Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 0faa8012ad9c279bed480045d45d21c0bf02239b / . / services / core / java / com / android / server / locksettings / recoverablekeystore / storage / RecoverableKeyStoreDbContract.java
blob: b58ee4bc9d74bf226732a0714cda3ba7ab4a6522 [file] [log] [blame]
Robert Berry76cf0832017-12-15 23:01:22 +0000[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.locksettings.recoverablekeystore.storage;
18
19import android.provider.BaseColumns;
20
21/**
22 * Contract for recoverable key database. Describes the tables present.
23 */
24class RecoverableKeyStoreDbContract {
25 /**
26 * Table holding wrapped keys, and information about when they were last synced.
27 */
28 static class KeysEntry implements BaseColumns {
29 static final String TABLE_NAME = "keys";
30
31 /**
Robert Berryb7c06ea2017-12-21 13:37:23 +0000[diff] [blame]32 * The user id of the profile the application is running under.
33 */
34 static final String COLUMN_NAME_USER_ID = "user_id";
35
36 /**
Robert Berry76cf0832017-12-15 23:01:22 +0000[diff] [blame]37 * The uid of the application that generated the key.
38 */
39 static final String COLUMN_NAME_UID = "uid";
40
41 /**
42 * The alias of the key, as set in AndroidKeyStore.
43 */
44 static final String COLUMN_NAME_ALIAS = "alias";
45
46 /**
47 * Nonce with which the key was encrypted.
48 */
49 static final String COLUMN_NAME_NONCE = "nonce";
50
51 /**
52 * Encrypted bytes of the key.
53 */
54 static final String COLUMN_NAME_WRAPPED_KEY = "wrapped_key";
55
56 /**
57 * Generation ID of the platform key that was used to encrypt this key.
58 */
59 static final String COLUMN_NAME_GENERATION_ID = "platform_key_generation_id";
60
61 /**
62 * Timestamp of when this key was last synced with remote storage, or -1 if never synced.
63 */
64 static final String COLUMN_NAME_LAST_SYNCED_AT = "last_synced_at";
Dmitry Dementyevad884712017-12-20 12:38:36 -0800[diff] [blame]65
66 /**
Dmitry Dementyev20eaaa42018-05-09 13:05:04 -0700[diff] [blame]67 * Status of the key sync {@code RecoveryController#setRecoveryStatus}
Dmitry Dementyevad884712017-12-20 12:38:36 -0800[diff] [blame]68 */
69 static final String COLUMN_NAME_RECOVERY_STATUS = "recovery_status";
Bo Zhu7ebcd662019-01-04 17:00:58 -0800[diff] [blame]70
71 /**
72 * Data blob that will be authenticated (but encrypted) together with the key when the key
73 * is uploaded to cloud.
74 */
75 static final String COLUMN_NAME_KEY_METADATA = "key_metadata";
Robert Berry76cf0832017-12-15 23:01:22 +0000[diff] [blame]76 }
Robert Berrybc088402017-12-18 13:10:41 +0000[diff] [blame]77
78 /**
79 * Recoverable KeyStore metadata for a specific user profile.
80 */
81 static class UserMetadataEntry implements BaseColumns {
82 static final String TABLE_NAME = "user_metadata";
83
84 /**
85 * User ID of the profile.
86 */
87 static final String COLUMN_NAME_USER_ID = "user_id";
88
89 /**
90 * Every time a new platform key is generated for a user, this increments. The platform key
91 * is used to wrap recoverable keys on disk.
92 */
93 static final String COLUMN_NAME_PLATFORM_KEY_GENERATION_ID = "platform_key_generation_id";
94 }
Bo Zhu5b81fa62017-12-21 14:36:11 -0800[diff] [blame]95
96 /**
Bo Zhu584b923f2017-12-22 16:05:15 -0800[diff] [blame]97 * Table holding metadata of the recovery service.
Bo Zhu5b81fa62017-12-21 14:36:11 -0800[diff] [blame]98 */
Bo Zhu584b923f2017-12-22 16:05:15 -0800[diff] [blame]99 static class RecoveryServiceMetadataEntry implements BaseColumns {
100 static final String TABLE_NAME = "recovery_service_metadata";
Bo Zhu5b81fa62017-12-21 14:36:11 -0800[diff] [blame]101
102 /**
103 * The user id of the profile the application is running under.
104 */
105 static final String COLUMN_NAME_USER_ID = "user_id";
106
107 /**
108 * The uid of the application that initializes the local recovery components.
