Merge "Add authorization binder methods"
diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index 6ea9f7e..bdd9e41 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -75,6 +75,7 @@
import android.os.Trace;
import android.os.UserHandle;
import android.provider.Settings;
+import android.security.NetworkSecurityPolicy;
import android.util.AndroidRuntimeException;
import android.util.ArrayMap;
import android.util.DisplayMetrics;
@@ -4435,6 +4436,9 @@
StrictMode.enableDeathOnNetwork();
}
+ NetworkSecurityPolicy.getInstance().setCleartextTrafficPermitted(
+ (data.appInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0);
+
if (data.debugMode != IApplicationThread.DEBUG_OFF) {
// XXX should have option to change the port.
Debug.changeDebugPort(8100);
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index e1a2aa9..05c19db 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -334,6 +334,18 @@
public static final int FLAG_FULL_BACKUP_ONLY = 1<<26;
/**
+ * Value for {@link #flags}: {@code true} if the application may use cleartext network traffic
+ * (e.g., HTTP rather than HTTPS; WebSockets rather than WebSockets Secure; XMPP, IMAP, STMP
+ * without STARTTLS or TLS). If {@code false}, the app declares that it does not intend to use
+ * cleartext network traffic, in which case platform components (e.g., HTTP stacks,
+ * {@code WebView}, {@code MediaPlayer}) will refuse app's requests to use cleartext traffic.
+ * Third-party libraries are encouraged to honor this flag as well.
+ *
+ * @hide
+ */
+ public static final int FLAG_USES_CLEARTEXT_TRAFFIC = 1<<27;
+
+ /**
* Value for {@link #flags}: true if code from this application will need to be
* loaded into other applications' processes. On devices that support multiple
* instruction sets, this implies the code might be loaded into a process that's
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 4d9445d..4952ba1 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -2550,6 +2550,12 @@
}
if (sa.getBoolean(
+ com.android.internal.R.styleable.AndroidManifestApplication_usesCleartextTraffic,
+ true)) {
+ ai.flags |= ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC;
+ }
+
+ if (sa.getBoolean(
com.android.internal.R.styleable.AndroidManifestApplication_supportsRtl,
false /* default is no RTL support*/)) {
ai.flags |= ApplicationInfo.FLAG_SUPPORTS_RTL;
diff --git a/core/java/android/os/Process.java b/core/java/android/os/Process.java
index 4834f97..0de9c70 100644
--- a/core/java/android/os/Process.java
+++ b/core/java/android/os/Process.java
@@ -631,6 +631,9 @@
if ((debugFlags & Zygote.DEBUG_ENABLE_CHECKJNI) != 0) {
argsForZygote.add("--enable-checkjni");
}
+ if ((debugFlags & Zygote.DEBUG_ENABLE_JIT) != 0) {
+ argsForZygote.add("--enable-jit");
+ }
if ((debugFlags & Zygote.DEBUG_ENABLE_ASSERT) != 0) {
argsForZygote.add("--enable-assert");
}
diff --git a/core/java/android/preference/Preference.java b/core/java/android/preference/Preference.java
index 0224c73..d989cd1 100644
--- a/core/java/android/preference/Preference.java
+++ b/core/java/android/preference/Preference.java
@@ -1426,7 +1426,7 @@
protected boolean persistString(String value) {
if (shouldPersist()) {
// Shouldn't store null
- if (value == getPersistedString(null)) {
+ if (TextUtils.equals(value, getPersistedString(null))) {
// It's already there, so the same as persisting
return true;
}
diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl
index ef554bd..579cdbe 100644
--- a/core/java/android/security/IKeystoreService.aidl
+++ b/core/java/android/security/IKeystoreService.aidl
@@ -19,6 +19,7 @@
import android.security.keymaster.ExportResult;
import android.security.keymaster.KeyCharacteristics;
import android.security.keymaster.KeymasterArguments;
+import android.security.keymaster.KeymasterBlob;
import android.security.keymaster.OperationResult;
import android.security.KeystoreArguments;
@@ -59,15 +60,16 @@
// Keymaster 0.4 methods
int addRngEntropy(in byte[] data);
- int generateKey(String alias, in KeymasterArguments arguments, int uid, int flags,
+ int generateKey(String alias, in KeymasterArguments arguments, in byte[] entropy, int uid,
+ int flags, out KeyCharacteristics characteristics);
+ int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appId,
out KeyCharacteristics characteristics);
- int getKeyCharacteristics(String alias, in byte[] clientId,
- in byte[] appId, out KeyCharacteristics characteristics);
int importKey(String alias, in KeymasterArguments arguments, int format,
in byte[] keyData, int uid, int flags, out KeyCharacteristics characteristics);
- ExportResult exportKey(String alias, int format, in byte[] clientId, in byte[] appId);
+ ExportResult exportKey(String alias, int format, in KeymasterBlob clientId,
+ in KeymasterBlob appId);
OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable,
- in KeymasterArguments params, out KeymasterArguments operationParams);
+ in KeymasterArguments params, in byte[] entropy, out KeymasterArguments operationParams);
OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input);
OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature);
int abort(IBinder handle);
diff --git a/core/java/android/security/NetworkSecurityPolicy.java b/core/java/android/security/NetworkSecurityPolicy.java
new file mode 100644
index 0000000..0626bbc
--- /dev/null
+++ b/core/java/android/security/NetworkSecurityPolicy.java
@@ -0,0 +1,77 @@
+/**
+ * Copyright (c) 2015, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+/**
+ * Network security policy.
+ *
+ * <p>Network stacks/components should honor this policy to make it possible to centrally control
+ * the relevant aspects of network security behavior.
+ *
+ * <p>The policy currently consists of a single flag: whether cleartext network traffic is
+ * permitted. See {@link #isCleartextTrafficPermitted()}.
+ *
+ * @hide
+ */
+public class NetworkSecurityPolicy {
+
+ private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();
+
+ private NetworkSecurityPolicy() {}
+
+ /**
+ * Gets the policy for this process.
+ *
+ * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible
+ * through the reference.
+ */
+ public static NetworkSecurityPolicy getInstance() {
+ return INSTANCE;
+ }
+
+ /**
+ * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP --
+ * without TLS or STARTTLS) is permitted for this process.
+ *
+ * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and
+ * FTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use
+ * cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as
+ * well.
+ *
+ * <p>This flag is honored on a best effort basis because it's impossible to prevent all
+ * cleartext traffic from Android applications given the level of access provided to them. For
+ * example, there's no expectation that the {@link java.net.Socket} API will honor this flag
+ * because it cannot determine whether its traffic is in cleartext. However, most network
+ * traffic from applications is handled by higher-level network stacks/components which can
+ * honor this aspect of the policy.
+ */
+ public boolean isCleartextTrafficPermitted() {
+ return libcore.net.NetworkSecurityPolicy.isCleartextTrafficPermitted();
+ }
+
+ /**
+ * Sets whether cleartext network traffic is permitted for this process.
+ *
+ * <p>This method is used by the platform early on in the application's initialization to set
+ * the policy.
+ *
+ * @hide
+ */
+ public void setCleartextTrafficPermitted(boolean permitted) {
+ libcore.net.NetworkSecurityPolicy.setCleartextTrafficPermitted(permitted);
+ }
+}
diff --git a/core/java/android/security/keymaster/KeymasterBlob.aidl b/core/java/android/security/keymaster/KeymasterBlob.aidl
new file mode 100644
index 0000000..8f70f7c
--- /dev/null
+++ b/core/java/android/security/keymaster/KeymasterBlob.aidl
@@ -0,0 +1,20 @@
+/**
+ * Copyright (c) 2015, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.keymaster;
+
+/* @hide */
+parcelable KeymasterBlob;
diff --git a/core/java/android/security/keymaster/KeymasterBlob.java b/core/java/android/security/keymaster/KeymasterBlob.java
new file mode 100644
index 0000000..cb95604
--- /dev/null
+++ b/core/java/android/security/keymaster/KeymasterBlob.java
@@ -0,0 +1,55 @@
+/**
+ * Copyright (c) 2015, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.keymaster;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+/**
+ * @hide
+ */
+public class KeymasterBlob implements Parcelable {
+ public byte[] blob;
+
+ public KeymasterBlob(byte[] blob) {
+ this.blob = blob;
+ }
+ public static final Parcelable.Creator<KeymasterBlob> CREATOR = new
+ Parcelable.Creator<KeymasterBlob>() {
+ public KeymasterBlob createFromParcel(Parcel in) {
+ return new KeymasterBlob(in);
+ }
+
+ public KeymasterBlob[] newArray(int length) {
+ return new KeymasterBlob[length];
+ }
+ };
+
+ protected KeymasterBlob(Parcel in) {
+ blob = in.createByteArray();
+ }
+
+ @Override
+ public int describeContents() {
+ return 0;
+ }
+
+ @Override
+ public void writeToParcel(Parcel out, int flags) {
+ out.writeByteArray(blob);
+ }
+}
diff --git a/core/java/android/security/keymaster/KeymasterBlobArgument.java b/core/java/android/security/keymaster/KeymasterBlobArgument.java
index 27f1153..a9085c4 100644
--- a/core/java/android/security/keymaster/KeymasterBlobArgument.java
+++ b/core/java/android/security/keymaster/KeymasterBlobArgument.java
@@ -27,6 +27,13 @@
public KeymasterBlobArgument(int tag, byte[] blob) {
super(tag);
+ switch (KeymasterDefs.getTagType(tag)) {
+ case KeymasterDefs.KM_BIGNUM:
+ case KeymasterDefs.KM_BYTES:
+ break; // OK.
+ default:
+ throw new IllegalArgumentException("Bad blob tag " + tag);
+ }
this.blob = blob;
}
diff --git a/core/java/android/security/keymaster/KeymasterBooleanArgument.java b/core/java/android/security/keymaster/KeymasterBooleanArgument.java
index 8e17db4..cc04bb6 100644
--- a/core/java/android/security/keymaster/KeymasterBooleanArgument.java
+++ b/core/java/android/security/keymaster/KeymasterBooleanArgument.java
@@ -29,6 +29,12 @@
public KeymasterBooleanArgument(int tag) {
super(tag);
+ switch (KeymasterDefs.getTagType(tag)) {
+ case KeymasterDefs.KM_BOOL:
+ break; // OK.
+ default:
+ throw new IllegalArgumentException("Bad bool tag " + tag);
+ }
}
public KeymasterBooleanArgument(int tag, Parcel in) {
diff --git a/core/java/android/security/keymaster/KeymasterDateArgument.java b/core/java/android/security/keymaster/KeymasterDateArgument.java
index e8f4055..47db6ea 100644
--- a/core/java/android/security/keymaster/KeymasterDateArgument.java
+++ b/core/java/android/security/keymaster/KeymasterDateArgument.java
@@ -29,6 +29,12 @@
public KeymasterDateArgument(int tag, Date date) {
super(tag);
+ switch (KeymasterDefs.getTagType(tag)) {
+ case KeymasterDefs.KM_DATE:
+ break; // OK.
+ default:
+ throw new IllegalArgumentException("Bad date tag " + tag);
+ }
this.date = date;
}
diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java
index 88cad79..c2ebbc6 100644
--- a/core/java/android/security/keymaster/KeymasterDefs.java
+++ b/core/java/android/security/keymaster/KeymasterDefs.java
@@ -16,6 +16,9 @@
package android.security.keymaster;
+import java.util.HashMap;
+import java.util.Map;
+
/**
* Class tracking all the keymaster enum values needed for the binder API to keystore.
* This must be kept in sync with hardware/libhardware/include/hardware/keymaster_defs.h
@@ -37,6 +40,7 @@
public static final int KM_BOOL = 7 << 28;
public static final int KM_BIGNUM = 8 << 28;
public static final int KM_BYTES = 9 << 28;
+ public static final int KM_LONG_REP = 10 << 28;
// Tag values.
public static final int KM_TAG_INVALID = KM_INVALID | 0;
@@ -66,9 +70,10 @@
public static final int KM_TAG_ALL_USERS = KM_BOOL | 500;
public static final int KM_TAG_USER_ID = KM_INT | 501;
- public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 502;
- public static final int KM_TAG_USER_AUTH_ID = KM_INT_REP | 503;
- public static final int KM_TAG_AUTH_TIMEOUT = KM_INT | 504;
+ public static final int KM_TAG_USER_SECURE_ID = KM_LONG_REP | 502;
+ public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503;
+ public static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504;
+ public static final int KM_TAG_AUTH_TIMEOUT = KM_INT | 505;
public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600;
public static final int KM_TAG_APPLICATION_ID = KM_BYTES | 601;
@@ -82,6 +87,7 @@
public static final int KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000;
public static final int KM_TAG_NONCE = KM_BYTES | 1001;
public static final int KM_TAG_CHUNK_LENGTH = KM_INT | 1002;
+ public static final int KM_TAG_AUTH_TOKEN = KM_BYTES | 1003;
// Algorithm values.
public static final int KM_ALGORITHM_RSA = 1;
@@ -221,7 +227,53 @@
public static final int KM_ERROR_VERSION_MISMATCH = -101;
public static final int KM_ERROR_UNKNOWN_ERROR = -1000;
+ public static final Map<Integer, String> sErrorCodeToString = new HashMap<Integer, String>();
+ static {
+ sErrorCodeToString.put(KM_ERROR_OK, "OK");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PURPOSE, "Unsupported purpose");
+ sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PURPOSE, "Incompatible purpose");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_ALGORITHM, "Unsupported algorithm");
+ sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_ALGORITHM, "Incompatible algorithm");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_SIZE, "Unsupported key size");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_BLOCK_MODE, "Unsupported block mode");
+ sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, "Incompatible block mode");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_TAG_LENGTH,
+ "Unsupported authentication tag length");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PADDING_MODE, "Unsupported padding mode");
+ sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PADDING_MODE, "Incompatible padding mode");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_DIGEST, "Unsupported digest");
+ sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_DIGEST, "Incompatible digest");
+ sErrorCodeToString.put(KM_ERROR_INVALID_EXPIRATION_TIME, "Invalid expiration time");
+ sErrorCodeToString.put(KM_ERROR_INVALID_USER_ID, "Invalid user ID");
+ sErrorCodeToString.put(KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT,
+ "Invalid user authorization timeout");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_FORMAT, "Unsupported key format");
+ sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_KEY_FORMAT, "Incompatible key format");
+ sErrorCodeToString.put(KM_ERROR_INVALID_INPUT_LENGTH, "Invalid input length");
+ sErrorCodeToString.put(KM_ERROR_KEY_NOT_YET_VALID, "Key not yet valid");
+ sErrorCodeToString.put(KM_ERROR_KEY_EXPIRED, "Key expired");
+ sErrorCodeToString.put(KM_ERROR_KEY_USER_NOT_AUTHENTICATED, "Key user not authenticated");
+ sErrorCodeToString.put(KM_ERROR_INVALID_OPERATION_HANDLE, "Invalid operation handle");
+ sErrorCodeToString.put(KM_ERROR_VERIFICATION_FAILED, "Signature/MAC verification failed");
+ sErrorCodeToString.put(KM_ERROR_TOO_MANY_OPERATIONS, "Too many operations");
+ sErrorCodeToString.put(KM_ERROR_INVALID_KEY_BLOB, "Invalid key blob");
+ sErrorCodeToString.put(KM_ERROR_INVALID_ARGUMENT, "Invalid argument");
+ sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_TAG, "Unsupported tag");
+ sErrorCodeToString.put(KM_ERROR_INVALID_TAG, "Invalid tag");
+ sErrorCodeToString.put(KM_ERROR_MEMORY_ALLOCATION_FAILED, "Memory allocation failed");
+ sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented");
+ sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error");
+ }
+
public static int getTagType(int tag) {
return tag & (0xF << 28);
}
+
+ public static String getErrorMessage(int errorCode) {
+ String result = sErrorCodeToString.get(errorCode);
+ if (result != null) {
+ return result;
+ }
+ return String.valueOf(errorCode);
+ }
}
diff --git a/core/java/android/security/keymaster/KeymasterIntArgument.java b/core/java/android/security/keymaster/KeymasterIntArgument.java
index 71797ae..94ff87e 100644
--- a/core/java/android/security/keymaster/KeymasterIntArgument.java
+++ b/core/java/android/security/keymaster/KeymasterIntArgument.java
@@ -27,6 +27,15 @@
public KeymasterIntArgument(int tag, int value) {
super(tag);
+ switch (KeymasterDefs.getTagType(tag)) {
+ case KeymasterDefs.KM_INT:
+ case KeymasterDefs.KM_INT_REP:
+ case KeymasterDefs.KM_ENUM:
+ case KeymasterDefs.KM_ENUM_REP:
+ break; // OK.
