1 /** 2 * Copyright (c) 2018, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.keystore; 18 19 import android.security.keymaster.KeymasterArguments; 20 import android.security.keymaster.KeymasterBlob; 21 import android.security.keymaster.OperationResult; 22 import android.security.keystore.ICredstoreTokenCallback; 23 import android.security.keystore.IKeystoreResponseCallback; 24 import android.security.keystore.IKeystoreKeyCharacteristicsCallback; 25 import android.security.keystore.IKeystoreExportKeyCallback; 26 import android.security.keystore.IKeystoreOperationResultCallback; 27 import android.security.keystore.IKeystoreCertificateChainCallback; 28 29 /** 30 * @hide 31 */ 32 interface IKeystoreService { 33 @UnsupportedAppUsage getState(int userId)34 int getState(int userId); 35 @UnsupportedAppUsage get(String name, int uid)36 byte[] get(String name, int uid); 37 @UnsupportedAppUsage insert(String name, in byte[] item, int uid, int flags)38 int insert(String name, in byte[] item, int uid, int flags); 39 @UnsupportedAppUsage del(String name, int uid)40 int del(String name, int uid); 41 @UnsupportedAppUsage exist(String name, int uid)42 int exist(String name, int uid); 43 @UnsupportedAppUsage list(String namePrefix, int uid)44 String[] list(String namePrefix, int uid); onUserPasswordChanged(int userId, String newPassword)45 int onUserPasswordChanged(int userId, String newPassword); lock(int userId)46 int lock(int userId); unlock(int userId, String userPassword)47 int unlock(int userId, String userPassword); isEmpty(int userId)48 int isEmpty(int userId); grant(String name, int granteeUid)49 String grant(String name, int granteeUid); 50 @UnsupportedAppUsage ungrant(String name, int granteeUid)51 int ungrant(String name, int granteeUid); getmtime(String name, int uid)52 long getmtime(String name, int uid); 53 @UnsupportedAppUsage is_hardware_backed(String string)54 int is_hardware_backed(String string); 55 @UnsupportedAppUsage clear_uid(long uid)56 int clear_uid(long uid); 57 addRngEntropy(IKeystoreResponseCallback cb, in byte[] data, int flags)58 int addRngEntropy(IKeystoreResponseCallback cb, in byte[] data, int flags); generateKey(IKeystoreKeyCharacteristicsCallback cb, String alias, in KeymasterArguments arguments, in byte[] entropy, int uid, int flags)59 int generateKey(IKeystoreKeyCharacteristicsCallback cb, String alias, in KeymasterArguments arguments, in byte[] entropy, int uid, 60 int flags); getKeyCharacteristics(IKeystoreKeyCharacteristicsCallback cb, String alias, in KeymasterBlob clientId, in KeymasterBlob appData, int uid)61 int getKeyCharacteristics (IKeystoreKeyCharacteristicsCallback cb, String alias, in KeymasterBlob clientId, in KeymasterBlob appData, 62 int uid); importKey(IKeystoreKeyCharacteristicsCallback cb, String alias, in KeymasterArguments arguments, int format, in byte[] keyData, int uid, int flags)63 int importKey(IKeystoreKeyCharacteristicsCallback cb, String alias, in KeymasterArguments arguments, int format, 64 in byte[] keyData, int uid, int flags); exportKey(IKeystoreExportKeyCallback cb, String alias, int format, in KeymasterBlob clientId, in KeymasterBlob appData, int uid)65 int exportKey(IKeystoreExportKeyCallback cb, String alias, int format, in KeymasterBlob clientId, 66 in KeymasterBlob appData, int uid); begin(in IKeystoreOperationResultCallback cb, IBinder appToken, String alias, int purpose, boolean pruneable, in KeymasterArguments params, in byte[] entropy, int uid)67 int begin(in IKeystoreOperationResultCallback cb, IBinder appToken, String alias, int purpose, boolean pruneable, 68 in KeymasterArguments params, in byte[] entropy, int uid); update(in IKeystoreOperationResultCallback cb, IBinder token, in KeymasterArguments params, in byte[] input)69 int update(in IKeystoreOperationResultCallback cb, IBinder token, in KeymasterArguments params, in byte[] input); finish(in IKeystoreOperationResultCallback cb, IBinder token, in KeymasterArguments params, in byte[] input, in byte[] signature, in byte[] entropy)70 int finish(in IKeystoreOperationResultCallback cb, IBinder token, in KeymasterArguments params, in byte[] input, in byte[] signature, 71 in byte[] entropy); abort(in IKeystoreResponseCallback cb, IBinder token)72 int abort(in IKeystoreResponseCallback cb, IBinder token); addAuthToken(in byte[] authToken)73 int addAuthToken(in byte[] authToken); onUserAdded(int userId, int parentId)74 int onUserAdded(int userId, int parentId); onUserRemoved(int userId)75 int onUserRemoved(int userId); attestKey(in IKeystoreCertificateChainCallback cb, String alias, in KeymasterArguments params)76 int attestKey(in IKeystoreCertificateChainCallback cb, String alias, in KeymasterArguments params); attestDeviceIds(in IKeystoreCertificateChainCallback cb, in KeymasterArguments params)77 int attestDeviceIds(in IKeystoreCertificateChainCallback cb, in KeymasterArguments params); onDeviceOffBody()78 int onDeviceOffBody(); importWrappedKey(in IKeystoreKeyCharacteristicsCallback cb, String wrappedKeyAlias, in byte[] wrappedKey, in String wrappingKeyAlias, in byte[] maskingKey, in KeymasterArguments arguments, in long rootSid, in long fingerprintSid)79 int importWrappedKey(in IKeystoreKeyCharacteristicsCallback cb, String wrappedKeyAlias, in byte[] wrappedKey, 80 in String wrappingKeyAlias, in byte[] maskingKey, in KeymasterArguments arguments, 81 in long rootSid, in long fingerprintSid); presentConfirmationPrompt(IBinder listener, String promptText, in byte[] extraData, in String locale, in int uiOptionsAsFlags)82 int presentConfirmationPrompt(IBinder listener, String promptText, in byte[] extraData, 83 in String locale, in int uiOptionsAsFlags); cancelConfirmationPrompt(IBinder listener)84 int cancelConfirmationPrompt(IBinder listener); isConfirmationPromptSupported()85 boolean isConfirmationPromptSupported(); onKeyguardVisibilityChanged(in boolean isShowing, in int userId)86 int onKeyguardVisibilityChanged(in boolean isShowing, in int userId); listUidsOfAuthBoundKeys(out @tf8InCpp List<String> uids)87 int listUidsOfAuthBoundKeys(out @utf8InCpp List<String> uids); 88 89 // Called by credstore (and only credstore). getTokensForCredstore(in long challenge, in long secureUserId, in int authTokenMaxAgeMillis, in ICredstoreTokenCallback cb)90 void getTokensForCredstore(in long challenge, in long secureUserId, in int authTokenMaxAgeMillis, 91 in ICredstoreTokenCallback cb); 92 } 93