diff options
Diffstat (limited to 'android/security/keystore/recovery/RecoveryController.java')
-rw-r--r-- | android/security/keystore/recovery/RecoveryController.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/android/security/keystore/recovery/RecoveryController.java b/android/security/keystore/recovery/RecoveryController.java index 281822a3..b84843bf 100644 --- a/android/security/keystore/recovery/RecoveryController.java +++ b/android/security/keystore/recovery/RecoveryController.java @@ -20,6 +20,7 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.RequiresPermission; import android.annotation.SystemApi; +import android.app.KeyguardManager; import android.app.PendingIntent; import android.content.Context; import android.content.pm.PackageManager.NameNotFoundException; @@ -250,6 +251,16 @@ public class RecoveryController { */ public static final int ERROR_INVALID_CERTIFICATE = 28; + + /** + * Failed because the provided certificate contained serial version which is lower that the + * version device is already initialized with. It is not possible to downgrade serial version of + * the provided certificate. + * + * @hide + */ + public static final int ERROR_DOWNGRADE_CERTIFICATE = 29; + private final ILockSettings mBinder; private final KeyStore mKeyStore; @@ -278,6 +289,18 @@ public class RecoveryController { } /** + * Checks whether the recoverable key store is currently available. + * + * <p>If it returns true, the device must currently be using a screen lock that is supported for + * use with the recoverable key store, i.e. AOSP PIN, pattern or password. + */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) + public static boolean isRecoverableKeyStoreEnabled(@NonNull Context context) { + KeyguardManager keyguardManager = context.getSystemService(KeyguardManager.class); + return keyguardManager != null && keyguardManager.isDeviceSecure(); + } + + /** * @deprecated Use {@link #initRecoveryService(String, byte[], byte[])} instead. */ @Deprecated @@ -340,6 +363,10 @@ public class RecoveryController { || e.errorCode == ERROR_INVALID_CERTIFICATE) { throw new CertificateException("Invalid certificate for recovery service", e); } + if (e.errorCode == ERROR_DOWNGRADE_CERTIFICATE) { + throw new CertificateException( + "Downgrading certificate serial version isn't supported.", e); + } throw wrapUnexpectedServiceSpecificException(e); } } |