}
@Override
@@ -87,9 +92,20 @@
mOperationToken = null;
mKeyStore.abort(operationToken);
}
+ mOperationHandle = null;
mChunkedStreamer = null;
+ }
+
+ private void ensureKeystoreOperationInitialized() {
+ if (mChunkedStreamer != null) {
+ return;
+ }
+ if (mKeyAliasInKeyStore == null) {
+ throw new IllegalStateException("Not initialized");
+ }
KeymasterArguments keymasterArgs = new KeymasterArguments();
+ keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeyStoreKeyConstraints.Algorithm.HMAC);
keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mDigest);
OperationResult opResult = mKeyStore.begin(mKeyAliasInKeyStore,
@@ -101,13 +117,13 @@
if (opResult == null) {
throw new KeyStoreConnectException();
} else if (opResult.resultCode != KeyStore.NO_ERROR) {
- throw new CryptoOperationException("Failed to start keystore operation",
- KeymasterUtils.getExceptionForKeymasterError(opResult.resultCode));
+ throw KeyStore.getCryptoOperationException(opResult.resultCode);
}
- mOperationToken = opResult.token;
- if (mOperationToken == null) {
+ if (opResult.token == null) {
throw new CryptoOperationException("Keystore returned null operation token");
}
+ mOperationToken = opResult.token;
+ mOperationHandle = opResult.operationHandle;
mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer(
new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
mKeyStore, mOperationToken));
@@ -120,15 +136,13 @@
@Override
protected void engineUpdate(byte[] input, int offset, int len) {
- if (mChunkedStreamer == null) {
- throw new IllegalStateException("Not initialized");
- }
+ ensureKeystoreOperationInitialized();
byte[] output;
try {
output = mChunkedStreamer.update(input, offset, len);
- } catch (KeymasterException e) {
- throw new CryptoOperationException("Keystore operation failed", e);
+ } catch (KeyStoreException e) {
+ throw KeyStore.getCryptoOperationException(e);
}
if ((output != null) && (output.length != 0)) {
throw new CryptoOperationException("Update operation unexpectedly produced output");
@@ -137,15 +151,13 @@
@Override
protected byte[] engineDoFinal() {
- if (mChunkedStreamer == null) {
- throw new IllegalStateException("Not initialized");
- }
+ ensureKeystoreOperationInitialized();
byte[] result;
try {
result = mChunkedStreamer.doFinal(null, 0, 0);
- } catch (KeymasterException e) {
- throw new CryptoOperationException("Keystore operation failed", e);
+ } catch (KeyStoreException e) {
+ throw KeyStore.getCryptoOperationException(e);
}
engineReset();
@@ -157,11 +169,15 @@
try {
IBinder operationToken = mOperationToken;
if (operationToken != null) {
- mOperationToken = null;
mKeyStore.abort(operationToken);
}
} finally {
super.finalize();
}
}
+
+ @Override
+ public Long getOperationHandle() {
+ return mOperationHandle;
+ }
}
diff --git a/keystore/java/android/security/KeyStoreKeyConstraints.java b/keystore/java/android/security/KeyStoreKeyConstraints.java
index c011083..bd7aacf 100644
--- a/keystore/java/android/security/KeyStoreKeyConstraints.java
+++ b/keystore/java/android/security/KeyStoreKeyConstraints.java
@@ -21,7 +21,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
-import java.util.Arrays;
import java.util.Collection;
import java.util.Locale;
@@ -34,7 +33,8 @@
private KeyStoreKeyConstraints() {}
@Retention(RetentionPolicy.SOURCE)
- @IntDef(flag=true, value={Purpose.ENCRYPT, Purpose.DECRYPT, Purpose.SIGN, Purpose.VERIFY})
+ @IntDef(flag = true,
+ value = {Purpose.ENCRYPT, Purpose.DECRYPT, Purpose.SIGN, Purpose.VERIFY})
public @interface PurposeEnum {}
/**
@@ -64,11 +64,6 @@
public static final int VERIFY = 1 << 3;
/**
- * Number of flags defined above. Needs to be kept in sync with the flags above.
- */
- private static final int VALUE_COUNT = 4;
-
- /**
* @hide
*/
public static int toKeymaster(@PurposeEnum int purpose) {
@@ -107,22 +102,12 @@
/**
* @hide
*/
- public static int[] allToKeymaster(int purposes) {
- int[] result = new int[VALUE_COUNT];
- int resultCount = 0;
- int purpose = 1;
- for (int i = 0; i < 32; i++) {
- if ((purposes & 1) != 0) {
- result[resultCount] = toKeymaster(purpose);
- resultCount++;
- }
- purposes >>>= 1;
- purpose <<= 1;
- if (purposes == 0) {
- break;
- }
+ public static int[] allToKeymaster(@PurposeEnum int purposes) {
+ int[] result = getSetFlags(purposes);
+ for (int i = 0; i < result.length; i++) {
+ result[i] = toKeymaster(result[i]);
}
- return Arrays.copyOf(result, resultCount);
+ return result;
}
/**
@@ -241,7 +226,8 @@
}
@Retention(RetentionPolicy.SOURCE)
- @IntDef({Padding.NONE, Padding.ZERO, Padding.PKCS7})
+ @IntDef(flag = true,
+ value = {Padding.NONE, Padding.PKCS7})
public @interface PaddingEnum {}
/**
@@ -253,17 +239,12 @@
/**
* No padding.
*/
- public static final int NONE = 0;
-
- /**
- * Pad with zeros.
- */
- public static final int ZERO = 1;
+ public static final int NONE = 1 << 0;
/**
* PKCS#7 padding.
*/
- public static final int PKCS7 = 2;
+ public static final int PKCS7 = 1 << 1;
/**
* @hide
@@ -272,8 +253,6 @@
switch (padding) {
case NONE:
return KeymasterDefs.KM_PAD_NONE;
- case ZERO:
- return KeymasterDefs.KM_PAD_ZERO;
case PKCS7:
return KeymasterDefs.KM_PAD_PKCS7;
default:
@@ -288,8 +267,6 @@
switch (padding) {
case KeymasterDefs.KM_PAD_NONE:
return NONE;
- case KeymasterDefs.KM_PAD_ZERO:
- return ZERO;
case KeymasterDefs.KM_PAD_PKCS7:
return PKCS7;
default:
@@ -304,8 +281,6 @@
switch (padding) {
case NONE:
return "NONE";
- case ZERO:
- return "ZERO";
case PKCS7:
return "PKCS#7";
default:
@@ -326,10 +301,33 @@
throw new IllegalArgumentException("Unknown padding: " + padding);
}
}
+
+ /**
+ * @hide
+ */
+ public static int[] allToKeymaster(@PaddingEnum int paddings) {
+ int[] result = getSetFlags(paddings);
+ for (int i = 0; i < result.length; i++) {
+ result[i] = toKeymaster(result[i]);
+ }
+ return result;
+ }
+
+ /**
+ * @hide
+ */
+ public static @PaddingEnum int allFromKeymaster(Collection<Integer> paddings) {
+ @PaddingEnum int result = 0;
+ for (int keymasterPadding : paddings) {
+ result |= fromKeymaster(keymasterPadding);
+ }
+ return result;
+ }
}
@Retention(RetentionPolicy.SOURCE)
- @IntDef({Digest.NONE, Digest.SHA256})
+ @IntDef(flag = true,
+ value = {Digest.NONE, Digest.SHA256})
public @interface DigestEnum {}
/**
@@ -342,12 +340,12 @@
/**
* No digest: sign/authenticate the raw message.
*/
- public static final int NONE = 0;
+ public static final int NONE = 1 << 0;
/**
* SHA-256 digest.
*/
- public static final int SHA256 = 1;
+ public static final int SHA256 = 1 << 1;
/**
* @hide
@@ -366,6 +364,18 @@
/**
* @hide
*/
+ public static String[] allToString(@DigestEnum int digests) {
+ int[] values = getSetFlags(digests);
+ String[] result = new String[values.length];
+ for (int i = 0; i < values.length; i++) {
+ result[i] = toString(values[i]);
+ }
+ return result;
+ }
+
+ /**
+ * @hide
+ */
public static int toKeymaster(@DigestEnum int digest) {
switch (digest) {
case NONE:
@@ -394,6 +404,28 @@
/**
* @hide
*/
+ public static int[] allToKeymaster(@DigestEnum int digests) {
+ int[] result = getSetFlags(digests);
+ for (int i = 0; i < result.length; i++) {
+ result[i] = toKeymaster(result[i]);
+ }
+ return result;
+ }
+
+ /**
+ * @hide
+ */
+ public static @DigestEnum int allFromKeymaster(Collection<Integer> digests) {
+ @DigestEnum int result = 0;
+ for (int keymasterDigest : digests) {
+ result |= fromKeymaster(keymasterDigest);
+ }
+ return result;
+ }
+
+ /**
+ * @hide
+ */
public static @DigestEnum Integer fromJCASecretKeyAlgorithm(String algorithm) {
String algorithmLower = algorithm.toLowerCase(Locale.US);
if (algorithmLower.startsWith("hmac")) {
@@ -438,7 +470,8 @@
}
@Retention(RetentionPolicy.SOURCE)
- @IntDef({BlockMode.ECB, BlockMode.CBC, BlockMode.CTR})
+ @IntDef(flag = true,
+ value = {BlockMode.ECB, BlockMode.CBC, BlockMode.CTR})
public @interface BlockModeEnum {}
/**
@@ -448,13 +481,13 @@
private BlockMode() {}
/** Electronic Codebook (ECB) block mode. */
- public static final int ECB = 0;
+ public static final int ECB = 1 << 0;
/** Cipher Block Chaining (CBC) block mode. */
- public static final int CBC = 1;
+ public static final int CBC = 1 << 1;
/** Counter (CTR) block mode. */
- public static final int CTR = 2;
+ public static final int CTR = 1 << 2;
/**
* @hide
@@ -491,6 +524,28 @@
/**
* @hide
*/
+ public static int[] allToKeymaster(@BlockModeEnum int modes) {
+ int[] result = getSetFlags(modes);
+ for (int i = 0; i < result.length; i++) {
+ result[i] = toKeymaster(result[i]);
+ }
+ return result;
+ }
+
+ /**
+ * @hide
+ */
+ public static @BlockModeEnum int allFromKeymaster(Collection<Integer> modes) {
+ @BlockModeEnum int result = 0;
+ for (int keymasterMode : modes) {
+ result |= fromKeymaster(keymasterMode);
+ }
+ return result;
+ }
+
+ /**
+ * @hide
+ */
public static String toString(@BlockModeEnum int mode) {
switch (mode) {
case ECB:
@@ -520,4 +575,124 @@
}
}
}
+
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef(flag = true,
+ value = {UserAuthenticator.LOCK_SCREEN})
+ public @interface UserAuthenticatorEnum {}
+
+ /**
+ * User authenticators which can be used to restrict/protect access to keys.
