diff options
| author | Rubin Xu <rubinxu@google.com> | 2021-04-21 17:02:03 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-04-21 17:02:03 +0000 |
| commit | 5c81a3b1b4e00217c9211fd04d4731fa56b5f79a (patch) | |
| tree | 2934d84e8bac2fc6180a750aa72452eed68e396f /keystore/java | |
| parent | 6629f13ec64e0b23d974e966c01cfd8a043e2f70 (diff) | |
| parent | 87a312952cdc07c2f9812f63dd83798e0f2bb5f4 (diff) | |
Merge "Keystore 2.0: Add key migration API." am: d42f1be8eb am: a48b43ec42 am: 87a312952c
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1676925
Change-Id: Id028c5a629cd6a5c58604af4bff12c5779e38911
Diffstat (limited to 'keystore/java')
| -rw-r--r-- | keystore/java/android/security/AndroidKeyStoreMaintenance.java | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/keystore/java/android/security/AndroidKeyStoreMaintenance.java b/keystore/java/android/security/AndroidKeyStoreMaintenance.java index 82639def02de..919a93b8f107 100644 --- a/keystore/java/android/security/AndroidKeyStoreMaintenance.java +++ b/keystore/java/android/security/AndroidKeyStoreMaintenance.java @@ -22,6 +22,7 @@ import android.os.ServiceManager; import android.os.ServiceSpecificException; import android.security.maintenance.IKeystoreMaintenance; import android.system.keystore2.Domain; +import android.system.keystore2.KeyDescriptor; import android.system.keystore2.ResponseCode; import android.util.Log; @@ -33,6 +34,9 @@ public class AndroidKeyStoreMaintenance { private static final String TAG = "AndroidKeyStoreMaintenance"; public static final int SYSTEM_ERROR = ResponseCode.SYSTEM_ERROR; + public static final int INVALID_ARGUMENT = ResponseCode.INVALID_ARGUMENT; + public static final int PERMISSION_DENIED = ResponseCode.PERMISSION_DENIED; + public static final int KEY_NOT_FOUND = ResponseCode.KEY_NOT_FOUND; private static IKeystoreMaintenance getService() { return IKeystoreMaintenance.Stub.asInterface( @@ -148,4 +152,35 @@ public class AndroidKeyStoreMaintenance { Log.e(TAG, "Error while reporting device off body event.", e); } } + + /** + * Migrates a key given by the source descriptor to the location designated by the destination + * descriptor. + * + * @param source - The key to migrate may be specified by Domain.APP, Domain.SELINUX, or + * Domain.KEY_ID. The caller needs the permissions use, delete, and grant for the + * source namespace. + * @param destination - The new designation for the key may be specified by Domain.APP or + * Domain.SELINUX. The caller need the permission rebind for the destination + * namespace. + * + * @return * 0 on success + * * KEY_NOT_FOUND if the source did not exists. + * * PERMISSION_DENIED if any of the required permissions was missing. + * * INVALID_ARGUMENT if the destination was occupied or any domain value other than + * the allowed once were specified. + * * SYSTEM_ERROR if an unexpected error occurred. + */ + public static int migrateKeyNamespace(KeyDescriptor source, KeyDescriptor destination) { + try { + getService().migrateKeyNamespace(source, destination); + return 0; + } catch (ServiceSpecificException e) { + Log.e(TAG, "migrateKeyNamespace failed", e); + return e.errorCode; + } catch (Exception e) { + Log.e(TAG, "Can not connect to keystore", e); + return SYSTEM_ERROR; + } + } } |