diff options
| -rw-r--r-- | api/current.txt | 1 | ||||
| -rw-r--r-- | core/java/android/app/admin/DelegatedAdminReceiver.java | 4 | ||||
| -rw-r--r-- | core/java/android/app/admin/DeviceAdminReceiver.java | 4 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyChain.java | 10 |
4 files changed, 19 insertions, 0 deletions
diff --git a/api/current.txt b/api/current.txt index b4d110e13261..877e243b996e 100644 --- a/api/current.txt +++ b/api/current.txt @@ -40789,6 +40789,7 @@ package android.security { field public static final String EXTRA_KEY_ALIAS = "android.security.extra.KEY_ALIAS"; field public static final String EXTRA_NAME = "name"; field public static final String EXTRA_PKCS12 = "PKCS12"; + field public static final String KEY_ALIAS_SELECTION_DENIED = "alias-selection-denied-ef829e15-210a-409d-96c9-ee684fc41972"; } public interface KeyChainAliasCallback { diff --git a/core/java/android/app/admin/DelegatedAdminReceiver.java b/core/java/android/app/admin/DelegatedAdminReceiver.java index f66de8d238ed..25b8eab452bf 100644 --- a/core/java/android/app/admin/DelegatedAdminReceiver.java +++ b/core/java/android/app/admin/DelegatedAdminReceiver.java @@ -63,6 +63,10 @@ public class DelegatedAdminReceiver extends BroadcastReceiver { * Allows this receiver to select the alias for a private key and certificate pair for * authentication. If this method returns null, the default {@link android.app.Activity} will * be shown that lets the user pick a private key and certificate pair. + * If this method returns {@link KeyChain#KEY_ALIAS_SELECTION_DENIED}, + * the default {@link android.app.Activity} will not be shown and the user will not be allowed + * to pick anything. And the app, that called {@link KeyChain#choosePrivateKeyAlias}, will + * receive {@code null} back. * * <p> This callback is only applicable if the delegated app has * {@link DevicePolicyManager#DELEGATION_CERT_SELECTION} capability. Additionally, it must diff --git a/core/java/android/app/admin/DeviceAdminReceiver.java b/core/java/android/app/admin/DeviceAdminReceiver.java index 0c500da0294a..d175a66e90ea 100644 --- a/core/java/android/app/admin/DeviceAdminReceiver.java +++ b/core/java/android/app/admin/DeviceAdminReceiver.java @@ -791,6 +791,10 @@ public class DeviceAdminReceiver extends BroadcastReceiver { * Allows this receiver to select the alias for a private key and certificate pair for * authentication. If this method returns null, the default {@link android.app.Activity} will be * shown that lets the user pick a private key and certificate pair. + * If this method returns {@link KeyChain#KEY_ALIAS_SELECTION_DENIED}, + * the default {@link android.app.Activity} will not be shown and the user will not be allowed + * to pick anything. And the app, that called {@link KeyChain#choosePrivateKeyAlias}, will + * receive {@code null} back. * * @param context The running context as per {@link #onReceive}. * @param intent The received intent as per {@link #onReceive}. diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 1829d2f406b4..bf2363481f73 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -343,6 +343,16 @@ public final class KeyChain { public static final int KEY_ATTESTATION_FAILURE = 4; /** + * Used by DPC or delegated app in + * {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias} or + * {@link android.app.admin.DelegatedAdminReceiver#onChoosePrivateKeyAlias} to identify that + * the requesting app is not granted access to any key, and nor will the user be able to grant + * access manually. + */ + public static final String KEY_ALIAS_SELECTION_DENIED = + "alias-selection-denied-ef829e15-210a-409d-96c9-ee684fc41972"; + + /** * Returns an {@code Intent} that can be used for credential * installation. The intent may be used without any extras, in * which case the user will be able to install credentials from |