Merge "Cleanup Keystore API" into mnc-dev
diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl
index b0779c0..30ea8e7 100644
--- a/core/java/android/security/IKeystoreService.aidl
+++ b/core/java/android/security/IKeystoreService.aidl
@@ -30,33 +30,29 @@
* @hide
*/
interface IKeystoreService {
- int test();
+ int getState(int userId);
byte[] get(String name);
int insert(String name, in byte[] item, int uid, int flags);
int del(String name, int uid);
int exist(String name, int uid);
- String[] saw(String namePrefix, int uid);
+ String[] list(String namePrefix, int uid);
int reset();
int onUserPasswordChanged(int userId, String newPassword);
- int lock();
+ int lock(int userId);
int unlock(int userId, String userPassword);
- int zero();
+ int isEmpty(int userId);
int generate(String name, int uid, int keyType, int keySize, int flags,
in KeystoreArguments args);
int import_key(String name, in byte[] data, int uid, int flags);
byte[] sign(String name, in byte[] data);
int verify(String name, in byte[] data, in byte[] signature);
byte[] get_pubkey(String name);
- int del_key(String name, int uid);
int grant(String name, int granteeUid);
int ungrant(String name, int granteeUid);
long getmtime(String name);
int duplicate(String srcKey, int srcUid, String destKey, int destUid);
int is_hardware_backed(String string);
int clear_uid(long uid);
- int reset_uid(int uid);
- int sync_uid(int sourceUid, int targetUid);
- int password_uid(String password, int uid);
// Keymaster 0.4 methods
int addRngEntropy(in byte[] data);
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 06f5b06..72eda23 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -146,10 +146,10 @@
}
}
- public State state() {
+ public State state(int userId) {
final int ret;
try {
- ret = mBinder.test();
+ ret = mBinder.getState(userId);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
throw new AssertionError(e);
@@ -163,6 +163,10 @@
}
}
+ public State state() {
+ return state(UserHandle.myUserId());
+ }
+
public boolean isUnlocked() {
return state() == State.UNLOCKED;
}
@@ -211,15 +215,26 @@
return contains(key, UID_SELF);
}
- public String[] saw(String prefix, int uid) {
+ /**
+ * List all entries in the keystore for {@code uid} starting with {@code prefix}.
+ */
+ public String[] list(String prefix, int uid) {
try {
- return mBinder.saw(prefix, uid);
+ return mBinder.list(prefix, uid);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return null;
}
}
+ public String[] list(String prefix) {
+ return list(prefix, UID_SELF);
+ }
+
+ public String[] saw(String prefix, int uid) {
+ return list(prefix, uid);
+ }
+
public String[] saw(String prefix) {
return saw(prefix, UID_SELF);
}
@@ -233,15 +248,25 @@
}
}
- public boolean lock() {
+ /**
+ * Attempt to lock the keystore for {@code user}.
+ *
+ * @param user Android user to lock.
+ * @return whether {@code user}'s keystore was locked.
+ */
+ public boolean lock(int userId) {
try {
- return mBinder.lock() == NO_ERROR;
+ return mBinder.lock(userId) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
+ public boolean lock() {
+ return lock(UserHandle.myUserId());
+ }
+
/**
* Attempt to unlock the keystore for {@code user} with the password {@code password}.
* This is required before keystore entries created with FLAG_ENCRYPTED can be accessed or
@@ -267,15 +292,22 @@
return unlock(UserHandle.getUserId(Process.myUid()), password);
}
- public boolean isEmpty() {
+ /**
+ * Check if the keystore for {@code userId} is empty.
+ */
+ public boolean isEmpty(int userId) {
try {
- return mBinder.zero() == KEY_NOT_FOUND;
+ return mBinder.isEmpty(userId) != 0;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
+ public boolean isEmpty() {
+ return isEmpty(UserHandle.myUserId());
+ }
+
public boolean generate(String key, int uid, int keyType, int keySize, int flags,
byte[][] args) {
try {
@@ -306,12 +338,7 @@
}
public boolean delKey(String key, int uid) {
- try {
- return mBinder.del_key(key, uid) == NO_ERROR;
- } catch (RemoteException e) {
- Log.w(TAG, "Cannot connect to keystore", e);
- return false;
- }
+ return delete(key, uid);
}
public boolean delKey(String key) {
@@ -404,36 +431,6 @@
}
}
- public boolean resetUid(int uid) {
- try {
- mError = mBinder.reset_uid(uid);
- return mError == NO_ERROR;
- } catch (RemoteException e) {
- Log.w(TAG, "Cannot connect to keystore", e);
- return false;
- }
- }
-
- public boolean syncUid(int sourceUid, int targetUid) {
- try {
- mError = mBinder.sync_uid(sourceUid, targetUid);
- return mError == NO_ERROR;
- } catch (RemoteException e) {
- Log.w(TAG, "Cannot connect to keystore", e);
- return false;
- }
- }
-
- public boolean passwordUid(String password, int uid) {
- try {
- mError = mBinder.password_uid(password, uid);
- return mError == NO_ERROR;
- } catch (RemoteException e) {
- Log.w(TAG, "Cannot connect to keystore", e);
- return false;
- }
- }
-
public int getLastError() {
return mError;
}