Merge "Fix child windows of windows with surface insets"
diff --git a/Android.mk b/Android.mk
index 1f37326..a19f2d9 100644
--- a/Android.mk
+++ b/Android.mk
@@ -40,6 +40,10 @@
frameworks/base/telephony/java/android/telephony/mbms/StreamingServiceInfo.aidl \
frameworks/base/telephony/java/android/telephony/ServiceState.aidl \
frameworks/base/telephony/java/android/telephony/SubscriptionInfo.aidl \
+ frameworks/base/telephony/java/android/telephony/CellIdentityCdma.aidl \
+ frameworks/base/telephony/java/android/telephony/CellIdentityGsm.aidl \
+ frameworks/base/telephony/java/android/telephony/CellIdentityLte.aidl \
+ frameworks/base/telephony/java/android/telephony/CellIdentityWcdma.aidl \
frameworks/base/telephony/java/android/telephony/CellInfo.aidl \
frameworks/base/telephony/java/android/telephony/SignalStrength.aidl \
frameworks/base/telephony/java/android/telephony/IccOpenLogicalChannelResponse.aidl \
diff --git a/cmds/statsd/src/StatsService.cpp b/cmds/statsd/src/StatsService.cpp
index dab3880..76e2e48 100644
--- a/cmds/statsd/src/StatsService.cpp
+++ b/cmds/statsd/src/StatsService.cpp
@@ -733,7 +733,10 @@
string keyString = string(String8(key).string());
ConfigKey configKey(ipc->getCallingUid(), keyString);
StatsdConfig cfg;
- cfg.ParseFromArray(&config[0], config.size());
+ if (!cfg.ParseFromArray(&config[0], config.size())) {
+ *success = false;
+ return Status::ok();
+ }
mConfigManager->UpdateConfig(configKey, cfg);
mConfigManager->SetConfigReceiver(configKey, string(String8(package).string()),
string(String8(cls).string()));
diff --git a/core/java/android/os/Binder.java b/core/java/android/os/Binder.java
index b7a4645..33470f3 100644
--- a/core/java/android/os/Binder.java
+++ b/core/java/android/os/Binder.java
@@ -35,6 +35,9 @@
import java.lang.ref.WeakReference;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
/**
* Base class for a remotable object, the core part of a lightweight
@@ -901,17 +904,62 @@
keyArray[size] = key;
}
if (size >= mWarnBucketSize) {
- final int total_size = size();
+ final int totalSize = size();
Log.v(Binder.TAG, "BinderProxy map growth! bucket size = " + size
- + " total = " + total_size);
+ + " total = " + totalSize);
mWarnBucketSize += WARN_INCREMENT;
- if (Build.IS_DEBUGGABLE && total_size > CRASH_AT_SIZE) {
- throw new AssertionError("Binder ProxyMap has too many entries. "
- + "BinderProxy leak?");
+ if (Build.IS_DEBUGGABLE && totalSize > CRASH_AT_SIZE) {
+ diagnosticCrash();
}
}
}
+ /**
+ * Dump a histogram to the logcat, then throw an assertion error. Used to diagnose
+ * abnormally large proxy maps.
+ */
+ private void diagnosticCrash() {
+ Map<String, Integer> counts = new HashMap<>();
+ for (ArrayList<WeakReference<BinderProxy>> a : mMainIndexValues) {
+ if (a != null) {
+ for (WeakReference<BinderProxy> weakRef : a) {
+ BinderProxy bp = weakRef.get();
+ String key;
+ if (bp == null) {
+ key = "<cleared weak-ref>";
+ } else {
+ try {
+ key = bp.getInterfaceDescriptor();
+ } catch (Throwable t) {
+ key = "<exception during getDescriptor>";
+ }
+ }
+ Integer i = counts.get(key);
+ if (i == null) {
+ counts.put(key, 1);
+ } else {
+ counts.put(key, i + 1);
+ }
+ }
+ }
+ }
+ Map.Entry<String, Integer>[] sorted = counts.entrySet().toArray(
+ new Map.Entry[counts.size()]);
+ Arrays.sort(sorted, (Map.Entry<String, Integer> a, Map.Entry<String, Integer> b)
+ -> b.getValue().compareTo(a.getValue()));
+ Log.v(Binder.TAG, "BinderProxy descriptor histogram (top ten):");
+ int printLength = Math.min(10, sorted.length);
+ for (int i = 0; i < printLength; i++) {
+ Log.v(Binder.TAG, " #" + (i + 1) + ": " + sorted[i].getKey() + " x"
+ + sorted[i].getValue());
+ }
+
+ // Now throw an assertion.
+ final int totalSize = size();
+ throw new AssertionError("Binder ProxyMap has too many entries: " + totalSize
+ + ". BinderProxy leak?");
+ }
+
// Corresponding ArrayLists in the following two arrays always have the same size.
// They contain no empty entries. However WeakReferences in the values ArrayLists
// may have been cleared.
diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl
index 42282ac..57477f5 100644
--- a/core/java/android/security/IKeystoreService.aidl
+++ b/core/java/android/security/IKeystoreService.aidl
@@ -56,7 +56,7 @@
int clear_uid(long uid);
// Keymaster 0.4 methods
- int addRngEntropy(in byte[] data);
+ int addRngEntropy(in byte[] data, int flags);
int generateKey(String alias, in KeymasterArguments arguments, in byte[] entropy, int uid,
int flags, out KeyCharacteristics characteristics);
int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appId,
@@ -78,4 +78,8 @@
int attestKey(String alias, in KeymasterArguments params, out KeymasterCertificateChain chain);
int attestDeviceIds(in KeymasterArguments params, out KeymasterCertificateChain chain);
int onDeviceOffBody();
+ int importWrappedKey(in String wrappedKeyAlias, in byte[] wrappedKey,
+ in String wrappingKeyAlias, in byte[] maskingKey, in KeymasterArguments arguments,
+ in long rootSid, in long fingerprintSid,
+ out KeyCharacteristics characteristics);
}
diff --git a/core/java/android/security/recoverablekeystore/RecoverableKeyStoreLoader.java b/core/java/android/security/recoverablekeystore/RecoverableKeyStoreLoader.java
index d8fb03f..72a138a 100644
--- a/core/java/android/security/recoverablekeystore/RecoverableKeyStoreLoader.java
+++ b/core/java/android/security/recoverablekeystore/RecoverableKeyStoreLoader.java
@@ -45,6 +45,8 @@
public static final int NO_ERROR = KeyStore.NO_ERROR;
public static final int SYSTEM_ERROR = KeyStore.SYSTEM_ERROR;
public static final int UNINITIALIZED_RECOVERY_PUBLIC_KEY = 20;
+ public static final int NO_SNAPSHOT_PENDING_ERROR = 21;
+
/**
* Rate limit is enforced to prevent using too many trusted remote devices, since each device
* can have its own number of user secret guesses allowed.
diff --git a/core/java/com/android/internal/util/function/pooled/PooledLambda.java b/core/java/com/android/internal/util/function/pooled/PooledLambda.java
index 17b140d..87c25e9 100755
--- a/core/java/com/android/internal/util/function/pooled/PooledLambda.java
+++ b/core/java/com/android/internal/util/function/pooled/PooledLambda.java
@@ -59,6 +59,21 @@
* You can fill the 'missing argument' spot with {@link #__()}
* (which is the factory function for {@link ArgumentPlaceholder})
*
+ * NOTE: It is highly recommended to <b>only</b> use {@code ClassName::methodName}
+ * (aka unbounded method references) as the 1st argument for any of the
+ * factories ({@code obtain*(...)}) to avoid unwanted allocations.
