1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.internal.widget; 18 19 import android.app.PendingIntent; 20 import android.app.trust.IStrongAuthTracker; 21 import android.os.Bundle; 22 import android.security.keystore.recovery.WrappedApplicationKey; 23 import android.security.keystore.recovery.KeyChainSnapshot; 24 import android.security.keystore.recovery.KeyChainProtectionParams; 25 import android.security.keystore.recovery.RecoveryCertPath; 26 import com.android.internal.widget.ICheckCredentialProgressCallback; 27 import com.android.internal.widget.IWeakEscrowTokenActivatedListener; 28 import com.android.internal.widget.IWeakEscrowTokenRemovedListener; 29 import com.android.internal.widget.LockscreenCredential; 30 import com.android.internal.widget.VerifyCredentialResponse; 31 32 import java.util.Map; 33 34 /** {@hide} */ 35 interface ILockSettings { 36 @UnsupportedAppUsage setBoolean(in String key, in boolean value, in int userId)37 void setBoolean(in String key, in boolean value, in int userId); 38 @UnsupportedAppUsage setLong(in String key, in long value, in int userId)39 void setLong(in String key, in long value, in int userId); 40 @UnsupportedAppUsage setString(in String key, in String value, in int userId)41 void setString(in String key, in String value, in int userId); 42 @UnsupportedAppUsage getBoolean(in String key, in boolean defaultValue, in int userId)43 boolean getBoolean(in String key, in boolean defaultValue, in int userId); 44 @UnsupportedAppUsage getLong(in String key, in long defaultValue, in int userId)45 long getLong(in String key, in long defaultValue, in int userId); 46 @UnsupportedAppUsage getString(in String key, in String defaultValue, in int userId)47 String getString(in String key, in String defaultValue, in int userId); setLockCredential(in LockscreenCredential credential, in LockscreenCredential savedCredential, int userId)48 boolean setLockCredential(in LockscreenCredential credential, in LockscreenCredential savedCredential, int userId); resetKeyStore(int userId)49 void resetKeyStore(int userId); checkCredential(in LockscreenCredential credential, int userId, in ICheckCredentialProgressCallback progressCallback)50 VerifyCredentialResponse checkCredential(in LockscreenCredential credential, int userId, 51 in ICheckCredentialProgressCallback progressCallback); verifyCredential(in LockscreenCredential credential, int userId, int flags)52 VerifyCredentialResponse verifyCredential(in LockscreenCredential credential, int userId, int flags); verifyTiedProfileChallenge(in LockscreenCredential credential, int userId, int flags)53 VerifyCredentialResponse verifyTiedProfileChallenge(in LockscreenCredential credential, int userId, int flags); verifyGatekeeperPasswordHandle(long gatekeeperPasswordHandle, long challenge, int userId)54 VerifyCredentialResponse verifyGatekeeperPasswordHandle(long gatekeeperPasswordHandle, long challenge, int userId); removeGatekeeperPasswordHandle(long gatekeeperPasswordHandle)55 void removeGatekeeperPasswordHandle(long gatekeeperPasswordHandle); getCredentialType(int userId)56 int getCredentialType(int userId); getHashFactor(in LockscreenCredential currentCredential, int userId)57 byte[] getHashFactor(in LockscreenCredential currentCredential, int userId); setSeparateProfileChallengeEnabled(int userId, boolean enabled, in LockscreenCredential managedUserPassword)58 void setSeparateProfileChallengeEnabled(int userId, boolean enabled, in LockscreenCredential managedUserPassword); getSeparateProfileChallengeEnabled(int userId)59 boolean getSeparateProfileChallengeEnabled(int userId); registerStrongAuthTracker(in IStrongAuthTracker tracker)60 void registerStrongAuthTracker(in IStrongAuthTracker tracker); unregisterStrongAuthTracker(in IStrongAuthTracker tracker)61 void unregisterStrongAuthTracker(in IStrongAuthTracker tracker); requireStrongAuth(int strongAuthReason, int userId)62 void requireStrongAuth(int strongAuthReason, int userId); reportSuccessfulBiometricUnlock(boolean isStrongBiometric, int userId)63 void reportSuccessfulBiometricUnlock(boolean isStrongBiometric, int userId); scheduleNonStrongBiometricIdleTimeout(int userId)64 void scheduleNonStrongBiometricIdleTimeout(int userId); systemReady()65 void systemReady(); userPresent(int userId)66 void userPresent(int userId); getStrongAuthForUser(int userId)67 int getStrongAuthForUser(int userId); hasPendingEscrowToken(int userId)68 boolean hasPendingEscrowToken(int userId); 69 70 // Keystore RecoveryController methods. 