+ default:
+ throw new IllegalArgumentException("Bad int tag " + tag);
+ }
this.value = value;
}
diff --git a/core/java/android/security/keymaster/KeymasterLongArgument.java b/core/java/android/security/keymaster/KeymasterLongArgument.java
index 781b1ab..d51d7e6 100644
--- a/core/java/android/security/keymaster/KeymasterLongArgument.java
+++ b/core/java/android/security/keymaster/KeymasterLongArgument.java
@@ -27,6 +27,12 @@
public KeymasterLongArgument(int tag, long value) {
super(tag);
+ switch (KeymasterDefs.getTagType(tag)) {
+ case KeymasterDefs.KM_LONG:
+ break; // OK.
+ default:
+ throw new IllegalArgumentException("Bad long tag " + tag);
+ }
this.value = value;
}
diff --git a/core/java/android/service/voice/VoiceInteractionSession.java b/core/java/android/service/voice/VoiceInteractionSession.java
index 749f813..d751266 100644
--- a/core/java/android/service/voice/VoiceInteractionSession.java
+++ b/core/java/android/service/voice/VoiceInteractionSession.java
@@ -436,11 +436,7 @@
Request removeRequest(IBinder reqInterface) {
synchronized (this) {
- Request req = mActiveRequests.get(reqInterface);
- if (req != null) {
- mActiveRequests.remove(req);
- }
- return req;
+ return mActiveRequests.remove(reqInterface);
}
}
diff --git a/core/java/android/text/style/URLSpan.java b/core/java/android/text/style/URLSpan.java
index d29bfb6..0669b6f 100644
--- a/core/java/android/text/style/URLSpan.java
+++ b/core/java/android/text/style/URLSpan.java
@@ -16,6 +16,7 @@
package android.text.style;
+import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
@@ -23,6 +24,7 @@
import android.provider.Browser;
import android.text.ParcelableSpan;
import android.text.TextUtils;
+import android.util.Log;
import android.view.View;
public class URLSpan extends ClickableSpan implements ParcelableSpan {
@@ -59,6 +61,10 @@
Context context = widget.getContext();
Intent intent = new Intent(Intent.ACTION_VIEW, uri);
intent.putExtra(Browser.EXTRA_APPLICATION_ID, context.getPackageName());
- context.startActivity(intent);
+ try {
+ context.startActivity(intent);
+ } catch (ActivityNotFoundException e) {
+ Log.w("URLSpan", "Actvity was not found for intent, " + intent.toString());
+ }
}
}
diff --git a/core/java/android/view/ViewDebug.java b/core/java/android/view/ViewDebug.java
index 50e64c6..a237afd 100644
--- a/core/java/android/view/ViewDebug.java
+++ b/core/java/android/view/ViewDebug.java
@@ -1005,31 +1005,23 @@
return fields;
}
- final ArrayList<Field> declaredFields = new ArrayList();
- klass.getDeclaredFieldsUnchecked(false, declaredFields);
-
- final ArrayList<Field> foundFields = new ArrayList<Field>();
- final int count = declaredFields.size();
- for (int i = 0; i < count; i++) {
- final Field field = declaredFields.get(i);
-
- // Ensure the field type can be resolved.
- try {
- field.getType();
- } catch (NoClassDefFoundError e) {
- continue;
+ try {
+ final Field[] declaredFields = klass.getDeclaredFieldsUnchecked(false);
+ final ArrayList<Field> foundFields = new ArrayList<Field>();
+ for (final Field field : declaredFields) {
+ // Fields which can't be resolved have a null type.
+ if (field.getType() != null && field.isAnnotationPresent(ExportedProperty.class)) {
+ field.setAccessible(true);
+ foundFields.add(field);
+ sAnnotations.put(field, field.getAnnotation(ExportedProperty.class));
+ }
}
-
- if (field.isAnnotationPresent(ExportedProperty.class)) {
- field.setAccessible(true);
- foundFields.add(field);
- sAnnotations.put(field, field.getAnnotation(ExportedProperty.class));
- }
+ fields = foundFields.toArray(new Field[foundFields.size()]);
+ map.put(klass, fields);
+ } catch (NoClassDefFoundError e) {
+ throw new AssertionError(e);
}
- fields = foundFields.toArray(new Field[foundFields.size()]);
- map.put(klass, fields);
-
return fields;
}
@@ -1651,4 +1643,4 @@
}
});
}
-}
\ No newline at end of file
+}
diff --git a/core/java/android/view/inputmethod/InputMethodManager.java b/core/java/android/view/inputmethod/InputMethodManager.java
index 325ffdd..1416e1b 100644
--- a/core/java/android/view/inputmethod/InputMethodManager.java
+++ b/core/java/android/view/inputmethod/InputMethodManager.java
@@ -1993,8 +1993,8 @@
List<Object> info = mService.getShortcutInputMethodsAndSubtypes();
// "info" has imi1, subtype1, subtype2, imi2, subtype2, imi3, subtype3..in the list
ArrayList<InputMethodSubtype> subtypes = null;
- final int N = info.size();
- if (info != null && N > 0) {
+ if (info != null && !info.isEmpty()) {
+ final int N = info.size();
for (int i = 0; i < N; ++i) {
Object o = info.get(i);
if (o instanceof InputMethodInfo) {
diff --git a/core/java/android/widget/Editor.java b/core/java/android/widget/Editor.java
index 936da32..2aaad7a 100644
--- a/core/java/android/widget/Editor.java
+++ b/core/java/android/widget/Editor.java
@@ -3110,7 +3110,7 @@
if (isTopLeftVisible || isBottomRightVisible) {
characterBoundsFlags |= CursorAnchorInfo.FLAG_HAS_VISIBLE_REGION;
}
- if (!isTopLeftVisible || !isTopLeftVisible) {
+ if (!isTopLeftVisible || !isBottomRightVisible) {
characterBoundsFlags |= CursorAnchorInfo.FLAG_HAS_INVISIBLE_REGION;
}
if (isRtl) {
diff --git a/core/java/android/widget/Gallery.java b/core/java/android/widget/Gallery.java
index f7c839f..b4a003a 100644
--- a/core/java/android/widget/Gallery.java
+++ b/core/java/android/widget/Gallery.java
@@ -1210,13 +1210,13 @@
switch (keyCode) {
case KeyEvent.KEYCODE_DPAD_LEFT:
- if (movePrevious()) {
+ if (moveDirection(-1)) {
playSoundEffect(SoundEffectConstants.NAVIGATION_LEFT);
return true;
}
break;
case KeyEvent.KEYCODE_DPAD_RIGHT:
- if (moveNext()) {
+ if (moveDirection(1)) {
playSoundEffect(SoundEffectConstants.NAVIGATION_RIGHT);
return true;
}
@@ -1256,18 +1256,12 @@
return super.onKeyUp(keyCode, event);
}
- boolean movePrevious() {
- if (mItemCount > 0 && mSelectedPosition > 0) {
- scrollToChild(mSelectedPosition - mFirstPosition - 1);
- return true;
- } else {
- return false;
- }
- }
+ boolean moveDirection(int direction) {
+ direction = isLayoutRtl() ? -direction : direction;
+ int targetPosition = mSelectedPosition + direction;
- boolean moveNext() {
- if (mItemCount > 0 && mSelectedPosition < mItemCount - 1) {
- scrollToChild(mSelectedPosition - mFirstPosition + 1);
+ if (mItemCount > 0 && targetPosition >= 0 && targetPosition < mItemCount) {
+ scrollToChild(targetPosition - mFirstPosition);
return true;
} else {
return false;
diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java
index fced092..8674a21 100644
--- a/core/java/com/android/internal/os/Zygote.java
+++ b/core/java/com/android/internal/os/Zygote.java
@@ -34,10 +34,13 @@
public static final int DEBUG_ENABLE_CHECKJNI = 1 << 1;
/** enable Java programming language "assert" statements */
public static final int DEBUG_ENABLE_ASSERT = 1 << 2;
- /** disable the JIT compiler */
+ /** disable the AOT compiler and JIT */
public static final int DEBUG_ENABLE_SAFEMODE = 1 << 3;
/** Enable logging of third-party JNI activity. */
public static final int DEBUG_ENABLE_JNI_LOGGING = 1 << 4;
+ /** enable the JIT compiler */
+ public static final int DEBUG_ENABLE_JIT = 1 << 5;
+
/** No external storage should be mounted. */
public static final int MOUNT_EXTERNAL_NONE = 0;
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
index 9c97cc1..0dc242d 100644
--- a/core/java/com/android/internal/os/ZygoteConnection.java
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
@@ -322,7 +322,7 @@
/**
* From --enable-debugger, --enable-checkjni, --enable-assert,
- * --enable-safemode, and --enable-jni-logging.
+ * --enable-safemode, --enable-jit, and --enable-jni-logging.
*/
int debugFlags;
@@ -432,6 +432,8 @@
debugFlags |= Zygote.DEBUG_ENABLE_SAFEMODE;
} else if (arg.equals("--enable-checkjni")) {
debugFlags |= Zygote.DEBUG_ENABLE_CHECKJNI;
+ } else if (arg.equals("--enable-jit")) {
+ debugFlags |= Zygote.DEBUG_ENABLE_JIT;
} else if (arg.equals("--enable-jni-logging")) {
debugFlags |= Zygote.DEBUG_ENABLE_JNI_LOGGING;
} else if (arg.equals("--enable-assert")) {
diff --git a/core/jni/AndroidRuntime.cpp b/core/jni/AndroidRuntime.cpp
index 516bb65..ce50d96 100644
--- a/core/jni/AndroidRuntime.cpp
+++ b/core/jni/AndroidRuntime.cpp
@@ -648,9 +648,9 @@
/*
* JIT related options.
*/
- parseRuntimeOption("debug.dalvik.vm.usejit", usejitOptsBuf, "-Xusejit:");
- parseRuntimeOption("debug.dalvik.vm.jitcodecachesize", jitcodecachesizeOptsBuf, "-Xjitcodecachesize:");
- parseRuntimeOption("debug.dalvik.vm.jitthreshold", jitthresholdOptsBuf, "-Xjitthreshold:");
+ parseRuntimeOption("dalvik.vm.usejit", usejitOptsBuf, "-Xusejit:");
+ parseRuntimeOption("dalvik.vm.jitcodecachesize", jitcodecachesizeOptsBuf, "-Xjitcodecachesize:");
+ parseRuntimeOption("dalvik.vm.jitthreshold", jitthresholdOptsBuf, "-Xjitthreshold:");
property_get("ro.config.low_ram", propBuf, "");
if (strcmp(propBuf, "true") == 0) {
diff --git a/core/res/res/drawable/pointer_arrow_icon.xml b/core/res/res/drawable/pointer_arrow_icon.xml
index 8f7d658..72af0c1 100644
--- a/core/res/res/drawable/pointer_arrow_icon.xml
+++ b/core/res/res/drawable/pointer_arrow_icon.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<pointer-icon xmlns:android="http://schemas.android.com/apk/res/android"
android:bitmap="@drawable/pointer_arrow"
- android:hotSpotX="6dp"
- android:hotSpotY="6dp" />
+ android:hotSpotX="5dp"
+ android:hotSpotY="5dp" />
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index 0c3fb9a..ea592cf 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -389,6 +389,15 @@
with the same {@link android.R.attr#taskAffinity} as it has. -->
<attr name="allowTaskReparenting" format="boolean" />
+ <!-- Declare that this application may use cleartext traffic (e.g., HTTP rather than HTTPS;
+ WebSockets rather than WebSockets Secure; XMPP, IMAP, STMP without STARTTLS or TLS).
+ Defaults to true. If set to false {@code false}, the app declares that it does not
+ intend to use cleartext network traffic, in which case platform components (e.g.,
+ HTTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse app's requests to use
+ cleartext traffic. Third-party libraries are encouraged to honor this flag as well.
+ @hide -->
+ <attr name="usesCleartextTraffic" format="boolean" />
+
<!-- Declare that code from this application will need to be loaded into other
applications' processes. On devices that support multiple instruction sets,
this implies the code might be loaded into a process that's using any of the devices
@@ -1133,6 +1142,14 @@
"com.google". -->
<attr name="requiredAccountType" format="string"/>
<attr name="isGame" />
+ <!-- Declare that this application may use cleartext traffic (e.g., HTTP rather than HTTPS;
+ WebSockets rather than WebSockets Secure; XMPP, IMAP, STMP without STARTTLS or TLS).
+ Defaults to true. If set to false {@code false}, the app declares that it does not
+ intend to use cleartext network traffic, in which case platform components (e.g.,
+ HTTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse app's requests to use
+ cleartext traffic. Third-party libraries are encouraged to honor this flag as well.
+ @hide -->
+ <attr name="usesCleartextTraffic" />
<attr name="multiArch" />
</declare-styleable>
diff --git a/graphics/java/android/graphics/drawable/VectorDrawable.java b/graphics/java/android/graphics/drawable/VectorDrawable.java
index dd26019..a64f0ce 100644
--- a/graphics/java/android/graphics/drawable/VectorDrawable.java
+++ b/graphics/java/android/graphics/drawable/VectorDrawable.java
@@ -791,7 +791,6 @@
// is no need for deep copying.
private final Path mPath;
private final Path mRenderPath;
- private static final Matrix IDENTITY_MATRIX = new Matrix();
private final Matrix mFinalPathMatrix = new Matrix();
private Paint mStrokePaint;
@@ -932,7 +931,7 @@
public void draw(Canvas canvas, int w, int h, ColorFilter filter) {
// Travese the tree in pre-order to draw.
- drawGroupTree(mRootGroup, IDENTITY_MATRIX, canvas, w, h, filter);
+ drawGroupTree(mRootGroup, Matrix.IDENTITY_MATRIX, canvas, w, h, filter);
}
private void drawPath(VGroup vGroup, VPath vPath, Canvas canvas, int w, int h,
diff --git a/keystore/java/android/security/AndroidKeyPairGenerator.java b/keystore/java/android/security/AndroidKeyPairGenerator.java
index 9d9a173..5fae831 100644
--- a/keystore/java/android/security/AndroidKeyPairGenerator.java
+++ b/keystore/java/android/security/AndroidKeyPairGenerator.java
@@ -136,6 +136,8 @@
throw new IllegalStateException("could not generate key in keystore");
}
+ Credentials.deleteSecretKeyTypeForAlias(mKeyStore, alias);
+
final PrivateKey privKey;
final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
try {
diff --git a/keystore/java/android/security/AndroidKeyStore.java b/keystore/java/android/security/AndroidKeyStore.java
index acbae8f..f3eb317 100644
--- a/keystore/java/android/security/AndroidKeyStore.java
+++ b/keystore/java/android/security/AndroidKeyStore.java
@@ -19,6 +19,9 @@
import com.android.org.conscrypt.OpenSSLEngine;
import com.android.org.conscrypt.OpenSSLKeyHolder;
+import android.security.keymaster.KeyCharacteristics;
+import android.security.keymaster.KeymasterArguments;
+import android.security.keymaster.KeymasterDefs;
import android.util.Log;
import java.io.ByteArrayInputStream;
@@ -31,6 +34,7 @@
import java.security.KeyStore.PrivateKeyEntry;
import java.security.KeyStore.ProtectionParameter;
import java.security.KeyStore;
+import java.security.KeyStore.SecretKeyEntry;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
@@ -50,6 +54,8 @@
import java.util.Iterator;
import java.util.Set;
+import javax.crypto.SecretKey;
+
/**
* A java.security.KeyStore interface for the Android KeyStore. An instance of
* it can be created via the {@link java.security.KeyStore#getInstance(String)
@@ -77,18 +83,72 @@
@Override
public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException,
UnrecoverableKeyException {
- if (!isKeyEntry(alias)) {
- return null;
+ if (isPrivateKeyEntry(alias)) {
+ final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
+ try {
+ return engine.getPrivateKeyById(Credentials.USER_PRIVATE_KEY + alias);
+ } catch (InvalidKeyException e) {
+ UnrecoverableKeyException t = new UnrecoverableKeyException("Can't get key");
+ t.initCause(e);
+ throw t;
+ }
+ } else if (isSecretKeyEntry(alias)) {
+ KeyCharacteristics keyCharacteristics = new KeyCharacteristics();
+ String keyAliasInKeystore = Credentials.USER_SECRET_KEY + alias;
+ int errorCode = mKeyStore.getKeyCharacteristics(
+ keyAliasInKeystore, null, null, keyCharacteristics);
+ if ((errorCode != KeymasterDefs.KM_ERROR_OK)
+ && (errorCode != android.security.KeyStore.NO_ERROR)) {
+ throw new UnrecoverableKeyException("Failed to load information about key."