+ * This means <b>not</b> using:
+ * <ul>
+ * <li>{@code someVar::methodName} or {@code this::methodName} as it captures the reference
+ * on the left of {@code ::}, resulting in an allocation on each evaluation of such
+ * bounded method references</li>
+ *
+ * <li>A lambda expression, e.g. {@code () -> toString()} due to how easy it is to accidentally
+ * capture state from outside. In the above lambda expression for example, no variable from
+ * outer scope is explicitly mentioned, yet one is still captured due to {@code toString()}
+ * being an equivalent of {@code this.toString()}</li>
+ * </ul>
+ *
* @hide
*/
@SuppressWarnings({"unchecked", "unused", "WeakerAccess"})
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 399dddd..fabcdf0 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -95,6 +95,16 @@
public static final int FLAG_ENCRYPTED = 1;
/**
+ * Select Software keymaster device, which as of this writing is the lowest security
+ * level available on an android device. If neither FLAG_STRONGBOX nor FLAG_SOFTWARE is provided
+ * A TEE based keymaster implementation is implied.
+ *
+ * Need to be in sync with KeyStoreFlag in system/security/keystore/include/keystore/keystore.h
+ * For historical reasons this corresponds to the KEYSTORE_FLAG_FALLBACK flag.
+ */
+ public static final int FLAG_SOFTWARE = 1 << 1;
+
+ /**
* A private flag that's only available to system server to indicate that this key is part of
* device encryption flow so it receives special treatment from keystore. For example this key
* will not be super encrypted, and it will be stored separately under an unique UID instead
@@ -104,6 +114,16 @@
*/
public static final int FLAG_CRITICAL_TO_DEVICE_ENCRYPTION = 1 << 3;
+ /**
+ * Select Strongbox keymaster device, which as of this writing the the highest security level
+ * available an android devices. If neither FLAG_STRONGBOX nor FLAG_SOFTWARE is provided
+ * A TEE based keymaster implementation is implied.
+ *
+ * Need to be in sync with KeyStoreFlag in system/security/keystore/include/keystore/keystore.h
+ */
+ public static final int FLAG_STRONGBOX = 1 << 4;
+
+
// States
public enum State { UNLOCKED, LOCKED, UNINITIALIZED };
@@ -440,9 +460,9 @@
return mError;
}
- public boolean addRngEntropy(byte[] data) {
+ public boolean addRngEntropy(byte[] data, int flags) {
try {
- return mBinder.addRngEntropy(data) == NO_ERROR;
+ return mBinder.addRngEntropy(data, flags) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/NotificationLockscreenUserManager.java b/packages/SystemUI/src/com/android/systemui/statusbar/NotificationLockscreenUserManager.java
index 06e7f0a..bcdc269 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/NotificationLockscreenUserManager.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/NotificationLockscreenUserManager.java
@@ -108,29 +108,15 @@
// Start the overview connection to the launcher service
Dependency.get(OverviewProxyService.class).startConnectionToCurrentUser();
} else if (Intent.ACTION_USER_PRESENT.equals(action)) {
- List<ActivityManager.RecentTaskInfo> recentTask = null;
try {
- recentTask = ActivityManager.getService().getRecentTasks(1,
- ActivityManager.RECENT_WITH_EXCLUDED,
- mCurrentUserId).getList();
+ final int lastResumedActivityUserId =
+ ActivityManager.getService().getLastResumedActivityUserId();
+ if (mUserManager.isManagedProfile(lastResumedActivityUserId)) {
+ showForegroundManagedProfileActivityToast();
+ }
} catch (RemoteException e) {
// Abandon hope activity manager not running.
}
- if (recentTask != null && recentTask.size() > 0) {
- UserInfo user = mUserManager.getUserInfo(recentTask.get(0).userId);
- if (user != null && user.isManagedProfile()) {
- Toast toast = Toast.makeText(mContext,
- R.string.managed_profile_foreground_toast,
- Toast.LENGTH_SHORT);
- TextView text = toast.getView().findViewById(android.R.id.message);
- text.setCompoundDrawablesRelativeWithIntrinsicBounds(
- R.drawable.stat_sys_managed_profile_status, 0, 0, 0);
- int paddingPx = mContext.getResources().getDimensionPixelSize(
- R.dimen.managed_profile_toast_padding);
- text.setCompoundDrawablePadding(paddingPx);
- toast.show();
- }
- }
} else if (NOTIFICATION_UNLOCKED_BY_WORK_CHALLENGE_ACTION.equals(action)) {
final IntentSender intentSender = intent.getParcelableExtra(Intent.EXTRA_INTENT);
final String notificationKey = intent.getStringExtra(Intent.EXTRA_INDEX);
@@ -245,6 +231,19 @@
mSettingsObserver.onChange(false); // set up
}
+ private void showForegroundManagedProfileActivityToast() {
+ Toast toast = Toast.makeText(mContext,
+ R.string.managed_profile_foreground_toast,
+ Toast.LENGTH_SHORT);
+ TextView text = toast.getView().findViewById(android.R.id.message);
+ text.setCompoundDrawablesRelativeWithIntrinsicBounds(
+ R.drawable.stat_sys_managed_profile_status, 0, 0, 0);
+ int paddingPx = mContext.getResources().getDimensionPixelSize(
+ R.dimen.managed_profile_toast_padding);
+ text.setCompoundDrawablePadding(paddingPx);
+ toast.show();
+ }
+
public boolean shouldShowLockscreenNotifications() {
return mShowLockscreenNotifications;
}
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java
index 3434eee..6de2445 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java
@@ -16,14 +16,20 @@
package com.android.server.locksettings.recoverablekeystore;
+import static android.security.recoverablekeystore.KeyStoreRecoveryMetadata.TYPE_LOCKSCREEN;
+
import android.annotation.NonNull;
import android.content.Context;
+import android.security.recoverablekeystore.KeyDerivationParameters;
+import android.security.recoverablekeystore.KeyEntryRecoveryData;
+import android.security.recoverablekeystore.KeyStoreRecoveryData;
import android.security.recoverablekeystore.KeyStoreRecoveryMetadata;
import android.util.Log;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.widget.LockPatternUtils;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb;
+import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
@@ -36,6 +42,8 @@
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Map;
import javax.crypto.KeyGenerator;
@@ -58,31 +66,29 @@
private final RecoverableKeyStoreDb mRecoverableKeyStoreDb;
private final int mUserId;
- private final RecoverableSnapshotConsumer mSnapshotConsumer;
private final int mCredentialType;
private final String mCredential;
private final PlatformKeyManager.Factory mPlatformKeyManagerFactory;
- private final VaultKeySupplier mVaultKeySupplier;
+ private final RecoverySnapshotStorage mRecoverySnapshotStorage;
+ private final RecoverySnapshotListenersStorage mSnapshotListenersStorage;
public static KeySyncTask newInstance(
Context context,
RecoverableKeyStoreDb recoverableKeyStoreDb,
+ RecoverySnapshotStorage snapshotStorage,
+ RecoverySnapshotListenersStorage recoverySnapshotListenersStorage,
int userId,
int credentialType,
String credential
) throws NoSuchAlgorithmException, KeyStoreException, InsecureUserException {
return new KeySyncTask(