71 // {@code ServiceSpecificException} may be thrown to signal an error, which caller can 72 // convert to {@code RecoveryManagerException}. initRecoveryServiceWithSigFile(in String rootCertificateAlias, in byte[] recoveryServiceCertFile, in byte[] recoveryServiceSigFile)73 void initRecoveryServiceWithSigFile(in String rootCertificateAlias, 74 in byte[] recoveryServiceCertFile, in byte[] recoveryServiceSigFile); getKeyChainSnapshot()75 KeyChainSnapshot getKeyChainSnapshot(); generateKey(String alias)76 String generateKey(String alias); generateKeyWithMetadata(String alias, in byte[] metadata)77 String generateKeyWithMetadata(String alias, in byte[] metadata); importKey(String alias, in byte[] keyBytes)78 String importKey(String alias, in byte[] keyBytes); importKeyWithMetadata(String alias, in byte[] keyBytes, in byte[] metadata)79 String importKeyWithMetadata(String alias, in byte[] keyBytes, in byte[] metadata); getKey(String alias)80 String getKey(String alias); removeKey(String alias)81 void removeKey(String alias); setSnapshotCreatedPendingIntent(in PendingIntent intent)82 void setSnapshotCreatedPendingIntent(in PendingIntent intent); setServerParams(in byte[] serverParams)83 void setServerParams(in byte[] serverParams); setRecoveryStatus(in String alias, int status)84 void setRecoveryStatus(in String alias, int status); getRecoveryStatus()85 Map getRecoveryStatus(); setRecoverySecretTypes(in int[] secretTypes)86 void setRecoverySecretTypes(in int[] secretTypes); getRecoverySecretTypes()87 int[] getRecoverySecretTypes(); startRecoverySessionWithCertPath(in String sessionId, in String rootCertificateAlias, in RecoveryCertPath verifierCertPath, in byte[] vaultParams, in byte[] vaultChallenge, in List<KeyChainProtectionParams> secrets)88 byte[] startRecoverySessionWithCertPath(in String sessionId, in String rootCertificateAlias, 89 in RecoveryCertPath verifierCertPath, in byte[] vaultParams, in byte[] vaultChallenge, 90 in List<KeyChainProtectionParams> secrets); recoverKeyChainSnapshot( in String sessionId, in byte[] recoveryKeyBlob, in List<WrappedApplicationKey> applicationKeys)91 Map/*<String, String>*/ recoverKeyChainSnapshot( 92 in String sessionId, 93 in byte[] recoveryKeyBlob, 94 in List<WrappedApplicationKey> applicationKeys); closeSession(in String sessionId)95 void closeSession(in String sessionId); hasSecureLockScreen()96 boolean hasSecureLockScreen(); tryUnlockWithCachedUnifiedChallenge(int userId)97 boolean tryUnlockWithCachedUnifiedChallenge(int userId); removeCachedUnifiedChallenge(int userId)98 void removeCachedUnifiedChallenge(int userId); registerWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener)99 boolean registerWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener); unregisterWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener)100 boolean unregisterWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener); addWeakEscrowToken(in byte[] token, int userId, in IWeakEscrowTokenActivatedListener callback)101 long addWeakEscrowToken(in byte[] token, int userId, in IWeakEscrowTokenActivatedListener callback); removeWeakEscrowToken(long handle, int userId)102 boolean removeWeakEscrowToken(long handle, int userId); isWeakEscrowTokenActive(long handle, int userId)103 boolean isWeakEscrowTokenActive(long handle, int userId); isWeakEscrowTokenValid(long handle, in byte[] token, int userId)104 boolean isWeakEscrowTokenValid(long handle, in byte[] token, int userId); 105 } 106