+ + " Error code: " + errorCode);
+ }
+
+ int keymasterAlgorithm =
+ keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_ALGORITHM, -1);
+ if (keymasterAlgorithm == -1) {
+ keymasterAlgorithm =
+ keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_ALGORITHM, -1);
+ }
+ if (keymasterAlgorithm == -1) {
+ throw new UnrecoverableKeyException("Key algorithm unknown");
+ }
+ @KeyStoreKeyConstraints.AlgorithmEnum int keyAlgorithm;
+ try {
+ keyAlgorithm = KeyStoreKeyConstraints.Algorithm.fromKeymaster(keymasterAlgorithm);
+ } catch (IllegalArgumentException e) {
+ throw (UnrecoverableKeyException)
+ new UnrecoverableKeyException("Unsupported key algorithm").initCause(e);
+ }
+
+ int keymasterDigest =
+ keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_DIGEST, -1);
+ if (keymasterDigest == -1) {
+ keymasterDigest =
+ keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_DIGEST, -1);
+ }
+ @KeyStoreKeyConstraints.DigestEnum Integer digest = null;
+ if (keymasterDigest != -1) {
+ try {
+ digest = KeyStoreKeyConstraints.Digest.fromKeymaster(keymasterDigest);
+ } catch (IllegalArgumentException e) {
+ throw (UnrecoverableKeyException)
+ new UnrecoverableKeyException("Unsupported digest").initCause(e);
+ }
+ }
+
+ String keyAlgorithmString;
+ try {
+ keyAlgorithmString = KeyStoreKeyConstraints.Algorithm.toJCASecretKeyAlgorithm(
+ keyAlgorithm, digest);
+ } catch (IllegalArgumentException e) {
+ throw (UnrecoverableKeyException)
+ new UnrecoverableKeyException("Unsupported secret key type").initCause(e);
+ }
+
+ return new KeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmString);
}
- final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
- try {
- return engine.getPrivateKeyById(Credentials.USER_PRIVATE_KEY + alias);
- } catch (InvalidKeyException e) {
- UnrecoverableKeyException t = new UnrecoverableKeyException("Can't get key");
- t.initCause(e);
- throw t;
- }
+ return null;
}
@Override
@@ -186,6 +246,11 @@
return d;
}
+ d = getModificationDate(Credentials.USER_SECRET_KEY + alias);
+ if (d != null) {
+ return d;
+ }
+
d = getModificationDate(Credentials.USER_CERTIFICATE + alias);
if (d != null) {
return d;
@@ -203,8 +268,10 @@
if (key instanceof PrivateKey) {
setPrivateKeyEntry(alias, (PrivateKey) key, chain, null);
+ } else if (key instanceof SecretKey) {
+ setSecretKeyEntry(alias, (SecretKey) key, null);
} else {
- throw new KeyStoreException("Only PrivateKeys are supported");
+ throw new KeyStoreException("Only PrivateKey and SecretKey are supported");
}
}
@@ -319,6 +386,7 @@
Credentials.deleteAllTypesForAlias(mKeyStore, alias);
} else {
Credentials.deleteCertificateTypesForAlias(mKeyStore, alias);
+ Credentials.deleteSecretKeyTypeForAlias(mKeyStore, alias);
}
final int flags = (params == null) ? 0 : params.getFlags();
@@ -340,6 +408,160 @@
}
}
+ private void setSecretKeyEntry(String entryAlias, SecretKey key, KeyStoreParameter params)
+ throws KeyStoreException {
+ if (key instanceof KeyStoreSecretKey) {
+ // KeyStore-backed secret key. It cannot be duplicated into another entry and cannot
+ // overwrite its own entry.
+ String keyAliasInKeystore = ((KeyStoreSecretKey) key).getAlias();
+ if (keyAliasInKeystore == null) {
+ throw new KeyStoreException("KeyStore-backed secret key does not have an alias");
+ }
+ if (!keyAliasInKeystore.startsWith(Credentials.USER_SECRET_KEY)) {
+ throw new KeyStoreException("KeyStore-backed secret key has invalid alias: "
+ + keyAliasInKeystore);
+ }
+ String keyEntryAlias =
+ keyAliasInKeystore.substring(Credentials.USER_SECRET_KEY.length());
+ if (!entryAlias.equals(keyEntryAlias)) {
+ throw new KeyStoreException("Can only replace KeyStore-backed keys with same"
+ + " alias: " + entryAlias + " != " + keyEntryAlias);
+ }
+ // This is the entry where this key is already stored. No need to do anything.
+ if (params != null) {
+ throw new KeyStoreException("Modifying KeyStore-backed key using protection"
+ + " parameters not supported");
+ }
+ return;
+ }
+
+ if (params == null) {
+ throw new KeyStoreException(
+ "Protection parameters must be specified when importing a symmetric key");
+ }
+
+ // Not a KeyStore-backed secret key -- import its key material into keystore.
+ String keyExportFormat = key.getFormat();
+ if (keyExportFormat == null) {
+ throw new KeyStoreException(
+ "Only secret keys that export their key material are supported");
+ } else if (!"RAW".equals(keyExportFormat)) {
+ throw new KeyStoreException(
+ "Unsupported secret key material export format: " + keyExportFormat);
+ }
+ byte[] keyMaterial = key.getEncoded();
+ if (keyMaterial == null) {
+ throw new KeyStoreException("Key did not export its key material despite supporting"
+ + " RAW format export");
+ }
+
+ String keyAlgorithmString = key.getAlgorithm();
+ @KeyStoreKeyConstraints.AlgorithmEnum int keyAlgorithm;
+ @KeyStoreKeyConstraints.AlgorithmEnum Integer digest;
+ try {
+ keyAlgorithm =
+ KeyStoreKeyConstraints.Algorithm.fromJCASecretKeyAlgorithm(keyAlgorithmString);
+ digest = KeyStoreKeyConstraints.Digest.fromJCASecretKeyAlgorithm(keyAlgorithmString);
+ } catch (IllegalArgumentException e) {
+ throw new KeyStoreException("Unsupported secret key algorithm: " + keyAlgorithmString);
+ }
+
+ if ((params.getAlgorithm() != null) && (params.getAlgorithm() != keyAlgorithm)) {
+ throw new KeyStoreException("Key algorithm mismatch. Key: " + keyAlgorithmString
+ + ", parameter spec: "
+ + KeyStoreKeyConstraints.Algorithm.toString(params.getAlgorithm()));
+ }
+
+ KeymasterArguments args = new KeymasterArguments();
+ args.addInt(KeymasterDefs.KM_TAG_ALGORITHM,
+ KeyStoreKeyConstraints.Algorithm.toKeymaster(keyAlgorithm));
+
+ if (digest != null) {
+ // Digest available from JCA key algorithm
+ if (params.getDigest() != null) {
+ // Digest also specified in parameters -- check that these two match
+ if (digest != params.getDigest()) {
+ throw new KeyStoreException("Key digest mismatch. Key: " + keyAlgorithmString
+ + ", parameter spec: "
+ + KeyStoreKeyConstraints.Digest.toString(params.getDigest()));
+ }
+ }
+ } else {
+ // Digest not available from JCA key algorithm
+ digest = params.getDigest();
+ }
+ if (digest != null) {
+ args.addInt(KeymasterDefs.KM_TAG_DIGEST,
+ KeyStoreKeyConstraints.Digest.toKeymaster(digest));
+ }
+
+ @KeyStoreKeyConstraints.PurposeEnum int purposes = (params.getPurposes() != null)
+ ? params.getPurposes()
+ : (KeyStoreKeyConstraints.Purpose.ENCRYPT
+ | KeyStoreKeyConstraints.Purpose.DECRYPT
+ | KeyStoreKeyConstraints.Purpose.SIGN
+ | KeyStoreKeyConstraints.Purpose.VERIFY);
+ for (int keymasterPurpose :
+ KeyStoreKeyConstraints.Purpose.allToKeymaster(purposes)) {
+ args.addInt(KeymasterDefs.KM_TAG_PURPOSE, keymasterPurpose);
+ }
+ if (params.getBlockMode() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE,
+ KeyStoreKeyConstraints.BlockMode.toKeymaster(params.getBlockMode()));
+ }
+ if (params.getPadding() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_PADDING,
+ KeyStoreKeyConstraints.Padding.toKeymaster(params.getPadding()));
+ }
+ if (params.getMaxUsesPerBoot() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_MAX_USES_PER_BOOT, params.getMaxUsesPerBoot());
+ }
+ if (params.getMinSecondsBetweenOperations() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_MIN_SECONDS_BETWEEN_OPS,
+ params.getMinSecondsBetweenOperations());
+ }
+ if (params.getUserAuthenticators().isEmpty()) {
+ args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
+ } else {
+ // TODO: Pass-in user authenticator IDs once the Keymaster API has stabilized
+// for (int userAuthenticatorId : params.getUserAuthenticators()) {
+// args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_ID, userAuthenticatorId);
+// }
+ }
+ if (params.getUserAuthenticationValidityDurationSeconds() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT,
+ params.getUserAuthenticationValidityDurationSeconds());
+ }
+ if (params.getKeyValidityStart() != null) {
+ args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, params.getKeyValidityStart());
+ }
+ if (params.getKeyValidityForOriginationEnd() != null) {
+ args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
+ params.getKeyValidityForOriginationEnd());
+ }
+ if (params.getKeyValidityForConsumptionEnd() != null) {
+ args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
+ params.getKeyValidityForConsumptionEnd());
+ }
+
+ // TODO: Remove this once keymaster does not require us to specify the size of imported key.
+ args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keyMaterial.length * 8);
+
+ Credentials.deleteAllTypesForAlias(mKeyStore, entryAlias);
+ String keyAliasInKeystore = Credentials.USER_SECRET_KEY + entryAlias;
+ int errorCode = mKeyStore.importKey(
+ keyAliasInKeystore,
+ args,
+ KeymasterDefs.KM_KEY_FORMAT_RAW,
+ keyMaterial,
+ params.getFlags(),
+ new KeyCharacteristics());
+ if (errorCode != android.security.KeyStore.NO_ERROR) {
+ throw new KeyStoreException("Failed to import secret key. Keystore error code: "
+ + errorCode);
+ }
+ }
+
@Override
public void engineSetKeyEntry(String alias, byte[] userKey, Certificate[] chain)
throws KeyStoreException {
@@ -413,6 +635,7 @@
}
return mKeyStore.contains(Credentials.USER_PRIVATE_KEY + alias)
+ || mKeyStore.contains(Credentials.USER_SECRET_KEY + alias)
|| mKeyStore.contains(Credentials.USER_CERTIFICATE + alias)
|| mKeyStore.contains(Credentials.CA_CERTIFICATE + alias);
}
@@ -428,6 +651,10 @@
}
private boolean isKeyEntry(String alias) {
+ return isPrivateKeyEntry(alias) || isSecretKeyEntry(alias);
+ }
+
+ private boolean isPrivateKeyEntry(String alias) {
if (alias == null) {
throw new NullPointerException("alias == null");
}
@@ -435,6 +662,14 @@
return mKeyStore.contains(Credentials.USER_PRIVATE_KEY + alias);
}
+ private boolean isSecretKeyEntry(String alias) {
+ if (alias == null) {
+ throw new NullPointerException("alias == null");
+ }
+
+ return mKeyStore.contains(Credentials.USER_SECRET_KEY + alias);
+ }
+
private boolean isCertificateEntry(String alias) {
if (alias == null) {
throw new NullPointerException("alias == null");
@@ -554,11 +789,14 @@
PrivateKeyEntry prE = (PrivateKeyEntry) entry;
setPrivateKeyEntry(alias, prE.getPrivateKey(), prE.getCertificateChain(),
(KeyStoreParameter) param);
- return;
+ } else if (entry instanceof SecretKeyEntry) {
+ SecretKeyEntry secE = (SecretKeyEntry) entry;
+ setSecretKeyEntry(alias, secE.getSecretKey(), (KeyStoreParameter) param);
+ } else {
+ throw new KeyStoreException(
+ "Entry must be a PrivateKeyEntry, SecretKeyEntry or TrustedCertificateEntry"
+ + "; was " + entry);
}
-
- throw new KeyStoreException(
- "Entry must be a PrivateKeyEntry or TrustedCertificateEntry; was " + entry);
}
}
diff --git a/keystore/java/android/security/AndroidKeyStoreProvider.java b/keystore/java/android/security/AndroidKeyStoreProvider.java
index 9081e92..598bcd8 100644
--- a/keystore/java/android/security/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/AndroidKeyStoreProvider.java
@@ -35,5 +35,9 @@
// java.security.KeyPairGenerator
put("KeyPairGenerator.EC", AndroidKeyPairGenerator.EC.class.getName());
put("KeyPairGenerator.RSA", AndroidKeyPairGenerator.RSA.class.getName());
+
+ // javax.crypto.KeyGenerator
+ put("KeyGenerator.AES", KeyStoreKeyGeneratorSpi.AES.class.getName());
+ put("KeyGenerator.HmacSHA256", KeyStoreKeyGeneratorSpi.HmacSHA256.class.getName());
}
}
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java
index af76d9d..6283e02 100644
--- a/keystore/java/android/security/Credentials.java
+++ b/keystore/java/android/security/Credentials.java
@@ -61,6 +61,9 @@
/** Key prefix for user private keys. */
public static final String USER_PRIVATE_KEY = "USRPKEY_";
+ /** Key prefix for user secret keys. */
+ public static final String USER_SECRET_KEY = "USRSKEY_";
+
/** Key prefix for VPN. */
public static final String VPN = "VPN_";
@@ -218,7 +221,8 @@
* Make sure every type is deleted. There can be all three types, so
* don't use a conditional here.
*/
- return keystore.delKey(Credentials.USER_PRIVATE_KEY + alias)
+ return keystore.delete(Credentials.USER_PRIVATE_KEY + alias)
+ | keystore.delete(Credentials.USER_SECRET_KEY + alias)
| deleteCertificateTypesForAlias(keystore, alias);
}
@@ -235,4 +239,20 @@
return keystore.delete(Credentials.USER_CERTIFICATE + alias)
| keystore.delete(Credentials.CA_CERTIFICATE + alias);
}
+
+ /**
+ * Delete private key for a particular {@code alias}.
+ * Returns {@code true} if an entry was was deleted.
+ */
+ static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias) {
+ return keystore.delete(Credentials.USER_PRIVATE_KEY + alias);
+ }
+
+ /**
+ * Delete secret key for a particular {@code alias}.
+ * Returns {@code true} if an entry was was deleted.
+ */
+ static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) {
+ return keystore.delete(Credentials.USER_SECRET_KEY + alias);
+ }
}
diff --git a/keystore/java/android/security/CryptoOperationException.java b/keystore/java/android/security/CryptoOperationException.java
new file mode 100644
index 0000000..ce64455
--- /dev/null
+++ b/keystore/java/android/security/CryptoOperationException.java
@@ -0,0 +1,45 @@
+package android.security;
+
+/**
+ * Base class for exceptions during cryptographic operations which cannot throw a suitable checked
+ * exception.
+ *
+ * <p>The contract of the majority of crypto primitives/operations (e.g. {@code Cipher} or
+ * {@code Signature}) is that they can throw a checked exception during initialization, but are not
+ * permitted to throw a checked exception during operation. Because crypto operations can fail
+ * for a variety of reasons after initialization, this base class provides type-safety for unchecked
+ * exceptions that may be thrown in those cases.