recoverableKeyStoreDb,
+ snapshotStorage,
+ recoverySnapshotListenersStorage,
userId,
credentialType,
credential,
- () -> PlatformKeyManager.getInstance(context, recoverableKeyStoreDb, userId),
- (salt, recoveryKey, applicationKeys) -> {
- // TODO: implement sending intent
- },
- () -> {
- throw new UnsupportedOperationException("Not implemented vault key.");
- });
+ () -> PlatformKeyManager.getInstance(context, recoverableKeyStoreDb, userId));
}
/**
@@ -99,19 +105,19 @@
@VisibleForTesting
KeySyncTask(
RecoverableKeyStoreDb recoverableKeyStoreDb,
+ RecoverySnapshotStorage snapshotStorage,
+ RecoverySnapshotListenersStorage recoverySnapshotListenersStorage,
int userId,
int credentialType,
String credential,
- PlatformKeyManager.Factory platformKeyManagerFactory,
- RecoverableSnapshotConsumer snapshotConsumer,
- VaultKeySupplier vaultKeySupplier) {
+ PlatformKeyManager.Factory platformKeyManagerFactory) {
+ mSnapshotListenersStorage = recoverySnapshotListenersStorage;
mRecoverableKeyStoreDb = recoverableKeyStoreDb;
mUserId = userId;
mCredentialType = credentialType;
mCredential = credential;
mPlatformKeyManagerFactory = platformKeyManagerFactory;
- mSnapshotConsumer = snapshotConsumer;
- mVaultKeySupplier = vaultKeySupplier;
+ mRecoverySnapshotStorage = snapshotStorage;
}
@Override
@@ -129,6 +135,24 @@
return;
}
+ int recoveryAgentUid = mRecoverableKeyStoreDb.getRecoveryAgentUid(mUserId);
+ if (recoveryAgentUid == -1) {
+ Log.w(TAG, "No recovery agent initialized for user " + mUserId);
+ return;
+ }
+
+ if (!mSnapshotListenersStorage.hasListener(recoveryAgentUid)) {
+ Log.w(TAG, "No pending intent registered for recovery agent " + recoveryAgentUid);
+ return;
+ }
+
+ PublicKey publicKey = getVaultPublicKey();
+
+ if (publicKey == null) {
+ Log.w(TAG, "Not initialized for KeySync: no public key set. Cancelling task.");
+ return;
+ }
+
byte[] salt = generateSalt();
byte[] localLskfHash = hashCredentials(salt, mCredential);
@@ -173,7 +197,7 @@
byte[] encryptedRecoveryKey;
try {
encryptedRecoveryKey = KeySyncUtils.thmEncryptRecoveryKey(
- mVaultKeySupplier.get(),
+ publicKey,
localLskfHash,
vaultParams,
recoveryKey);
@@ -185,12 +209,25 @@
return;
}
- mSnapshotConsumer.accept(salt, encryptedRecoveryKey, encryptedApplicationKeys);
+ KeyStoreRecoveryMetadata metadata = new KeyStoreRecoveryMetadata(
+ /*userSecretType=*/ TYPE_LOCKSCREEN,
+ /*lockScreenUiFormat=*/ mCredentialType,
+ /*keyDerivationParameters=*/ KeyDerivationParameters.createSHA256Parameters(salt),
+ /*secret=*/ new byte[0]);
+ ArrayList<KeyStoreRecoveryMetadata> metadataList = new ArrayList<>();
+ metadataList.add(metadata);
+
+ // TODO: implement snapshot version
+ mRecoverySnapshotStorage.put(mUserId, new KeyStoreRecoveryData(
+ /*snapshotVersion=*/ 1,
+ /*recoveryMetadata=*/ metadataList,
+ /*applicationKeyBlobs=*/ createApplicationKeyEntries(encryptedApplicationKeys),
+ /*encryptedRecoveryKeyblob=*/ encryptedRecoveryKey));
+ mSnapshotListenersStorage.recoverySnapshotAvailable(recoveryAgentUid);
}
private PublicKey getVaultPublicKey() {
- // TODO: fill this in
- throw new UnsupportedOperationException("TODO: get vault public key.");
+ return mRecoverableKeyStoreDb.getRecoveryServicePublicKey(mUserId);
}
/**
@@ -290,21 +327,15 @@
return keyGenerator.generateKey();
}
- /**
- * TODO: just replace with the Intent call. I'm not sure exactly what this looks like, hence
- * this interface, so I can test in the meantime.
- */
- public interface RecoverableSnapshotConsumer {
- void accept(
- byte[] salt,
- byte[] encryptedRecoveryKey,
- Map<String, byte[]> encryptedApplicationKeys);
- }
-
- /**
- * TODO: until this is in the database, so we can test.
- */
- public interface VaultKeySupplier {
- PublicKey get();
+ private static List<KeyEntryRecoveryData> createApplicationKeyEntries(
+ Map<String, byte[]> encryptedApplicationKeys) {
+ ArrayList<KeyEntryRecoveryData> keyEntries = new ArrayList<>();
+ for (String alias : encryptedApplicationKeys.keySet()) {
+ keyEntries.add(
+ new KeyEntryRecoveryData(
+ alias.getBytes(StandardCharsets.UTF_8),
+ encryptedApplicationKeys.get(alias)));
+ }
+ return keyEntries;
}
}
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/ListenersStorage.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/ListenersStorage.java
deleted file mode 100644
index 0f17294..0000000
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/ListenersStorage.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.server.locksettings.recoverablekeystore;
-
-import android.annotation.Nullable;
-import android.app.PendingIntent;
-
-import com.android.internal.annotations.VisibleForTesting;
-
-import java.util.Map;
-import java.util.HashMap;
-
-/**
- * In memory storage for listeners to be notified when new recovery snapshot is available.
- * Note: implementation is not thread safe and it is used to mock final {@link PendingIntent}
- * class.
- *
- * @hide
- */
-public class ListenersStorage {
- private Map<Integer, PendingIntent> mAgentIntents = new HashMap<>();
-
- private static final ListenersStorage mInstance = new ListenersStorage();
- public static ListenersStorage getInstance() {
- return mInstance;
- }
-
- /**
- * Sets new listener for the recovery agent, identified by {@code uid}
- *
- * @param recoveryAgentUid uid
- * @param intent PendingIntent which will be triggered than new snapshot is available.
- */
- public void setSnapshotListener(int recoveryAgentUid, @Nullable PendingIntent intent) {
- mAgentIntents.put(recoveryAgentUid, intent);
- }
-
- /**
- * Notifies recovery agent, that new snapshot is available.
- * Does nothing if a listener was not registered.
- *
- * @param recoveryAgentUid uid.
- */
- public void recoverySnapshotAvailable(int recoveryAgentUid) {
- PendingIntent intent = mAgentIntents.get(recoveryAgentUid);
- if (intent != null) {
- try {
- intent.send();
- } catch (PendingIntent.CanceledException e) {
- // Ignore - sending intent is not allowed.
- }
- }
- }
-}
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
index 426dc8a..fe1cad4 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
@@ -34,6 +34,7 @@
import com.android.internal.annotations.VisibleForTesting;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage;
+import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
@@ -44,7 +45,6 @@
import java.security.UnrecoverableKeyException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
-import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
@@ -73,8 +73,9 @@
private final RecoverableKeyStoreDb mDatabase;
private final RecoverySessionStorage mRecoverySessionStorage;
private final ExecutorService mExecutorService;
- private final ListenersStorage mListenersStorage;
+ private final RecoverySnapshotListenersStorage mListenersStorage;
private final RecoverableKeyGenerator mRecoverableKeyGenerator;
+ private final RecoverySnapshotStorage mSnapshotStorage;
/**
* Returns a new or existing instance.
