diff options
| author | Alex Johnston <acjohnston@google.com> | 2021-03-04 10:05:11 +0000 |
|---|---|---|
| committer | Alex Johnston <acjohnston@google.com> | 2021-03-11 11:01:30 +0000 |
| commit | 1d524e6672b556d3cc9213bbeac2fec6e49835b9 (patch) | |
| tree | 8c89cb9af6554df50ca0f66909d893e636807555 /keystore/java/android/security/KeyChain.java | |
| parent | 5efdaa632b3a718e01f70b8237f2182f63a2922a (diff) | |
Unregister cred mng app KeyChain API
Bug: 177979648
Test: CTSVerifier CredentialManagementAppActivity
Change-Id: I8c9e22b2334e8e060bc00701f1d2bec76950faf3
Diffstat (limited to 'keystore/java/android/security/KeyChain.java')
| -rw-r--r-- | keystore/java/android/security/KeyChain.java | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 11cb2b7c724b..7c80f70593df 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -601,7 +601,7 @@ public final class KeyChain { } /** - * Check whether the caller is the credential management app {@link CredentialManagementApp}. + * Check whether the caller is the credential management app {@code CredentialManagementApp}. * The credential management app has the ability to manage the user's KeyChain credentials * on unmanaged devices. * @@ -611,6 +611,7 @@ public final class KeyChain { * * @return {@code true} if the caller is the credential management app. */ + @WorkerThread public static boolean isCredentialManagementApp(@NonNull Context context) { boolean isCredentialManagementApp = false; try (KeyChainConnection keyChainConnection = KeyChain.bind(context)) { @@ -634,6 +635,7 @@ public final class KeyChain { * @return the credential management app's authentication policy. * @throws SecurityException if the caller is not the credential management app. */ + @WorkerThread @NonNull public static AppUriAuthenticationPolicy getCredentialManagementAppPolicy( @NonNull Context context) throws SecurityException { @@ -665,6 +667,7 @@ public final class KeyChain { * @hide */ @TestApi + @WorkerThread @RequiresPermission(Manifest.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP) public static boolean setCredentialManagementApp(@NonNull Context context, @NonNull String packageName, @NonNull AppUriAuthenticationPolicy authenticationPolicy) { @@ -680,13 +683,21 @@ public final class KeyChain { } /** - * Remove the user's KeyChain credentials on unmanaged devices. + * Called by the credential management app {@code CredentialManagementApp} to unregister as + * the credential management app and stop managing the user's credentials. + * + * <p> All credentials previously installed by the credential management app will be removed + * from the user's device. + * + * <p> An app holding {@code MANAGE_CREDENTIAL_MANAGEMENT_APP} permission can also call this + * method to remove the current credential management app, even if it's not the current + * credential management app itself. * * @return {@code true} if the credential management app was successfully removed. - * @hide */ - @TestApi - @RequiresPermission(Manifest.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP) + @WorkerThread + @RequiresPermission(value = Manifest.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP, + conditional = true) public static boolean removeCredentialManagementApp(@NonNull Context context) { try (KeyChainConnection keyChainConnection = KeyChain.bind(context)) { keyChainConnection.getService().removeCredentialManagementApp(); |