109 */
110 static final String COLUMN_NAME_UID = "uid";
111
112 /**
Bo Zhu14d993d2018-02-03 21:38:48 -0800[diff] [blame]113 * Version of the latest recovery snapshot.
Dmitry Dementyev77183ef2018-01-05 15:46:00 -0800[diff] [blame]114 */
115 static final String COLUMN_NAME_SNAPSHOT_VERSION = "snapshot_version";
Bo Zhu14d993d2018-02-03 21:38:48 -0800[diff] [blame]116
Dmitry Dementyev77183ef2018-01-05 15:46:00 -0800[diff] [blame]117 /**
118 * Flag to generate new snapshot.
119 */
120 static final String COLUMN_NAME_SHOULD_CREATE_SNAPSHOT = "should_create_snapshot";
121
122 /**
Bo Zhu5b81fa62017-12-21 14:36:11 -0800[diff] [blame]123 * The public key of the recovery service.
Dmitry Dementyevf34fc7e2018-03-26 17:31:29 -0700[diff] [blame]124 * Deprecated.
Bo Zhu5b81fa62017-12-21 14:36:11 -0800[diff] [blame]125 */
126 static final String COLUMN_NAME_PUBLIC_KEY = "public_key";
Bo Zhu584b923f2017-12-22 16:05:15 -0800[diff] [blame]127
128 /**
Bo Zhu14d993d2018-02-03 21:38:48 -0800[diff] [blame]129 * The certificate path of the recovery service.
Dmitry Dementyevf34fc7e2018-03-26 17:31:29 -0700[diff] [blame]130 * Deprecated.
Bo Zhu14d993d2018-02-03 21:38:48 -0800[diff] [blame]131 */
132 static final String COLUMN_NAME_CERT_PATH = "cert_path";
133
134 /**
135 * The serial number contained in the certificate XML file of the recovery service.
Dmitry Dementyevf34fc7e2018-03-26 17:31:29 -0700[diff] [blame]136 * Deprecated.
Bo Zhu14d993d2018-02-03 21:38:48 -0800[diff] [blame]137 */
138 static final String COLUMN_NAME_CERT_SERIAL = "cert_serial";
139
140 /**
Dmitry Dementyevbdfdf532017-12-27 11:58:45 -0800[diff] [blame]141 * Secret types used for end-to-end encryption.
142 */
143 static final String COLUMN_NAME_SECRET_TYPES = "secret_types";
144
145 /**
Dmitry Dementyev77183ef2018-01-05 15:46:00 -0800[diff] [blame]146 * Locally generated random number.
147 */
148 static final String COLUMN_NAME_COUNTER_ID = "counter_id";
149
150 /**
Bo Zhu584b923f2017-12-22 16:05:15 -0800[diff] [blame]151 * The server parameters of the recovery service.
152 */
Dmitry Dementyev7d8c78a2018-01-12 19:14:07 -0800[diff] [blame]153 static final String COLUMN_NAME_SERVER_PARAMS = "server_params";
Dmitry Dementyevf34fc7e2018-03-26 17:31:29 -0700[diff] [blame]154
155 /**
156 * Active root of trust
157 */
158 static final String COLUMN_NAME_ACTIVE_ROOT_OF_TRUST = "active_root_of_trust";
159 }
160
161 /**
162 * Table data for given recovery agent and root of trust pair.
163 */
164 static class RootOfTrustEntry implements BaseColumns {
165 static final String TABLE_NAME = "root_of_trust";
166
167 /**
168 * The user id of the profile the application is running under.
169 */
170 static final String COLUMN_NAME_USER_ID = "user_id";
171
172 /**
173 * The uid of the application that initializes the local recovery components.
174 */
175 static final String COLUMN_NAME_UID = "uid";
176
177 /**
178 * Root of trust alias
179 */
180 static final String COLUMN_NAME_ROOT_ALIAS = "root_alias";
181
182 /**
183 * The certificate path of the recovery service.
184 */
185 static final String COLUMN_NAME_CERT_PATH = "cert_path";
186
187 /**
188 * The serial number contained in the certificate XML file of the recovery service.
189 */
190 static final String COLUMN_NAME_CERT_SERIAL = "cert_serial";
Bo Zhu5b81fa62017-12-21 14:36:11 -0800[diff] [blame]191 }
Robert Berry76cf0832017-12-15 23:01:22 +0000[diff] [blame]192}