@@ -89,7 +90,8 @@
db,
new RecoverySessionStorage(),
Executors.newSingleThreadExecutor(),
- ListenersStorage.getInstance());
+ new RecoverySnapshotStorage(),
+ new RecoverySnapshotListenersStorage());
}
return mInstance;
}
@@ -100,12 +102,14 @@
RecoverableKeyStoreDb recoverableKeyStoreDb,
RecoverySessionStorage recoverySessionStorage,
ExecutorService executorService,
- ListenersStorage listenersStorage) {
+ RecoverySnapshotStorage snapshotStorage,
+ RecoverySnapshotListenersStorage listenersStorage) {
mContext = context;
mDatabase = recoverableKeyStoreDb;
mRecoverySessionStorage = recoverySessionStorage;
mExecutorService = executorService;
mListenersStorage = listenersStorage;
+ mSnapshotStorage = snapshotStorage;
try {
mRecoverableKeyGenerator = RecoverableKeyGenerator.newInstance(mDatabase);
} catch (NoSuchAlgorithmException e) {
@@ -143,24 +147,12 @@
public @NonNull KeyStoreRecoveryData getRecoveryData(@NonNull byte[] account, int userId)
throws RemoteException {
checkRecoverKeyStorePermission();
- final int callingUid = Binder.getCallingUid(); // Recovery agent uid.
- final int callingUserId = UserHandle.getCallingUserId();
- final long callingIdentiy = Binder.clearCallingIdentity();
- try {
- // TODO: Return the latest snapshot for the calling recovery agent.
- } finally {
- Binder.restoreCallingIdentity(callingIdentiy);
- }
- // KeyStoreRecoveryData without application keys and empty recovery blob.
- KeyStoreRecoveryData recoveryData =
- new KeyStoreRecoveryData(
- /*snapshotVersion=*/ 1,
- new ArrayList<KeyStoreRecoveryMetadata>(),
- new ArrayList<KeyEntryRecoveryData>(),
- /*encryptedRecoveryKeyBlob=*/ new byte[] {});
- throw new ServiceSpecificException(
- RecoverableKeyStoreLoader.UNINITIALIZED_RECOVERY_PUBLIC_KEY);
+ KeyStoreRecoveryData snapshot = mSnapshotStorage.get(UserHandle.getCallingUserId());
+ if (snapshot == null) {
+ throw new ServiceSpecificException(RecoverableKeyStoreLoader.NO_SNAPSHOT_PENDING_ERROR);
+ }
+ return snapshot;
}
public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent, int userId)
@@ -237,7 +229,8 @@
@NonNull @KeyStoreRecoveryMetadata.UserSecretType int[] secretTypes, int userId)
throws RemoteException {
checkRecoverKeyStorePermission();
- throw new UnsupportedOperationException();
+ mDatabase.setRecoverySecretTypes(UserHandle.getCallingUserId(), Binder.getCallingUid(),
+ secretTypes);
}
/**
@@ -248,7 +241,8 @@
*/
public @NonNull int[] getRecoverySecretTypes(int userId) throws RemoteException {
checkRecoverKeyStorePermission();
- throw new UnsupportedOperationException();
+ return mDatabase.getRecoverySecretTypes(UserHandle.getCallingUserId(),
+ Binder.getCallingUid());
}
/**
@@ -469,7 +463,7 @@
/**
* This function can only be used inside LockSettingsService.
*
- * @param storedHashType from {@Code CredentialHash}
+ * @param storedHashType from {@code CredentialHash}
* @param credential - unencrypted String. Password length should be at most 16 symbols {@code
* mPasswordMaxLength}
* @param userId for user who just unlocked the device.
@@ -480,7 +474,13 @@
// So as not to block the critical path unlocking the phone, defer to another thread.
try {
mExecutorService.execute(KeySyncTask.newInstance(
- mContext, mDatabase, userId, storedHashType, credential));
+ mContext,
+ mDatabase,
+ mSnapshotStorage,
+ mListenersStorage,
+ userId,
+ storedHashType,
+ credential));
} catch (NoSuchAlgorithmException e) {
Log.wtf(TAG, "Should never happen - algorithm unavailable for KeySync", e);
} catch (KeyStoreException e) {
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverySnapshotListenersStorage.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverySnapshotListenersStorage.java
new file mode 100644
index 0000000..c925329
--- /dev/null
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverySnapshotListenersStorage.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.locksettings.recoverablekeystore;
+
+import android.annotation.Nullable;
+import android.app.PendingIntent;
+import android.util.Log;
+import android.util.SparseArray;
+
+import com.android.internal.annotations.GuardedBy;
+
+/**
+ * In memory storage for listeners to be notified when new recovery snapshot is available. This
+ * class is thread-safe. It is used on two threads - the service thread and the thread that runs the
+ * {@link KeySyncTask}.
+ *
+ * @hide
+ */
+public class RecoverySnapshotListenersStorage {
+ private static final String TAG = "RecoverySnapshotLstnrs";
+
+ @GuardedBy("this")
+ private SparseArray<PendingIntent> mAgentIntents = new SparseArray<>();
+
+ /**
+ * Sets new listener for the recovery agent, identified by {@code uid}.
+ *
+ * @param recoveryAgentUid uid of the recovery agent.
+ * @param intent PendingIntent which will be triggered when new snapshot is available.
+ */
+ public synchronized void setSnapshotListener(
+ int recoveryAgentUid, @Nullable PendingIntent intent) {
+ Log.i(TAG, "Registered listener for agent with uid " + recoveryAgentUid);
+ mAgentIntents.put(recoveryAgentUid, intent);
+ }
+
+ /**
+ * Returns {@code true} if a listener has been set for the recovery agent.
+ */
+ public synchronized boolean hasListener(int recoveryAgentUid) {
+ return mAgentIntents.get(recoveryAgentUid) != null;
+ }
+
+ /**
+ * Notifies recovery agent that new snapshot is available. Does nothing if a listener was not
+ * registered.
+ *
+ * @param recoveryAgentUid uid of recovery agent.
+ */
+ public synchronized void recoverySnapshotAvailable(int recoveryAgentUid) {
+ PendingIntent intent = mAgentIntents.get(recoveryAgentUid);
+ if (intent != null) {
+ try {
+ intent.send();
+ } catch (PendingIntent.CanceledException e) {
+ Log.e(TAG,
+ "Failed to trigger PendingIntent for " + recoveryAgentUid,
+ e);
+ }
+ }
+ }
+}
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java
index d213115..838311e 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java
@@ -22,7 +22,7 @@
import android.content.Context;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
-import android.security.recoverablekeystore.RecoverableKeyStoreLoader;
+import android.text.TextUtils;
import android.util.Log;
import com.android.server.locksettings.recoverablekeystore.WrappedKey;
@@ -30,18 +30,16 @@
import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.RecoveryServiceMetadataEntry;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.UserMetadataEntry;
-
-
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
-import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
-import java.util.List;
import java.util.Locale;
import java.util.Map;
+import java.util.StringJoiner;
/**
* Database of recoverable key information.
@@ -330,6 +328,36 @@
}
/**
+ * Returns the uid of the recovery agent for the given user, or -1 if none is set.
+ */
+ public int getRecoveryAgentUid(int userId) {
+ SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase();
+
+ String[] projection = { RecoveryServiceMetadataEntry.COLUMN_NAME_UID };
+ String selection = RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID + " = ?";
+ String[] selectionArguments = { Integer.toString(userId) };
+
+ try (
+ Cursor cursor = db.query(
+ RecoveryServiceMetadataEntry.TABLE_NAME,
+ projection,
+ selection,
+ selectionArguments,
+ /*groupBy=*/ null,
+ /*having=*/ null,
+ /*orderBy=*/ null)
+ ) {
+ int count = cursor.getCount();
+ if (count == 0) {
+ return -1;
+ }
+ cursor.moveToFirst();
+ return cursor.getInt(
+ cursor.getColumnIndexOrThrow(RecoveryServiceMetadataEntry.COLUMN_NAME_UID));
+ }
+ }
+
+ /**
* Returns the public key of the recovery service.
*
* @param userId The uid of the profile the application is running under.
