diff options
author | Eran Messeri <eranm@google.com> | 2023-03-27 11:08:23 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-03-27 11:08:23 +0000 |
commit | e8e401c138693e91a1d925c8ccaf07d8cc2ab21e (patch) | |
tree | 51490ff70e06e8672d7ea3429d70e4d0b34783fd | |
parent | e12c57863e526c0565f6e3bc3163cce02e124dc2 (diff) | |
parent | 40501aee18c2898add076bd9369fc204dfa896f1 (diff) | |
download | interfaces-e8e401c138693e91a1d925c8ccaf07d8cc2ab21e.tar.gz |
Merge "Keystore2: Batching listing of key entries" am: 5132673854 am: 40501aee18
Original change: https://android-review.googlesource.com/c/platform/system/hardware/interfaces/+/2411781
Change-Id: I7ded5d404e207b2e9aee973c8117bddc4908a165
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl | 5 | ||||
-rw-r--r-- | keystore2/aidl/android/system/keystore2/IKeystoreService.aidl | 58 |
2 files changed, 63 insertions, 0 deletions
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl index 5ed5d37..d2f03cf 100644 --- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl +++ b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl @@ -38,8 +38,13 @@ interface IKeystoreService { android.system.keystore2.IKeystoreSecurityLevel getSecurityLevel(in android.hardware.security.keymint.SecurityLevel securityLevel); android.system.keystore2.KeyEntryResponse getKeyEntry(in android.system.keystore2.KeyDescriptor key); void updateSubcomponent(in android.system.keystore2.KeyDescriptor key, in @nullable byte[] publicCert, in @nullable byte[] certificateChain); + /** + * @deprecated use listEntriesBatched instead. + */ android.system.keystore2.KeyDescriptor[] listEntries(in android.system.keystore2.Domain domain, in long nspace); void deleteKey(in android.system.keystore2.KeyDescriptor key); android.system.keystore2.KeyDescriptor grant(in android.system.keystore2.KeyDescriptor key, in int granteeUid, in int accessVector); void ungrant(in android.system.keystore2.KeyDescriptor key, in int granteeUid); + int getNumberOfEntries(in android.system.keystore2.Domain domain, in long nspace); + android.system.keystore2.KeyDescriptor[] listEntriesBatched(in android.system.keystore2.Domain domain, in long nspace, in @nullable String startingPastAlias); } diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl index fd5f162..9beac0a 100644 --- a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl +++ b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl @@ -110,6 +110,9 @@ interface IKeystoreService { /** * List all entries accessible by the caller in the given `domain` and `nspace`. + * If the number of entries accessible by the caller is greater than could fit in one Binder + * transaction, a truncated list may be returned. Use `listEntriesBatched` in this case to + * list all entries in batches. * * Callers must have the `GET_INFO` permission for the requested namespace to list all the * entries. @@ -130,6 +133,7 @@ interface IKeystoreService { * Note: `namespace` is a keyword in C++, the underscore disambiguates. * * @return List of KeyDescriptors. + * @deprecated use listEntriesBatched instead. */ KeyDescriptor[] listEntries(in Domain domain, in long nspace); @@ -188,4 +192,58 @@ interface IKeystoreService { * for the designated key. */ void ungrant(in KeyDescriptor key, in int granteeUid); + + /** + * Get the number of entries accessible to the caller in the given `domain` and `nspace`. + * + * Callers must have the `GET_INFO` permission for the requested namespace determine the number + * of entries. + * + * ## Error conditions + * `ResponseCode::INVALID_ARGUMENT` if `domain` is other than `Domain::APP` or `Domain::SELINUX` + * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `GET_INFO` + * For the requested namespace. + * + * @param domain If `Domain::APP` is passed, returns all keys associated with the caller's UID + * and the namespace parameter is ignored. + * If `Domain::SELINUX` is passed, returns all keys associated with the given + * namespace. + * + * @param nspace The SELinux keystore2_key namespace if `domain` is `Domain::SELINUX`, + * ignored otherwise. + * + * @return Number of entries. + */ + int getNumberOfEntries(in Domain domain, in long nspace); + + /** + * List all entries accessible by the caller in the given `domain` and + * `nspace`, starting with the first entry greater than `startingPastAlias`. + * If the number of entries accessible by the caller is greater than could fit in one Binder + * transaction, a truncated list will be returned. + * + * See the `listEntries` variant above for calling permissions and documentation of the + * `domain` and `nspace` parameters. + * + * Notes: + * Consistency: The order of entries returned by this method is stable across calls. + * If entries have been deleted or added to Keystore between calls to + * this method, then some entries may be missing from the combined listing. + * + * Length of returned list: If Keystore estimates that the returned list would exceed + * the Binder transaction size limit, it will return a smaller number of entries than + * are available. Subsequent calls to this method need to be made with different + * starting points. + * + * @param domain See `listEntries` + * + * @param nspace See `listEntries` + * + * @param startingPastAlias Only return aliases lexicographically bigger than this value. + * + * @return List of KeyDescriptors. + */ + KeyDescriptor[] listEntriesBatched(in Domain domain, in long nspace, + in @nullable String startingPastAlias); + } |