Snap for 9830776 from 3b4c34c50f528f4870c14f9bd4e51ce44facc117 to udc-release

Change-Id: Iecec70f30c175af3c6fe477e30f608f2083a8858

2 files changed, 63 insertions, 0 deletions

diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
index 5ed5d37..d2f03cf 100644
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
+++ b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
@@ -38,8 +38,13 @@ interface IKeystoreService {
   android.system.keystore2.IKeystoreSecurityLevel getSecurityLevel(in android.hardware.security.keymint.SecurityLevel securityLevel);
   android.system.keystore2.KeyEntryResponse getKeyEntry(in android.system.keystore2.KeyDescriptor key);
   void updateSubcomponent(in android.system.keystore2.KeyDescriptor key, in @nullable byte[] publicCert, in @nullable byte[] certificateChain);
+  /**
+   * @deprecated use listEntriesBatched instead.
+   */
   android.system.keystore2.KeyDescriptor[] listEntries(in android.system.keystore2.Domain domain, in long nspace);
   void deleteKey(in android.system.keystore2.KeyDescriptor key);
   android.system.keystore2.KeyDescriptor grant(in android.system.keystore2.KeyDescriptor key, in int granteeUid, in int accessVector);
   void ungrant(in android.system.keystore2.KeyDescriptor key, in int granteeUid);
+  int getNumberOfEntries(in android.system.keystore2.Domain domain, in long nspace);
+  android.system.keystore2.KeyDescriptor[] listEntriesBatched(in android.system.keystore2.Domain domain, in long nspace, in @nullable String startingPastAlias);
 }
diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
index fd5f162..9beac0a 100644
--- a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
+++ b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
@@ -110,6 +110,9 @@ interface IKeystoreService {
 
     /**
      * List all entries accessible by the caller in the given `domain` and `nspace`.
+     * If the number of entries accessible by the caller is greater than could fit in one Binder
+     * transaction, a truncated list may be returned. Use `listEntriesBatched` in this case to
+     * list all entries in batches.
      *
      * Callers must have the `GET_INFO` permission for the requested namespace to list all the
      * entries.
@@ -130,6 +133,7 @@ interface IKeystoreService {
      * Note: `namespace` is a keyword in C++, the underscore disambiguates.
      *
      * @return List of KeyDescriptors.
+     * @deprecated use listEntriesBatched instead.
      */
     KeyDescriptor[] listEntries(in Domain domain, in long nspace);
 
@@ -188,4 +192,58 @@ interface IKeystoreService {
      *               for the designated key.
      */
     void ungrant(in KeyDescriptor key, in int granteeUid);
+
+    /**
+     * Get the number of entries accessible to the caller in the given `domain` and `nspace`.
+     *
+     * Callers must have the `GET_INFO` permission for the requested namespace determine the number
+     * of entries.
+     *
+     * ## Error conditions
+     * `ResponseCode::INVALID_ARGUMENT` if `domain` is other than `Domain::APP` or `Domain::SELINUX`
+     * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `GET_INFO`
+     *               For the requested namespace.
+     *
+     * @param domain If `Domain::APP` is passed, returns all keys associated with the caller's UID
+     *               and the namespace parameter is ignored.
+     *               If `Domain::SELINUX` is passed, returns all keys associated with the given
+     *               namespace.
+     *
+     * @param nspace The SELinux keystore2_key namespace if `domain` is `Domain::SELINUX`,
+     *               ignored otherwise.
+     *
+     * @return Number of entries.
+     */
+    int getNumberOfEntries(in Domain domain, in long nspace);
+
+    /**
+     * List all entries accessible by the caller in the given `domain` and
+     * `nspace`, starting with the first entry greater than `startingPastAlias`.
+     * If the number of entries accessible by the caller is greater than could fit in one Binder
+     * transaction, a truncated list will be returned.
+     *
+     * See the `listEntries` variant above for calling permissions and documentation of the
+     * `domain` and `nspace` parameters.
+     *
+     * Notes:
+     * Consistency: The order of entries returned by this method is stable across calls.
+     * If entries have been deleted or added to Keystore between calls to
+     * this method, then some entries may be missing from the combined listing.
+     *
+     * Length of returned list: If Keystore estimates that the returned list would exceed
+     * the Binder transaction size limit, it will return a smaller number of entries than
+     * are available. Subsequent calls to this method need to be made with different
+     * starting points.
+     *
+     * @param domain See `listEntries`
+     *
+     * @param nspace See `listEntries`
+     *
+     * @param startingPastAlias Only return aliases lexicographically bigger than this value.
+     *
+     * @return List of KeyDescriptors.
+     */
+    KeyDescriptor[] listEntriesBatched(in Domain domain, in long nspace,
+            in @nullable String startingPastAlias);
+
 }