@@ -337,6 +365,7 @@
*
* @hide
*/
+ @Nullable
public PublicKey getRecoveryServicePublicKey(int userId, int uid) {
SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase();
@@ -378,12 +407,8 @@
return null;
}
byte[] keyBytes = cursor.getBlob(idx);
- X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(keyBytes);
try {
- return KeyFactory.getInstance("EC").generatePublic(pkSpec);
- } catch (NoSuchAlgorithmException e) {
- // Should never happen
- throw new RuntimeException(e);
+ return decodeX509Key(keyBytes);
} catch (InvalidKeySpecException e) {
Log.wtf(TAG,
String.format(Locale.US,
@@ -396,6 +421,141 @@
}
/**
+ * Updates the list of user secret types used for end-to-end encryption.
+ * If no secret types are set, recovery snapshot will not be created.
+ * See {@code KeyStoreRecoveryMetadata}
+ *
+ * @param userId The uid of the profile the application is running under.
+ * @param uid The uid of the application.
+ * @param secretTypes list of secret types
+ * @return The primary key of the updated row, or -1 if failed.
+ *
+ * @hide
+ */
+ public long setRecoverySecretTypes(int userId, int uid, int[] secretTypes) {
+ SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase();
+ ContentValues values = new ContentValues();
+ StringJoiner joiner = new StringJoiner(",");
+ Arrays.stream(secretTypes).forEach(i -> joiner.add(Integer.toString(i)));
+ String typesAsCsv = joiner.toString();
+ values.put(RecoveryServiceMetadataEntry.COLUMN_NAME_SECRET_TYPES, typesAsCsv);
+ String selection =
+ RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID + " = ? AND "
+ + RecoveryServiceMetadataEntry.COLUMN_NAME_UID + " = ?";
+ ensureRecoveryServiceMetadataEntryExists(userId, uid);
+ return db.update(RecoveryServiceMetadataEntry.TABLE_NAME, values, selection,
+ new String[] {String.valueOf(userId), String.valueOf(uid)});
+ }
+
+ /**
+ * Returns the list of secret types used for end-to-end encryption.
+ *
+ * @param userId The uid of the profile the application is running under.
+ * @param uid The uid of the application who initialized the local recovery components.
+ * @return Secret types or empty array, if types were not set.
+ *
+ * @hide
+ */
+ public @NonNull int[] getRecoverySecretTypes(int userId, int uid) {
+ SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase();
+
+ String[] projection = {
+ RecoveryServiceMetadataEntry._ID,
+ RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID,
+ RecoveryServiceMetadataEntry.COLUMN_NAME_UID,
+ RecoveryServiceMetadataEntry.COLUMN_NAME_SECRET_TYPES};
+ String selection =
+ RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID + " = ? AND "
+ + RecoveryServiceMetadataEntry.COLUMN_NAME_UID + " = ?";
+ String[] selectionArguments = {Integer.toString(userId), Integer.toString(uid)};
+
+ try (
+ Cursor cursor = db.query(
+ RecoveryServiceMetadataEntry.TABLE_NAME,
+ projection,
+ selection,
+ selectionArguments,
+ /*groupBy=*/ null,
+ /*having=*/ null,
+ /*orderBy=*/ null)
+ ) {
+ int count = cursor.getCount();
+ if (count == 0) {
+ return new int[]{};
+ }
+ if (count > 1) {
+ Log.wtf(TAG,
+ String.format(Locale.US,
+ "%d deviceId entries found for userId=%d uid=%d. "
+ + "Should only ever be 0 or 1.", count, userId, uid));
+ return new int[]{};
+ }
+ cursor.moveToFirst();
+ int idx = cursor.getColumnIndexOrThrow(
+ RecoveryServiceMetadataEntry.COLUMN_NAME_SECRET_TYPES);
+ if (cursor.isNull(idx)) {
+ return new int[]{};
+ }
+ String csv = cursor.getString(idx);
+ if (TextUtils.isEmpty(csv)) {
+ return new int[]{};
+ }
+ String[] types = csv.split(",");
+ int[] result = new int[types.length];
+ for (int i = 0; i < types.length; i++) {
+ try {
+ result[i] = Integer.parseInt(types[i]);
+ } catch (NumberFormatException e) {
+ Log.wtf(TAG, "String format error " + e);
+ }
+ }
+ return result;
+ }
+ }
+
+ /**
+ * Returns the first (and only?) public key for {@code userId}.
+ *
+ * @param userId The uid of the profile whose keys are to be synced.
+ * @return The public key, or null if none exists.
+ */
+ @Nullable
+ public PublicKey getRecoveryServicePublicKey(int userId) {
+ SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase();
+
+ String[] projection = { RecoveryServiceMetadataEntry.COLUMN_NAME_PUBLIC_KEY };
+ String selection =
+ RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID + " = ?";
+ String[] selectionArguments = { Integer.toString(userId) };
+
+ try (
+ Cursor cursor = db.query(
+ RecoveryServiceMetadataEntry.TABLE_NAME,
+ projection,
+ selection,
+ selectionArguments,
+ /*groupBy=*/ null,
+ /*having=*/ null,
+ /*orderBy=*/ null)
+ ) {
+ if (cursor.getCount() < 1) {
+ return null;
+ }
+
+ cursor.moveToFirst();
+ byte[] keyBytes = cursor.getBlob(cursor.getColumnIndexOrThrow(
+ RecoveryServiceMetadataEntry.COLUMN_NAME_PUBLIC_KEY));
+
+ try {
+ return decodeX509Key(keyBytes);
+ } catch (InvalidKeySpecException e) {
+ Log.wtf(TAG, "Could not decode public key for " + userId);
+ return null;
+ }
+ }
+ }
+
+ /**
* Updates the server parameters given by the application initializing the local recovery
* components.
*
@@ -495,5 +655,14 @@
mKeyStoreDbHelper.close();
}
- // TODO: Add method for updating the 'last synced' time.
+ @Nullable
+ private static PublicKey decodeX509Key(byte[] keyBytes) throws InvalidKeySpecException {
+ X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(keyBytes);
+ try {
+ return KeyFactory.getInstance("EC").generatePublic(publicKeySpec);
+ } catch (NoSuchAlgorithmException e) {
+ // Should never happen
+ throw new RuntimeException(e);
+ }
+ }
}
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
index a232771..8f773dd 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
@@ -109,6 +109,11 @@
static final String COLUMN_NAME_PUBLIC_KEY = "public_key";
/**
+ * Secret types used for end-to-end encryption.
+ */
+ static final String COLUMN_NAME_SECRET_TYPES = "secret_types";
+
+ /**
* The server parameters of the recovery service.
*/
static final String COLUMN_NAME_SERVER_PARAMETERS = "server_parameters";
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbHelper.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbHelper.java
index 80fa20a..5b07f3e 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbHelper.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbHelper.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.android.server.locksettings.recoverablekeystore.storage;
import android.content.Context;
@@ -41,6 +57,7 @@
+ RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID + " INTEGER,"
+ RecoveryServiceMetadataEntry.COLUMN_NAME_UID + " INTEGER,"
+ RecoveryServiceMetadataEntry.COLUMN_NAME_PUBLIC_KEY + " BLOB,"
+ + RecoveryServiceMetadataEntry.COLUMN_NAME_SECRET_TYPES + " TEXT,"
+ RecoveryServiceMetadataEntry.COLUMN_NAME_SERVER_PARAMETERS + " INTEGER,"
+ "UNIQUE("
+ RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID + ","
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorage.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorage.java
new file mode 100644
index 0000000..d1a1629
--- /dev/null
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorage.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.locksettings.recoverablekeystore.storage;
+
+import android.annotation.Nullable;
+import android.security.recoverablekeystore.KeyStoreRecoveryData;
+import android.util.SparseArray;
+
+import com.android.internal.annotations.GuardedBy;
+
+/**
+ * In-memory storage for recovery snapshots.