+ */
+ public static abstract class UserAuthenticator {
+ private UserAuthenticator() {}
+
+ /** Lock screen. */
+ public static final int LOCK_SCREEN = 1 << 0;
+
+ /**
+ * @hide
+ */
+ public static int toKeymaster(@UserAuthenticatorEnum int userAuthenticator) {
+ switch (userAuthenticator) {
+ case LOCK_SCREEN:
+ return KeymasterDefs.HW_AUTH_PASSWORD;
+ default:
+ throw new IllegalArgumentException(
+ "Unknown user authenticator: " + userAuthenticator);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static @UserAuthenticatorEnum int fromKeymaster(int userAuthenticator) {
+ switch (userAuthenticator) {
+ case KeymasterDefs.HW_AUTH_PASSWORD:
+ return LOCK_SCREEN;
+ default:
+ throw new IllegalArgumentException(
+ "Unknown user authenticator: " + userAuthenticator);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static int allToKeymaster(@UserAuthenticatorEnum int userAuthenticators) {
+ int result = 0;
+ int userAuthenticator = 1;
+ while (userAuthenticators != 0) {
+ if ((userAuthenticators & 1) != 0) {
+ result |= toKeymaster(userAuthenticator);
+ }
+ userAuthenticators >>>= 1;
+ userAuthenticator <<= 1;
+ }
+ return result;
+ }
+
+ /**
+ * @hide
+ */
+ public static @UserAuthenticatorEnum int allFromKeymaster(int userAuthenticators) {
+ @UserAuthenticatorEnum int result = 0;
+ int userAuthenticator = 1;
+ while (userAuthenticators != 0) {
+ if ((userAuthenticators & 1) != 0) {
+ result |= fromKeymaster(userAuthenticator);
+ }
+ userAuthenticators >>>= 1;
+ userAuthenticator <<= 1;
+ }
+ return result;
+ }
+
+ /**
+ * @hide
+ */
+ public static String toString(@UserAuthenticatorEnum int userAuthenticator) {
+ switch (userAuthenticator) {
+ case LOCK_SCREEN:
+ return "LOCK_SCREEN";
+ default:
+ throw new IllegalArgumentException(
+ "Unknown user authenticator: " + userAuthenticator);
+ }
+ }
+ }
+
+ private static final int[] EMPTY_INT_ARRAY = new int[0];
+
+ private static int[] getSetFlags(int flags) {
+ if (flags == 0) {
+ return EMPTY_INT_ARRAY;
+ }
+ int result[] = new int[getSetBitCount(flags)];
+ int resultOffset = 0;
+ int flag = 1;
+ while (flags != 0) {
+ if ((flags & 1) != 0) {
+ result[resultOffset] = flag;
+ resultOffset++;
+ }
+ flags >>>= 1;
+ flag <<= 1;
+ }
+ return result;
+ }
+
+ private static int getSetBitCount(int value) {
+ if (value == 0) {
+ return 0;
+ }
+ int result = 0;
+ while (value != 0) {
+ if ((value & 1) != 0) {
+ result++;
+ }
+ value >>>= 1;
+ }
+ return result;
+ }
}
diff --git a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
index 7796de8..09499d0 100644
--- a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
@@ -23,6 +23,7 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
+import java.util.Date;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
@@ -108,54 +109,39 @@
}
int keySizeBits = (spec.getKeySize() != null) ? spec.getKeySize() : mDefaultKeySizeBits;
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keySizeBits);
- @KeyStoreKeyConstraints.PurposeEnum int purposes = (spec.getPurposes() != null)
- ? spec.getPurposes()
- : (KeyStoreKeyConstraints.Purpose.ENCRYPT
- | KeyStoreKeyConstraints.Purpose.DECRYPT
- | KeyStoreKeyConstraints.Purpose.SIGN
- | KeyStoreKeyConstraints.Purpose.VERIFY);
+ int purposes = spec.getPurposes();
for (int keymasterPurpose :
KeyStoreKeyConstraints.Purpose.allToKeymaster(purposes)) {
args.addInt(KeymasterDefs.KM_TAG_PURPOSE, keymasterPurpose);
}
- if (spec.getBlockMode() != null) {
- args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE,
- KeyStoreKeyConstraints.BlockMode.toKeymaster(spec.getBlockMode()));
+ for (int keymasterBlockMode :
+ KeyStoreKeyConstraints.BlockMode.allToKeymaster(spec.getBlockModes())) {
+ args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, keymasterBlockMode);
}
- if (spec.getPadding() != null) {
- args.addInt(KeymasterDefs.KM_TAG_PADDING,
- KeyStoreKeyConstraints.Padding.toKeymaster(spec.getPadding()));
+ for (int keymasterPadding :
+ KeyStoreKeyConstraints.Padding.allToKeymaster(spec.getPaddings())) {
+ args.addInt(KeymasterDefs.KM_TAG_PADDING, keymasterPadding);
}
- if (spec.getMaxUsesPerBoot() != null) {
- args.addInt(KeymasterDefs.KM_TAG_MAX_USES_PER_BOOT, spec.getMaxUsesPerBoot());
- }
- if (spec.getMinSecondsBetweenOperations() != null) {
- args.addInt(KeymasterDefs.KM_TAG_MIN_SECONDS_BETWEEN_OPS,
- spec.getMinSecondsBetweenOperations());
- }
- if (spec.getUserAuthenticators().isEmpty()) {
+ if (spec.getUserAuthenticators() == 0) {
args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
} else {
- // TODO: Pass-in user authenticator IDs once the Keymaster API has stabilized
-// for (int userAuthenticatorId : spec.getUserAuthenticators()) {
-// args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_ID, userAuthenticatorId);
-// }
+ args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE,
+ KeyStoreKeyConstraints.UserAuthenticator.allToKeymaster(
+ spec.getUserAuthenticators()));
}
- if (spec.getUserAuthenticationValidityDurationSeconds() != null) {
+ if (spec.getUserAuthenticationValidityDurationSeconds() != -1) {
args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT,
spec.getUserAuthenticationValidityDurationSeconds());
}
- if (spec.getKeyValidityStart() != null) {
- args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, spec.getKeyValidityStart());
- }
- if (spec.getKeyValidityForOriginationEnd() != null) {
- args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
- spec.getKeyValidityForOriginationEnd());
- }
- if (spec.getKeyValidityForConsumptionEnd() != null) {
- args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
- spec.getKeyValidityForConsumptionEnd());
- }
+ args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
+ (spec.getKeyValidityStart() != null)
+ ? spec.getKeyValidityStart() : new Date(0));
+ args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
+ (spec.getKeyValidityForOriginationEnd() != null)
+ ? spec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
+ args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
+ (spec.getKeyValidityForConsumptionEnd() != null)
+ ? spec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
if (((purposes & KeyStoreKeyConstraints.Purpose.ENCRYPT) != 0)
|| ((purposes & KeyStoreKeyConstraints.Purpose.DECRYPT) != 0)) {
@@ -175,8 +161,7 @@
int errorCode = mKeyStore.generateKey(
keyAliasInKeystore, args, additionalEntropy, flags, new KeyCharacteristics());
if (errorCode != KeyStore.NO_ERROR) {
- throw new CryptoOperationException("Failed to generate key",
- KeymasterUtils.getExceptionForKeymasterError(errorCode));
+ throw KeyStore.getCryptoOperationException(errorCode);
}
String keyAlgorithmJCA =
KeyStoreKeyConstraints.Algorithm.toJCASecretKeyAlgorithm(mAlgorithm, mDigest);
diff --git a/keystore/java/android/security/KeyStoreKeySpec.java b/keystore/java/android/security/KeyStoreKeySpec.java
index ddeefbd..df4c958 100644
--- a/keystore/java/android/security/KeyStoreKeySpec.java
+++ b/keystore/java/android/security/KeyStoreKeySpec.java
@@ -17,10 +17,7 @@
package android.security;
import java.security.spec.KeySpec;
-import java.util.Collections;
import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
/**
* Information about a key from the <a href="{@docRoot}training/articles/keystore.html">Android
@@ -37,14 +34,12 @@
private final Date mKeyValidityForConsumptionEnd;
private final @KeyStoreKeyConstraints.PurposeEnum int mPurposes;
private final @KeyStoreKeyConstraints.AlgorithmEnum int mAlgorithm;
- private final @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
- private final @KeyStoreKeyConstraints.DigestEnum Integer mDigest;
- private final @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
- private final Integer mMinSecondsBetweenOperations;
- private final Integer mMaxUsesPerBoot;
- private final Set<Integer> mUserAuthenticators;
- private final Set<Integer> mTeeBackedUserAuthenticators;
- private final Integer mUserAuthenticationValidityDurationSeconds;
+ private final @KeyStoreKeyConstraints.PaddingEnum int mPaddings;
+ private final @KeyStoreKeyConstraints.DigestEnum int mDigests;
+ private final @KeyStoreKeyConstraints.BlockModeEnum int mBlockModes;
+ private final @KeyStoreKeyConstraints.UserAuthenticatorEnum int mUserAuthenticators;
+ private final @KeyStoreKeyConstraints.UserAuthenticatorEnum int mTeeEnforcedUserAuthenticators;
+ private final int mUserAuthenticationValidityDurationSeconds;
/**
@@ -52,18 +47,18 @@
*/
KeyStoreKeySpec(String keystoreKeyAlias,
@KeyStoreKeyCharacteristics.OriginEnum int origin,
- int keySize, Date keyValidityStart, Date keyValidityForOriginationEnd,
+ int keySize,
+ Date keyValidityStart,
+ Date keyValidityForOriginationEnd,
Date keyValidityForConsumptionEnd,
@KeyStoreKeyConstraints.PurposeEnum int purposes,
@KeyStoreKeyConstraints.AlgorithmEnum int algorithm,
- @KeyStoreKeyConstraints.PaddingEnum Integer padding,
- @KeyStoreKeyConstraints.DigestEnum Integer digest,
- @KeyStoreKeyConstraints.BlockModeEnum Integer blockMode,
- Integer minSecondsBetweenOperations,
- Integer maxUsesPerBoot,
- Set<Integer> userAuthenticators,
- Set<Integer> teeBackedUserAuthenticators,
- Integer userAuthenticationValidityDurationSeconds) {
+ @KeyStoreKeyConstraints.PaddingEnum int paddings,
+ @KeyStoreKeyConstraints.DigestEnum int digests,
+ @KeyStoreKeyConstraints.BlockModeEnum int blockModes,
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators,
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int teeEnforcedUserAuthenticators,
+ int userAuthenticationValidityDurationSeconds) {
mKeystoreAlias = keystoreKeyAlias;
mOrigin = origin;
mKeySize = keySize;
@@ -72,17 +67,11 @@
mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;
mPurposes = purposes;
mAlgorithm = algorithm;
- mPadding = padding;
- mDigest = digest;
- mBlockMode = blockMode;
- mMinSecondsBetweenOperations = minSecondsBetweenOperations;
- mMaxUsesPerBoot = maxUsesPerBoot;
- mUserAuthenticators = (userAuthenticators != null)
- ? new HashSet<Integer>(userAuthenticators)
- : Collections.<Integer>emptySet();
- mTeeBackedUserAuthenticators = (teeBackedUserAuthenticators != null)
- ? new HashSet<Integer>(teeBackedUserAuthenticators)
- : Collections.<Integer>emptySet();
+ mPaddings = paddings;
+ mDigests = digests;
+ mBlockModes = blockModes;
+ mUserAuthenticators = userAuthenticators;
+ mTeeEnforcedUserAuthenticators = teeEnforcedUserAuthenticators;
mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
}
@@ -101,7 +90,7 @@
}
/**
- * Gets the key's size in bits.
+ * Gets the size of the key in bits.
*/
public int getKeySize() {
return mKeySize;
@@ -149,78 +138,53 @@
}
/**
- * Gets the only block mode with which the key can be used.
- *
- * @return block mode or {@code null} if the block mode is not restricted.
+ * Gets the set of block modes with which the key can be used.
*/
- public @KeyStoreKeyConstraints.BlockModeEnum Integer getBlockMode() {
- return mBlockMode;
+ public @KeyStoreKeyConstraints.BlockModeEnum int getBlockModes() {
+ return mBlockModes;
}
/**
- * Gets the only padding mode with which the key can be used.
- *
- * @return padding mode or {@code null} if the padding mode is not restricted.
+ * Gets the set of padding modes with which the key can be used.
*/
- public @KeyStoreKeyConstraints.PaddingEnum Integer getPadding() {
- return mPadding;
+ public @KeyStoreKeyConstraints.PaddingEnum int getPaddings() {
+ return mPaddings;
}
/**
- * Gets the only digest algorithm with which the key can be used.
- *
- * @return digest algorithm or {@code null} if the digest algorithm is not restricted.
+ * Gets the set of digest algorithms with which the key can be used.
*/
- public @KeyStoreKeyConstraints.DigestEnum Integer getDigest() {
- return mDigest;
+ public @KeyStoreKeyConstraints.DigestEnum int getDigests() {
+ return mDigests;
}
/**
- * Gets the minimum number of seconds that must expire since the most recent use of the key
- * before it can be used again.
+ * Gets the set of user authenticators which protect access to the key. The key can only be used
+ * iff the user has authenticated to at least one of these user authenticators.
*
- * @return number of seconds or {@code null} if there is no restriction on how frequently a key
- * can be used.
+ * @return user authenticators or {@code 0} if the key can be used without user authentication.
*/
- public Integer getMinSecondsBetweenOperations() {
- return mMinSecondsBetweenOperations;
+ public @KeyStoreKeyConstraints.UserAuthenticatorEnum int getUserAuthenticators() {
+ return mUserAuthenticators;
}
/**
- * Gets the number of times the key can be used without rebooting the device.
- *
- * @return maximum number of times or {@code null} if there is no restriction.
+ * Gets the set of user authenticators for which the TEE enforces access restrictions for this
+ * key. This is a subset of the user authentications returned by
+ * {@link #getUserAuthenticators()}.
*/
- public Integer getMaxUsesPerBoot() {
- return mMaxUsesPerBoot;
- }
-
- /**
- * Gets the user authenticators which protect access to the key. The key can only be used iff
- * the user has authenticated to at least one of these user authenticators.
- *
- * @return user authenticators or empty set if the key can be used without user authentication.
- */
- public Set<Integer> getUserAuthenticators() {
- return new HashSet<Integer>(mUserAuthenticators);
- }
-
- /**
- * Gets the TEE-backed user authenticators which protect access to the key. This is a subset of
- * the user authentications returned by {@link #getUserAuthenticators()}.
- */
- public Set<Integer> getTeeBackedUserAuthenticators() {
- return new HashSet<Integer>(mTeeBackedUserAuthenticators);
+ public @KeyStoreKeyConstraints.UserAuthenticatorEnum int getTeeEnforcedUserAuthenticators() {
+ return mTeeEnforcedUserAuthenticators;
}
/**
* Gets the duration of time (seconds) for which the key can be used after the user
* successfully authenticates to one of the associated user authenticators.
*
- * @return duration in seconds or {@code null} if not restricted. {@code 0} means authentication
+ * @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
* is required for every use of the key.
