diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-03-28 01:36:43 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-03-28 01:36:43 +0000 |
commit | 592caf5adc2d3af8ab684fa247b74788a9c66c62 (patch) | |
tree | b4b83e1ab12746a911ab465ccf0a6685a4f75a6a | |
parent | 5760728eb16edd4292ca943f29318ff5904375fb (diff) | |
parent | 3b4c34c50f528f4870c14f9bd4e51ce44facc117 (diff) | |
download | interfaces-592caf5adc2d3af8ab684fa247b74788a9c66c62.tar.gz |
Snap for 9830776 from 3b4c34c50f528f4870c14f9bd4e51ce44facc117 to udc-release
Change-Id: Iecec70f30c175af3c6fe477e30f608f2083a8858
-rw-r--r-- | keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl | 5 | ||||
-rw-r--r-- | keystore2/aidl/android/system/keystore2/IKeystoreService.aidl | 58 |
2 files changed, 63 insertions, 0 deletions
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl index 5ed5d37..d2f03cf 100644 --- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl +++ b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl @@ -38,8 +38,13 @@ interface IKeystoreService { android.system.keystore2.IKeystoreSecurityLevel getSecurityLevel(in android.hardware.security.keymint.SecurityLevel securityLevel); android.system.keystore2.KeyEntryResponse getKeyEntry(in android.system.keystore2.KeyDescriptor key); void updateSubcomponent(in android.system.keystore2.KeyDescriptor key, in @nullable byte[] publicCert, in @nullable byte[] certificateChain); + /** + * @deprecated use listEntriesBatched instead. + */ android.system.keystore2.KeyDescriptor[] listEntries(in android.system.keystore2.Domain domain, in long nspace); void deleteKey(in android.system.keystore2.KeyDescriptor key); android.system.keystore2.KeyDescriptor grant(in android.system.keystore2.KeyDescriptor key, in int granteeUid, in int accessVector); void ungrant(in android.system.keystore2.KeyDescriptor key, in int granteeUid); + int getNumberOfEntries(in android.system.keystore2.Domain domain, in long nspace); + android.system.keystore2.KeyDescriptor[] listEntriesBatched(in android.system.keystore2.Domain domain, in long nspace, in @nullable String startingPastAlias); } diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl index fd5f162..9beac0a 100644 --- a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl +++ b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl @@ -110,6 +110,9 @@ interface IKeystoreService { /** * List all entries accessible by the caller in the given `domain` and `nspace`. + * If the number of entries accessible by the caller is greater than could fit in one Binder + * transaction, a truncated list may be returned. Use `listEntriesBatched` in this case to + * list all entries in batches. * * Callers must have the `GET_INFO` permission for the requested namespace to list all the * entries. @@ -130,6 +133,7 @@ interface IKeystoreService { * Note: `namespace` is a keyword in C++, the underscore disambiguates. * * @return List of KeyDescriptors. + * @deprecated use listEntriesBatched instead. */ KeyDescriptor[] listEntries(in Domain domain, in long nspace); @@ -188,4 +192,58 @@ interface IKeystoreService { * for the designated key. */ void ungrant(in KeyDescriptor key, in int granteeUid); + + /** + * Get the number of entries accessible to the caller in the given `domain` and `nspace`. + * + * Callers must have the `GET_INFO` permission for the requested namespace determine the number + * of entries. + * + * ## Error conditions + * `ResponseCode::INVALID_ARGUMENT` if `domain` is other than `Domain::APP` or `Domain::SELINUX` + * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `GET_INFO` + * For the requested namespace. + * + * @param domain If `Domain::APP` is passed, returns all keys associated with the caller's UID + * and the namespace parameter is ignored. + * If `Domain::SELINUX` is passed, returns all keys associated with the given + * namespace. + * + * @param nspace The SELinux keystore2_key namespace if `domain` is `Domain::SELINUX`, + * ignored otherwise. + * + * @return Number of entries. + */ + int getNumberOfEntries(in Domain domain, in long nspace); + + /** + * List all entries accessible by the caller in the given `domain` and + * `nspace`, starting with the first entry greater than `startingPastAlias`. + * If the number of entries accessible by the caller is greater than could fit in one Binder + * transaction, a truncated list will be returned. + * + * See the `listEntries` variant above for calling permissions and documentation of the + * `domain` and `nspace` parameters. + * + * Notes: + * Consistency: The order of entries returned by this method is stable across calls. + * If entries have been deleted or added to Keystore between calls to + * this method, then some entries may be missing from the combined listing. + * + * Length of returned list: If Keystore estimates that the returned list would exceed + * the Binder transaction size limit, it will return a smaller number of entries than + * are available. Subsequent calls to this method need to be made with different + * starting points. + * + * @param domain See `listEntries` + * + * @param nspace See `listEntries` + * + * @param startingPastAlias Only return aliases lexicographically bigger than this value. + * + * @return List of KeyDescriptors. + */ + KeyDescriptor[] listEntriesBatched(in Domain domain, in long nspace, + in @nullable String startingPastAlias); + } |