+ *
+ * <p>Recovery snapshots are generated after a successful screen unlock. They are only generated if
+ * the recoverable keystore has been mutated since the previous snapshot. This class stores only the
+ * latest snapshot for each user.
+ *
+ * <p>This class is thread-safe. It is used both on the service thread and the
+ * {@link com.android.server.locksettings.recoverablekeystore.KeySyncTask} thread.
+ */
+public class RecoverySnapshotStorage {
+ @GuardedBy("this")
+ private final SparseArray<KeyStoreRecoveryData> mSnapshotByUserId = new SparseArray<>();
+
+ /**
+ * Sets the latest {@code snapshot} for the user {@code userId}.
+ */
+ public synchronized void put(int userId, KeyStoreRecoveryData snapshot) {
+ mSnapshotByUserId.put(userId, snapshot);
+ }
+
+ /**
+ * Returns the latest snapshot for user {@code userId}, or null if none exists.
+ */
+ @Nullable
+ public synchronized KeyStoreRecoveryData get(int userId) {
+ return mSnapshotByUserId.get(userId);
+ }
+
+ /**
+ * Removes any (if any) snapshot associated with user {@code userId}.
+ */
+ public synchronized void remove(int userId) {
+ mSnapshotByUserId.remove(userId);
+ }
+}
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
index b8000c4..4edc89d 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
@@ -26,27 +26,29 @@
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.Mockito.when;
import android.content.Context;
import android.security.keystore.AndroidKeyStoreSecretKey;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
+import android.security.recoverablekeystore.KeyDerivationParameters;
+import android.security.recoverablekeystore.KeyEntryRecoveryData;
+import android.security.recoverablekeystore.KeyStoreRecoveryData;
import android.support.test.InstrumentationRegistry;
import android.support.test.filters.SmallTest;
import android.support.test.runner.AndroidJUnit4;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb;
+import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
-import org.mockito.ArgumentCaptor;
-import org.mockito.Captor;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
@@ -54,7 +56,7 @@
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.util.Arrays;
-import java.util.Map;
+import java.util.List;
import java.util.Random;
import javax.crypto.KeyGenerator;
@@ -69,6 +71,7 @@
private static final String DATABASE_FILE_NAME = "recoverablekeystore.db";
private static final int TEST_USER_ID = 1000;
private static final int TEST_APP_UID = 10009;
+ private static final int TEST_RECOVERY_AGENT_UID = 90873;
private static final String TEST_APP_KEY_ALIAS = "rcleaver";
private static final int TEST_GENERATION_ID = 2;
private static final int TEST_CREDENTIAL_TYPE = CREDENTIAL_TYPE_PASSWORD;
@@ -76,13 +79,10 @@
private static final byte[] THM_ENCRYPTED_RECOVERY_KEY_HEADER =
"V1 THM_encrypted_recovery_key".getBytes(StandardCharsets.UTF_8);
- @Mock private KeySyncTask.RecoverableSnapshotConsumer mRecoverableSnapshotConsumer;
@Mock private PlatformKeyManager mPlatformKeyManager;
+ @Mock private RecoverySnapshotListenersStorage mSnapshotListenersStorage;
- @Captor private ArgumentCaptor<byte[]> mSaltCaptor;
- @Captor private ArgumentCaptor<byte[]> mEncryptedRecoveryKeyCaptor;
- @Captor private ArgumentCaptor<Map<String, byte[]>> mEncryptedApplicationKeysCaptor;
-
+ private RecoverySnapshotStorage mRecoverySnapshotStorage;
private RecoverableKeyStoreDb mRecoverableKeyStoreDb;
private File mDatabaseFile;
private KeyPair mKeyPair;
@@ -100,14 +100,16 @@
mRecoverableKeyStoreDb = RecoverableKeyStoreDb.newInstance(context);
mKeyPair = SecureBox.genKeyPair();
+ mRecoverySnapshotStorage = new RecoverySnapshotStorage();
+
mKeySyncTask = new KeySyncTask(
mRecoverableKeyStoreDb,
+ mRecoverySnapshotStorage,
+ mSnapshotListenersStorage,
TEST_USER_ID,
TEST_CREDENTIAL_TYPE,
TEST_CREDENTIAL,
- () -> mPlatformKeyManager,
- mRecoverableSnapshotConsumer,
- () -> mKeyPair.getPublic());
+ () -> mPlatformKeyManager);
mWrappingKey = generateAndroidKeyStoreKey();
mEncryptKey = new PlatformEncryptionKey(TEST_GENERATION_ID, mWrappingKey);
@@ -199,7 +201,40 @@
// to be synced.
mKeySyncTask.run();
- verifyZeroInteractions(mRecoverableSnapshotConsumer);
+ assertNull(mRecoverySnapshotStorage.get(TEST_USER_ID));
+ }
+
+ @Test
+ public void run_doesNotSendAnythingIfNoRecoveryAgentSet() throws Exception {
+ SecretKey applicationKey = generateKey();
+ mRecoverableKeyStoreDb.setPlatformKeyGenerationId(TEST_USER_ID, TEST_GENERATION_ID);
+ mRecoverableKeyStoreDb.insertKey(
+ TEST_USER_ID,
+ TEST_APP_UID,
+ TEST_APP_KEY_ALIAS,
+ WrappedKey.fromSecretKey(mEncryptKey, applicationKey));
+ when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID)).thenReturn(true);
+
+ mKeySyncTask.run();
+
+ assertNull(mRecoverySnapshotStorage.get(TEST_USER_ID));
+ }
+
+ @Test
+ public void run_doesNotSendAnythingIfNoRecoveryAgentPendingIntentRegistered() throws Exception {
+ SecretKey applicationKey = generateKey();
+ mRecoverableKeyStoreDb.setPlatformKeyGenerationId(TEST_USER_ID, TEST_GENERATION_ID);
+ mRecoverableKeyStoreDb.insertKey(
+ TEST_USER_ID,
+ TEST_APP_UID,
+ TEST_APP_KEY_ALIAS,
+ WrappedKey.fromSecretKey(mEncryptKey, applicationKey));
+ mRecoverableKeyStoreDb.setRecoveryServicePublicKey(
+ TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic());
+
+ mKeySyncTask.run();
+
+ assertNull(mRecoverySnapshotStorage.get(TEST_USER_ID));
}
@Test
@@ -211,24 +246,32 @@
TEST_APP_UID,
TEST_APP_KEY_ALIAS,
WrappedKey.fromSecretKey(mEncryptKey, applicationKey));
+ mRecoverableKeyStoreDb.setRecoveryServicePublicKey(
+ TEST_USER_ID, TEST_RECOVERY_AGENT_UID, mKeyPair.getPublic());
+ when(mSnapshotListenersStorage.hasListener(TEST_RECOVERY_AGENT_UID)).thenReturn(true);
mKeySyncTask.run();
- verify(mRecoverableSnapshotConsumer).accept(
- mSaltCaptor.capture(),
- mEncryptedRecoveryKeyCaptor.capture(),
- mEncryptedApplicationKeysCaptor.capture());
+ KeyStoreRecoveryData recoveryData = mRecoverySnapshotStorage.get(TEST_USER_ID);
+ KeyDerivationParameters keyDerivationParameters =
+ recoveryData.getRecoveryMetadata().get(0).getKeyDerivationParameters();
+ assertEquals(KeyDerivationParameters.ALGORITHM_SHA256,
+ keyDerivationParameters.getAlgorithm());
+ verify(mSnapshotListenersStorage).recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID);
byte[] lockScreenHash = KeySyncTask.hashCredentials(
- mSaltCaptor.getValue(), TEST_CREDENTIAL);
+ keyDerivationParameters.getSalt(),
+ TEST_CREDENTIAL);
// TODO: what should vault params be here?
