Merge changes from topic "offbody-key-expiration" into main
* changes:
Remove onDeviceOffBody()
Document that setUserAuthenticationValidWhileOnBody() doesn't actually work
diff --git a/keystore/java/android/security/AndroidKeyStoreMaintenance.java b/keystore/java/android/security/AndroidKeyStoreMaintenance.java
index 2430e8d..efbbfc2 100644
--- a/keystore/java/android/security/AndroidKeyStoreMaintenance.java
+++ b/keystore/java/android/security/AndroidKeyStoreMaintenance.java
@@ -175,20 +175,6 @@
}
/**
- * Informs Keystore 2.0 that an off body event was detected.
- */
- public static void onDeviceOffBody() {
- StrictMode.noteDiskWrite();
- try {
- getService().onDeviceOffBody();
- } catch (Exception e) {
- // TODO This fails open. This is not a regression with respect to keystore1 but it
- // should get fixed.
- Log.e(TAG, "Error while reporting device off body event.", e);
- }
- }
-
- /**
* Migrates a key given by the source descriptor to the location designated by the destination
* descriptor.
*
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index bd9abec..f105072 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -56,11 +56,4 @@
return Authorization.addAuthToken(authToken);
}
-
- /**
- * Notify keystore that the device went off-body.
- */
- public void onDeviceOffBody() {
- AndroidKeyStoreMaintenance.onDeviceOffBody();
- }
}
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index 9ba5a81..d359a90 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -1670,16 +1670,16 @@
* {@link #setUserAuthenticationValidityDurationSeconds} and
* {@link #setUserAuthenticationRequired}). Once the device has been removed from the
* user's body, the key will be considered unauthorized and the user will need to
- * re-authenticate to use it. For keys without an authentication validity period this
- * parameter has no effect.
+ * re-authenticate to use it. If the device does not have an on-body sensor or the key does
+ * not have an authentication validity period, this parameter has no effect.
+ * <p>
+ * Since Android 12 (API level 31), this parameter has no effect even on devices that have
+ * an on-body sensor. A future version of Android may restore enforcement of this parameter.
+ * Meanwhile, it is recommended to not use it.
*
- * <p>Similarly, on devices that do not have an on-body sensor, this parameter will have no
- * effect; the device will always be considered to be "on-body" and the key will therefore
- * remain authorized until the validity period ends.
- *
- * @param remainsValid if {@code true}, and if the device supports on-body detection, key
- * will be invalidated when the device is removed from the user's body or when the
- * authentication validity expires, whichever occurs first.
+ * @param remainsValid if {@code true}, and if the device supports enforcement of this
+ * parameter, the key will be invalidated when the device is removed from the user's body or
+ * when the authentication validity expires, whichever occurs first.
*/
@NonNull
public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) {
diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java
index 9b455f0..8e5ac45 100644
--- a/keystore/java/android/security/keystore/KeyProtection.java
+++ b/keystore/java/android/security/keystore/KeyProtection.java
@@ -1037,16 +1037,16 @@
* {@link #setUserAuthenticationValidityDurationSeconds} and
* {@link #setUserAuthenticationRequired}). Once the device has been removed from the
* user's body, the key will be considered unauthorized and the user will need to
- * re-authenticate to use it. For keys without an authentication validity period this
- * parameter has no effect.
+ * re-authenticate to use it. If the device does not have an on-body sensor or the key does
+ * not have an authentication validity period, this parameter has no effect.
+ * <p>
+ * Since Android 12 (API level 31), this parameter has no effect even on devices that have
+ * an on-body sensor. A future version of Android may restore enforcement of this parameter.
+ * Meanwhile, it is recommended to not use it.
*
- * <p>Similarly, on devices that do not have an on-body sensor, this parameter will have no
- * effect; the device will always be considered to be "on-body" and the key will therefore
- * remain authorized until the validity period ends.
- *
- * @param remainsValid if {@code true}, and if the device supports on-body detection, key
- * will be invalidated when the device is removed from the user's body or when the
- * authentication validity expires, whichever occurs first.
+ * @param remainsValid if {@code true}, and if the device supports enforcement of this
+ * parameter, the key will be invalidated when the device is removed from the user's body or
+ * when the authentication validity expires, whichever occurs first.
*/
@NonNull
public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) {