summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEran Messeri <eranm@google.com>2023-03-27 11:08:23 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2023-03-27 11:08:23 +0000
commite8e401c138693e91a1d925c8ccaf07d8cc2ab21e (patch)
tree51490ff70e06e8672d7ea3429d70e4d0b34783fd
parente12c57863e526c0565f6e3bc3163cce02e124dc2 (diff)
parent40501aee18c2898add076bd9369fc204dfa896f1 (diff)
downloadinterfaces-e8e401c138693e91a1d925c8ccaf07d8cc2ab21e.tar.gz
Merge "Keystore2: Batching listing of key entries" am: 5132673854 am: 40501aee18
Original change: https://android-review.googlesource.com/c/platform/system/hardware/interfaces/+/2411781 Change-Id: I7ded5d404e207b2e9aee973c8117bddc4908a165 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r--keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl5
-rw-r--r--keystore2/aidl/android/system/keystore2/IKeystoreService.aidl58
2 files changed, 63 insertions, 0 deletions
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
index 5ed5d37..d2f03cf 100644
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
+++ b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
@@ -38,8 +38,13 @@ interface IKeystoreService {
android.system.keystore2.IKeystoreSecurityLevel getSecurityLevel(in android.hardware.security.keymint.SecurityLevel securityLevel);
android.system.keystore2.KeyEntryResponse getKeyEntry(in android.system.keystore2.KeyDescriptor key);
void updateSubcomponent(in android.system.keystore2.KeyDescriptor key, in @nullable byte[] publicCert, in @nullable byte[] certificateChain);
+ /**
+ * @deprecated use listEntriesBatched instead.
+ */
android.system.keystore2.KeyDescriptor[] listEntries(in android.system.keystore2.Domain domain, in long nspace);
void deleteKey(in android.system.keystore2.KeyDescriptor key);
android.system.keystore2.KeyDescriptor grant(in android.system.keystore2.KeyDescriptor key, in int granteeUid, in int accessVector);
void ungrant(in android.system.keystore2.KeyDescriptor key, in int granteeUid);
+ int getNumberOfEntries(in android.system.keystore2.Domain domain, in long nspace);
+ android.system.keystore2.KeyDescriptor[] listEntriesBatched(in android.system.keystore2.Domain domain, in long nspace, in @nullable String startingPastAlias);
}
diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
index fd5f162..9beac0a 100644
--- a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
+++ b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
@@ -110,6 +110,9 @@ interface IKeystoreService {
/**
* List all entries accessible by the caller in the given `domain` and `nspace`.
+ * If the number of entries accessible by the caller is greater than could fit in one Binder
+ * transaction, a truncated list may be returned. Use `listEntriesBatched` in this case to
+ * list all entries in batches.
*
* Callers must have the `GET_INFO` permission for the requested namespace to list all the
* entries.
@@ -130,6 +133,7 @@ interface IKeystoreService {
* Note: `namespace` is a keyword in C++, the underscore disambiguates.
*
* @return List of KeyDescriptors.
+ * @deprecated use listEntriesBatched instead.
*/
KeyDescriptor[] listEntries(in Domain domain, in long nspace);
@@ -188,4 +192,58 @@ interface IKeystoreService {
* for the designated key.
*/
void ungrant(in KeyDescriptor key, in int granteeUid);
+
+ /**
+ * Get the number of entries accessible to the caller in the given `domain` and `nspace`.
+ *
+ * Callers must have the `GET_INFO` permission for the requested namespace determine the number
+ * of entries.
+ *
+ * ## Error conditions
+ * `ResponseCode::INVALID_ARGUMENT` if `domain` is other than `Domain::APP` or `Domain::SELINUX`
+ * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `GET_INFO`
+ * For the requested namespace.
+ *
+ * @param domain If `Domain::APP` is passed, returns all keys associated with the caller's UID
+ * and the namespace parameter is ignored.
+ * If `Domain::SELINUX` is passed, returns all keys associated with the given
+ * namespace.
+ *
+ * @param nspace The SELinux keystore2_key namespace if `domain` is `Domain::SELINUX`,
+ * ignored otherwise.
+ *
+ * @return Number of entries.
+ */
+ int getNumberOfEntries(in Domain domain, in long nspace);
+
+ /**
+ * List all entries accessible by the caller in the given `domain` and
+ * `nspace`, starting with the first entry greater than `startingPastAlias`.
+ * If the number of entries accessible by the caller is greater than could fit in one Binder
+ * transaction, a truncated list will be returned.
+ *
+ * See the `listEntries` variant above for calling permissions and documentation of the
+ * `domain` and `nspace` parameters.
+ *
+ * Notes:
+ * Consistency: The order of entries returned by this method is stable across calls.
+ * If entries have been deleted or added to Keystore between calls to
+ * this method, then some entries may be missing from the combined listing.
+ *
+ * Length of returned list: If Keystore estimates that the returned list would exceed
+ * the Binder transaction size limit, it will return a smaller number of entries than
+ * are available. Subsequent calls to this method need to be made with different
+ * starting points.
+ *
+ * @param domain See `listEntries`
+ *
+ * @param nspace See `listEntries`
+ *
+ * @param startingPastAlias Only return aliases lexicographically bigger than this value.
+ *
+ * @return List of KeyDescriptors.
+ */
+ KeyDescriptor[] listEntriesBatched(in Domain domain, in long nspace,
+ in @nullable String startingPastAlias);
+
}