+ *
+ * @hide
+ */
+public class CryptoOperationException extends RuntimeException {
+
+ /**
+ * Constructs a new {@code CryptoOperationException} without detail message and cause.
+ */
+ public CryptoOperationException() {
+ super();
+ }
+
+ /**
+ * Constructs a new {@code CryptoOperationException} with the provided detail message and no
+ * cause.
+ */
+ public CryptoOperationException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs a new {@code CryptoOperationException} with the provided detail message and cause.
+ */
+ public CryptoOperationException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ /**
+ * Constructs a new {@code CryptoOperationException} with the provided cause.
+ */
+ public CryptoOperationException(Throwable cause) {
+ super(cause);
+ }
+}
diff --git a/keystore/java/android/security/KeyGeneratorSpec.java b/keystore/java/android/security/KeyGeneratorSpec.java
new file mode 100644
index 0000000..6274b70
--- /dev/null
+++ b/keystore/java/android/security/KeyGeneratorSpec.java
@@ -0,0 +1,471 @@
+package android.security;
+
+import android.content.Context;
+import android.text.TextUtils;
+
+import java.security.cert.Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+
+/**
+ * {@link AlgorithmParameterSpec} for initializing a {@code KeyGenerator} that works with
+ * <a href="{@docRoot}training/articles/keystore.html">Android KeyStore facility</a>.
+ *
+ * <p>The Android KeyStore facility is accessed through a {@link KeyGenerator} API
+ * using the {@code AndroidKeyStore} provider. The {@code context} passed in may be used to pop up
+ * some UI to ask the user to unlock or initialize the Android KeyStore facility.
+ *
+ * <p>After generation, the {@code keyStoreAlias} is used with the
+ * {@link java.security.KeyStore#getEntry(String, java.security.KeyStore.ProtectionParameter)}
+ * interface to retrieve the {@link SecretKey} and its associated {@link Certificate} chain.
+ *
+ * @hide
+ */
+public class KeyGeneratorSpec implements AlgorithmParameterSpec {
+
+ private final Context mContext;
+ private final String mKeystoreAlias;
+ private final int mFlags;
+ private final Integer mKeySize;
+ private final Date mKeyValidityStart;
+ private final Date mKeyValidityForOriginationEnd;
+ private final Date mKeyValidityForConsumptionEnd;
+ private final @KeyStoreKeyConstraints.PurposeEnum Integer mPurposes;
+ private final @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
+ private final @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
+ private final Integer mMinSecondsBetweenOperations;
+ private final Integer mMaxUsesPerBoot;
+ private final Set<Integer> mUserAuthenticators;
+ private final Integer mUserAuthenticationValidityDurationSeconds;
+
+ private KeyGeneratorSpec(
+ Context context,
+ String keyStoreAlias,
+ int flags,
+ Integer keySize,
+ Date keyValidityStart,
+ Date keyValidityForOriginationEnd,
+ Date keyValidityForConsumptionEnd,
+ @KeyStoreKeyConstraints.PurposeEnum Integer purposes,
+ @KeyStoreKeyConstraints.PaddingEnum Integer padding,
+ @KeyStoreKeyConstraints.BlockModeEnum Integer blockMode,
+ Integer minSecondsBetweenOperations,
+ Integer maxUsesPerBoot,
+ Set<Integer> userAuthenticators,
+ Integer userAuthenticationValidityDurationSeconds) {
+ if (context == null) {
+ throw new IllegalArgumentException("context == null");
+ } else if (TextUtils.isEmpty(keyStoreAlias)) {
+ throw new IllegalArgumentException("keyStoreAlias must not be empty");
+ } else if ((userAuthenticationValidityDurationSeconds != null)
+ && (userAuthenticationValidityDurationSeconds < 0)) {
+ throw new IllegalArgumentException(
+ "userAuthenticationValidityDurationSeconds must not be negative");
+ }
+
+ mContext = context;
+ mKeystoreAlias = keyStoreAlias;
+ mFlags = flags;
+ mKeySize = keySize;
+ mKeyValidityStart = keyValidityStart;
+ mKeyValidityForOriginationEnd = keyValidityForOriginationEnd;
+ mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;
+ mPurposes = purposes;
+ mPadding = padding;
+ mBlockMode = blockMode;
+ mMinSecondsBetweenOperations = minSecondsBetweenOperations;
+ mMaxUsesPerBoot = maxUsesPerBoot;
+ mUserAuthenticators = (userAuthenticators != null)
+ ? new HashSet<Integer>(userAuthenticators)
+ : Collections.<Integer>emptySet();
+ mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
+ }
+
+ /**
+ * Gets the Android context used for operations with this instance.
+ */
+ public Context getContext() {
+ return mContext;
+ }
+
+ /**
+ * Returns the alias that will be used in the {@code java.security.KeyStore} in conjunction with
+ * the {@code AndroidKeyStore}.
+ */
+ public String getKeystoreAlias() {
+ return mKeystoreAlias;
+ }
+
+ /**
+ * @hide
+ */
+ public int getFlags() {
+ return mFlags;
+ }
+
+ /**
+ * Gets the requested key size or {@code null} if the default size should be used.
+ */
+ public Integer getKeySize() {
+ return mKeySize;
+ }
+
+ /**
+ * Gets the time instant before which the key is not yet valid.
+ *
+ * @return instant or {@code null} if not restricted.
+ */
+ public Date getKeyValidityStart() {
+ return mKeyValidityStart;
+ }
+
+ /**
+ * Gets the time instant after which the key is no long valid for decryption and verification.
+ *
+ * @return instant or {@code null} if not restricted.
+ *
+ * @hide
+ */
+ public Date getKeyValidityForConsumptionEnd() {
+ return mKeyValidityForConsumptionEnd;
+ }
+
+ /**
+ * Gets the time instant after which the key is no long valid for encryption and signing.
+ *
+ * @return instant or {@code null} if not restricted.
+ */
+ public Date getKeyValidityForOriginationEnd() {
+ return mKeyValidityForOriginationEnd;
+ }
+
+ /**
+ * Gets the set of purposes for which the key can be used to the provided set of purposes.
+ *
+ * @return set of purposes or {@code null} if the key can be used for any purpose.
+ */
+ public @KeyStoreKeyConstraints.PurposeEnum Integer getPurposes() {
+ return mPurposes;
+ }
+
+ /**
+ * Gets the padding scheme to which the key is restricted.
+ *
+ * @return padding scheme or {@code null} if the padding scheme is not restricted.
+ */
+ public @KeyStoreKeyConstraints.PaddingEnum Integer getPadding() {
+ return mPadding;
+ }
+
+ /**
+ * Gets the block mode to which the key is restricted when used for encryption or decryption.
+ *
+ * @return block more or {@code null} if block mode is not restricted.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.BlockModeEnum Integer getBlockMode() {
+ return mBlockMode;
+ }
+
+ /**
+ * Gets the minimum number of seconds that must expire since the most recent use of the key
+ * before it can be used again.
+ *
+ * @return number of seconds or {@code null} if there is no restriction on how frequently a key
+ * can be used.
+ *
+ * @hide
+ */
+ public Integer getMinSecondsBetweenOperations() {
+ return mMinSecondsBetweenOperations;
+ }
+
+ /**
+ * Gets the number of times the key can be used without rebooting the device.
+ *
+ * @return maximum number of times or {@code null} if there is no restriction.
+ * @hide
+ */
+ public Integer getMaxUsesPerBoot() {
+ return mMaxUsesPerBoot;
+ }
+
+ /**
+ * Gets the user authenticators which protect access to this key. The key can only be used iff
+ * the user has authenticated to at least one of these user authenticators.
+ *
+ * @return user authenticators or empty set if the key can be used without user authentication.
+ *
+ * @hide
+ */
+ public Set<Integer> getUserAuthenticators() {
+ return new HashSet<Integer>(mUserAuthenticators);
+ }
+
+ /**
+ * Gets the duration of time (seconds) for which this key can be used after the user
+ * successfully authenticates to one of the associated user authenticators.
+ *
+ * @return duration in seconds or {@code null} if not restricted. {@code 0} means authentication
+ * is required for every use of the key.
+ *
+ * @hide
+ */
+ public Integer getUserAuthenticationValidityDurationSeconds() {
+ return mUserAuthenticationValidityDurationSeconds;
+ }
+
+ /**
+ * Returns {@code true} if the key must be encrypted in the {@link java.security.KeyStore}.
+ */
+ public boolean isEncryptionRequired() {
+ return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0;
+ }
+
+ public static class Builder {
+ private final Context mContext;
+ private String mKeystoreAlias;
+ private int mFlags;
+ private Integer mKeySize;
+ private Date mKeyValidityStart;
+ private Date mKeyValidityForOriginationEnd;
+ private Date mKeyValidityForConsumptionEnd;
+ private @KeyStoreKeyConstraints.PurposeEnum Integer mPurposes;
+ private @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
+ private @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
+ private Integer mMinSecondsBetweenOperations;
+ private Integer mMaxUsesPerBoot;
+ private Set<Integer> mUserAuthenticators;
+ private Integer mUserAuthenticationValidityDurationSeconds;
+
+ /**
+ * Creates a new instance of the {@code Builder} with the given {@code context}. The
+ * {@code context} passed in may be used to pop up some UI to ask the user to unlock or
+ * initialize the Android KeyStore facility.
+ */
+ public Builder(Context context) {
+ if (context == null) {
+ throw new NullPointerException("context == null");
+ }
+ mContext = context;
+ }
+
+ /**
+ * Sets the alias to be used to retrieve the key later from a {@link java.security.KeyStore}
+ * instance using the {@code AndroidKeyStore} provider.
+ *
+ * <p>The alias must be provided. There is no default.
+ */
+ public Builder setAlias(String alias) {
+ if (alias == null) {
+ throw new NullPointerException("alias == null");
+ }
+ mKeystoreAlias = alias;
+ return this;
+ }
+
+ /**
+ * Sets the size (in bits) of the key to be generated.
+ *
+ * <p>By default, the key size will be determines based on the key algorithm. For example,
+ * for {@code HmacSHA256}, the key size will default to {@code 256}.
+ */
+ public Builder setKeySize(int keySize) {
+ mKeySize = keySize;
+ return this;
+ }
+
+ /**
+ * Indicates that this key must be encrypted at rest on storage. Note that enabling this
+ * will require that the user enable a strong lock screen (e.g., PIN, password) before
+ * creating or using the generated key is successful.
+ */
+ public Builder setEncryptionRequired(boolean required) {
+ if (required) {
+ mFlags |= KeyStore.FLAG_ENCRYPTED;
+ } else {
+ mFlags &= ~KeyStore.FLAG_ENCRYPTED;
+ }
+ return this;
+ }
+
+ /**
+ * Sets the time instant before which the key is not yet valid.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityStart(Date startDate) {
+ mKeyValidityStart = startDate;
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityStart(Date)
+ * @see #setKeyValidityForConsumptionEnd(Date)
+ * @see #setKeyValidityForOriginationEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityEnd(Date endDate) {
+ setKeyValidityForOriginationEnd(endDate);
+ setKeyValidityForConsumptionEnd(endDate);
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid for encryption and signing.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityForConsumptionEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityForOriginationEnd(Date endDate) {
+ mKeyValidityForOriginationEnd = endDate;
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid for decryption and
+ * verification.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityForOriginationEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityForConsumptionEnd(Date endDate) {
+ mKeyValidityForConsumptionEnd = endDate;
+ return this;
+ }
+
+ /**
+ * Restricts the purposes for which the key can be used to the provided set of purposes.
+ *
+ * <p>By default, the key can be used for encryption, decryption, signing, and verification.
+ *
+ * @hide
+ */
+ public Builder setPurposes(@KeyStoreKeyConstraints.PurposeEnum int purposes) {
+ mPurposes = purposes;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only with the provided padding scheme. Attempts to use
+ * the key with any other padding will be rejected.
+ *
+ * <p>This restriction must be specified for keys which are used for encryption/decryption.
+ *
+ * @hide
+ */
+ public Builder setPadding(@KeyStoreKeyConstraints.PaddingEnum int padding) {
+ mPadding = padding;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only with the provided block mode when encrypting or
+ * decrypting. Attempts to use the key with any other block modes will be rejected.
+ *
+ * <p>This restriction must be specified for keys which are used for encryption/decryption.
+ *
+ * @hide
+ */
+ public Builder setBlockMode(@KeyStoreKeyConstraints.BlockModeEnum int blockMode) {
+ mBlockMode = blockMode;
+ return this;
+ }
+
+ /**
+ * Sets the minimum number of seconds that must expire since the most recent use of the key
+ * before it can be used again.
+ *
+ * <p>By default, there is no restriction on how frequently a key can be used.
+ *
+ * @hide
+ */
+ public Builder setMinSecondsBetweenOperations(int seconds) {
+ mMinSecondsBetweenOperations = seconds;
+ return this;
+ }
+
+ /**
+ * Sets the maximum number of times a key can be used without rebooting the device.
+ *
+ * <p>By default, the key can be used for an unlimited number of times.
+ *
+ * @hide
+ */
+ public Builder setMaxUsesPerBoot(int count) {
+ mMaxUsesPerBoot = count;
+ return this;
+ }
+
+ /**
+ * Sets the user authenticators which protect access to this key. The key can only be used
+ * iff the user has authenticated to at least one of these user authenticators.
+ *
+ * <p>By default, the key can be used without user authentication.
+ *
+ * @param userAuthenticators user authenticators or empty list if this key can be accessed
+ * without user authentication.
+ *
+ * @see #setUserAuthenticationValidityDurationSeconds(int)
+ *
+ * @hide
+ */
+ public Builder setUserAuthenticators(Set<Integer> userAuthenticators) {
+ mUserAuthenticators =
+ (userAuthenticators != null) ? new HashSet<Integer>(userAuthenticators) : null;
+ return this;
+ }
+
+ /**
+ * Sets the duration of time (seconds) for which this key can be used after the user
+ * successfully authenticates to one of the associated user authenticators.
+ *
+ * <p>By default, the user needs to authenticate for every use of the key.
+ *
+ * @param seconds duration in seconds or {@code 0} if the user needs to authenticate for
+ * every use of the key.
+ *
+ * @see #setUserAuthenticators(Set)
+ *
+ * @hide
+ */
+ public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
+ mUserAuthenticationValidityDurationSeconds = seconds;
+ return this;
+ }
+
+ /**
+ * Builds a new instance instance of {@code KeyGeneratorSpec}.
+ *
+ * @throws IllegalArgumentException if a required field is missing or violates a constraint.
