diff options
| author | Rubin Xu <rubinxu@google.com> | 2021-04-21 15:52:17 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2021-04-21 15:52:17 +0000 |
| commit | d42f1be8eb2b9eb1e121497591bb71480d996ca9 (patch) | |
| tree | 938dbc98d761b405eeb9e15ffe859f42001bb9be /keystore/java/android | |
| parent | ca57ecee1b5f16ac50a11bc6e1f83c75fbf56452 (diff) | |
| parent | cbe7e963ab96d4fdaf91124f420f73dccc97ee51 (diff) | |
Merge "Keystore 2.0: Add key migration API."
Diffstat (limited to 'keystore/java/android')
| -rw-r--r-- | keystore/java/android/security/AndroidKeyStoreMaintenance.java | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/keystore/java/android/security/AndroidKeyStoreMaintenance.java b/keystore/java/android/security/AndroidKeyStoreMaintenance.java index 82639def02de..919a93b8f107 100644 --- a/keystore/java/android/security/AndroidKeyStoreMaintenance.java +++ b/keystore/java/android/security/AndroidKeyStoreMaintenance.java @@ -22,6 +22,7 @@ import android.os.ServiceManager; import android.os.ServiceSpecificException; import android.security.maintenance.IKeystoreMaintenance; import android.system.keystore2.Domain; +import android.system.keystore2.KeyDescriptor; import android.system.keystore2.ResponseCode; import android.util.Log; @@ -33,6 +34,9 @@ public class AndroidKeyStoreMaintenance { private static final String TAG = "AndroidKeyStoreMaintenance"; public static final int SYSTEM_ERROR = ResponseCode.SYSTEM_ERROR; + public static final int INVALID_ARGUMENT = ResponseCode.INVALID_ARGUMENT; + public static final int PERMISSION_DENIED = ResponseCode.PERMISSION_DENIED; + public static final int KEY_NOT_FOUND = ResponseCode.KEY_NOT_FOUND; private static IKeystoreMaintenance getService() { return IKeystoreMaintenance.Stub.asInterface( @@ -148,4 +152,35 @@ public class AndroidKeyStoreMaintenance { Log.e(TAG, "Error while reporting device off body event.", e); } } + + /** + * Migrates a key given by the source descriptor to the location designated by the destination + * descriptor. + * + * @param source - The key to migrate may be specified by Domain.APP, Domain.SELINUX, or + * Domain.KEY_ID. The caller needs the permissions use, delete, and grant for the + * source namespace. + * @param destination - The new designation for the key may be specified by Domain.APP or + * Domain.SELINUX. The caller need the permission rebind for the destination + * namespace. + * + * @return * 0 on success + * * KEY_NOT_FOUND if the source did not exists. + * * PERMISSION_DENIED if any of the required permissions was missing. + * * INVALID_ARGUMENT if the destination was occupied or any domain value other than + * the allowed once were specified. + * * SYSTEM_ERROR if an unexpected error occurred. + */ + public static int migrateKeyNamespace(KeyDescriptor source, KeyDescriptor destination) { + try { + getService().migrateKeyNamespace(source, destination); + return 0; + } catch (ServiceSpecificException e) { + Log.e(TAG, "migrateKeyNamespace failed", e); + return e.errorCode; + } catch (Exception e) { + Log.e(TAG, "Can not connect to keystore", e); + return SYSTEM_ERROR; + } + } } |