*/
- public Integer getUserAuthenticationValidityDurationSeconds() {
+ public int getUserAuthenticationValidityDurationSeconds() {
return mUserAuthenticationValidityDurationSeconds;
}
}
diff --git a/keystore/java/android/security/KeyStoreParameter.java b/keystore/java/android/security/KeyStoreParameter.java
index 2428c2a..4909467 100644
--- a/keystore/java/android/security/KeyStoreParameter.java
+++ b/keystore/java/android/security/KeyStoreParameter.java
@@ -18,12 +18,10 @@
import android.content.Context;
+import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore.ProtectionParameter;
-import java.util.Collections;
import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
/**
* This provides the optional parameters that can be specified for
@@ -50,29 +48,25 @@
private final Date mKeyValidityStart;
private final Date mKeyValidityForOriginationEnd;
private final Date mKeyValidityForConsumptionEnd;
- private final @KeyStoreKeyConstraints.PurposeEnum Integer mPurposes;
- private final @KeyStoreKeyConstraints.AlgorithmEnum Integer mAlgorithm;
- private final @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
- private final @KeyStoreKeyConstraints.DigestEnum Integer mDigest;
- private final @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
- private final Integer mMinSecondsBetweenOperations;
- private final Integer mMaxUsesPerBoot;
- private final Set<Integer> mUserAuthenticators;
- private final Integer mUserAuthenticationValidityDurationSeconds;
+ private final @KeyStoreKeyConstraints.PurposeEnum int mPurposes;
+ private final @KeyStoreKeyConstraints.PaddingEnum int mPaddings;
+ private final @KeyStoreKeyConstraints.DigestEnum Integer mDigests;
+ private final @KeyStoreKeyConstraints.BlockModeEnum int mBlockModes;
+ private final @KeyStoreKeyConstraints.UserAuthenticatorEnum int mUserAuthenticators;
+ private final int mUserAuthenticationValidityDurationSeconds;
- private KeyStoreParameter(int flags, Date keyValidityStart,
- Date keyValidityForOriginationEnd, Date keyValidityForConsumptionEnd,
- @KeyStoreKeyConstraints.PurposeEnum Integer purposes,
- @KeyStoreKeyConstraints.AlgorithmEnum Integer algorithm,
- @KeyStoreKeyConstraints.PaddingEnum Integer padding,
- @KeyStoreKeyConstraints.DigestEnum Integer digest,
- @KeyStoreKeyConstraints.BlockModeEnum Integer blockMode,
- Integer minSecondsBetweenOperations,
- Integer maxUsesPerBoot,
- Set<Integer> userAuthenticators,
- Integer userAuthenticationValidityDurationSeconds) {
- if ((userAuthenticationValidityDurationSeconds != null)
- && (userAuthenticationValidityDurationSeconds < 0)) {
+ private KeyStoreParameter(int flags,
+ Date keyValidityStart,
+ Date keyValidityForOriginationEnd,
+ Date keyValidityForConsumptionEnd,
+ @KeyStoreKeyConstraints.PurposeEnum int purposes,
+ @KeyStoreKeyConstraints.PaddingEnum int paddings,
+ @KeyStoreKeyConstraints.DigestEnum Integer digests,
+ @KeyStoreKeyConstraints.BlockModeEnum int blockModes,
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators,
+ int userAuthenticationValidityDurationSeconds) {
+ if ((userAuthenticationValidityDurationSeconds < 0)
+ && (userAuthenticationValidityDurationSeconds != -1)) {
throw new IllegalArgumentException(
"userAuthenticationValidityDurationSeconds must not be negative");
}
@@ -82,15 +76,10 @@
mKeyValidityForOriginationEnd = keyValidityForOriginationEnd;
mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;
mPurposes = purposes;
- mAlgorithm = algorithm;
- mPadding = padding;
- mDigest = digest;
- mBlockMode = blockMode;
- mMinSecondsBetweenOperations = minSecondsBetweenOperations;
- mMaxUsesPerBoot = maxUsesPerBoot;
- mUserAuthenticators = (userAuthenticators != null)
- ? new HashSet<Integer>(userAuthenticators)
- : Collections.<Integer>emptySet();
+ mPaddings = paddings;
+ mDigests = digests;
+ mBlockModes = blockModes;
+ mUserAuthenticators = userAuthenticators;
mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
}
@@ -142,105 +131,81 @@
}
/**
- * Gets the set of purposes for which the key can be used to the provided set of purposes.
- *
- * @return set of purposes or {@code null} if the key can be used for any purpose.
+ * Gets the set of purposes for which the key can be used.
*
* @hide
*/
- public @KeyStoreKeyConstraints.PurposeEnum Integer getPurposes() {
+ public @KeyStoreKeyConstraints.PurposeEnum int getPurposes() {
return mPurposes;
}
/**
- * Gets the algorithm to which the key is restricted.
+ * Gets the set of padding schemes to which the key is restricted.
*
- * @return algorithm or {@code null} if it's not restricted.
* @hide
*/
- public @KeyStoreKeyConstraints.AlgorithmEnum Integer getAlgorithm() {
- return mAlgorithm;
+ public @KeyStoreKeyConstraints.PaddingEnum int getPaddings() {
+ return mPaddings;
}
/**
- * Gets the padding scheme to which the key is restricted.
+ * Gets the set of digests to which the key is restricted.
*
- * @return padding scheme or {@code null} if the padding scheme is not restricted.
+ * @throws IllegalStateException if this restriction has not been specified.
+ *
+ * @see #isDigestsSpecified()
*
* @hide
*/
- public @KeyStoreKeyConstraints.PaddingEnum Integer getPadding() {
- return mPadding;
+ public @KeyStoreKeyConstraints.DigestEnum int getDigests() {
+ if (mDigests == null) {
+ throw new IllegalStateException("Digests not specified");
+ }
+ return mDigests;
}
/**
- * Gets the digest to which the key is restricted when generating Message Authentication Codes
- * (MACs).
+ * Returns {@code true} if digest restrictions have been specified.
*
- * @return digest or {@code null} if the digest is not restricted.
+ * @see #getDigests()
*
* @hide
*/
- public @KeyStoreKeyConstraints.DigestEnum Integer getDigest() {
- return mDigest;
+ public boolean isDigestsSpecified() {
+ return mDigests != null;
}
/**
- * Gets the block mode to which the key is restricted when used for encryption or decryption.
- *
- * @return block more or {@code null} if block mode is not restricted.
+ * Gets the set of block modes to which the key is restricted.
*
* @hide
*/
- public @KeyStoreKeyConstraints.BlockModeEnum Integer getBlockMode() {
- return mBlockMode;
+ public @KeyStoreKeyConstraints.BlockModeEnum int getBlockModes() {
+ return mBlockModes;
}
/**
- * Gets the minimum number of seconds that must expire since the most recent use of the key
- * before it can be used again.
+ * Gets the set of user authenticators which protect access to this key. The key can only be
+ * used iff the user has authenticated to at least one of these user authenticators.
*
- * @return number of seconds or {@code null} if there is no restriction on how frequently a key
- * can be used.
+ * @return user authenticators or {@code 0} if the key can be used without user authentication.
*
* @hide
*/
- public Integer getMinSecondsBetweenOperations() {
- return mMinSecondsBetweenOperations;
- }
-
- /**
- * Gets the number of times the key can be used without rebooting the device.
- *
- * @return maximum number of times or {@code null} if there is no restriction.
- * @hide
- */
- public Integer getMaxUsesPerBoot() {
- return mMaxUsesPerBoot;
- }
-
- /**
- * Gets the user authenticators which protect access to this key. The key can only be used iff
- * the user has authenticated to at least one of these user authenticators.
- *
- * @return user authenticators or empty set if the key can be used without user authentication.
- *
- * @hide
- */
- public Set<Integer> getUserAuthenticators() {
- return new HashSet<Integer>(mUserAuthenticators);
+ public @KeyStoreKeyConstraints.UserAuthenticatorEnum int getUserAuthenticators() {
+ return mUserAuthenticators;
}
/**
* Gets the duration of time (seconds) for which this key can be used after the user
* successfully authenticates to one of the associated user authenticators.
*
- * @return duration in seconds or {@code null} if not restricted. {@code 0} means authentication
+ * @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
* is required for every use of the key.
*
* @hide
*/
- public Integer getUserAuthenticationValidityDurationSeconds() {
+ public int getUserAuthenticationValidityDurationSeconds() {
return mUserAuthenticationValidityDurationSeconds;
}
@@ -266,15 +231,12 @@
private Date mKeyValidityStart;
private Date mKeyValidityForOriginationEnd;
private Date mKeyValidityForConsumptionEnd;
- private @KeyStoreKeyConstraints.PurposeEnum Integer mPurposes;
- private @KeyStoreKeyConstraints.AlgorithmEnum Integer mAlgorithm;
- private @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
- private @KeyStoreKeyConstraints.DigestEnum Integer mDigest;
- private @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
- private Integer mMinSecondsBetweenOperations;
- private Integer mMaxUsesPerBoot;
- private Set<Integer> mUserAuthenticators;
- private Integer mUserAuthenticationValidityDurationSeconds;
+ private @KeyStoreKeyConstraints.PurposeEnum int mPurposes;
+ private @KeyStoreKeyConstraints.PaddingEnum int mPaddings;
+ private @KeyStoreKeyConstraints.DigestEnum Integer mDigests;
+ private @KeyStoreKeyConstraints.BlockModeEnum int mBlockModes;
+ private @KeyStoreKeyConstraints.UserAuthenticatorEnum int mUserAuthenticators;
+ private int mUserAuthenticationValidityDurationSeconds = -1;
/**
* Creates a new instance of the {@code Builder} with the given
@@ -366,9 +328,9 @@
}
/**
- * Restricts the purposes for which the key can be used to the provided set of purposes.
+ * Restricts the key to being used only for the provided set of purposes.
*
- * <p>By default, the key can be used for encryption, decryption, signing, and verification.
+ * <p>This restriction must be specified. There is no default.
*
* @hide
*/
@@ -378,83 +340,43 @@
}
/**
- * Sets the algorithm of the key.
- *
- * <p>The algorithm of symmetric keys can be deduced from the key itself. Thus, explicitly
- * specifying the algorithm of symmetric keys using this method is not necessary.
- *
- * @hide
- */
- public Builder setAlgorithm(@KeyStoreKeyConstraints.AlgorithmEnum int algorithm) {
- mAlgorithm = algorithm;
- return this;
- }
-
- /**
- * Restricts the key to being used only with the provided padding scheme. Attempts to use
+ * Restricts the key to being used only with the provided padding schemes. Attempts to use
* the key with any other padding will be rejected.
*
* <p>This restriction must be specified for keys which are used for encryption/decryption.
*
* @hide
*/
- public Builder setPadding(@KeyStoreKeyConstraints.PaddingEnum int padding) {
- mPadding = padding;
+ public Builder setPaddings(@KeyStoreKeyConstraints.PaddingEnum int paddings) {
+ mPaddings = paddings;
return this;
}
/**
- * Restricts the key to being used only with the provided digest when generating Message
- * Authentication Codes (MACs). Attempts to use the key with any other digest will be
- * rejected.
+ * Restricts the key to being used only with the provided digests when generating signatures
+ * or HMACs. Attempts to use the key with any other digest will be rejected.
*
- * <p>For MAC keys, the default is to restrict to the digest specified in the key algorithm
- * name.
- *
- * @see java.security.Key#getAlgorithm()
+ * <p>For HMAC keys, the default is to restrict to the digest specified in
+ * {@link Key#getAlgorithm()}. For asymmetric signing keys this constraint must be specified
+ * because there is no default.
*
* @hide
*/
- public Builder setDigest(@KeyStoreKeyConstraints.DigestEnum int digest) {
- mDigest = digest;
+ public Builder setDigests(@KeyStoreKeyConstraints.DigestEnum int digests) {
+ mDigests = digests;
return this;
}
/**
- * Restricts the key to being used only with the provided block mode when encrypting or
- * decrypting. Attempts to use the key with any other block modes will be rejected.
+ * Restricts the key to being used only with the provided block modes. Attempts to use the
+ * key with any other block modes will be rejected.
*
- * <p>This restriction must be specified for keys which are used for encryption/decryption.
+ * <p>This restriction must be specified for symmetric encryption/decryption keys.
*
* @hide
*/
- public Builder setBlockMode(@KeyStoreKeyConstraints.BlockModeEnum int blockMode) {
- mBlockMode = blockMode;
- return this;
- }
-
- /**
- * Sets the minimum number of seconds that must expire since the most recent use of the key
- * before it can be used again.
- *
- * <p>By default, there is no restriction on how frequently a key can be used.
- *
- * @hide
- */
- public Builder setMinSecondsBetweenOperations(int seconds) {
- mMinSecondsBetweenOperations = seconds;
- return this;
- }
-
- /**
- * Sets the maximum number of times a key can be used without rebooting the device.
- *
- * <p>By default, the key can be used for an unlimited number of times.
- *
- * @hide
- */
- public Builder setMaxUsesPerBoot(int count) {
- mMaxUsesPerBoot = count;
+ public Builder setBlockModes(@KeyStoreKeyConstraints.BlockModeEnum int blockModes) {
+ mBlockModes = blockModes;
return this;
}
@@ -464,16 +386,16 @@
*
* <p>By default, the key can be used without user authentication.