+ */
+ public KeyGeneratorSpec build() {
+ return new KeyGeneratorSpec(mContext, mKeystoreAlias, mFlags, mKeySize,
+ mKeyValidityStart, mKeyValidityForOriginationEnd, mKeyValidityForConsumptionEnd,
+ mPurposes, mPadding, mBlockMode, mMinSecondsBetweenOperations, mMaxUsesPerBoot,
+ mUserAuthenticators, mUserAuthenticationValidityDurationSeconds);
+ }
+ }
+}
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 9682b4f..94a479b4 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -25,6 +25,7 @@
import android.security.keymaster.ExportResult;
import android.security.keymaster.KeyCharacteristics;
import android.security.keymaster.KeymasterArguments;
+import android.security.keymaster.KeymasterBlob;
import android.security.keymaster.OperationResult;
import android.util.Log;
@@ -388,22 +389,22 @@
}
}
- public int generateKey(String alias, KeymasterArguments args, int uid, int flags,
- KeyCharacteristics outCharacteristics) {
+ public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int uid,
+ int flags, KeyCharacteristics outCharacteristics) {
try {
- return mBinder.generateKey(alias, args, uid, flags, outCharacteristics);
+ return mBinder.generateKey(alias, args, entropy, uid, flags, outCharacteristics);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return SYSTEM_ERROR;
}
}
- public int generateKey(String alias, KeymasterArguments args, int flags,
+ public int generateKey(String alias, KeymasterArguments args, byte[] entropy, int flags,
KeyCharacteristics outCharacteristics) {
- return generateKey(alias, args, UID_SELF, flags, outCharacteristics);
+ return generateKey(alias, args, entropy, UID_SELF, flags, outCharacteristics);
}
- public int getKeyCharacteristics(String alias, byte[] clientId, byte[] appId,
+ public int getKeyCharacteristics(String alias, KeymasterBlob clientId, KeymasterBlob appId,
KeyCharacteristics outCharacteristics) {
try {
return mBinder.getKeyCharacteristics(alias, clientId, appId, outCharacteristics);
@@ -429,7 +430,8 @@
return importKey(alias, args, format, keyData, UID_SELF, flags, outCharacteristics);
}
- public ExportResult exportKey(String alias, int format, byte[] clientId, byte[] appId) {
+ public ExportResult exportKey(String alias, int format, KeymasterBlob clientId,
+ KeymasterBlob appId) {
try {
return mBinder.exportKey(alias, format, clientId, appId);
} catch (RemoteException e) {
@@ -439,9 +441,9 @@
}
public OperationResult begin(String alias, int purpose, boolean pruneable,
- KeymasterArguments args, KeymasterArguments outArgs) {
+ KeymasterArguments args, byte[] entropy, KeymasterArguments outArgs) {
try {
- return mBinder.begin(getToken(), alias, purpose, pruneable, args, outArgs);
+ return mBinder.begin(getToken(), alias, purpose, pruneable, args, entropy, outArgs);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return null;
diff --git a/keystore/java/android/security/KeyStoreKeyConstraints.java b/keystore/java/android/security/KeyStoreKeyConstraints.java
new file mode 100644
index 0000000..47bb1cc
--- /dev/null
+++ b/keystore/java/android/security/KeyStoreKeyConstraints.java
@@ -0,0 +1,457 @@
+package android.security;
+
+import android.annotation.IntDef;
+import android.security.keymaster.KeymasterDefs;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Locale;
+
+/**
+ * Constraints for {@code AndroidKeyStore} keys.
+ *
+ * @hide
+ */
+public abstract class KeyStoreKeyConstraints {
+ private KeyStoreKeyConstraints() {}
+
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef(flag=true, value={Purpose.ENCRYPT, Purpose.DECRYPT, Purpose.SIGN, Purpose.VERIFY})
+ public @interface PurposeEnum {}
+
+ /**
+ * Purpose of key.
+ */
+ public static abstract class Purpose {
+ private Purpose() {}
+
+ /**
+ * Purpose: encryption.
+ */
+ public static final int ENCRYPT = 1 << 0;
+
+ /**
+ * Purpose: decryption.
+ */
+ public static final int DECRYPT = 1 << 1;
+
+ /**
+ * Purpose: signing.
+ */
+ public static final int SIGN = 1 << 2;
+
+ /**
+ * Purpose: signature verification.
+ */
+ public static final int VERIFY = 1 << 3;
+
+ /**
+ * Number of flags defined above. Needs to be kept in sync with the flags above.
+ */
+ private static final int VALUE_COUNT = 4;
+
+ /**
+ * @hide
+ */
+ public static int toKeymaster(@PurposeEnum int purpose) {
+ switch (purpose) {
+ case ENCRYPT:
+ return KeymasterDefs.KM_PURPOSE_ENCRYPT;
+ case DECRYPT:
+ return KeymasterDefs.KM_PURPOSE_DECRYPT;
+ case SIGN:
+ return KeymasterDefs.KM_PURPOSE_SIGN;
+ case VERIFY:
+ return KeymasterDefs.KM_PURPOSE_VERIFY;
+ default:
+ throw new IllegalArgumentException("Unknown purpose: " + purpose);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static @PurposeEnum int fromKeymaster(int purpose) {
+ switch (purpose) {
+ case KeymasterDefs.KM_PURPOSE_ENCRYPT:
+ return ENCRYPT;
+ case KeymasterDefs.KM_PURPOSE_DECRYPT:
+ return DECRYPT;
+ case KeymasterDefs.KM_PURPOSE_SIGN:
+ return SIGN;
+ case KeymasterDefs.KM_PURPOSE_VERIFY:
+ return VERIFY;
+ default:
+ throw new IllegalArgumentException("Unknown purpose: " + purpose);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static int[] allToKeymaster(int purposes) {
+ int[] result = new int[VALUE_COUNT];
+ int resultCount = 0;
+ int purpose = 1;
+ for (int i = 0; i < 32; i++) {
+ if ((purposes & 1) != 0) {
+ result[resultCount] = toKeymaster(purpose);
+ resultCount++;
+ }
+ purposes >>>= 1;
+ purpose <<= 1;
+ if (purposes == 0) {
+ break;
+ }
+ }
+ return Arrays.copyOf(result, resultCount);
+ }
+
+ /**
+ * @hide
+ */
+ public static @PurposeEnum int allFromKeymaster(Collection<Integer> purposes) {
+ @PurposeEnum int result = 0;
+ for (int keymasterPurpose : purposes) {
+ result |= fromKeymaster(keymasterPurpose);
+ }
+ return result;
+ }
+ }
+
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef({Algorithm.AES, Algorithm.HMAC})
+ public @interface AlgorithmEnum {}
+
+ /**
+ * Key algorithm.
+ */
+ public static abstract class Algorithm {
+ private Algorithm() {}
+
+ /**
+ * Key algorithm: AES.
+ */
+ public static final int AES = 0;
+
+ /**
+ * Key algorithm: HMAC.
+ */
+ public static final int HMAC = 1;
+
+ /**
+ * @hide
+ */
+ public static int toKeymaster(@AlgorithmEnum int algorithm) {
+ switch (algorithm) {
+ case AES:
+ return KeymasterDefs.KM_ALGORITHM_AES;
+ case HMAC:
+ return KeymasterDefs.KM_ALGORITHM_HMAC;
+ default:
+ throw new IllegalArgumentException("Unknown algorithm: " + algorithm);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static @AlgorithmEnum int fromKeymaster(int algorithm) {
+ switch (algorithm) {
+ case KeymasterDefs.KM_ALGORITHM_AES:
+ return AES;
+ case KeymasterDefs.KM_ALGORITHM_HMAC:
+ return HMAC;
+ default:
+ throw new IllegalArgumentException("Unknown algorithm: " + algorithm);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static String toString(@AlgorithmEnum int algorithm) {
+ switch (algorithm) {
+ case AES:
+ return "AES";
+ case HMAC:
+ return "HMAC";
+ default:
+ throw new IllegalArgumentException("Unknown algorithm: " + algorithm);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static @AlgorithmEnum int fromJCASecretKeyAlgorithm(String algorithm) {
+ if (algorithm == null) {
+ throw new NullPointerException("algorithm == null");
+ } else if ("AES".equalsIgnoreCase(algorithm)) {
+ return AES;
+ } else if (algorithm.toLowerCase(Locale.US).startsWith("hmac")) {
+ return HMAC;
+ } else {
+ throw new IllegalArgumentException(
+ "Unsupported secret key algorithm: " + algorithm);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static String toJCASecretKeyAlgorithm(@AlgorithmEnum int algorithm,
+ @DigestEnum Integer digest) {
+ switch (algorithm) {
+ case AES:
+ return "AES";
+ case HMAC:
+ if (digest == null) {
+ throw new IllegalArgumentException("HMAC digest not specified");
+ }
+ switch (digest) {
+ case Digest.SHA256:
+ return "HmacSHA256";
+ default:
+ throw new IllegalArgumentException(
+ "Unsupported HMAC digest: " + digest);
+ }
+ default:
+ throw new IllegalArgumentException("Unsupported key algorithm: " + algorithm);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static String toJCAKeyPairAlgorithm(@AlgorithmEnum int algorithm) {
+ switch (algorithm) {
+ default:
+ throw new IllegalArgumentException("Unsupported key alorithm: " + algorithm);
+ }
+ }
+ }
+
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef({Padding.NONE, Padding.ZERO, Padding.PKCS7})
+ public @interface PaddingEnum {}
+
+ /**
+ * Padding for signing and encryption.
+ */
+ public static abstract class Padding {
+ private Padding() {}
+
+ /**
+ * No padding.
+ */
+ public static final int NONE = 0;
+
+ /**
+ * Pad with zeros.
+ */
+ public static final int ZERO = 1;
+
+ /**
+ * PKCS#7 padding.
+ */
+ public static final int PKCS7 = 2;
+
+ /**
+ * @hide
+ */
+ public static int toKeymaster(int padding) {
+ switch (padding) {
+ case NONE:
+ return KeymasterDefs.KM_PAD_NONE;
+ case ZERO:
+ return KeymasterDefs.KM_PAD_ZERO;
+ case PKCS7:
+ return KeymasterDefs.KM_PAD_PKCS7;
+ default:
+ throw new IllegalArgumentException("Unknown padding: " + padding);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static @PaddingEnum int fromKeymaster(int padding) {
+ switch (padding) {
+ case KeymasterDefs.KM_PAD_NONE:
+ return NONE;
+ case KeymasterDefs.KM_PAD_ZERO:
+ return ZERO;
+ case KeymasterDefs.KM_PAD_PKCS7:
+ return PKCS7;
+ default:
+ throw new IllegalArgumentException("Unknown padding: " + padding);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static String toString(@PaddingEnum int padding) {
+ switch (padding) {
+ case NONE:
+ return "NONE";
+ case ZERO:
+ return "ZERO";
+ case PKCS7:
+ return "PKCS#7";
+ default:
+ throw new IllegalArgumentException("Unknown padding: " + padding);
+ }
+ }
+ }
+
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef({Digest.NONE, Digest.SHA256})
+ public @interface DigestEnum {}
+
+ /**
+ * Digests that can be used with a key when signing or generating Message Authentication
+ * Codes (MACs).
+ */
+ public static abstract class Digest {
+ private Digest() {}
+
+ /**
+ * No digest: sign/authenticate the raw message.
+ */
+ public static final int NONE = 0;
+
+ /**
+ * SHA-256 digest.
+ */
+ public static final int SHA256 = 1;
+
+ /**
+ * @hide
+ */
+ public static String toString(@DigestEnum int digest) {
+ switch (digest) {
+ case NONE:
+ return "NONE";
+ case SHA256:
+ return "SHA256";
+ default:
+ throw new IllegalArgumentException("Unknown digest: " + digest);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static int toKeymaster(@DigestEnum int digest) {
+ switch (digest) {
+ case NONE:
+ return KeymasterDefs.KM_DIGEST_NONE;
+ case SHA256:
+ return KeymasterDefs.KM_DIGEST_SHA_2_256;
+ default:
+ throw new IllegalArgumentException("Unknown digest: " + digest);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static @DigestEnum int fromKeymaster(int digest) {
+ switch (digest) {
+ case KeymasterDefs.KM_DIGEST_NONE:
+ return NONE;
+ case KeymasterDefs.KM_DIGEST_SHA_2_256:
+ return SHA256;
+ default:
+ throw new IllegalArgumentException("Unknown digest: " + digest);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static @DigestEnum Integer fromJCASecretKeyAlgorithm(String algorithm) {
+ String algorithmLower = algorithm.toLowerCase(Locale.US);
+ if (algorithmLower.startsWith("hmac")) {
+ if ("hmacsha256".equals(algorithmLower)) {
+ return SHA256;
+ } else {
+ throw new IllegalArgumentException("Unsupported digest: "
+ + algorithmLower.substring("hmac".length()));
+ }
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static String toJCASignatureAlgorithmDigest(@DigestEnum int digest) {
+ switch (digest) {
+ case NONE:
+ return "NONE";
+ case SHA256:
+ return "SHA256";
+ default:
+ throw new IllegalArgumentException("Unknown digest: " + digest);
+ }
+ }
+ }
+
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef({BlockMode.ECB})
+ public @interface BlockModeEnum {}
+
+ /**
+ * Block modes that can be used when encrypting/decrypting using a key.
+ */
+ public static abstract class BlockMode {
+ private BlockMode() {}
+
+ /**
+ * Electronic Codebook (ECB) block mode.
+ */
+ public static final int ECB = 0;
+
+ /**
+ * @hide
+ */
+ public static int toKeymaster(@BlockModeEnum int mode) {
+ switch (mode) {
+ case ECB:
+ return KeymasterDefs.KM_MODE_ECB;
+ default:
+ throw new IllegalArgumentException("Unknown block mode: " + mode);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static @BlockModeEnum int fromKeymaster(int mode) {
+ switch (mode) {
+ case KeymasterDefs.KM_MODE_ECB:
+ return ECB;
+ default:
+ throw new IllegalArgumentException("Unknown block mode: " + mode);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ public static String toString(@BlockModeEnum int mode) {
+ switch (mode) {
+ case ECB:
+ return "ECB";
+ default:
+ throw new IllegalArgumentException("Unknown block mode: " + mode);
+ }
+ }
+ }
+}
diff --git a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
new file mode 100644
index 0000000..86950dd
--- /dev/null
+++ b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
@@ -0,0 +1,183 @@
+package android.security;
+
+import android.security.keymaster.KeyCharacteristics;
+import android.security.keymaster.KeymasterArguments;
+import android.security.keymaster.KeymasterDefs;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.KeyGeneratorSpi;
+import javax.crypto.SecretKey;
+
+/**
+ * {@link KeyGeneratorSpi} backed by Android KeyStore.
+ *
+ * @hide
+ */
+public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
+
+ public static class AES extends KeyStoreKeyGeneratorSpi {
+ public AES() {
+ super(KeyStoreKeyConstraints.Algorithm.AES, 128);
+ }
+ }
+
+ public static class HmacSHA256 extends KeyStoreKeyGeneratorSpi {
+ public HmacSHA256() {
+ super(KeyStoreKeyConstraints.Algorithm.HMAC,
+ KeyStoreKeyConstraints.Digest.SHA256,
+ 256);
+ }
+ }
+
+ private final KeyStore mKeyStore = KeyStore.getInstance();
+ private final @KeyStoreKeyConstraints.AlgorithmEnum int mAlgorithm;
+ private final @KeyStoreKeyConstraints.AlgorithmEnum Integer mDigest;
+ private final int mDefaultKeySizeBits;
+
+ private KeyGeneratorSpec mSpec;
+ private SecureRandom mRng;
+
+ protected KeyStoreKeyGeneratorSpi(
+ @KeyStoreKeyConstraints.AlgorithmEnum int algorithm,
+ int defaultKeySizeBits) {
+ this(algorithm, null, defaultKeySizeBits);
+ }
+
+ protected KeyStoreKeyGeneratorSpi(
+ @KeyStoreKeyConstraints.AlgorithmEnum int algorithm,
+ @KeyStoreKeyConstraints.DigestEnum Integer digest,
+ int defaultKeySizeBits) {
+ mAlgorithm = algorithm;
+ mDigest = digest;
+ mDefaultKeySizeBits = defaultKeySizeBits;
+ }
+
+ @Override
+ protected SecretKey engineGenerateKey() {
+ KeyGeneratorSpec spec = mSpec;
+ if (spec == null) {
+ throw new IllegalStateException("Not initialized");
+ }
+
+ if ((spec.isEncryptionRequired())
+ && (mKeyStore.state() != KeyStore.State.UNLOCKED)) {
+ throw new IllegalStateException(
+ "Android KeyStore must be in initialized and unlocked state if encryption is"
+ + " required");
+ }
+
+ KeymasterArguments args = new KeymasterArguments();
+ args.addInt(KeymasterDefs.KM_TAG_ALGORITHM,
+ KeyStoreKeyConstraints.Algorithm.toKeymaster(mAlgorithm));
+ if (mDigest != null) {
+ args.addInt(KeymasterDefs.KM_TAG_DIGEST,
+ KeyStoreKeyConstraints.Digest.toKeymaster(mDigest));
+ }
+ int keySizeBits = (spec.getKeySize() != null) ? spec.getKeySize() : mDefaultKeySizeBits;
+ args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keySizeBits);
+ @KeyStoreKeyConstraints.PurposeEnum int purposes = (spec.getPurposes() != null)
+ ? spec.getPurposes()
+ : (KeyStoreKeyConstraints.Purpose.ENCRYPT
+ | KeyStoreKeyConstraints.Purpose.DECRYPT
+ | KeyStoreKeyConstraints.Purpose.SIGN
+ | KeyStoreKeyConstraints.Purpose.VERIFY);
+ for (int keymasterPurpose :
+ KeyStoreKeyConstraints.Purpose.allToKeymaster(purposes)) {
+ args.addInt(KeymasterDefs.KM_TAG_PURPOSE, keymasterPurpose);
+ }
+ if (spec.getBlockMode() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE,
+ KeyStoreKeyConstraints.BlockMode.toKeymaster(spec.getBlockMode()));
+ }
+ if (spec.getPadding() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_PADDING,
+ KeyStoreKeyConstraints.Padding.toKeymaster(spec.getPadding()));
+ }
+ if (spec.getMaxUsesPerBoot() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_MAX_USES_PER_BOOT, spec.getMaxUsesPerBoot());
+ }
+ if (spec.getMinSecondsBetweenOperations() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_MIN_SECONDS_BETWEEN_OPS,
+ spec.getMinSecondsBetweenOperations());
+ }
+ if (spec.getUserAuthenticators().isEmpty()) {
+ args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
+ } else {
+ // TODO: Pass-in user authenticator IDs once the Keymaster API has stabilized
+// for (int userAuthenticatorId : spec.getUserAuthenticators()) {
+// args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_ID, userAuthenticatorId);
+// }
+ }
+ if (spec.getUserAuthenticationValidityDurationSeconds() != null) {
+ args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT,
+ spec.getUserAuthenticationValidityDurationSeconds());
+ }
+ if (spec.getKeyValidityStart() != null) {
+ args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, spec.getKeyValidityStart());
+ }
+ if (spec.getKeyValidityForOriginationEnd() != null) {
+ args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
+ spec.getKeyValidityForOriginationEnd());
+ }
+ if (spec.getKeyValidityForConsumptionEnd() != null) {
+ args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
+ spec.getKeyValidityForConsumptionEnd());
+ }
+
+ if (((purposes & KeyStoreKeyConstraints.Purpose.ENCRYPT) != 0)
+ || ((purposes & KeyStoreKeyConstraints.Purpose.DECRYPT) != 0)) {
+ // Permit caller-specified IV. This is needed due to the Cipher abstraction.
