Add new Credential prefix for platform VPNs

Platform VPN profiles keyed by apps must use a different key prefix to
prevent the Settings app from seeing them (and thus exposing potentially
sensitive credential information). Thus, the profiles will be
partitioned as follows:

Custom (Settings-app) based profiles continues using VPN_* prefix
App provisioned profiles will use the new PLATFORM_VPN_* prefix

Bug: 144245359
Test: Compiles, FrameworksNetTests passing
Change-Id: If8762e468c6cbbeb80738f14b066ebbad5cc665f

1 files changed, 5 insertions, 1 deletions

diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java
index 08f417662523..fad7d8062a22 100644
--- a/keystore/java/android/security/Credentials.java
+++ b/keystore/java/android/security/Credentials.java
@@ -16,11 +16,12 @@
 
 package android.security;
 
+import android.annotation.UnsupportedAppUsage;
+
 import com.android.org.bouncycastle.util.io.pem.PemObject;
 import com.android.org.bouncycastle.util.io.pem.PemReader;
 import com.android.org.bouncycastle.util.io.pem.PemWriter;
 
-import android.annotation.UnsupportedAppUsage;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -64,6 +65,9 @@ public class Credentials {
     /** Key prefix for VPN. */
     public static final String VPN = "VPN_";
 
+    /** Key prefix for platform VPNs. */
+    public static final String PLATFORM_VPN = "PLATFORM_VPN_";
+
     /** Key prefix for WIFI. */
     public static final String WIFI = "WIFI_";