*
- * @param userAuthenticators user authenticators or empty list if this key can be accessed
+ * @param userAuthenticators user authenticators or {@code 0} if this key can be accessed
* without user authentication.
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
*
* @hide
*/
- public Builder setUserAuthenticators(Set<Integer> userAuthenticators) {
- mUserAuthenticators =
- (userAuthenticators != null) ? new HashSet<Integer>(userAuthenticators) : null;
+ public Builder setUserAuthenticators(
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators) {
+ mUserAuthenticators = userAuthenticators;
return this;
}
@@ -486,7 +408,7 @@
* @param seconds duration in seconds or {@code 0} if the user needs to authenticate for
* every use of the key.
*
- * @see #setUserAuthenticators(Set)
+ * @see #setUserAuthenticators(int)
*
* @hide
*/
@@ -502,10 +424,15 @@
* @return built instance of {@code KeyStoreParameter}
*/
public KeyStoreParameter build() {
- return new KeyStoreParameter(mFlags, mKeyValidityStart,
- mKeyValidityForOriginationEnd, mKeyValidityForConsumptionEnd, mPurposes,
- mAlgorithm, mPadding, mDigest, mBlockMode, mMinSecondsBetweenOperations,
- mMaxUsesPerBoot, mUserAuthenticators,
+ return new KeyStoreParameter(mFlags,
+ mKeyValidityStart,
+ mKeyValidityForOriginationEnd,
+ mKeyValidityForConsumptionEnd,
+ mPurposes,
+ mPaddings,
+ mDigests,
+ mBlockModes,
+ mUserAuthenticators,
mUserAuthenticationValidityDurationSeconds);
}
}
diff --git a/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
index 8921ba1..09f0b00 100644
--- a/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
+++ b/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
@@ -22,8 +22,7 @@
import java.security.InvalidKeyException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
-import java.util.Collections;
-import java.util.Set;
+import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
@@ -75,9 +74,11 @@
int keySize;
@KeyStoreKeyConstraints.PurposeEnum int purposes;
@KeyStoreKeyConstraints.AlgorithmEnum int algorithm;
- @KeyStoreKeyConstraints.PaddingEnum Integer padding;
- @KeyStoreKeyConstraints.DigestEnum Integer digest;
- @KeyStoreKeyConstraints.BlockModeEnum Integer blockMode;
+ @KeyStoreKeyConstraints.PaddingEnum int paddings;
+ @KeyStoreKeyConstraints.DigestEnum int digests;
+ @KeyStoreKeyConstraints.BlockModeEnum int blockModes;
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators;
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum int teeEnforcedUserAuthenticators;
try {
origin = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_ORIGIN);
if (origin == null) {
@@ -97,49 +98,66 @@
throw new InvalidKeySpecException("Key algorithm not available");
}
algorithm = KeyStoreKeyConstraints.Algorithm.fromKeymaster(alg);
- padding = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_PADDING);
- if (padding != null) {
- padding = KeyStoreKeyConstraints.Padding.fromKeymaster(padding);
- }
- digest = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_DIGEST);
- if (digest != null) {
- digest = KeyStoreKeyConstraints.Digest.fromKeymaster(digest);
- }
- blockMode = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_BLOCK_MODE);
- if (blockMode != null) {
- blockMode = KeyStoreKeyConstraints.BlockMode.fromKeymaster(blockMode);
- }
+ paddings = KeyStoreKeyConstraints.Padding.allFromKeymaster(
+ KeymasterUtils.getInts(keyCharacteristics, KeymasterDefs.KM_TAG_PADDING));
+ digests = KeyStoreKeyConstraints.Digest.allFromKeymaster(
+ KeymasterUtils.getInts(keyCharacteristics, KeymasterDefs.KM_TAG_DIGEST));
+ blockModes = KeyStoreKeyConstraints.BlockMode.allFromKeymaster(
+ KeymasterUtils.getInts(keyCharacteristics, KeymasterDefs.KM_TAG_BLOCK_MODE));
+
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum
+ int swEnforcedKeymasterUserAuthenticators =
+ keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, 0);
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum
+ int hwEnforcedKeymasterUserAuthenticators =
+ keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, 0);
+ @KeyStoreKeyConstraints.UserAuthenticatorEnum
+ int keymasterUserAuthenticators =
+ swEnforcedKeymasterUserAuthenticators | hwEnforcedKeymasterUserAuthenticators;
+ userAuthenticators = KeyStoreKeyConstraints.UserAuthenticator.allFromKeymaster(
+ keymasterUserAuthenticators);
+ teeEnforcedUserAuthenticators =
+ KeyStoreKeyConstraints.UserAuthenticator.allFromKeymaster(
+ hwEnforcedKeymasterUserAuthenticators);
} catch (IllegalArgumentException e) {
throw new InvalidKeySpecException("Unsupported key characteristic", e);
}
- // TODO: Read user authentication IDs once the Keymaster API has stabilized
- Set<Integer> userAuthenticators = Collections.emptySet();
- Set<Integer> teeBackedUserAuthenticators = Collections.emptySet();
-// Set<Integer> userAuthenticators = new HashSet<Integer>(
-// getInts(keyCharacteristics, KeymasterDefs.KM_TAG_USER_AUTH_ID));
-// Set<Integer> teeBackedUserAuthenticators = new HashSet<Integer>(
-// keyCharacteristics.hwEnforced.getInts(KeymasterDefs.KM_TAG_USER_AUTH_ID));
+ Date keyValidityStart =
+ KeymasterUtils.getDate(keyCharacteristics, KeymasterDefs.KM_TAG_ACTIVE_DATETIME);
+ if ((keyValidityStart != null) && (keyValidityStart.getTime() <= 0)) {
+ keyValidityStart = null;
+ }
+ Date keyValidityForOriginationEnd = KeymasterUtils.getDate(keyCharacteristics,
+ KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME);
+ if ((keyValidityForOriginationEnd != null)
+ && (keyValidityForOriginationEnd.getTime() == Long.MAX_VALUE)) {
+ keyValidityForOriginationEnd = null;
+ }
+ Date keyValidityForConsumptionEnd = KeymasterUtils.getDate(keyCharacteristics,
+ KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME);
+ if ((keyValidityForConsumptionEnd != null)
+ && (keyValidityForConsumptionEnd.getTime() == Long.MAX_VALUE)) {
+ keyValidityForConsumptionEnd = null;
+ }
+ Integer userAuthenticationValidityDurationSeconds =
+ KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_AUTH_TIMEOUT);
return new KeyStoreKeySpec(entryAlias,
origin,
keySize,
- KeymasterUtils.getDate(keyCharacteristics, KeymasterDefs.KM_TAG_ACTIVE_DATETIME),
- KeymasterUtils.getDate(keyCharacteristics,
- KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME),
- KeymasterUtils.getDate(keyCharacteristics,
- KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME),
+ keyValidityStart,
+ keyValidityForOriginationEnd,
+ keyValidityForConsumptionEnd,
purposes,
algorithm,
- padding,
- digest,
- blockMode,
- KeymasterUtils.getInt(keyCharacteristics,
- KeymasterDefs.KM_TAG_MIN_SECONDS_BETWEEN_OPS),
- KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_MAX_USES_PER_BOOT),
+ paddings,
+ digests,
+ blockModes,
userAuthenticators,
- teeBackedUserAuthenticators,
- KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_AUTH_TIMEOUT));
+ teeEnforcedUserAuthenticators,
+ ((userAuthenticationValidityDurationSeconds != null)
+ ? userAuthenticationValidityDurationSeconds : -1));
}
@Override
diff --git a/keystore/java/android/security/KeymasterUtils.java b/keystore/java/android/security/KeymasterUtils.java
index 6bb9636..3143d4d 100644
--- a/keystore/java/android/security/KeymasterUtils.java
+++ b/keystore/java/android/security/KeymasterUtils.java
@@ -17,7 +17,6 @@
package android.security;
import android.security.keymaster.KeyCharacteristics;
-import android.security.keymaster.KeymasterDefs;
import java.util.ArrayList;
import java.util.Date;
@@ -29,19 +28,6 @@
public abstract class KeymasterUtils {
private KeymasterUtils() {}
- public static KeymasterException getExceptionForKeymasterError(int keymasterErrorCode) {
- switch (keymasterErrorCode) {
- case KeymasterDefs.KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT:
- // The name of this parameter significantly differs between Keymaster and framework
- // APIs. Use the framework wording to make life easier for developers.
- return new KeymasterException(keymasterErrorCode,
- "Invalid user authentication validity duration");
- default:
- return new KeymasterException(keymasterErrorCode,
- KeymasterDefs.getErrorMessage(keymasterErrorCode));
- }
- }
-
public static Integer getInt(KeyCharacteristics keyCharacteristics, int tag) {
if (keyCharacteristics.hwEnforced.containsTag(tag)) {
return keyCharacteristics.hwEnforced.getInt(tag, -1);
diff --git a/keystore/java/android/security/UserNotAuthenticatedException.java b/keystore/java/android/security/UserNotAuthenticatedException.java
new file mode 100644
index 0000000..e6342ef
--- /dev/null
+++ b/keystore/java/android/security/UserNotAuthenticatedException.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+/**
+ * Indicates that a cryptographic operation could not be performed because the user has not been
+ * authenticated recently enough.
+ *
+ * @hide
+ */
+public class UserNotAuthenticatedException extends CryptoOperationException {
+
+ /**
+ * Constructs a new {@code UserNotAuthenticatedException} without detail message and cause.
+ */
+ public UserNotAuthenticatedException() {
+ super("User not authenticated");
+ }
+
+ /**
+ * Constructs a new {@code UserNotAuthenticatedException} with the provided detail message and
+ * no cause.
+ */
+ public UserNotAuthenticatedException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs a new {@code UserNotAuthenticatedException} with the provided detail message and
+ * cause.
+ */
+ public UserNotAuthenticatedException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java
index 7468fb5e..c9a140c 100644
--- a/keystore/tests/src/android/security/KeyStoreTest.java
+++ b/keystore/tests/src/android/security/KeyStoreTest.java
@@ -712,6 +712,7 @@
args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
+ args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,
RSAKeyGenParameterSpec.F4.longValue());
@@ -735,6 +736,7 @@
args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
+ args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,
RSAKeyGenParameterSpec.F4.longValue());
@@ -769,6 +771,7 @@
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB);
+ args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, id);
args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,
RSAKeyGenParameterSpec.F4.longValue());
@@ -806,6 +809,7 @@
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);
args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);
args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
+ args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
@@ -838,6 +842,7 @@
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, mode);
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, size);
+ args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
return mKeyStore.importKey(name, args, KeymasterDefs.KM_KEY_FORMAT_RAW, key, 0,
new KeyCharacteristics());
}
@@ -901,6 +906,7 @@
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);
args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);
args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
+ args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
@@ -922,4 +928,30 @@
assertEquals("Operation should be pruned", KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE,
mKeyStore.update(first, null, new byte[] {0x01}).resultCode);
}
+
+ public void testAuthNeeded() throws Exception {
+ String name = "test";
+ KeymasterArguments args = new KeymasterArguments();
+ args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
+ args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
+ args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
+ args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
+ args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256);
+ args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);
+ args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);
+ args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
+ args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, 1);
+
+ KeyCharacteristics outCharacteristics = new KeyCharacteristics();
+ int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
+ KeymasterArguments out = new KeymasterArguments();
+ assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
+ OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
+ true, args, null, out);
+ assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
+ IBinder token = result.token;
+ result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04});
+ assertEquals("Update should require authorization",
+ KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED, result.resultCode);
+ }
}
diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
index e66934e..fae0643 100644
--- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
@@ -773,6 +773,11 @@
synchronized (this) {
if (DEBUG) Log.d(TAG, "setKeyguardEnabled(" + enabled + ")");
+ if (isSecure()) {
+ Log.d(TAG, "current mode is SecurityMode, ignore hide keyguard");
+ return;
+ }
+
mExternallyEnabled = enabled;
if (!enabled && mShowing) {
diff --git a/preloaded-classes b/preloaded-classes
index c8d8c5d..151766f 100644
--- a/preloaded-classes
+++ b/preloaded-classes
@@ -1146,8 +1146,6 @@
android.provider.Settings$System
android.provider.Telephony$Mms
android.renderscript.RenderScript
-android.security.AndroidKeyPairGenerator
-android.security.AndroidKeyStore
android.security.AndroidKeyStoreProvider
android.speech.tts.TextToSpeechService
android.speech.tts.TextToSpeechService$SpeechItemV1
diff --git a/rs/java/android/renderscript/Allocation.java b/rs/java/android/renderscript/Allocation.java
index 523c8fb..28547cc 100644
--- a/rs/java/android/renderscript/Allocation.java
+++ b/rs/java/android/renderscript/Allocation.java
@@ -1340,15 +1340,22 @@
private void copyTo(Object array, Element.DataType dt, int arrayLen) {
Trace.traceBegin(RenderScript.TRACE_TAG, "copyTo");
- if (dt.mSize * arrayLen < mSize) {
- throw new RSIllegalArgumentException(
- "Size of output array cannot be smaller than size of allocation.");
- }
mRS.validate();
boolean usePadding = false;
if (mAutoPadding && (mType.getElement().getVectorSize() == 3)) {
usePadding = true;
}
+ if (usePadding) {
+ if (dt.mSize * arrayLen < mSize / 4 * 3) {
+ throw new RSIllegalArgumentException(
+ "Size of output array cannot be smaller than size of allocation.");
+ }
+ } else {
+ if (dt.mSize * arrayLen < mSize) {
+ throw new RSIllegalArgumentException(
+ "Size of output array cannot be smaller than size of allocation.");
+ }
+ }
mRS.nAllocationRead(getID(mRS), array, dt, mType.mElement.mType.mSize, usePadding);
Trace.traceEnd(RenderScript.TRACE_TAG);
}
diff --git a/rs/java/android/renderscript/FieldPacker.java b/rs/java/android/renderscript/FieldPacker.java
index 0f967fc..de1c497 100644
--- a/rs/java/android/renderscript/FieldPacker.java
+++ b/rs/java/android/renderscript/FieldPacker.java
@@ -47,6 +47,15 @@
// subAlign() can never work correctly for copied FieldPacker objects.
