Add "unlocked device required" keystore API
am: 9371e95bb0
Change-Id: If9dd8570d0b7f6ba1594391be9e5283be9a930db
diff --git a/keystore/Android.bp b/keystore/Android.bp
index 9e882e4..60ac0d5 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -83,7 +83,7 @@
srcs: ["keystore_cli.cpp"],
shared_libs: [
- "android.hardware.keymaster@3.0",
+ "android.hardware.keymaster@4.0",
"libbinder",
"libcrypto",
"libcutils",
@@ -109,7 +109,7 @@
srcs: ["keystore_cli_v2.cpp"],
shared_libs: [
"android.hardware.confirmationui@1.0",
- "android.hardware.keymaster@3.0",
+ "android.hardware.keymaster@4.0",
"libbinder",
"libchrome",
"libutils",
diff --git a/keystore/binder/android/security/IKeystoreService.aidl b/keystore/binder/android/security/IKeystoreService.aidl
index 538dd28..db55062 100644
--- a/keystore/binder/android/security/IKeystoreService.aidl
+++ b/keystore/binder/android/security/IKeystoreService.aidl
@@ -85,4 +85,5 @@
in String locale, in int uiOptionsAsFlags);
int cancelConfirmationPrompt(IBinder listener);
boolean isConfirmationPromptSupported();
+ int onKeyguardVisibilityChanged(in boolean isShowing, in int userId);
}
diff --git a/keystore/include/keystore/keymaster_types.h b/keystore/include/keystore/keymaster_types.h
index 62b43be..bd61294 100644
--- a/keystore/include/keystore/keymaster_types.h
+++ b/keystore/include/keystore/keymaster_types.h
@@ -83,6 +83,7 @@
using keymaster::TAG_RSA_PUBLIC_EXPONENT;
using keymaster::TAG_USAGE_EXPIRE_DATETIME;
using keymaster::TAG_USER_AUTH_TYPE;
+using keymaster::TAG_USER_ID;
using keymaster::TAG_USER_SECURE_ID;
using keymaster::NullOr;
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 620e972..13b3df1 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -2229,4 +2229,11 @@
return error;
}
+Status KeyStoreService::onKeyguardVisibilityChanged(bool /*isShowing*/, int32_t /*userId*/,
+ int32_t* /*aidl_return*/) {
+ // TODO(67752510)
+
+ return Status::ok();
+}
+
} // namespace keystore
diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h
index 70a56ca..8d3f1f2 100644
--- a/keystore/key_store_service.h
+++ b/keystore/key_store_service.h
@@ -177,6 +177,9 @@
int32_t* _aidl_return) override;
::android::binder::Status isConfirmationPromptSupported(bool* _aidl_return) override;
+ ::android::binder::Status onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
+ int32_t* _aidl_return);
+
private:
static const int32_t UID_SELF = -1;
diff --git a/keystore/keymaster_enforcement.cpp b/keystore/keymaster_enforcement.cpp
index d78a5a6..3e8c25c 100644
--- a/keystore/keymaster_enforcement.cpp
+++ b/keystore/keymaster_enforcement.cpp
@@ -282,10 +282,18 @@
}
break;
+ case Tag::USER_ID:
+ // TODO(67752510)
+ break;
+
case Tag::CALLER_NONCE:
caller_nonce_authorized_by_key = true;
break;
+ case Tag::UNLOCKED_DEVICE_REQUIRED:
+ // TODO(67752510)
+ break;
+
/* Tags should never be in key auths. */
case Tag::INVALID:
case Tag::ROOT_OF_TRUST:
diff --git a/keystore/keymaster_enforcement.h b/keystore/keymaster_enforcement.h
index d7b27fc..6e6c54f 100644
--- a/keystore/keymaster_enforcement.h
+++ b/keystore/keymaster_enforcement.h
@@ -142,6 +142,11 @@
*/
virtual bool ValidateTokenSignature(const HardwareAuthToken& token) const = 0;
+ /*
+ * Returns true if the device screen is currently locked for the specified user.
+ */
+ virtual bool is_device_locked(int32_t userId) const = 0;
+
private:
ErrorCode AuthorizeUpdateOrFinish(const AuthorizationSet& auth_set,
const HardwareAuthToken& auth_token, uint64_t op_handle);
diff --git a/keystore/keystore_keymaster_enforcement.h b/keystore/keystore_keymaster_enforcement.h
index 3cdf649..04f974f 100644
--- a/keystore/keystore_keymaster_enforcement.h
+++ b/keystore/keystore_keymaster_enforcement.h
@@ -84,6 +84,15 @@
// signing key. Assume the token is good.
return true;
}
+
+ bool is_device_locked(int32_t /*userId*/) const override {
+ // TODO(67752510)
+ return false;
+ }
+
+ void set_device_locked(bool /*isLocked*/, int32_t /*userId*/) {
+ // TODO(67752510)
+ }
};
} // namespace keystore