+ args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);
+ }
+
+ byte[] additionalEntropy = null;
+ SecureRandom rng = mRng;
+ if (rng != null) {
+ additionalEntropy = new byte[(keySizeBits + 7) / 8];
+ rng.nextBytes(additionalEntropy);
+ }
+
+ int flags = spec.getFlags();
+ String keyAliasInKeystore = Credentials.USER_SECRET_KEY + spec.getKeystoreAlias();
+ int errorCode = mKeyStore.generateKey(
+ keyAliasInKeystore, args, additionalEntropy, flags, new KeyCharacteristics());
+ if (errorCode != KeyStore.NO_ERROR) {
+ throw new CryptoOperationException("Failed to generate key",
+ KeymasterUtils.getExceptionForKeymasterError(errorCode));
+ }
+ String keyAlgorithmJCA =
+ KeyStoreKeyConstraints.Algorithm.toJCASecretKeyAlgorithm(mAlgorithm, mDigest);
+ return new KeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmJCA);
+ }
+
+ @Override
+ protected void engineInit(SecureRandom random) {
+ throw new UnsupportedOperationException("Cannot initialize without an "
+ + KeyGeneratorSpec.class.getName() + " parameter");
+ }
+
+ @Override
+ protected void engineInit(AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidAlgorithmParameterException {
+ if ((params == null) || (!(params instanceof KeyGeneratorSpec))) {
+ throw new InvalidAlgorithmParameterException("Cannot initialize without an "
+ + KeyGeneratorSpec.class.getName() + " parameter");
+ }
+ KeyGeneratorSpec spec = (KeyGeneratorSpec) params;
+ if (spec.getKeystoreAlias() == null) {
+ throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided");
+ }
+
+ mSpec = spec;
+ mRng = random;
+ }
+
+ @Override
+ protected void engineInit(int keySize, SecureRandom random) {
+ throw new UnsupportedOperationException("Cannot initialize without a "
+ + KeyGeneratorSpec.class.getName() + " parameter");
+ }
+}
diff --git a/keystore/java/android/security/KeyStoreParameter.java b/keystore/java/android/security/KeyStoreParameter.java
index 2eeb6ad..2428c2a 100644
--- a/keystore/java/android/security/KeyStoreParameter.java
+++ b/keystore/java/android/security/KeyStoreParameter.java
@@ -20,6 +20,10 @@
import java.security.KeyPairGenerator;
import java.security.KeyStore.ProtectionParameter;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
/**
* This provides the optional parameters that can be specified for
@@ -43,9 +47,51 @@
*/
public final class KeyStoreParameter implements ProtectionParameter {
private int mFlags;
+ private final Date mKeyValidityStart;
+ private final Date mKeyValidityForOriginationEnd;
+ private final Date mKeyValidityForConsumptionEnd;
+ private final @KeyStoreKeyConstraints.PurposeEnum Integer mPurposes;
+ private final @KeyStoreKeyConstraints.AlgorithmEnum Integer mAlgorithm;
+ private final @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
+ private final @KeyStoreKeyConstraints.DigestEnum Integer mDigest;
+ private final @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
+ private final Integer mMinSecondsBetweenOperations;
+ private final Integer mMaxUsesPerBoot;
+ private final Set<Integer> mUserAuthenticators;
+ private final Integer mUserAuthenticationValidityDurationSeconds;
- private KeyStoreParameter(int flags) {
+ private KeyStoreParameter(int flags, Date keyValidityStart,
+ Date keyValidityForOriginationEnd, Date keyValidityForConsumptionEnd,
+ @KeyStoreKeyConstraints.PurposeEnum Integer purposes,
+ @KeyStoreKeyConstraints.AlgorithmEnum Integer algorithm,
+ @KeyStoreKeyConstraints.PaddingEnum Integer padding,
+ @KeyStoreKeyConstraints.DigestEnum Integer digest,
+ @KeyStoreKeyConstraints.BlockModeEnum Integer blockMode,
+ Integer minSecondsBetweenOperations,
+ Integer maxUsesPerBoot,
+ Set<Integer> userAuthenticators,
+ Integer userAuthenticationValidityDurationSeconds) {
+ if ((userAuthenticationValidityDurationSeconds != null)
+ && (userAuthenticationValidityDurationSeconds < 0)) {
+ throw new IllegalArgumentException(
+ "userAuthenticationValidityDurationSeconds must not be negative");
+ }
+
mFlags = flags;
+ mKeyValidityStart = keyValidityStart;
+ mKeyValidityForOriginationEnd = keyValidityForOriginationEnd;
+ mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;
+ mPurposes = purposes;
+ mAlgorithm = algorithm;
+ mPadding = padding;
+ mDigest = digest;
+ mBlockMode = blockMode;
+ mMinSecondsBetweenOperations = minSecondsBetweenOperations;
+ mMaxUsesPerBoot = maxUsesPerBoot;
+ mUserAuthenticators = (userAuthenticators != null)
+ ? new HashSet<Integer>(userAuthenticators)
+ : Collections.<Integer>emptySet();
+ mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
}
/**
@@ -64,6 +110,141 @@
}
/**
+ * Gets the time instant before which the key is not yet valid.
+ *
+ * @return instant or {@code null} if not restricted.
+ * @hide
+ */
+ public Date getKeyValidityStart() {
+ return mKeyValidityStart;
+ }
+
+ /**
+ * Gets the time instant after which the key is no long valid for decryption and verification.
+ *
+ * @return instant or {@code null} if not restricted.
+ *
+ * @hide
+ */
+ public Date getKeyValidityForConsumptionEnd() {
+ return mKeyValidityForConsumptionEnd;
+ }
+
+ /**
+ * Gets the time instant after which the key is no long valid for encryption and signing.
+ *
+ * @return instant or {@code null} if not restricted.
+ *
+ * @hide
+ */
+ public Date getKeyValidityForOriginationEnd() {
+ return mKeyValidityForOriginationEnd;
+ }
+
+ /**
+ * Gets the set of purposes for which the key can be used to the provided set of purposes.
+ *
+ * @return set of purposes or {@code null} if the key can be used for any purpose.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.PurposeEnum Integer getPurposes() {
+ return mPurposes;
+ }
+
+ /**
+ * Gets the algorithm to which the key is restricted.
+ *
+ * @return algorithm or {@code null} if it's not restricted.
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.AlgorithmEnum Integer getAlgorithm() {
+ return mAlgorithm;
+ }
+
+ /**
+ * Gets the padding scheme to which the key is restricted.
+ *
+ * @return padding scheme or {@code null} if the padding scheme is not restricted.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.PaddingEnum Integer getPadding() {
+ return mPadding;
+ }
+
+ /**
+ * Gets the digest to which the key is restricted when generating Message Authentication Codes
+ * (MACs).
+ *
+ * @return digest or {@code null} if the digest is not restricted.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.DigestEnum Integer getDigest() {
+ return mDigest;
+ }
+
+ /**
+ * Gets the block mode to which the key is restricted when used for encryption or decryption.
+ *
+ * @return block more or {@code null} if block mode is not restricted.
+ *
+ * @hide
+ */
+ public @KeyStoreKeyConstraints.BlockModeEnum Integer getBlockMode() {
+ return mBlockMode;
+ }
+
+ /**
+ * Gets the minimum number of seconds that must expire since the most recent use of the key
+ * before it can be used again.
+ *
+ * @return number of seconds or {@code null} if there is no restriction on how frequently a key
+ * can be used.
+ *
+ * @hide
+ */
+ public Integer getMinSecondsBetweenOperations() {
+ return mMinSecondsBetweenOperations;
+ }
+
+ /**
+ * Gets the number of times the key can be used without rebooting the device.
+ *
+ * @return maximum number of times or {@code null} if there is no restriction.
+ * @hide
+ */
+ public Integer getMaxUsesPerBoot() {
+ return mMaxUsesPerBoot;
+ }
+
+ /**
+ * Gets the user authenticators which protect access to this key. The key can only be used iff
+ * the user has authenticated to at least one of these user authenticators.
+ *
+ * @return user authenticators or empty set if the key can be used without user authentication.
+ *
+ * @hide
+ */
+ public Set<Integer> getUserAuthenticators() {
+ return new HashSet<Integer>(mUserAuthenticators);
+ }
+
+ /**
+ * Gets the duration of time (seconds) for which this key can be used after the user
+ * successfully authenticates to one of the associated user authenticators.
+ *
+ * @return duration in seconds or {@code null} if not restricted. {@code 0} means authentication
+ * is required for every use of the key.
+ *
+ * @hide
+ */
+ public Integer getUserAuthenticationValidityDurationSeconds() {
+ return mUserAuthenticationValidityDurationSeconds;
+ }
+
+ /**
* Builder class for {@link KeyStoreParameter} objects.
* <p>
* This will build protection parameters for use with the
@@ -82,6 +263,18 @@
*/
public final static class Builder {
private int mFlags;
+ private Date mKeyValidityStart;
+ private Date mKeyValidityForOriginationEnd;
+ private Date mKeyValidityForConsumptionEnd;
+ private @KeyStoreKeyConstraints.PurposeEnum Integer mPurposes;
+ private @KeyStoreKeyConstraints.AlgorithmEnum Integer mAlgorithm;
+ private @KeyStoreKeyConstraints.PaddingEnum Integer mPadding;
+ private @KeyStoreKeyConstraints.DigestEnum Integer mDigest;
+ private @KeyStoreKeyConstraints.BlockModeEnum Integer mBlockMode;
+ private Integer mMinSecondsBetweenOperations;
+ private Integer mMaxUsesPerBoot;
+ private Set<Integer> mUserAuthenticators;
+ private Integer mUserAuthenticationValidityDurationSeconds;
/**
* Creates a new instance of the {@code Builder} with the given
@@ -113,13 +306,207 @@
}
/**
- * Builds the instance of the {@code KeyPairGeneratorSpec}.
+ * Sets the time instant before which the key is not yet valid.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityStart(Date startDate) {
+ mKeyValidityStart = startDate;
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityStart(Date)
+ * @see #setKeyValidityForConsumptionEnd(Date)
+ * @see #setKeyValidityForOriginationEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityEnd(Date endDate) {
+ setKeyValidityForOriginationEnd(endDate);
+ setKeyValidityForConsumptionEnd(endDate);
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid for encryption and signing.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityForConsumptionEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityForOriginationEnd(Date endDate) {
+ mKeyValidityForOriginationEnd = endDate;
+ return this;
+ }
+
+ /**
+ * Sets the time instant after which the key is no longer valid for decryption and
+ * verification.
+ *
+ * <b>By default, the key is valid at any instant.
+ *
+ * @see #setKeyValidityForOriginationEnd(Date)
+ *
+ * @hide
+ */
+ public Builder setKeyValidityForConsumptionEnd(Date endDate) {
+ mKeyValidityForConsumptionEnd = endDate;
+ return this;
+ }
+
+ /**
+ * Restricts the purposes for which the key can be used to the provided set of purposes.
+ *
+ * <p>By default, the key can be used for encryption, decryption, signing, and verification.
+ *
+ * @hide
+ */
+ public Builder setPurposes(@KeyStoreKeyConstraints.PurposeEnum int purposes) {
+ mPurposes = purposes;
+ return this;
+ }
+
+ /**
+ * Sets the algorithm of the key.
+ *
+ * <p>The algorithm of symmetric keys can be deduced from the key itself. Thus, explicitly
+ * specifying the algorithm of symmetric keys using this method is not necessary.
+ *
+ * @hide
+ */
+ public Builder setAlgorithm(@KeyStoreKeyConstraints.AlgorithmEnum int algorithm) {
+ mAlgorithm = algorithm;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only with the provided padding scheme. Attempts to use
+ * the key with any other padding will be rejected.
+ *
+ * <p>This restriction must be specified for keys which are used for encryption/decryption.
+ *
+ * @hide
+ */
+ public Builder setPadding(@KeyStoreKeyConstraints.PaddingEnum int padding) {
+ mPadding = padding;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only with the provided digest when generating Message
+ * Authentication Codes (MACs). Attempts to use the key with any other digest will be
+ * rejected.
+ *
+ * <p>For MAC keys, the default is to restrict to the digest specified in the key algorithm
+ * name.
+ *
+ * @see java.security.Key#getAlgorithm()
+ *
+ * @hide
+ */
+ public Builder setDigest(@KeyStoreKeyConstraints.DigestEnum int digest) {
+ mDigest = digest;
+ return this;
+ }
+
+ /**
+ * Restricts the key to being used only with the provided block mode when encrypting or
+ * decrypting. Attempts to use the key with any other block modes will be rejected.
+ *
+ * <p>This restriction must be specified for keys which are used for encryption/decryption.
+ *
+ * @hide
+ */
+ public Builder setBlockMode(@KeyStoreKeyConstraints.BlockModeEnum int blockMode) {
+ mBlockMode = blockMode;
+ return this;
+ }
+
+ /**
+ * Sets the minimum number of seconds that must expire since the most recent use of the key
+ * before it can be used again.
+ *
+ * <p>By default, there is no restriction on how frequently a key can be used.
+ *
+ * @hide
+ */
+ public Builder setMinSecondsBetweenOperations(int seconds) {
+ mMinSecondsBetweenOperations = seconds;
+ return this;
+ }
+
+ /**
+ * Sets the maximum number of times a key can be used without rebooting the device.
+ *
+ * <p>By default, the key can be used for an unlimited number of times.
+ *
+ * @hide
+ */
+ public Builder setMaxUsesPerBoot(int count) {
+ mMaxUsesPerBoot = count;
+ return this;
+ }
+
+ /**
+ * Sets the user authenticators which protect access to this key. The key can only be used
+ * iff the user has authenticated to at least one of these user authenticators.
+ *
+ * <p>By default, the key can be used without user authentication.
+ *
+ * @param userAuthenticators user authenticators or empty list if this key can be accessed
+ * without user authentication.
+ *
+ * @see #setUserAuthenticationValidityDurationSeconds(int)
+ *
+ * @hide
+ */
+ public Builder setUserAuthenticators(Set<Integer> userAuthenticators) {
+ mUserAuthenticators =
+ (userAuthenticators != null) ? new HashSet<Integer>(userAuthenticators) : null;
+ return this;
+ }
+
+ /**
+ * Sets the duration of time (seconds) for which this key can be used after the user
+ * successfully authenticates to one of the associated user authenticators.