byte[] recoveryKey = decryptThmEncryptedKey(
lockScreenHash,
- mEncryptedRecoveryKeyCaptor.getValue(),
+ recoveryData.getEncryptedRecoveryKeyBlob(),
/*vaultParams=*/ new byte[0]);
- Map<String, byte[]> applicationKeys = mEncryptedApplicationKeysCaptor.getValue();
+ List<KeyEntryRecoveryData> applicationKeys = recoveryData.getApplicationKeyBlobs();
assertEquals(1, applicationKeys.size());
+ KeyEntryRecoveryData keyData = applicationKeys.get(0);
+ assertArrayEquals(TEST_APP_KEY_ALIAS.getBytes(StandardCharsets.UTF_8), keyData.getAlias());
byte[] appKey = KeySyncUtils.decryptApplicationKey(
- recoveryKey, applicationKeys.get(TEST_APP_KEY_ALIAS));
+ recoveryKey, keyData.getEncryptedKeyMaterial());
assertArrayEquals(applicationKey.getEncoded(), appKey);
}
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
index c2166e5..88df62b 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
@@ -48,6 +48,7 @@
import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage;
+import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
@@ -107,13 +108,14 @@
private static final int GCM_TAG_SIZE_BITS = 128;
@Mock private Context mMockContext;
- @Mock private ListenersStorage mMockListenersStorage;
+ @Mock private RecoverySnapshotListenersStorage mMockListenersStorage;
@Mock private KeyguardManager mKeyguardManager;
private RecoverableKeyStoreDb mRecoverableKeyStoreDb;
private File mDatabaseFile;
private RecoverableKeyStoreManager mRecoverableKeyStoreManager;
private RecoverySessionStorage mRecoverySessionStorage;
+ private RecoverySnapshotStorage mRecoverySnapshotStorage;
@Before
public void setUp() {
@@ -135,6 +137,7 @@
mRecoverableKeyStoreDb,
mRecoverySessionStorage,
Executors.newSingleThreadExecutor(),
+ mRecoverySnapshotStorage,
mMockListenersStorage);
}
@@ -359,6 +362,26 @@
}
@Test
+ public void setRecoverySecretTypes() throws Exception {
+ int userId = UserHandle.getCallingUserId();
+ int[] types1 = new int[]{11, 2000};
+ int[] types2 = new int[]{1, 2, 3};
+ int[] types3 = new int[]{};
+
+ mRecoverableKeyStoreManager.setRecoverySecretTypes(types1, userId);
+ assertThat(mRecoverableKeyStoreManager.getRecoverySecretTypes(userId)).isEqualTo(
+ types1);
+
+ mRecoverableKeyStoreManager.setRecoverySecretTypes(types2, userId);
+ assertThat(mRecoverableKeyStoreManager.getRecoverySecretTypes(userId)).isEqualTo(
+ types2);
+
+ mRecoverableKeyStoreManager.setRecoverySecretTypes(types3, userId);
+ assertThat(mRecoverableKeyStoreManager.getRecoverySecretTypes(userId)).isEqualTo(
+ types3);
+ }
+
+ @Test
public void setRecoveryStatus_forOneAlias() throws Exception {
int userId = UserHandle.getCallingUserId();
int uid = Binder.getCallingUid();
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverySnapshotListenersStorageTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverySnapshotListenersStorageTest.java
new file mode 100644
index 0000000..b9c1764
--- /dev/null
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverySnapshotListenersStorageTest.java
@@ -0,0 +1,37 @@
+package com.android.server.locksettings.recoverablekeystore;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import android.app.PendingIntent;
+import android.content.Intent;
+import android.support.test.InstrumentationRegistry;
+import android.support.test.filters.SmallTest;
+import android.support.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@SmallTest
+@RunWith(AndroidJUnit4.class)
+public class RecoverySnapshotListenersStorageTest {
+
+ private final RecoverySnapshotListenersStorage mStorage =
+ new RecoverySnapshotListenersStorage();
+
+ @Test
+ public void hasListener_isFalseForUnregisteredUid() {
+ assertFalse(mStorage.hasListener(1000));
+ }
+
+ @Test
+ public void hasListener_isTrueForRegisteredUid() {
+ int recoveryAgentUid = 1000;
+ PendingIntent intent = PendingIntent.getBroadcast(
+ InstrumentationRegistry.getTargetContext(), /*requestCode=*/1,
+ new Intent(), /*flags=*/ 0);
+ mStorage.setSnapshotListener(recoveryAgentUid, intent);
+
+ assertTrue(mStorage.hasListener(recoveryAgentUid));
+ }
+}
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbTest.java
index 9cde074..a8c7d5e 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbTest.java
@@ -328,6 +328,125 @@
}
@Test
+ public void getRecoveryAgentUid_returnsUidIfSet() throws Exception {
+ int userId = 12;
+ int uid = 190992;
+ mRecoverableKeyStoreDb.setRecoveryServicePublicKey(userId, uid, genRandomPublicKey());
+
+ assertThat(mRecoverableKeyStoreDb.getRecoveryAgentUid(userId)).isEqualTo(uid);
+ }
+
+ @Test
+ public void getRecoveryAgentUid_returnsMinusOneForNonexistentAgent() throws Exception {
+ assertThat(mRecoverableKeyStoreDb.getRecoveryAgentUid(12)).isEqualTo(-1);
+ }
+
+ public void setRecoverySecretTypes_emptyDefaultValue() throws Exception {
+ int userId = 12;
+ int uid = 10009;
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid)).isEqualTo(
+ new int[]{}); // default
+ }
+
+ @Test
+ public void setRecoverySecretTypes_updateValue() throws Exception {
+ int userId = 12;
+ int uid = 10009;
+ int[] types1 = new int[]{1};
+ int[] types2 = new int[]{2};
+
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid, types1);
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid)).isEqualTo(
+ types1);
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid, types2);
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid)).isEqualTo(
+ types2);
+ }
+
+ @Test
+ public void setRecoverySecretTypes_withMultiElementArrays() throws Exception {
+ int userId = 12;
+ int uid = 10009;
+ int[] types1 = new int[]{11, 2000};
+ int[] types2 = new int[]{1, 2, 3};
+ int[] types3 = new int[]{};
+
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid, types1);
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid)).isEqualTo(
+ types1);
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid, types2);
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid)).isEqualTo(
+ types2);
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid, types3);
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid)).isEqualTo(
+ types3);
+ }
+
+ @Test
+ public void setRecoverySecretTypes_withDifferentUid() throws Exception {
+ int userId = 12;
+ int uid1 = 10011;
+ int uid2 = 10012;
+ int[] types1 = new int[]{1};
+ int[] types2 = new int[]{2};
+
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid1, types1);
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid2, types2);
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid1)).isEqualTo(
+ types1);
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid2)).isEqualTo(
+ types2);
+ }
+
+ @Test
+ public void setRecoveryServiceMetadataMethods() throws Exception {
+ int userId = 12;
+ int uid = 10009;
+
+ PublicKey pubkey1 = genRandomPublicKey();
+ int[] types1 = new int[]{1};
+ long serverParams1 = 111L;
+
+ PublicKey pubkey2 = genRandomPublicKey();
+ int[] types2 = new int[]{2};
+ long serverParams2 = 222L;
+
+ mRecoverableKeyStoreDb.setRecoveryServicePublicKey(userId, uid, pubkey1);
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid, types1);
+ mRecoverableKeyStoreDb.setServerParameters(userId, uid, serverParams1);
+
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid)).isEqualTo(
+ types1);
+ assertThat(mRecoverableKeyStoreDb.getServerParameters(userId, uid)).isEqualTo(
+ serverParams1);
+ assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isEqualTo(
+ pubkey1);
+
+ // Check that the methods don't interfere with each other.