}
+ static FieldPacker createFromArray(Object[] args) {
+ FieldPacker fp = new FieldPacker(RenderScript.sPointerSize * 8);
+ for (Object arg : args) {
+ fp.addSafely(arg);
+ }
+ fp.resize(fp.mPos);
+ return fp;
+ }
+
public void align(int v) {
if ((v <= 0) || ((v & (v - 1)) != 0)) {
throw new RSIllegalArgumentException("argument must be a non-negative non-zero power of 2: " + v);
@@ -618,294 +627,182 @@
return mPos;
}
- private static void addToPack(FieldPacker fp, Object obj) {
+ private void add(Object obj) {
if (obj instanceof Boolean) {
- fp.addBoolean(((Boolean)obj).booleanValue());
+ addBoolean((Boolean)obj);
return;
}
if (obj instanceof Byte) {
- fp.addI8(((Byte)obj).byteValue());
+ addI8((Byte)obj);
return;
}
if (obj instanceof Short) {
- fp.addI16(((Short)obj).shortValue());
+ addI16((Short)obj);
return;
}
if (obj instanceof Integer) {
- fp.addI32(((Integer)obj).intValue());
+ addI32((Integer)obj);
return;
}
if (obj instanceof Long) {
- fp.addI64(((Long)obj).longValue());
+ addI64((Long)obj);
return;
}
if (obj instanceof Float) {
- fp.addF32(((Float)obj).floatValue());
+ addF32((Float)obj);
return;
}
if (obj instanceof Double) {
- fp.addF64(((Double)obj).doubleValue());
+ addF64((Double)obj);
return;
}
if (obj instanceof Byte2) {
- fp.addI8((Byte2)obj);
+ addI8((Byte2)obj);
return;
}
if (obj instanceof Byte3) {
- fp.addI8((Byte3)obj);
+ addI8((Byte3)obj);
return;
}
if (obj instanceof Byte4) {
- fp.addI8((Byte4)obj);
+ addI8((Byte4)obj);
return;
}
if (obj instanceof Short2) {
- fp.addI16((Short2)obj);
+ addI16((Short2)obj);
return;
}
if (obj instanceof Short3) {
- fp.addI16((Short3)obj);
+ addI16((Short3)obj);
return;
}
if (obj instanceof Short4) {
- fp.addI16((Short4)obj);
+ addI16((Short4)obj);
return;
}
if (obj instanceof Int2) {
- fp.addI32((Int2)obj);
+ addI32((Int2)obj);
return;
}
if (obj instanceof Int3) {
- fp.addI32((Int3)obj);
+ addI32((Int3)obj);
return;
}
if (obj instanceof Int4) {
- fp.addI32((Int4)obj);
+ addI32((Int4)obj);
return;
}
if (obj instanceof Long2) {
- fp.addI64((Long2)obj);
+ addI64((Long2)obj);
return;
}
if (obj instanceof Long3) {
- fp.addI64((Long3)obj);
+ addI64((Long3)obj);
return;
}
if (obj instanceof Long4) {
- fp.addI64((Long4)obj);
+ addI64((Long4)obj);
return;
}
if (obj instanceof Float2) {
- fp.addF32((Float2)obj);
+ addF32((Float2)obj);
return;
}
if (obj instanceof Float3) {
- fp.addF32((Float3)obj);
+ addF32((Float3)obj);
return;
}
if (obj instanceof Float4) {
- fp.addF32((Float4)obj);
+ addF32((Float4)obj);
return;
}
if (obj instanceof Double2) {
- fp.addF64((Double2)obj);
+ addF64((Double2)obj);
return;
}
if (obj instanceof Double3) {
- fp.addF64((Double3)obj);
+ addF64((Double3)obj);
return;
}
if (obj instanceof Double4) {
- fp.addF64((Double4)obj);
+ addF64((Double4)obj);
return;
}
if (obj instanceof Matrix2f) {
- fp.addMatrix((Matrix2f)obj);
+ addMatrix((Matrix2f)obj);
return;
}
if (obj instanceof Matrix3f) {
- fp.addMatrix((Matrix3f)obj);
+ addMatrix((Matrix3f)obj);
return;
}
if (obj instanceof Matrix4f) {
- fp.addMatrix((Matrix4f)obj);
+ addMatrix((Matrix4f)obj);
return;
}
if (obj instanceof BaseObj) {
- fp.addObj((BaseObj)obj);
+ addObj((BaseObj)obj);
return;
}
}
- private static int getPackedSize(Object obj) {
- if (obj instanceof Boolean) {
- return 1;
+ private boolean resize(int newSize) {
+ if (newSize == mLen) {
+ return false;
}
- if (obj instanceof Byte) {
- return 1;
- }
+ byte[] newData = new byte[newSize];
+ System.arraycopy(mData, 0, newData, 0, mPos);
+ mData = newData;
+ mLen = newSize;
+ return true;
+ }
- if (obj instanceof Short) {
- return 2;
- }
-
- if (obj instanceof Integer) {
- return 4;
- }
-
- if (obj instanceof Long) {
- return 8;
- }
-
- if (obj instanceof Float) {
- return 4;
- }
-
- if (obj instanceof Double) {
- return 8;
- }
-
- if (obj instanceof Byte2) {
- return 2;
- }
-
- if (obj instanceof Byte3) {
- return 3;
- }
-
- if (obj instanceof Byte4) {
- return 4;
- }
-
- if (obj instanceof Short2) {
- return 4;
- }
-
- if (obj instanceof Short3) {
- return 6;
- }
-
- if (obj instanceof Short4) {
- return 8;
- }
-
- if (obj instanceof Int2) {
- return 8;
- }
-
- if (obj instanceof Int3) {
- return 12;
- }
-
- if (obj instanceof Int4) {
- return 16;
- }
-
- if (obj instanceof Long2) {
- return 16;
- }
-
- if (obj instanceof Long3) {
- return 24;
- }
-
- if (obj instanceof Long4) {
- return 32;
- }
-
- if (obj instanceof Float2) {
- return 8;
- }
-
- if (obj instanceof Float3) {
- return 12;
- }
-
- if (obj instanceof Float4) {
- return 16;
- }
-
- if (obj instanceof Double2) {
- return 16;
- }
-
- if (obj instanceof Double3) {
- return 24;
- }
-
- if (obj instanceof Double4) {
- return 32;
- }
-
- if (obj instanceof Matrix2f) {
- return 16;
- }
-
- if (obj instanceof Matrix3f) {
- return 36;
- }
-
- if (obj instanceof Matrix4f) {
- return 64;
- }
-
- if (obj instanceof BaseObj) {
- if (RenderScript.sPointerSize == 8) {
- return 32;
- } else {
- return 4;
+ private void addSafely(Object obj) {
+ boolean retry;
+ final int oldPos = mPos;
+ do {
+ retry = false;
+ try {
+ add(obj);
+ } catch (ArrayIndexOutOfBoundsException e) {
+ mPos = oldPos;
+ resize(mLen * 2);
+ retry = true;
}
- }
-
- return 0;
+ } while (retry);
}
- static FieldPacker createFieldPack(Object[] args) {
- int len = 0;
- for (Object arg : args) {
- len += getPackedSize(arg);
- }
- FieldPacker fp = new FieldPacker(len);
- for (Object arg : args) {
- addToPack(fp, arg);
- }
- return fp;
- }
-
- private final byte mData[];
+ private byte mData[];
private int mPos;
private int mLen;
private BitSet mAlignment;
-
}
-
-
diff --git a/rs/java/android/renderscript/RenderScript.java b/rs/java/android/renderscript/RenderScript.java
index 45f0ca6..5138719 100644
--- a/rs/java/android/renderscript/RenderScript.java
+++ b/rs/java/android/renderscript/RenderScript.java
@@ -16,7 +16,6 @@
package android.renderscript;
-import java.io.File;
import java.lang.reflect.Method;
import java.util.concurrent.locks.ReentrantReadWriteLock;
@@ -130,8 +129,6 @@
native void nContextInitToClient(long con);
native void nContextDeinitToClient(long con);
- static File mCacheDir;
-
// this should be a monotonically increasing ID
// used in conjunction with the API version of a device
static final long sMinorID = 1;
@@ -146,23 +143,6 @@
return sMinorID;
}
- /**
- * Sets the directory to use as a persistent storage for the
- * renderscript object file cache.
- *
- * @hide
- * @param cacheDir A directory the current process can write to
- */
- public static void setupDiskCache(File cacheDir) {
- if (!sInitialized) {
- Log.e(LOG_TAG, "RenderScript.setupDiskCache() called when disabled");
- return;
- }
-
- // Defer creation of cache path to nScriptCCreate().
- mCacheDir = cacheDir;
- }
-
/**
* ContextType specifies the specific type of context to be created.
*
diff --git a/rs/java/android/renderscript/RenderScriptCacheDir.java b/rs/java/android/renderscript/RenderScriptCacheDir.java
new file mode 100644
index 0000000..95a9d75
--- /dev/null
+++ b/rs/java/android/renderscript/RenderScriptCacheDir.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2008-2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.renderscript;
+
+import java.io.File;
+
+/**
+ * Used only for tracking the RenderScript cache directory.
+ * @hide
+ */
+public class RenderScriptCacheDir {
+ /**
+ * Sets the directory to use as a persistent storage for the
+ * renderscript object file cache.
+ *
+ * @hide
+ * @param cacheDir A directory the current process can write to
+ */
+ public static void setupDiskCache(File cacheDir) {
+ // Defer creation of cache path to nScriptCCreate().
+ mCacheDir = cacheDir;
+ }
+
+ static File mCacheDir;
+
+}
diff --git a/rs/java/android/renderscript/ScriptC.java b/rs/java/android/renderscript/ScriptC.java
index 64d21e4..bf706c1 100644
--- a/rs/java/android/renderscript/ScriptC.java
+++ b/rs/java/android/renderscript/ScriptC.java
@@ -124,7 +124,7 @@
// Create the RS cache path if we haven't done so already.
if (mCachePath == null) {
- File f = new File(rs.mCacheDir, CACHE_PATH);
+ File f = new File(RenderScriptCacheDir.mCacheDir, CACHE_PATH);
mCachePath = f.getAbsolutePath();
f.mkdirs();
}
@@ -135,7 +135,7 @@
private static synchronized long internalStringCreate(RenderScript rs, String resName, byte[] bitcode) {
// Create the RS cache path if we haven't done so already.
if (mCachePath == null) {
- File f = new File(rs.mCacheDir, CACHE_PATH);
+ File f = new File(RenderScriptCacheDir.mCacheDir, CACHE_PATH);
mCachePath = f.getAbsolutePath();
f.mkdirs();
}
diff --git a/rs/java/android/renderscript/ScriptGroup2.java b/rs/java/android/renderscript/ScriptGroup2.java
index 13e22aa..857e9fb 100644
--- a/rs/java/android/renderscript/ScriptGroup2.java
+++ b/rs/java/android/renderscript/ScriptGroup2.java
@@ -112,7 +112,7 @@
public Closure(RenderScript rs, Script.InvokeID invokeID,
Object[] args, Map<Script.FieldID, Object> globals) {
super(0, rs);
- mFP = FieldPacker.createFieldPack(args);
+ mFP = FieldPacker.createFromArray(args);
mArgs = args;
mBindings = globals;
diff --git a/rs/java/android/renderscript/ScriptIntrinsicBlur.java b/rs/java/android/renderscript/ScriptIntrinsicBlur.java
index 5c4edd3..60e2b6d9 100644
--- a/rs/java/android/renderscript/ScriptIntrinsicBlur.java
+++ b/rs/java/android/renderscript/ScriptIntrinsicBlur.java
@@ -34,7 +34,7 @@
* Create an intrinsic for applying a blur to an allocation. The
* default radius is 5.0.