+ *
+ * <p>By default, the user needs to authenticate for every use of the key.
+ *
+ * @param seconds duration in seconds or {@code 0} if the user needs to authenticate for
+ * every use of the key.
+ *
+ * @see #setUserAuthenticators(Set)
+ *
+ * @hide
+ */
+ public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
+ mUserAuthenticationValidityDurationSeconds = seconds;
+ return this;
+ }
+
+ /**
+ * Builds the instance of the {@code KeyStoreParameter}.
*
* @throws IllegalArgumentException if a required field is missing
- * @return built instance of {@code KeyPairGeneratorSpec}
+ * @return built instance of {@code KeyStoreParameter}
*/
public KeyStoreParameter build() {
- return new KeyStoreParameter(mFlags);
+ return new KeyStoreParameter(mFlags, mKeyValidityStart,
+ mKeyValidityForOriginationEnd, mKeyValidityForConsumptionEnd, mPurposes,
+ mAlgorithm, mPadding, mDigest, mBlockMode, mMinSecondsBetweenOperations,
+ mMaxUsesPerBoot, mUserAuthenticators,
+ mUserAuthenticationValidityDurationSeconds);
}
}
}
diff --git a/keystore/java/android/security/KeyStoreSecretKey.java b/keystore/java/android/security/KeyStoreSecretKey.java
new file mode 100644
index 0000000..9410127
--- /dev/null
+++ b/keystore/java/android/security/KeyStoreSecretKey.java
@@ -0,0 +1,39 @@
+package android.security;
+
+import javax.crypto.SecretKey;
+
+/**
+ * {@link SecretKey} backed by keystore.
+ *
+ * @hide
+ */
+public class KeyStoreSecretKey implements SecretKey {
+ private final String mAlias;
+ private final String mAlgorithm;
+
+ public KeyStoreSecretKey(String alias, String algorithm) {
+ mAlias = alias;
+ mAlgorithm = algorithm;
+ }
+
+ String getAlias() {
+ return mAlias;
+ }
+
+ @Override
+ public String getAlgorithm() {
+ return mAlgorithm;
+ }
+
+ @Override
+ public String getFormat() {
+ // This key does not export its key material
+ return null;
+ }
+
+ @Override
+ public byte[] getEncoded() {
+ // This key does not export its key material
+ return null;
+ }
+}
diff --git a/keystore/java/android/security/KeymasterException.java b/keystore/java/android/security/KeymasterException.java
new file mode 100644
index 0000000..4ff7115
--- /dev/null
+++ b/keystore/java/android/security/KeymasterException.java
@@ -0,0 +1,13 @@
+package android.security;
+
+/**
+ * Keymaster exception.
+ *
+ * @hide
+ */
+public class KeymasterException extends Exception {
+
+ public KeymasterException(String message) {
+ super(message);
+ }
+}
diff --git a/keystore/java/android/security/KeymasterUtils.java b/keystore/java/android/security/KeymasterUtils.java
new file mode 100644
index 0000000..e6e88c7
--- /dev/null
+++ b/keystore/java/android/security/KeymasterUtils.java
@@ -0,0 +1,21 @@
+package android.security;
+
+import android.security.keymaster.KeymasterDefs;
+
+/**
+ * @hide
+ */
+public abstract class KeymasterUtils {
+ private KeymasterUtils() {}
+
+ public static KeymasterException getExceptionForKeymasterError(int keymasterErrorCode) {
+ switch (keymasterErrorCode) {
+ case KeymasterDefs.KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT:
+ // The name of this parameter significantly differs between Keymaster and framework
+ // APIs. Use the framework wording to make life easier for developers.
+ return new KeymasterException("Invalid user authentication validity duration");
+ default:
+ return new KeymasterException(KeymasterDefs.getErrorMessage(keymasterErrorCode));
+ }
+ }
+}
diff --git a/keystore/tests/src/android/security/AndroidKeyStoreTest.java b/keystore/tests/src/android/security/AndroidKeyStoreTest.java
index 9775e64..7a88dee 100644
--- a/keystore/tests/src/android/security/AndroidKeyStoreTest.java
+++ b/keystore/tests/src/android/security/AndroidKeyStoreTest.java
@@ -2127,7 +2127,7 @@
assertEquals("The keystore size should match expected", 2, mKeyStore.size());
assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 });
- assertTrue(mAndroidKeyStore.delKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3));
+ assertTrue(mAndroidKeyStore.delete(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3));
assertEquals("The keystore size should match expected", 1, mKeyStore.size());
assertAliases(new String[] { TEST_ALIAS_2 });
diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java
index f935bb1..7468fb5e 100644
--- a/keystore/tests/src/android/security/KeyStoreTest.java
+++ b/keystore/tests/src/android/security/KeyStoreTest.java
@@ -25,6 +25,7 @@
import android.security.keymaster.ExportResult;
import android.security.keymaster.KeyCharacteristics;
import android.security.keymaster.KeymasterArguments;
+import android.security.keymaster.KeymasterBlob;
import android.security.keymaster.KeymasterDefs;
import android.security.keymaster.OperationResult;
import android.test.ActivityUnitTestCase;
@@ -36,6 +37,7 @@
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
+import java.security.spec.RSAKeyGenParameterSpec;
import android.util.Log;
import android.util.Base64;
@@ -711,11 +713,11 @@
args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
+ args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,
+ RSAKeyGenParameterSpec.F4.longValue());
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
- int result = mKeyStore.generateKey(name, args, 0, outCharacteristics);
+ int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
return outCharacteristics;
}
@@ -724,6 +726,24 @@
generateRsaKey("test");
mKeyStore.delete("test");
}
+
+ public void testGenerateRsaWithEntropy() throws Exception {
+ byte[] entropy = new byte[] {1,2,3,4,5};
+ String name = "test";
+ KeymasterArguments args = new KeymasterArguments();
+ args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
+ args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
+ args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
+ args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
+ args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
+ args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,
+ RSAKeyGenParameterSpec.F4.longValue());
+
+ KeyCharacteristics outCharacteristics = new KeyCharacteristics();
+ int result = mKeyStore.generateKey(name, args, entropy, 0, outCharacteristics);
+ assertEquals("generateKey should succeed", KeyStore.NO_ERROR, result);
+ }
+
public void testGenerateAndDelete() throws Exception {
generateRsaKey("test");
assertTrue("delete should succeed", mKeyStore.delete("test"));
@@ -741,6 +761,7 @@
public void testAppId() throws Exception {
String name = "test";
+ byte[] id = new byte[] {0x01, 0x02, 0x03};
KeymasterArguments args = new KeymasterArguments();
args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
@@ -748,18 +769,19 @@
args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, new byte[] {0x01, 0x02, 0x03});
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
+ args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, id);
+ args.addLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT,
+ RSAKeyGenParameterSpec.F4.longValue());
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
- int result = mKeyStore.generateKey(name, args, 0, outCharacteristics);
+ int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
assertEquals("getKeyCharacteristics should fail without application ID",
KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB,
mKeyStore.getKeyCharacteristics(name, null, null, outCharacteristics));
assertEquals("getKeyCharacteristics should succeed with application ID",
KeyStore.NO_ERROR,
- mKeyStore.getKeyCharacteristics(name, new byte[] {0x01, 0x02, 0x03}, null,
+ mKeyStore.getKeyCharacteristics(name, new KeymasterBlob(id), null,
outCharacteristics));
}
@@ -784,19 +806,15 @@
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);
args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);
args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
- int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics);
+ int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
KeymasterArguments out = new KeymasterArguments();
args = new KeymasterArguments();
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
- true, args, out);
+ true, args, null, out);
IBinder token = result.token;
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04});
@@ -826,7 +844,7 @@
private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) {
KeymasterArguments out = new KeymasterArguments();
OperationResult result = mKeyStore.begin(name, purpose,
- true, beginArgs, out);
+ true, beginArgs, null, out);
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
IBinder token = result.token;
result = mKeyStore.update(token, null, in);
@@ -883,24 +901,21 @@
args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);
args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);
args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
KeyCharacteristics outCharacteristics = new KeyCharacteristics();
- int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics);
+ int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
KeymasterArguments out = new KeymasterArguments();
args = new KeymasterArguments();
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
- args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
- true, args, out);
+ true, args, null, out);
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
IBinder first = result.token;
// Implementation detail: softkeymaster supports 16 concurrent operations
for (int i = 0; i < 16; i++) {
- result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out);
+ result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null,
+ out);
assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
}
// At this point the first operation should be pruned.
diff --git a/libs/hwui/TessellationCache.cpp b/libs/hwui/TessellationCache.cpp
index bc956be..1d6b7cc 100644
--- a/libs/hwui/TessellationCache.cpp
+++ b/libs/hwui/TessellationCache.cpp
@@ -380,6 +380,7 @@
const Vector3& lightCenter, float lightRadius) {
ShadowDescription key(casterPerimeter, drawTransform);
+ if (mShadowCache.get(key)) return;
sp<ShadowTask> task = new ShadowTask(drawTransform, localClip, opaque,
casterPerimeter, transformXY, transformZ, lightCenter, lightRadius);
if (mShadowProcessor == NULL) {
diff --git a/libs/hwui/renderthread/RenderProxy.cpp b/libs/hwui/renderthread/RenderProxy.cpp
index 36ba3a9..1f61b23 100644
--- a/libs/hwui/renderthread/RenderProxy.cpp
+++ b/libs/hwui/renderthread/RenderProxy.cpp
@@ -395,6 +395,7 @@
}
void RenderProxy::outputLogBuffer(int fd) {
+ if (!RenderThread::hasInstance()) return;
SETUP_TASK(outputLogBuffer);
args->fd = fd;
staticPostAndWait(task);
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
index b606a6f..226a8ca 100644
--- a/packages/SystemUI/AndroidManifest.xml
+++ b/packages/SystemUI/AndroidManifest.xml
@@ -104,6 +104,9 @@
<uses-permission android:name="android.permission.ACCESS_KEYGUARD_SECURE_STORAGE" />
<uses-permission android:name="android.permission.TRUST_LISTENER" />
+ <!-- Needed for WallpaperManager.clear in ImageWallpaper.updateWallpaperLocked -->
+ <uses-permission android:name="android.permission.SET_WALLPAPER"/>
+
<!-- Recents -->
<uses-permission android:name="android.permission.BIND_APPWIDGET" />
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/BluetoothController.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/BluetoothController.java
index cbdd138..49693f5fe 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/BluetoothController.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/BluetoothController.java
@@ -37,7 +37,7 @@
void onBluetoothPairedDevicesChanged();
}
- public static final class PairedDevice {
+ public static final class PairedDevice implements Comparable<PairedDevice> {
public static int STATE_DISCONNECTED = 0;
public static int STATE_CONNECTING = 1;
public static int STATE_CONNECTED = 2;
@@ -55,5 +55,9 @@
if (state == STATE_DISCONNECTING) return "STATE_DISCONNECTING";
return "UNKNOWN";
}
+
+ public int compareTo(PairedDevice another) {
+ return name.compareTo(another.name);
+ }
}
}
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/BluetoothControllerImpl.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/BluetoothControllerImpl.java
index 81e1e45..894f82a 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/BluetoothControllerImpl.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/BluetoothControllerImpl.java
@@ -45,7 +45,6 @@
import android.os.Message;
import android.os.ParcelUuid;
import android.util.ArrayMap;
-import android.util.ArraySet;
import android.util.Log;
import android.util.SparseArray;
@@ -55,6 +54,7 @@
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Set;
+import java.util.TreeSet;
public class BluetoothControllerImpl implements BluetoothController {
private static final String TAG = "BluetoothController";
@@ -194,8 +194,8 @@
}
@Override
- public ArraySet<PairedDevice> getPairedDevices() {
- final ArraySet<PairedDevice> rt = new ArraySet<>();
+ public Set<PairedDevice> getPairedDevices() {
+ final Set<PairedDevice> rt = new TreeSet<>();
for (int i = 0; i < mDeviceInfo.size(); i++) {
final BluetoothDevice device = mDeviceInfo.keyAt(i);
final DeviceInfo info = mDeviceInfo.valueAt(i);
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
index 2fbb812..f0dd943 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
@@ -190,7 +190,8 @@
NetworkCapabilities networkCapabilities =
mConnectivityManager.getNetworkCapabilities(network);
if (DEBUG) Log.d(TAG, "onAvailable " + network.netId + " : " + networkCapabilities);
- if (networkCapabilities.hasTransport(NetworkCapabilities.TRANSPORT_VPN)) {
+ if (networkCapabilities != null &&
+ networkCapabilities.hasTransport(NetworkCapabilities.TRANSPORT_VPN)) {
setCurrentNetid(network.netId);
}
};
diff --git a/rs/java/android/renderscript/Allocation.java b/rs/java/android/renderscript/Allocation.java
index c6afa2c..523c8fb 100644
--- a/rs/java/android/renderscript/Allocation.java
+++ b/rs/java/android/renderscript/Allocation.java
@@ -76,6 +76,8 @@
new HashMap<Long, Allocation>();
OnBufferAvailableListener mBufferNotifier;
+ private Surface mGetSurfaceSurface = null;
+
private Element.DataType validateObjectIsPrimitiveArray(Object d, boolean checkType) {
final Class c = d.getClass();
if (!c.isArray()) {
@@ -1990,7 +1992,12 @@
if ((mUsage & USAGE_IO_INPUT) == 0) {
throw new RSInvalidStateException("Allocation is not a surface texture.");
}
- return mRS.nAllocationGetSurface(getID(mRS));
+
+ if (mGetSurfaceSurface == null) {
+ mGetSurfaceSurface = mRS.nAllocationGetSurface(getID(mRS));
+ }
+
+ return mGetSurfaceSurface;
}
/**
diff --git a/rs/java/android/renderscript/Element.java b/rs/java/android/renderscript/Element.java
index 287b3f1..60ff996 100644
--- a/rs/java/android/renderscript/Element.java
+++ b/rs/java/android/renderscript/Element.java
@@ -114,7 +114,8 @@
* MATRIX the three matrix types contain FLOAT_32 elements and are treated
* as 32 bits for alignment purposes.
*
- * RS_* objects. 32 bit opaque handles.
+ * RS_* objects: opaque handles with implementation dependent
+ * sizes.
*/
public enum DataType {
NONE (0, 0),
diff --git a/rs/java/android/renderscript/FileA3D.java b/rs/java/android/renderscript/FileA3D.java
index 4164810..9d8f162 100644
--- a/rs/java/android/renderscript/FileA3D.java
+++ b/rs/java/android/renderscript/FileA3D.java
@@ -145,6 +145,9 @@
case MESH:
entry.mLoadedObj = new Mesh(objectID, rs);
break;
+
+ default:
+ throw new RSRuntimeException("Unrecognized object type in file.");
}
entry.mLoadedObj.updateFromNative();
diff --git a/rs/java/android/renderscript/Mesh.java b/rs/java/android/renderscript/Mesh.java
index 1a5dc9e..13c8e1c 100644
--- a/rs/java/android/renderscript/Mesh.java
+++ b/rs/java/android/renderscript/Mesh.java
@@ -363,6 +363,9 @@
alloc = Allocation.createTyped(mRS, entry.t, mUsage);
} else if(entry.e != null) {
alloc = Allocation.createSized(mRS, entry.e, entry.size, mUsage);
+ } else {
+ // Should never happen because the builder will always set one
+ throw new IllegalStateException("Builder corrupt, no valid element in entry.");
}
vertexBuffers[ct] = alloc;
vtx[ct] = alloc.getID(mRS);
@@ -375,6 +378,9 @@
alloc = Allocation.createTyped(mRS, entry.t, mUsage);
} else if(entry.e != null) {
alloc = Allocation.createSized(mRS, entry.e, entry.size, mUsage);
+ } else {
+ // Should never happen because the builder will always set one
+ throw new IllegalStateException("Builder corrupt, no valid element in entry.");
}
long allocID = (alloc == null) ? 0 : alloc.getID(mRS);
indexBuffers[ct] = alloc;
@@ -811,9 +817,7 @@
sm.getVertexAllocation(0).copy1DRangeFromUnchecked(0, mMaxIndex, mVtxData);
if(uploadToBufferObject) {
- if (uploadToBufferObject) {
- sm.getVertexAllocation(0).syncAll(Allocation.USAGE_SCRIPT);
- }
+ sm.getVertexAllocation(0).syncAll(Allocation.USAGE_SCRIPT);
}
sm.getIndexSetAllocation(0).copy1DRangeFromUnchecked(0, mIndexCount, mIndexData);
diff --git a/rs/java/android/renderscript/RenderScript.java b/rs/java/android/renderscript/RenderScript.java
index f08c985..45f0ca6 100644
--- a/rs/java/android/renderscript/RenderScript.java
+++ b/rs/java/android/renderscript/RenderScript.java
@@ -29,6 +29,7 @@
import android.view.Surface;
import android.os.SystemProperties;
import android.os.Trace;
+import java.util.ArrayList;
/**
* This class provides access to a RenderScript context, which controls RenderScript
@@ -49,6 +50,12 @@
@SuppressWarnings({"UnusedDeclaration", "deprecation"})
static final boolean LOG_ENABLED = false;
+ static private ArrayList<RenderScript> mProcessContextList = new ArrayList<RenderScript>();
+ private boolean mIsProcessContext = false;
+ private int mContextFlags = 0;
+ private int mContextSdkVersion = 0;
+
+
private Context mApplicationContext;
/*
@@ -1313,20 +1320,13 @@
}
/**
- * @hide
- */
- public static RenderScript create(Context ctx, int sdkVersion) {
- return create(ctx, sdkVersion, ContextType.NORMAL, CREATE_FLAG_NONE);
- }
-
- /**
* Create a RenderScript context.