+ mRecoverableKeyStoreDb.setRecoveryServicePublicKey(userId, uid, pubkey2);
+ mRecoverableKeyStoreDb.setRecoverySecretTypes(userId, uid, types2);
+ mRecoverableKeyStoreDb.setServerParameters(userId, uid, serverParams2);
+
+ assertThat(mRecoverableKeyStoreDb.getRecoverySecretTypes(userId, uid)).isEqualTo(
+ types2);
+ assertThat(mRecoverableKeyStoreDb.getServerParameters(userId, uid)).isEqualTo(
+ serverParams2);
+ assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isEqualTo(
+ pubkey2);
+ }
+
+ @Test
+ public void getRecoveryServicePublicKey_returnsFirstKey() throws Exception {
+ int userId = 68;
+ int uid = 12904;
+ PublicKey publicKey = genRandomPublicKey();
+
+ mRecoverableKeyStoreDb.setRecoveryServicePublicKey(userId, uid, publicKey);
+
+ assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId)).isEqualTo(publicKey);
+ }
+
+ @Test
public void setServerParameters_replaceOldValue() throws Exception {
int userId = 12;
int uid = 10009;
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorageTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorageTest.java
new file mode 100644
index 0000000..2759e39
--- /dev/null
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorageTest.java
@@ -0,0 +1,53 @@
+package com.android.server.locksettings.recoverablekeystore.storage;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
+import android.security.recoverablekeystore.KeyStoreRecoveryData;
+import android.support.test.filters.SmallTest;
+import android.support.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.ArrayList;
+
+@SmallTest
+@RunWith(AndroidJUnit4.class)
+public class RecoverySnapshotStorageTest {
+
+ private final RecoverySnapshotStorage mRecoverySnapshotStorage = new RecoverySnapshotStorage();
+
+ @Test
+ public void get_isNullForNonExistentSnapshot() {
+ assertNull(mRecoverySnapshotStorage.get(1000));
+ }
+
+ @Test
+ public void get_returnsSetSnapshot() {
+ int userId = 1000;
+ KeyStoreRecoveryData recoveryData = new KeyStoreRecoveryData(
+ /*snapshotVersion=*/ 1,
+ new ArrayList<>(),
+ new ArrayList<>(),
+ new byte[0]);
+ mRecoverySnapshotStorage.put(userId, recoveryData);
+
+ assertEquals(recoveryData, mRecoverySnapshotStorage.get(userId));
+ }
+
+ @Test
+ public void remove_removesSnapshots() {
+ int userId = 1000;
+ KeyStoreRecoveryData recoveryData = new KeyStoreRecoveryData(
+ /*snapshotVersion=*/ 1,
+ new ArrayList<>(),
+ new ArrayList<>(),
+ new byte[0]);
+ mRecoverySnapshotStorage.put(userId, recoveryData);
+
+ mRecoverySnapshotStorage.remove(userId);
+
+ assertNull(mRecoverySnapshotStorage.get(1000));
+ }
+}
diff --git a/services/tests/servicestests/src/com/android/server/net/ConnOnActivityStartTest.java b/services/tests/servicestests/src/com/android/server/net/ConnOnActivityStartTest.java
index 8581079..c7fa62e 100644
--- a/services/tests/servicestests/src/com/android/server/net/ConnOnActivityStartTest.java
+++ b/services/tests/servicestests/src/com/android/server/net/ConnOnActivityStartTest.java
@@ -38,6 +38,7 @@
import android.support.test.filters.LargeTest;
import android.support.test.runner.AndroidJUnit4;
import android.support.test.uiautomator.UiDevice;
+import android.text.TextUtils;
import android.util.Log;
import org.junit.AfterClass;
@@ -214,7 +215,6 @@
try{
turnBatteryOff();
setAppIdle(true);
- SystemClock.sleep(30000);
turnScreenOn();
startActivityAndCheckNetworkAccess();
} finally {
@@ -286,7 +286,7 @@
private void setAppIdle(boolean enabled) throws Exception {
executeCommand("am set-inactive " + TEST_PKG + " " + enabled);
assertDelayedCommandResult("am get-inactive " + TEST_PKG, "Idle=" + enabled,
- 10 /* maxTries */, 2000 /* napTimeMs */);
+ 15 /* maxTries */, 2000 /* napTimeMs */);
}
private void updateRestrictBackgroundBlacklist(boolean add) throws Exception {
@@ -407,13 +407,35 @@
private static void dumpOnFailure() throws Exception {
dump("network_management");
dump("netpolicy");
- dump("usagestats");
+ dumpUsageStats();
+ }
+
+ private static void dumpUsageStats() throws Exception {
+ final String output = executeSilentCommand("dumpsys usagestats");
+ final StringBuilder sb = new StringBuilder();
+ final TextUtils.SimpleStringSplitter splitter = new TextUtils.SimpleStringSplitter('\n');
+ splitter.setString(output);
+ String str;
+ while (splitter.hasNext()) {
+ str = splitter.next();
+ if (str.contains("package=") && !str.contains(TEST_PKG)) {
+ continue;
+ }
+ if (str.trim().startsWith("config=") || str.trim().startsWith("time=")) {
+ continue;
+ }
+ sb.append(str).append('\n');
+ }
+ dump("usagestats", sb.toString());
}
private static void dump(String service) throws Exception {
+ dump(service, executeSilentCommand("dumpsys " + service));
+ }
+
+ private static void dump(String service, String dump) throws Exception {
Log.d(TAG, ">>> Begin dump " + service);
- Log.printlns(Log.LOG_ID_MAIN, Log.DEBUG,
- TAG, executeSilentCommand("dumpsys " + service), null);
+ Log.printlns(Log.LOG_ID_MAIN, Log.DEBUG, TAG, dump, null);
Log.d(TAG, "<<< End dump " + service);
}
diff --git a/telephony/java/android/telephony/CellIdentityCdma.aidl b/telephony/java/android/telephony/CellIdentityCdma.aidl
new file mode 100644
index 0000000..b31ad0b
--- /dev/null
+++ b/telephony/java/android/telephony/CellIdentityCdma.aidl
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/** @hide */
+package android.telephony;
+
+parcelable CellIdentityCdma;
diff --git a/telephony/java/android/telephony/CellIdentityGsm.aidl b/telephony/java/android/telephony/CellIdentityGsm.aidl
new file mode 100644
index 0000000..bcc0751
--- /dev/null
+++ b/telephony/java/android/telephony/CellIdentityGsm.aidl
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/** @hide */
+package android.telephony;
+
+parcelable CellIdentityGsm;
diff --git a/telephony/java/android/telephony/CellIdentityLte.aidl b/telephony/java/android/telephony/CellIdentityLte.aidl
new file mode 100644
index 0000000..940d170
--- /dev/null
+++ b/telephony/java/android/telephony/CellIdentityLte.aidl
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/** @hide */
+package android.telephony;
+
+parcelable CellIdentityLte;
diff --git a/telephony/java/android/telephony/CellIdentityWcdma.aidl b/telephony/java/android/telephony/CellIdentityWcdma.aidl
new file mode 100644
index 0000000..462ce2c
--- /dev/null
+++ b/telephony/java/android/telephony/CellIdentityWcdma.aidl
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/** @hide */
+package android.telephony;
+
+parcelable CellIdentityWcdma;