*
- * Supported elements types are {@link Element#U8_4}
+ * Supported elements types are {@link Element#U8_4 Element#U8}
*
* @param rs The RenderScript context
* @param e Element type for inputs and outputs
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index d9ef766..758b0fc 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -2022,6 +2022,8 @@
ReapUnvalidatedNetworks.DONT_REAP);
}
}
+ NetworkFactoryInfo nfi = mNetworkFactoryInfos.remove(msg.replyTo);
+ if (DBG && nfi != null) log("unregisterNetworkFactory for " + nfi.name);
}
// If this method proves to be too slow then we can maintain a separate
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java
index 059dde1..4e7aa77 100755
--- a/services/core/java/com/android/server/am/ActiveServices.java
+++ b/services/core/java/com/android/server/am/ActiveServices.java
@@ -2127,8 +2127,16 @@
}
}
- // First clear app state from services.
- for (int i=app.services.size()-1; i>=0; i--) {
+ // Clean up any connections this application has to other services.
+ for (int i = app.connections.size() - 1; i >= 0; i--) {
+ ConnectionRecord r = app.connections.valueAt(i);
+ removeConnectionLocked(r, app, null);
+ }
+ updateServiceConnectionActivitiesLocked(app);
+ app.connections.clear();
+
+ // Clear app state from services.
+ for (int i = app.services.size() - 1; i >= 0; i--) {
ServiceRecord sr = app.services.valueAt(i);
synchronized (sr.stats.getBatteryStats()) {
sr.stats.stopLaunchedLocked();
@@ -2188,14 +2196,6 @@
}
}
- // Clean up any connections this application has to other services.
- for (int i=app.connections.size()-1; i>=0; i--) {
- ConnectionRecord r = app.connections.valueAt(i);
- removeConnectionLocked(r, app, null);
- }
- updateServiceConnectionActivitiesLocked(app);
- app.connections.clear();
-
ServiceMap smap = getServiceMap(app.userId);
// Now do remaining service cleanup.
@@ -2228,7 +2228,7 @@
EventLog.writeEvent(EventLogTags.AM_SERVICE_CRASHED_TOO_MUCH,
sr.userId, sr.crashCount, sr.shortName, app.pid);
bringDownServiceLocked(sr);
- } else if (!allowRestart) {
+ } else if (!allowRestart || !mAm.isUserRunningLocked(sr.userId, false)) {
bringDownServiceLocked(sr);
} else {
boolean canceled = scheduleServiceRestartLocked(sr, true);
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index f5a9847..09ebe60 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -2789,10 +2789,38 @@
if (!isolated) {
app = getProcessRecordLocked(processName, info.uid, keepIfLarge);
checkTime(startTime, "startProcess: after getProcessRecord");
+
+ if ((intentFlags & Intent.FLAG_FROM_BACKGROUND) != 0) {
+ // If we are in the background, then check to see if this process
+ // is bad. If so, we will just silently fail.
+ if (mBadProcesses.get(info.processName, info.uid) != null) {
+ if (DEBUG_PROCESSES) Slog.v(TAG, "Bad process: " + info.uid
+ + "/" + info.processName);
+ return null;
+ }
+ } else {
+ // When the user is explicitly starting a process, then clear its
+ // crash count so that we won't make it bad until they see at
+ // least one crash dialog again, and make the process good again
+ // if it had been bad.
+ if (DEBUG_PROCESSES) Slog.v(TAG, "Clearing bad process: " + info.uid
+ + "/" + info.processName);
+ mProcessCrashTimes.remove(info.processName, info.uid);
+ if (mBadProcesses.get(info.processName, info.uid) != null) {
+ EventLog.writeEvent(EventLogTags.AM_PROC_GOOD,
+ UserHandle.getUserId(info.uid), info.uid,
+ info.processName);
+ mBadProcesses.remove(info.processName, info.uid);
+ if (app != null) {
+ app.bad = false;
+ }
+ }
+ }
} else {
// If this is an isolated process, it can't re-use an existing process.
app = null;
}
+
// We don't have to do anything more if:
// (1) There is an existing application record; and
// (2) The caller doesn't think it is dead, OR there is no thread
@@ -2826,35 +2854,6 @@
String hostingNameStr = hostingName != null
? hostingName.flattenToShortString() : null;
- if (!isolated) {
- if ((intentFlags&Intent.FLAG_FROM_BACKGROUND) != 0) {
- // If we are in the background, then check to see if this process
- // is bad. If so, we will just silently fail.
- if (mBadProcesses.get(info.processName, info.uid) != null) {
- if (DEBUG_PROCESSES) Slog.v(TAG, "Bad process: " + info.uid
- + "/" + info.processName);
- return null;
- }
- } else {
- // When the user is explicitly starting a process, then clear its
- // crash count so that we won't make it bad until they see at
- // least one crash dialog again, and make the process good again
- // if it had been bad.
- if (DEBUG_PROCESSES) Slog.v(TAG, "Clearing bad process: " + info.uid
- + "/" + info.processName);
- mProcessCrashTimes.remove(info.processName, info.uid);
- if (mBadProcesses.get(info.processName, info.uid) != null) {
- EventLog.writeEvent(EventLogTags.AM_PROC_GOOD,
- UserHandle.getUserId(info.uid), info.uid,
- info.processName);
- mBadProcesses.remove(info.processName, info.uid);
- if (app != null) {
- app.bad = false;
- }
- }
- }
- }
-
if (app == null) {
checkTime(startTime, "startProcess: creating new process record");
app = newProcessRecordLocked(info, processName, isolated, isolatedUid);
@@ -4592,17 +4591,13 @@
finishInstrumentationLocked(app, Activity.RESULT_CANCELED, info);
}
- if (!restarting) {
- if (!mStackSupervisor.resumeTopActivitiesLocked()) {
- // If there was nothing to resume, and we are not already
- // restarting this process, but there is a visible activity that
- // is hosted by the process... then make sure all visible
- // activities are running, taking care of restarting this
- // process.
- if (hasVisibleActivities) {
- mStackSupervisor.ensureActivitiesVisibleLocked(null, 0);
- }
- }
+ if (!restarting && hasVisibleActivities && !mStackSupervisor.resumeTopActivitiesLocked()) {
+ // If there was nothing to resume, and we are not already
+ // restarting this process, but there is a visible activity that
+ // is hosted by the process... then make sure all visible
+ // activities are running, taking care of restarting this
+ // process.
+ mStackSupervisor.ensureActivitiesVisibleLocked(null, 0);
}
}
diff --git a/services/core/java/com/android/server/am/ActivityRecord.java b/services/core/java/com/android/server/am/ActivityRecord.java
index b1b2a5c..1497c1d 100755
--- a/services/core/java/com/android/server/am/ActivityRecord.java
+++ b/services/core/java/com/android/server/am/ActivityRecord.java
@@ -982,24 +982,21 @@
}
private ActivityRecord getWaitingHistoryRecordLocked() {
- // First find the real culprit... if we are waiting
- // for another app to start, then we have paused dispatching
- // for this activity.
- ActivityRecord r = this;
- if (r.waitingVisible) {
+ // First find the real culprit... if this activity is waiting for
+ // another activity to start or has stopped, then the key dispatching
+ // timeout should not be caused by this.
+ if (waitingVisible || stopped) {
final ActivityStack stack = mStackSupervisor.getFocusedStack();
- // Hmmm, who might we be waiting for?
- r = stack.mResumedActivity;
+ // Try to use the one which is closest to top.
+ ActivityRecord r = stack.mResumedActivity;
if (r == null) {
r = stack.mPausingActivity;
}
- // Both of those null? Fall back to 'this' again
- if (r == null) {
- r = this;
+ if (r != null) {
+ return r;
}
}
-
- return r;
+ return this;
}
public boolean keyDispatchingTimedOut(String reason) {
diff --git a/services/core/java/com/android/server/am/ActivityStack.java b/services/core/java/com/android/server/am/ActivityStack.java
index 6fb488a..ada16e7 100644
--- a/services/core/java/com/android/server/am/ActivityStack.java
+++ b/services/core/java/com/android/server/am/ActivityStack.java
@@ -3395,6 +3395,9 @@
if (DEBUG_CLEANUP) Slog.v(
TAG, "Record #" + i + " " + r + ": app=" + r.app);
if (r.app == app) {
+ if (r.visible) {
+ hasVisibleActivities = true;
+ }
boolean remove;
if ((!r.haveState && !r.stateNotNeeded) || r.finishing) {
// Don't currently have state for the activity, or
@@ -3436,9 +3439,6 @@
// it can be restarted later when needed.
if (localLOGV) Slog.v(
TAG, "Keeping entry, setting app to null");
- if (r.visible) {
- hasVisibleActivities = true;
- }
if (DEBUG_APP) Slog.v(TAG, "Clearing app during removeHistory for activity "
+ r);
r.app = null;
@@ -3905,16 +3905,18 @@
}
void getTasksLocked(List<RunningTaskInfo> list, int callingUid, boolean allowed) {
+ boolean focusedStack = mStackSupervisor.getFocusedStack() == this;
+ boolean topTask = true;
for (int taskNdx = mTaskHistory.size() - 1; taskNdx >= 0; --taskNdx) {
final TaskRecord task = mTaskHistory.get(taskNdx);
+ if (task.getTopActivity() == null) {
+ continue;
+ }
ActivityRecord r = null;
ActivityRecord top = null;
int numActivities = 0;
int numRunning = 0;
final ArrayList<ActivityRecord> activities = task.mActivities;
- if (activities.isEmpty()) {
- continue;
- }
if (!allowed && !task.isHomeTask() && task.effectiveUid != callingUid) {
continue;
}
@@ -3943,14 +3945,18 @@
ci.baseActivity = r.intent.getComponent();
ci.topActivity = top.intent.getComponent();
ci.lastActiveTime = task.lastActiveTime;
+ if (focusedStack && topTask) {
+ // Give the latest time to ensure foreground task can be sorted
+ // at the first, because lastActiveTime of creating task is 0.
+ ci.lastActiveTime = System.currentTimeMillis();
+ topTask = false;
+ }
if (top.task != null) {
ci.description = top.task.lastDescription;
}
ci.numActivities = numActivities;
ci.numRunning = numRunning;
- //System.out.println(
- // "#" + maxNum + ": " + " descr=" + ci.description);
list.add(ci);
}
}
diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index 27c5404..8ab2368 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -607,17 +607,21 @@
}
boolean allResumedActivitiesVisible() {
+ boolean foundResumed = false;
for (int displayNdx = mActivityDisplays.size() - 1; displayNdx >= 0; --displayNdx) {
ArrayList<ActivityStack> stacks = mActivityDisplays.valueAt(displayNdx).mStacks;
for (int stackNdx = stacks.size() - 1; stackNdx >= 0; --stackNdx) {
final ActivityStack stack = stacks.get(stackNdx);
final ActivityRecord r = stack.mResumedActivity;
- if (r != null && (!r.nowVisible || r.waitingVisible)) {
- return false;
+ if (r != null) {
+ if (!r.nowVisible || r.waitingVisible) {
+ return false;
+ }
+ foundResumed = true;
}
}
}
- return true;
+ return foundResumed;
}
/**
diff --git a/services/core/java/com/android/server/am/ProcessRecord.java b/services/core/java/com/android/server/am/ProcessRecord.java
index b18b057..466831a 100644
--- a/services/core/java/com/android/server/am/ProcessRecord.java
+++ b/services/core/java/com/android/server/am/ProcessRecord.java
@@ -420,7 +420,7 @@
tracker.getMemFactorLocked(), SystemClock.uptimeMillis(), pkgList);
origBase.makeInactive();
}
- baseProcessTracker = tracker.getProcessStateLocked(info.packageName, info.uid,
+ baseProcessTracker = tracker.getProcessStateLocked(info.packageName, uid,
info.versionCode, processName);
baseProcessTracker.makeActive();
for (int i=0; i<pkgList.size(); i++) {
@@ -428,7 +428,7 @@
if (holder.state != null && holder.state != origBase) {
holder.state.makeInactive();
}
- holder.state = tracker.getProcessStateLocked(pkgList.keyAt(i), info.uid,
+ holder.state = tracker.getProcessStateLocked(pkgList.keyAt(i), uid,
info.versionCode, processName);
if (holder.state != baseProcessTracker) {
holder.state.makeActive();
@@ -619,7 +619,7 @@
versionCode);
if (baseProcessTracker != null) {
holder.state = tracker.getProcessStateLocked(
- pkg, info.uid, versionCode, processName);
+ pkg, uid, versionCode, processName);
pkgList.put(pkg, holder);
if (holder.state != baseProcessTracker) {
holder.state.makeActive();
@@ -666,7 +666,7 @@
}
pkgList.clear();
ProcessStats.ProcessState ps = tracker.getProcessStateLocked(
- info.packageName, info.uid, info.versionCode, processName);
+ info.packageName, uid, info.versionCode, processName);
ProcessStats.ProcessStateHolder holder = new ProcessStats.ProcessStateHolder(
info.versionCode);
holder.state = ps;
diff --git a/services/core/java/com/android/server/pm/Installer.java b/services/core/java/com/android/server/pm/Installer.java
index 5cde8ea..b4a44a6 100644
--- a/services/core/java/com/android/server/pm/Installer.java
+++ b/services/core/java/com/android/server/pm/Installer.java
@@ -16,6 +16,7 @@
package com.android.server.pm;
+import android.annotation.Nullable;
import android.content.Context;
import android.content.pm.PackageStats;
import android.os.Build;
@@ -83,14 +84,15 @@
}
public int dexopt(String apkPath, int uid, boolean isPublic, String pkgName,
- String instructionSet, boolean vmSafeMode, boolean debuggable) {
+ String instructionSet, boolean vmSafeMode, boolean debuggable,
+ @Nullable String outputPath) {
if (!isValidInstructionSet(instructionSet)) {
Slog.e(TAG, "Invalid instruction set: " + instructionSet);
return -1;
}
return mInstaller.dexopt(apkPath, uid, isPublic, pkgName, instructionSet, vmSafeMode,
- debuggable);
+ debuggable, outputPath);
}
public int idmap(String targetApkPath, String overlayApkPath, int uid) {
@@ -134,6 +136,16 @@
return mInstaller.execute(builder.toString());
}
+ /**
+ * Removes packageDir or its subdirectory
+ */
+ public int rmPackageDir(String packageDir) {
+ StringBuilder builder = new StringBuilder("rmpackagedir");
+ builder.append(' ');
+ builder.append(packageDir);
+ return mInstaller.execute(builder.toString());
+ }
+
public int remove(String name, int userId) {
StringBuilder builder = new StringBuilder("remove");
builder.append(' ');
@@ -331,6 +343,15 @@
return (mInstaller.execute(builder.toString()) == 0);
}
+ public int createOatDir(String oatDir, String dexInstructionSet) {
+ StringBuilder builder = new StringBuilder("createoatdir");
+ builder.append(' ');
+ builder.append(oatDir);
+ builder.append(' ');
+ builder.append(dexInstructionSet);
+ return mInstaller.execute(builder.toString());
+ }
+
/**
* Returns true iff. {@code instructionSet} is a valid instruction set.
