summaryrefslogtreecommitdiff
path: root/android/security/keystore/recovery/RecoveryController.java
diff options
context:
space:
mode:
Diffstat (limited to 'android/security/keystore/recovery/RecoveryController.java')
-rw-r--r--android/security/keystore/recovery/RecoveryController.java27
1 files changed, 27 insertions, 0 deletions
diff --git a/android/security/keystore/recovery/RecoveryController.java b/android/security/keystore/recovery/RecoveryController.java
index 281822a3..b84843bf 100644
--- a/android/security/keystore/recovery/RecoveryController.java
+++ b/android/security/keystore/recovery/RecoveryController.java
@@ -20,6 +20,7 @@ import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
+import android.app.KeyguardManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.pm.PackageManager.NameNotFoundException;
@@ -250,6 +251,16 @@ public class RecoveryController {
*/
public static final int ERROR_INVALID_CERTIFICATE = 28;
+
+ /**
+ * Failed because the provided certificate contained serial version which is lower that the
+ * version device is already initialized with. It is not possible to downgrade serial version of
+ * the provided certificate.
+ *
+ * @hide
+ */
+ public static final int ERROR_DOWNGRADE_CERTIFICATE = 29;
+
private final ILockSettings mBinder;
private final KeyStore mKeyStore;
@@ -278,6 +289,18 @@ public class RecoveryController {
}
/**
+ * Checks whether the recoverable key store is currently available.
+ *
+ * <p>If it returns true, the device must currently be using a screen lock that is supported for
+ * use with the recoverable key store, i.e. AOSP PIN, pattern or password.
+ */
+ @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
+ public static boolean isRecoverableKeyStoreEnabled(@NonNull Context context) {
+ KeyguardManager keyguardManager = context.getSystemService(KeyguardManager.class);
+ return keyguardManager != null && keyguardManager.isDeviceSecure();
+ }
+
+ /**
* @deprecated Use {@link #initRecoveryService(String, byte[], byte[])} instead.
*/
@Deprecated
@@ -340,6 +363,10 @@ public class RecoveryController {
|| e.errorCode == ERROR_INVALID_CERTIFICATE) {
throw new CertificateException("Invalid certificate for recovery service", e);
}
+ if (e.errorCode == ERROR_DOWNGRADE_CERTIFICATE) {
+ throw new CertificateException(
+ "Downgrading certificate serial version isn't supported.", e);
+ }
throw wrapUnexpectedServiceSpecificException(e);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 09:14:02 +0000