Add "unlocked device required" keystore API Add a keymaster parameter for keys that should be inaccessible when the device screen is locked. "Locked" here is a state where the device can be used or accessed without any further trust factor such as a PIN, password, fingerprint, or trusted face or voice. This parameter is added to the Java keystore interface for key creation and import, as well as enums specified by and for the native keystore process. This commit adds the API only, full functionality will be added in a later change. Test: CTS tests in CtsKeystoreTestCases Bug: 67752510 Change-Id: I210fbb635a2c98e3d6208859387a5eb3f10ab976

commit: 947877a55c9adeb7fbbe2d6215735515e4cec9e3 [log] [tgz]
author: Brian Young <bcyoung@google.com> Fri Feb 23 18:03:14 2018 +0000
committer: Brian C. Young <bcyoung@google.com> Wed Mar 14 10:53:54 2018 -0700
tree: 409d4fb0ed275eef5081615b30c815a2afe9f445
parent: eec88d343a1105d4da5c108c49258e2ccc131f4a [diff] [blame]
diff --git a/keystore/keymaster_enforcement.cpp b/keystore/keymaster_enforcement.cpp
index d78a5a6..3e8c25c 100644
--- a/keystore/keymaster_enforcement.cpp
+++ b/keystore/keymaster_enforcement.cpp

@@ -282,10 +282,18 @@
             }
             break;
 
+        case Tag::USER_ID:
+            // TODO(67752510)
+            break;
+
         case Tag::CALLER_NONCE:
             caller_nonce_authorized_by_key = true;
             break;
 
+        case Tag::UNLOCKED_DEVICE_REQUIRED:
+            // TODO(67752510)
+            break;
+
         /* Tags should never be in key auths. */
         case Tag::INVALID:
         case Tag::ROOT_OF_TRUST:
commit	947877a55c9adeb7fbbe2d6215735515e4cec9e3	[log] [tgz]
author	Brian Young <bcyoung@google.com>	Fri Feb 23 18:03:14 2018 +0000
committer	Brian C. Young <bcyoung@google.com>	Wed Mar 14 10:53:54 2018 -0700
tree	409d4fb0ed275eef5081615b30c815a2afe9f445
parent	eec88d343a1105d4da5c108c49258e2ccc131f4a [diff] [blame]