*/
diff --git a/services/core/java/com/android/server/pm/InstructionSets.java b/services/core/java/com/android/server/pm/InstructionSets.java
index 79e7a20..5092ebf 100644
--- a/services/core/java/com/android/server/pm/InstructionSets.java
+++ b/services/core/java/com/android/server/pm/InstructionSets.java
@@ -74,6 +74,7 @@
* a native bridge this might be different than the one shared libraries use.
*/
public static String getDexCodeInstructionSet(String sharedLibraryIsa) {
+ // TODO b/19550105 Build mapping once instead of querying each time
String dexCodeIsa = SystemProperties.get("ro.dalvik.vm.isa." + sharedLibraryIsa);
return TextUtils.isEmpty(dexCodeIsa) ? sharedLibraryIsa : dexCodeIsa;
}
@@ -111,4 +112,13 @@
return allInstructionSets;
}
+
+ public static String getPrimaryInstructionSet(ApplicationInfo info) {
+ if (info.primaryCpuAbi == null) {
+ return getPreferredInstructionSet();
+ }
+
+ return VMRuntime.getInstructionSet(info.primaryCpuAbi);
+ }
+
}
diff --git a/services/core/java/com/android/server/pm/PackageDexOptimizer.java b/services/core/java/com/android/server/pm/PackageDexOptimizer.java
index 2dbce0a..680ec4b 100644
--- a/services/core/java/com/android/server/pm/PackageDexOptimizer.java
+++ b/services/core/java/com/android/server/pm/PackageDexOptimizer.java
@@ -16,6 +16,7 @@
package com.android.server.pm;
+import android.annotation.Nullable;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageParser;
import android.os.UserHandle;
@@ -23,6 +24,7 @@
import android.util.Log;
import android.util.Slog;
+import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
@@ -38,7 +40,9 @@
* Helper class for running dexopt command on packages.
*/
final class PackageDexOptimizer {
- static final String TAG = "PackageManager.DexOptimizer";
+ private static final String TAG = "PackageManager.DexOptimizer";
+ static final String OAT_DIR_NAME = "oat";
+ // TODO b/19550105 Remove error codes and use exceptions
static final int DEX_OPT_SKIPPED = 0;
static final int DEX_OPT_PERFORMED = 1;
static final int DEX_OPT_DEFERRED = 2;
@@ -117,19 +121,30 @@
final byte isDexOptNeeded = DexFile.isDexOptNeededInternal(path,
pkg.packageName, dexCodeInstructionSet, defer);
if (forceDex || (!defer && isDexOptNeeded == DexFile.DEXOPT_NEEDED)) {
+ File oatDir = createOatDirIfSupported(pkg, dexCodeInstructionSet);
Log.i(TAG, "Running dexopt on: " + path + " pkg="
+ pkg.applicationInfo.packageName + " isa=" + dexCodeInstructionSet
- + " vmSafeMode=" + vmSafeMode + " debuggable=" + debuggable);
+ + " vmSafeMode=" + vmSafeMode + " debuggable=" + debuggable
+ + " oatDir = " + oatDir);
final int sharedGid = UserHandle.getSharedAppGid(pkg.applicationInfo.uid);
- final int ret = mPackageManagerService.mInstaller.dexopt(path, sharedGid,
- !pkg.isForwardLocked(), pkg.packageName, dexCodeInstructionSet,
- vmSafeMode, debuggable);
- if (ret < 0) {
- // Don't bother running dexopt again if we failed, it will probably
- // just result in an error again. Also, don't bother dexopting for other
- // paths & ISAs.
- return DEX_OPT_FAILED;
+ if (oatDir != null) {
+ int ret = mPackageManagerService.mInstaller.dexopt(
+ path, sharedGid, !pkg.isForwardLocked(), pkg.packageName,
+ dexCodeInstructionSet, vmSafeMode, debuggable,
+ oatDir.getAbsolutePath());
+ if (ret < 0) {
+ return DEX_OPT_FAILED;
+ }
+ } else {
+ final int ret = mPackageManagerService.mInstaller
+ .dexopt(path, sharedGid,
+ !pkg.isForwardLocked(), pkg.packageName,
+ dexCodeInstructionSet,
+ vmSafeMode, debuggable, null);
+ if (ret < 0) {
+ return DEX_OPT_FAILED;
+ }
}
performedDexOpt = true;
@@ -186,6 +201,36 @@
return performedDexOpt ? DEX_OPT_PERFORMED : DEX_OPT_SKIPPED;
}
+ /**
+ * Creates oat dir for the specified package. In certain cases oat directory
+ * <strong>cannot</strong> be created:
+ * <ul>
+ * <li>{@code pkg} is a system app, which is not updated.</li>
+ * <li>Package location is not a directory, i.e. monolithic install.</li>
+ * </ul>
+ *
+ * @return oat directory or null, if oat directory cannot be created.
+ */
+ @Nullable
+ private File createOatDirIfSupported(PackageParser.Package pkg, String dexInstructionSet)
+ throws IOException {
+ if (pkg.isSystemApp() && !pkg.isUpdatedSystemApp()) {
+ return null;
+ }
+ File codePath = new File(pkg.codePath);
+ if (codePath.isDirectory()) {
+ File oatDir = getOatDir(codePath);
+ mPackageManagerService.mInstaller.createOatDir(oatDir.getAbsolutePath(),
+ dexInstructionSet);
+ return oatDir;
+ }
+ return null;
+ }
+
+ static File getOatDir(File codePath) {
+ return new File(codePath, OAT_DIR_NAME);
+ }
+
private void performDexOptLibsLI(ArrayList<String> libs, String[] instructionSets,
boolean forceDex, boolean defer, ArraySet<String> done) {
for (String libName : libs) {
@@ -209,7 +254,7 @@
public void addPackageForDeferredDexopt(PackageParser.Package pkg) {
if (mDeferredDexOpt == null) {
- mDeferredDexOpt = new ArraySet<PackageParser.Package>();
+ mDeferredDexOpt = new ArraySet<>();
}
mDeferredDexOpt.add(pkg);
}
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index 2150e9a..95d7a52 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -53,7 +53,6 @@
import android.os.Binder;
import android.os.Bundle;
import android.os.Environment;
-import android.os.FileUtils;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.Looper;
@@ -225,9 +224,10 @@
for (File stage : unclaimedStages) {
Slog.w(TAG, "Deleting orphan stage " + stage);
if (stage.isDirectory()) {
- FileUtils.deleteContents(stage);
+ mPm.mInstaller.rmPackageDir(stage.getAbsolutePath());
+ } else {
+ stage.delete();
}
- stage.delete();
}
// Clean up orphaned icons
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index aba930f..bb8a785 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -59,6 +59,7 @@
import static com.android.server.pm.InstructionSets.getDexCodeInstructionSet;
import static com.android.server.pm.InstructionSets.getDexCodeInstructionSets;
import static com.android.server.pm.InstructionSets.getPreferredInstructionSet;
+import static com.android.server.pm.InstructionSets.getPrimaryInstructionSet;
import android.util.ArrayMap;
@@ -1872,9 +1873,10 @@
removeDataDirsLI(ps.name);
if (ps.codePath != null) {
if (ps.codePath.isDirectory()) {
- FileUtils.deleteContents(ps.codePath);
+ mInstaller.rmPackageDir(ps.codePath.getAbsolutePath());
+ } else {
+ ps.codePath.delete();
}
- ps.codePath.delete();
}
if (ps.resourcePath != null && !ps.resourcePath.equals(ps.codePath)) {
if (ps.resourcePath.isDirectory()) {
@@ -4190,9 +4192,10 @@
e.error == PackageManager.INSTALL_FAILED_INVALID_APK) {
logCriticalInfo(Log.WARN, "Deleting invalid package at " + file);
if (file.isDirectory()) {
- FileUtils.deleteContents(file);
+ mInstaller.rmPackageDir(file.getAbsolutePath());
+ } else {
+ file.delete();
}
- file.delete();
}
}
}
@@ -4640,7 +4643,7 @@
// Give priority to system apps.
for (Iterator<PackageParser.Package> it = pkgs.iterator(); it.hasNext();) {
PackageParser.Package pkg = it.next();
- if (isSystemApp(pkg) && !isUpdatedSystemApp(pkg)) {
+ if (isSystemApp(pkg) && !pkg.isUpdatedSystemApp()) {
if (DEBUG_DEXOPT) {
Log.i(TAG, "Adding system app " + sortedPkgs.size() + ": " + pkg.packageName);
}
@@ -4651,7 +4654,7 @@
// Give priority to updated system apps.
for (Iterator<PackageParser.Package> it = pkgs.iterator(); it.hasNext();) {
PackageParser.Package pkg = it.next();
- if (isUpdatedSystemApp(pkg)) {
+ if (pkg.isUpdatedSystemApp()) {
if (DEBUG_DEXOPT) {
Log.i(TAG, "Adding updated system app " + sortedPkgs.size() + ": " + pkg.packageName);
}
@@ -4772,14 +4775,6 @@
return performDexOpt(packageName, instructionSet, false);
}
- private static String getPrimaryInstructionSet(ApplicationInfo info) {
- if (info.primaryCpuAbi == null) {
- return getPreferredInstructionSet();
- }
-
- return VMRuntime.getInstructionSet(info.primaryCpuAbi);
- }
-
public boolean performDexOpt(String packageName, String instructionSet, boolean backgroundDexopt) {
boolean dexopt = mLazyDexOpt || backgroundDexopt;
boolean updateUsage = !backgroundDexopt; // Don't update usage if this is just a backgroundDexopt
@@ -5513,7 +5508,7 @@
final String path = scanFile.getPath();
final String codePath = pkg.applicationInfo.getCodePath();
final String cpuAbiOverride = deriveAbiOverride(pkg.cpuAbiOverride, pkgSetting);
- if (isSystemApp(pkg) && !isUpdatedSystemApp(pkg)) {
+ if (isSystemApp(pkg) && !pkg.isUpdatedSystemApp()) {
setBundledAppAbisAndRoots(pkg, pkgSetting);
// If we haven't found any native libraries for the app, check if it has
@@ -5728,7 +5723,6 @@
throw new PackageManagerException(INSTALL_FAILED_DEXOPT, "scanPackageLI");
}
}
-
if (mFactoryTest && pkg.requestedPermissions.contains(
android.Manifest.permission.FACTORY_TEST)) {
pkg.applicationInfo.flags |= ApplicationInfo.FLAG_FACTORY_TEST;
@@ -5744,7 +5738,7 @@
for (int i=0; i<pkg.libraryNames.size(); i++) {
String name = pkg.libraryNames.get(i);
boolean allowed = false;
- if (isUpdatedSystemApp(pkg)) {
+ if (pkg.isUpdatedSystemApp()) {
// New library entries can only be added through the
// system image. This is important to get rid of a lot
// of nasty edge cases: for example if we allowed a non-
@@ -6350,7 +6344,7 @@
final ApplicationInfo info = pkg.applicationInfo;
final String codePath = pkg.codePath;
final File codeFile = new File(codePath);
- final boolean bundledApp = isSystemApp(info) && !isUpdatedSystemApp(info);
+ final boolean bundledApp = info.isSystemApp() && !info.isUpdatedSystemApp();
final boolean asecApp = info.isForwardLocked() || isExternal(info);
info.nativeLibraryRootDir = null;
@@ -7002,7 +6996,7 @@
if (isSystemApp(pkg)) {
// For updated system applications, a system permission
// is granted only if it had been defined by the original application.
