Add IKeystoreAuthorization AIDL interface with addAuthToken method.
This CL adds only addAuthToken method. Remaining methods will be added
in the upcoming seperate CLs, so that each of them and their
implementations can land independently.
Bug: 159475191
Test: TBD
Change-Id: I094e182757b843ed87f304d992f30b4f5f8d53cc
diff --git a/keystore2/aidl/Android.bp b/keystore2/aidl/Android.bp
index 3b2dff0..00be2b7 100644
--- a/keystore2/aidl/Android.bp
+++ b/keystore2/aidl/Android.bp
@@ -28,3 +28,22 @@
},
},
}
+
+aidl_interface {
+ name: "android.security.authorizations",
+ srcs: [ "android/security/authorizations/*.aidl" ],
+ imports: [ "android.hardware.security.keymint" ],
+ unstable: true,
+ backend: {
+ java: {
+ sdk_version: "module_current",
+ },
+ rust: {
+ enabled: true,
+ },
+ ndk: {
+ enabled: true,
+ }
+ },
+}
+
diff --git a/keystore2/aidl/android/security/authorizations/IKeystoreAuthorization.aidl b/keystore2/aidl/android/security/authorizations/IKeystoreAuthorization.aidl
new file mode 100644
index 0000000..d3e80ee
--- /dev/null
+++ b/keystore2/aidl/android/security/authorizations/IKeystoreAuthorization.aidl
@@ -0,0 +1,35 @@
+// Copyright 2020, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package android.security.authorizations;
+
+import android.hardware.security.keymint.HardwareAuthToken;
+
+/**
+* IKeystoreAuthorization interface exposes the methods for other system components to
+* provide keystore with the information required to enforce authorizations on key usage.
+*/
+interface IKeystoreAuthorization {
+
+ /**
+ * Allows the Android authenticators to hand over an auth token to Keystore.
+ * Callers require 'AddAuth' permission.
+ * ## Error conditions:
+ * `ResponseCode::SYSTEM_ERROR` - if failed to store the auth token in the database or if failed
+ * to add the auth token to the operation, if it is a per-op auth token.
+ *
+ * @param authToken The auth token created by an authenticator, upon user authentication.
+ */
+ void addAuthToken(in HardwareAuthToken authToken);
+}