- if (isUpdatedSystemApp(pkg)) {
+ if (pkg.isUpdatedSystemApp()) {
final PackageSetting sysPs = mSettings
.getDisabledSystemPkgLPr(pkg.packageName);
final GrantedPermissions origGp = sysPs.sharedUser != null
@@ -7090,7 +7084,7 @@
}
public final void addActivity(PackageParser.Activity a, String type) {
- final boolean systemApp = isSystemApp(a.info.applicationInfo);
+ final boolean systemApp = a.info.applicationInfo.isSystemApp();
mActivities.put(a.getComponentName(), a);
if (DEBUG_SHOW_INFO)
Log.v(
@@ -7217,7 +7211,7 @@
} else {
res.icon = info.icon;
}
- res.system = isSystemApp(res.activityInfo.applicationInfo);
+ res.system = res.activityInfo.applicationInfo.isSystemApp();
return res;
}
@@ -7433,7 +7427,7 @@
res.labelRes = info.labelRes;
res.nonLocalizedLabel = info.nonLocalizedLabel;
res.icon = info.icon;
- res.system = isSystemApp(res.serviceInfo.applicationInfo);
+ res.system = res.serviceInfo.applicationInfo.isSystemApp();
return res;
}
@@ -7656,7 +7650,7 @@
res.labelRes = info.labelRes;
res.nonLocalizedLabel = info.nonLocalizedLabel;
res.icon = info.icon;
- res.system = isSystemApp(res.providerInfo.applicationInfo);
+ res.system = res.providerInfo.applicationInfo.isSystemApp();
return res;
}
@@ -9386,9 +9380,10 @@
}
if (codeFile.isDirectory()) {
- FileUtils.deleteContents(codeFile);
+ mInstaller.rmPackageDir(codeFile.getAbsolutePath());
+ } else {
+ codeFile.delete();
}
- codeFile.delete();
if (resourceFile != null && !FileUtils.contains(codeFile, resourceFile)) {
resourceFile.delete();
@@ -9830,22 +9825,6 @@
return result;
}
- // Utility method used to ignore ADD/REMOVE events
- // by directory observer.
- private static boolean ignoreCodePath(String fullPathStr) {
- String apkName = deriveCodePathName(fullPathStr);
- int idx = apkName.lastIndexOf(INSTALL_PACKAGE_SUFFIX);
- if (idx != -1 && ((idx+1) < apkName.length())) {
- // Make sure the package ends with a numeral
- String version = apkName.substring(idx+1);
- try {
- Integer.parseInt(version);
- return true;
- } catch (NumberFormatException e) {}
- }
- return false;
- }
-
// Utility method that returns the relative package path with respect
// to the installation directory. Like say for /data/data/com.test-1.apk
// string com.test-1 is returned.
@@ -10454,17 +10433,27 @@
return;
}
+ // Run dexopt before old package gets removed, to minimize time when app is not available
+ int result = mPackageDexOptimizer
+ .performDexOpt(pkg, null /* instruction sets */, true /* forceDex */,
+ false /* defer */, false /* inclDependencies */);
+ if (result == PackageDexOptimizer.DEX_OPT_FAILED) {
+ res.setError(INSTALL_FAILED_DEXOPT, "Dexopt failed for " + pkg.codePath);
+ return;
+ }
+
if (!args.doRename(res.returnCode, pkg, oldCodePath)) {
res.setError(INSTALL_FAILED_INSUFFICIENT_STORAGE, "Failed rename");
return;
}
+ // Call with SCAN_NO_DEX, since dexopt has already been made
if (replace) {
- replacePackageLI(pkg, parseFlags, scanFlags | SCAN_REPLACING, args.user,
+ replacePackageLI(pkg, parseFlags, scanFlags | SCAN_REPLACING | SCAN_NO_DEX, args.user,
installerPackageName, res);
} else {
- installNewPackageLI(pkg, parseFlags, scanFlags | SCAN_DELETE_DATA_ON_FAILURES,
- args.user, installerPackageName, res);
+ installNewPackageLI(pkg, parseFlags, scanFlags | SCAN_DELETE_DATA_ON_FAILURES
+ | SCAN_NO_DEX, args.user, installerPackageName, res);
}
synchronized (mPackages) {
final PackageSetting ps = mSettings.mPackages.get(pkgName);
@@ -10502,10 +10491,6 @@
return (pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0;
}
- private static boolean isSystemApp(ApplicationInfo info) {
- return (info.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
- }
-
private static boolean isSystemApp(PackageSetting ps) {
return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0;
}
@@ -10514,14 +10499,6 @@
return (ps.pkgFlags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
}
- private static boolean isUpdatedSystemApp(PackageParser.Package pkg) {
- return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
- }
-
- private static boolean isUpdatedSystemApp(ApplicationInfo info) {
- return (info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
- }
-
private int packageFlagsToInstallFlags(PackageSetting ps) {
int installFlags = 0;
if (isExternal(ps)) {
diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java
index de7cb33..8008064 100644
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -504,7 +504,12 @@
int mLastDisplayFreezeDuration = 0;
Object mLastFinishedFreezeSource = null;
boolean mWaitingForConfig = false;
- boolean mWindowsFreezingScreen = false;
+
+ final static int WINDOWS_FREEZING_SCREENS_NONE = 0;
+ final static int WINDOWS_FREEZING_SCREENS_ACTIVE = 1;
+ final static int WINDOWS_FREEZING_SCREENS_TIMEOUT = 2;
+ private int mWindowsFreezingScreen = WINDOWS_FREEZING_SCREENS_NONE;
+
boolean mClientFreezingScreen = false;
int mAppsFreezingScreen = 0;
int mLastWindowForcedOrientation = ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED;
@@ -4761,7 +4766,7 @@
if (mAppsFreezingScreen == 1) {
startFreezingDisplayLocked(false, 0, 0);
mH.removeMessages(H.APP_FREEZE_TIMEOUT);
- mH.sendEmptyMessageDelayed(H.APP_FREEZE_TIMEOUT, 5000);
+ mH.sendEmptyMessageDelayed(H.APP_FREEZE_TIMEOUT, 2000);
}
}
final int N = wtoken.allAppWindows.size();
@@ -6550,7 +6555,7 @@
mAltOrientation = altOrientation;
mPolicy.setRotationLw(mRotation);
- mWindowsFreezingScreen = true;
+ mWindowsFreezingScreen = WINDOWS_FREEZING_SCREENS_ACTIVE;
mH.removeMessages(H.WINDOW_FREEZE_TIMEOUT);
mH.sendEmptyMessageDelayed(H.WINDOW_FREEZE_TIMEOUT, WINDOW_FREEZE_TIMEOUT_DURATION);
mWaitingForConfig = true;
@@ -7920,6 +7925,7 @@
// TODO(multidisplay): Can non-default displays rotate?
synchronized (mWindowMap) {
Slog.w(TAG, "Window freeze timeout expired.");
+ mWindowsFreezingScreen = WINDOWS_FREEZING_SCREENS_TIMEOUT;
final WindowList windows = getDefaultWindowListLocked();
int i = windows.size();
while (i > 0) {
@@ -7991,6 +7997,7 @@
case APP_FREEZE_TIMEOUT: {
synchronized (mWindowMap) {
Slog.w(TAG, "App freeze timeout expired.");
+ mWindowsFreezingScreen = WINDOWS_FREEZING_SCREENS_TIMEOUT;
final int numStacks = mStackIdToStack.size();
for (int stackNdx = 0; stackNdx < numStacks; ++stackNdx) {
final TaskStack stack = mStackIdToStack.valueAt(stackNdx);
@@ -9081,8 +9088,8 @@
w.mOrientationChanging = true;
w.mLastFreezeDuration = 0;
mInnerFields.mOrientationChangeComplete = false;
- if (!mWindowsFreezingScreen) {
- mWindowsFreezingScreen = true;
+ if (mWindowsFreezingScreen == WINDOWS_FREEZING_SCREENS_NONE) {
+ mWindowsFreezingScreen = WINDOWS_FREEZING_SCREENS_ACTIVE;
// XXX should probably keep timeout from
// when we first froze the display.
mH.removeMessages(H.WINDOW_FREEZE_TIMEOUT);
@@ -10107,8 +10114,8 @@
"With display frozen, orientationChangeComplete="
+ mInnerFields.mOrientationChangeComplete);
if (mInnerFields.mOrientationChangeComplete) {
- if (mWindowsFreezingScreen) {
- mWindowsFreezingScreen = false;
+ if (mWindowsFreezingScreen != WINDOWS_FREEZING_SCREENS_NONE) {
+ mWindowsFreezingScreen = WINDOWS_FREEZING_SCREENS_NONE;
mLastFinishedFreezeSource = mInnerFields.mLastWindowFreezeSource;
mH.removeMessages(H.WINDOW_FREEZE_TIMEOUT);
}
@@ -10394,7 +10401,7 @@
} else {
mInnerFields.mOrientationChangeComplete = true;
mInnerFields.mLastWindowFreezeSource = mAnimator.mLastWindowFreezeSource;
- if (mWindowsFreezingScreen) {
+ if (mWindowsFreezingScreen != WINDOWS_FREEZING_SCREENS_NONE) {
doRequest = true;
}
}
@@ -10739,7 +10746,8 @@
return;
}
- if (mWaitingForConfig || mAppsFreezingScreen > 0 || mWindowsFreezingScreen
+ if (mWaitingForConfig || mAppsFreezingScreen > 0
+ || mWindowsFreezingScreen == WINDOWS_FREEZING_SCREENS_ACTIVE
|| mClientFreezingScreen || !mOpeningApps.isEmpty()) {
if (DEBUG_ORIENTATION) Slog.d(TAG,
"stopFreezingDisplayLocked: Returning mWaitingForConfig=" + mWaitingForConfig
diff --git a/services/core/java/com/android/server/wm/WindowState.java b/services/core/java/com/android/server/wm/WindowState.java
index 978f5c3..938c1ce 100644
--- a/services/core/java/com/android/server/wm/WindowState.java
+++ b/services/core/java/com/android/server/wm/WindowState.java
@@ -1434,6 +1434,11 @@
mOrientationChanging = false;
mLastFreezeDuration = (int)(SystemClock.elapsedRealtime()
- mService.mDisplayFreezeTime);
+ // We are assuming the hosting process is dead or in a zombie state.
+ Slog.w(TAG, "Failed to report 'resized' to the client of " + this
+ + ", removing this window.");
+ mService.mPendingRemove.add(this);
+ mService.requestTraversalLocked();
}
}
diff --git a/tools/aapt/Resource.cpp b/tools/aapt/Resource.cpp
index 36299c2..38d10cf 100644
--- a/tools/aapt/Resource.cpp
+++ b/tools/aapt/Resource.cpp
@@ -22,7 +22,7 @@
// STATUST: mingw does seem to redefine UNKNOWN_ERROR from our enum value, so a cast is necessary.
-#if HAVE_PRINTF_ZD
+#if !defined(_WIN32)
# define ZD "%zd"
# define ZD_TYPE ssize_t
# define STATUST(x) x
diff --git a/tools/aapt/ResourceTable.cpp b/tools/aapt/ResourceTable.cpp
index 941a288..24f8168 100644
--- a/tools/aapt/ResourceTable.cpp
+++ b/tools/aapt/ResourceTable.cpp
@@ -20,7 +20,7 @@
// SSIZE: mingw does not have signed size_t == ssize_t.
// STATUST: mingw does seem to redefine UNKNOWN_ERROR from our enum value, so a cast is necessary.
-#if HAVE_PRINTF_ZD
+#if !defined(_WIN32)
# define SSIZE(x) x
# define STATUST(x) x
#else
diff --git a/tools/aapt/StringPool.cpp b/tools/aapt/StringPool.cpp
index a18e9f1..9908c44 100644
--- a/tools/aapt/StringPool.cpp
+++ b/tools/aapt/StringPool.cpp
@@ -13,7 +13,7 @@
#include "ResourceTable.h"
// SSIZE: mingw does not have signed size_t == ssize_t.
-#if HAVE_PRINTF_ZD
+#if !defined(_WIN32)
# define ZD "%zd"
# define ZD_TYPE ssize_t
# define SSIZE(x) x
diff --git a/tools/aapt/XMLNode.cpp b/tools/aapt/XMLNode.cpp
index b38b2ed..9033cf7 100644
--- a/tools/aapt/XMLNode.cpp
+++ b/tools/aapt/XMLNode.cpp
@@ -18,7 +18,7 @@
// SSIZE: mingw does not have signed size_t == ssize_t.
// STATUST: mingw does seem to redefine UNKNOWN_ERROR from our enum value, so a cast is necessary.
-#if HAVE_PRINTF_ZD
+#if !defined(_WIN32)
# define SSIZE(x) x
# define STATUST(x) x
#else