*
* @hide
* @param ctx The context.
* @return RenderScript
*/
- public static RenderScript create(Context ctx, int sdkVersion, ContextType ct, int flags) {
+ private static RenderScript internalCreate(Context ctx, int sdkVersion, ContextType ct, int flags) {
if (!sInitialized) {
Log.e(LOG_TAG, "RenderScript.create() called when disabled; someone is likely to crash");
return null;
@@ -1341,6 +1341,8 @@
rs.mDev = rs.nDeviceCreate();
rs.mContext = rs.nContextCreate(rs.mDev, flags, sdkVersion, ct.mID);
rs.mContextType = ct;
+ rs.mContextFlags = flags;
+ rs.mContextSdkVersion = sdkVersion;
if (rs.mContext == 0) {
throw new RSDriverException("Failed to create RS context.");
}
@@ -1350,7 +1352,9 @@
}
/**
- * Create a RenderScript context.
+ * calls create(ctx, ContextType.NORMAL, CREATE_FLAG_NONE)
+ *
+ * See documentation for @create for details
*
* @param ctx The context.
* @return RenderScript
@@ -1360,21 +1364,33 @@
}
/**
- * Create a RenderScript context.
+ * calls create(ctx, ct, CREATE_FLAG_NONE)
*
+ * See documentation for @create for details
*
* @param ctx The context.
* @param ct The type of context to be created.
* @return RenderScript
*/
public static RenderScript create(Context ctx, ContextType ct) {
- int v = ctx.getApplicationInfo().targetSdkVersion;
- return create(ctx, v, ct, CREATE_FLAG_NONE);
+ return create(ctx, ct, CREATE_FLAG_NONE);
}
- /**
- * Create a RenderScript context.
+
+ /**
+ * Gets or creates a RenderScript context of the specified type.
*
+ * The returned context will be cached for future reuse within
+ * the process. When an application is finished using
+ * RenderScript it should call releaseAllContexts()
+ *
+ * A process context is a context designed for easy creation and
+ * lifecycle management. Multiple calls to this function will
+ * return the same object provided they are called with the same
+ * options. This allows it to be used any time a RenderScript
+ * context is needed.
+ *
+ * Prior to API 23 this always created a new context.
*
* @param ctx The context.
* @param ct The type of context to be created.
@@ -1387,6 +1403,100 @@
}
/**
+ * calls create(ctx, sdkVersion, ContextType.NORMAL, CREATE_FLAG_NONE)
+ *
+ * Used by the RenderScriptThunker to maintain backward compatibility.
+ *
+ * @hide
+ * @param ctx The context.
+ * @param sdkVersion The target SDK Version.
+ * @return RenderScript
+ */
+ public static RenderScript create(Context ctx, int sdkVersion) {
+ return create(ctx, sdkVersion, ContextType.NORMAL, CREATE_FLAG_NONE);
+ }
+
+ /**
+ * Gets or creates a RenderScript context of the specified type.
+ *
+ * @hide
+ * @param ctx The context.
+ * @param ct The type of context to be created.
+ * @param sdkVersion The target SDK Version.
+ * @param flags The OR of the CREATE_FLAG_* options desired
+ * @return RenderScript
+ */
+ public static RenderScript create(Context ctx, int sdkVersion, ContextType ct, int flags) {
+ if (sdkVersion < 23) {
+ return internalCreate(ctx, sdkVersion, ct, flags);
+ }
+
+ synchronized (mProcessContextList) {
+ for (RenderScript prs : mProcessContextList) {
+ if ((prs.mContextType == ct) &&
+ (prs.mContextFlags == flags) &&
+ (prs.mContextSdkVersion == sdkVersion)) {
+
+ return prs;
+ }
+ }
+
+ RenderScript prs = internalCreate(ctx, sdkVersion, ct, flags);
+ prs.mIsProcessContext = true;
+ mProcessContextList.add(prs);
+ return prs;
+ }
+ }
+
+ /**
+ * @hide
+ *
+ * Releases all the process contexts. This is the same as
+ * calling .destroy() on each unique context retreived with
+ * create(...). If no contexts have been created this
+ * function does nothing.
+ *
+ * Typically you call this when your application is losing focus
+ * and will not be using a context for some time.
+ *
+ * This has no effect on a context created with
+ * createMultiContext()
+ */
+ public static void releaseAllContexts() {
+ ArrayList<RenderScript> oldList;
+ synchronized (mProcessContextList) {
+ oldList = mProcessContextList;
+ mProcessContextList = new ArrayList<RenderScript>();
+ }
+
+ for (RenderScript prs : oldList) {
+ prs.mIsProcessContext = false;
+ prs.destroy();
+ }
+ oldList.clear();
+ }
+
+
+
+ /**
+ * Create a RenderScript context.
+ *
+ * This is an advanced function intended for applications which
+ * need to create more than one RenderScript context to be used
+ * at the same time.
+ *
+ * If you need a single context please use create()
+ *
+ * @hide
+ * @param ctx The context.
+ * @return RenderScript
+ */
+ public static RenderScript createMultiContext(Context ctx, ContextType ct, int flags, int API_number) {
+ return internalCreate(ctx, API_number, ct, flags);
+ }
+
+
+ /**
* Print the currently available debugging information about the state of
* the RS context to the log.
*
@@ -1442,8 +1552,16 @@
* using this context or any objects belonging to this context is
* illegal.
*
+ * API 23+, this function is a NOP if the context was created
+ * with create(). Please use releaseAllContexts() to clean up
+ * contexts created with the create function.
+ *
*/
public void destroy() {
+ if (mIsProcessContext) {
+ // users cannot destroy a process context
+ return;
+ }
validate();
helpDestroy();
}
diff --git a/rs/java/android/renderscript/Script.java b/rs/java/android/renderscript/Script.java
index 83aeedd..65056ac 100644
--- a/rs/java/android/renderscript/Script.java
+++ b/rs/java/android/renderscript/Script.java
@@ -251,9 +251,14 @@
"At least one of ain or aout is required to be non-null.");
}
- long[] in_ids = new long[ains.length];
- for (int index = 0; index < ains.length; ++index) {
- in_ids[index] = ains[index].getID(mRS);
+ long[] in_ids;
+ if (ains != null) {
+ in_ids = new long[ains.length];
+ for (int index = 0; index < ains.length; ++index) {
+ in_ids[index] = ains[index].getID(mRS);
+ }
+ } else {
+ in_ids = null;
}
long out_id = 0;
diff --git a/rs/java/android/renderscript/ScriptGroup2.java b/rs/java/android/renderscript/ScriptGroup2.java
index 113b896..4a56572 100644
--- a/rs/java/android/renderscript/ScriptGroup2.java
+++ b/rs/java/android/renderscript/ScriptGroup2.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package android.renderscript;
import android.util.Log;
@@ -13,356 +29,410 @@
You have tried to change the API from what has been previously approved.
To make these errors go away, you have two choices:
- 1) You can add "@hide" javadoc comments to the methods, etc. listed in the
- errors above.
+1) You can add "@hide" javadoc comments to the methods, etc. listed in the
+errors above.
- 2) You can update current.txt by executing the following command:
- make update-api
+2) You can update current.txt by executing the following command:
+make update-api
To submit the revised current.txt to the main Android repository,
you will need approval.
******************************
- @hide Pending Android public API approval.
- */
+@hide Pending Android public API approval.
+*/
public class ScriptGroup2 extends BaseObj {
- public static class Closure extends BaseObj {
- private Allocation mReturnValue;
- private Map<Script.FieldID, Object> mBindings;
+ public static class Closure extends BaseObj {
+ private Allocation mReturnValue;
+ private Map<Script.FieldID, Object> mBindings;
- private Future mReturnFuture;
- private Map<Script.FieldID, Future> mGlobalFuture;
+ private Future mReturnFuture;
+ private Map<Script.FieldID, Future> mGlobalFuture;
- private FieldPacker mFP;
+ private FieldPacker mFP;
- private static final String TAG = "Closure";
+ private static final String TAG = "Closure";
- public Closure(long id, RenderScript rs) {
- super(id, rs);
- }
-
- public Closure(RenderScript rs, Script.KernelID kernelID, Type returnType,
- Object[] args, Map<Script.FieldID, Object> globals) {
- super(0, rs);
-
- mReturnValue = Allocation.createTyped(rs, returnType);
- mBindings = new HashMap<Script.FieldID, Object>();
- mGlobalFuture = new HashMap<Script.FieldID, Future>();
-
- int numValues = args.length + globals.size();
-
- long[] fieldIDs = new long[numValues];
- long[] values = new long[numValues];
- int[] sizes = new int[numValues];
- long[] depClosures = new long[numValues];
- long[] depFieldIDs = new long[numValues];
-
- int i;
- for (i = 0; i < args.length; i++) {
- Object obj = args[i];
- fieldIDs[i] = 0;
- if (obj instanceof UnboundValue) {
- UnboundValue unbound = (UnboundValue)obj;
- unbound.addReference(this, i);
- } else {
- retrieveValueAndDependenceInfo(rs, i, args[i], values, sizes,
- depClosures, depFieldIDs);
+ public Closure(long id, RenderScript rs) {
+ super(id, rs);
}
- }
- for (Map.Entry<Script.FieldID, Object> entry : globals.entrySet()) {
- Object obj = entry.getValue();
- Script.FieldID fieldID = entry.getKey();
- fieldIDs[i] = fieldID.getID(rs);
- if (obj instanceof UnboundValue) {
- UnboundValue unbound = (UnboundValue)obj;
- unbound.addReference(this, fieldID);
- } else {
- retrieveValueAndDependenceInfo(rs, i, obj, values,
- sizes, depClosures, depFieldIDs);
+ public Closure(RenderScript rs, Script.KernelID kernelID, Type returnType,
+ Object[] args, Map<Script.FieldID, Object> globals) {
+ super(0, rs);
+
+ mReturnValue = Allocation.createTyped(rs, returnType);
+ mBindings = new HashMap<Script.FieldID, Object>();
+ mGlobalFuture = new HashMap<Script.FieldID, Future>();
+
+ int numValues = args.length + globals.size();
+
+ long[] fieldIDs = new long[numValues];
+ long[] values = new long[numValues];
+ int[] sizes = new int[numValues];
+ long[] depClosures = new long[numValues];
+ long[] depFieldIDs = new long[numValues];
+
+ int i;
+ for (i = 0; i < args.length; i++) {
+ Object obj = args[i];
+ fieldIDs[i] = 0;
+ if (obj instanceof UnboundValue) {
+ UnboundValue unbound = (UnboundValue)obj;
+ unbound.addReference(this, i);
+ } else {
+ retrieveValueAndDependenceInfo(rs, i, args[i], values, sizes,
+ depClosures, depFieldIDs);
+ }
+ }
+
+ for (Map.Entry<Script.FieldID, Object> entry : globals.entrySet()) {
+ Object obj = entry.getValue();
+ Script.FieldID fieldID = entry.getKey();
+ fieldIDs[i] = fieldID.getID(rs);
+ if (obj instanceof UnboundValue) {
+ UnboundValue unbound = (UnboundValue)obj;
+ unbound.addReference(this, fieldID);
+ } else {
+ retrieveValueAndDependenceInfo(rs, i, obj, values,
+ sizes, depClosures, depFieldIDs);
+ }
+ i++;
+ }
+
+ long id = rs.nClosureCreate(kernelID.getID(rs), mReturnValue.getID(rs),
+ fieldIDs, values, sizes, depClosures, depFieldIDs);
+
+ setID(id);
}
- i++;
- }
- long id = rs.nClosureCreate(kernelID.getID(rs), mReturnValue.getID(rs),
- fieldIDs, values, sizes, depClosures, depFieldIDs);
+ public Closure(RenderScript rs, Script.InvokeID invokeID,
+ Object[] args, Map<Script.FieldID, Object> globals) {
+ super(0, rs);
+ mFP = FieldPacker.createFieldPack(args);
- setID(id);
- }
+ mBindings = new HashMap<Script.FieldID, Object>();
+ mGlobalFuture = new HashMap<Script.FieldID, Future>();
- public Closure(RenderScript rs, Script.InvokeID invokeID,
- Object[] args, Map<Script.FieldID, Object> globals) {
- super(0, rs);
- mFP = FieldPacker.createFieldPack(args);
+ int numValues = globals.size();
- mBindings = new HashMap<Script.FieldID, Object>();
- mGlobalFuture = new HashMap<Script.FieldID, Future>();
+ long[] fieldIDs = new long[numValues];
+ long[] values = new long[numValues];
+ int[] sizes = new int[numValues];
+ long[] depClosures = new long[numValues];
+ long[] depFieldIDs = new long[numValues];
- int numValues = globals.size();
+ int i = 0;
+ for (Map.Entry<Script.FieldID, Object> entry : globals.entrySet()) {
+ Object obj = entry.getValue();
+ Script.FieldID fieldID = entry.getKey();
+ fieldIDs[i] = fieldID.getID(rs);
+ if (obj instanceof UnboundValue) {
+ UnboundValue unbound = (UnboundValue)obj;
+ unbound.addReference(this, fieldID);
+ } else {
+ // TODO(yangni): Verify obj not a future.
+ retrieveValueAndDependenceInfo(rs, i, obj, values,
+ sizes, depClosures, depFieldIDs);
+ }
+ i++;
+ }
- long[] fieldIDs = new long[numValues];
- long[] values = new long[numValues];
- int[] sizes = new int[numValues];
- long[] depClosures = new long[numValues];
- long[] depFieldIDs = new long[numValues];
+ long id = rs.nInvokeClosureCreate(invokeID.getID(rs), mFP.getData(), fieldIDs,
+ values, sizes);
- int i = 0;
- for (Map.Entry<Script.FieldID, Object> entry : globals.entrySet()) {
- Object obj = entry.getValue();
- Script.FieldID fieldID = entry.getKey();
- fieldIDs[i] = fieldID.getID(rs);
- if (obj instanceof UnboundValue) {
- UnboundValue unbound = (UnboundValue)obj;
- unbound.addReference(this, fieldID);
- } else {
- // TODO(yangni): Verify obj not a future.
- retrieveValueAndDependenceInfo(rs, i, obj, values,
- sizes, depClosures, depFieldIDs);
+ setID(id);
}
- i++;
- }
- long id = rs.nInvokeClosureCreate(invokeID.getID(rs), mFP.getData(), fieldIDs,
- values, sizes);
+ private static
+ void retrieveValueAndDependenceInfo(RenderScript rs,
+ int index, Object obj,
+ long[] values, int[] sizes,
+ long[] depClosures,
+ long[] depFieldIDs) {
- setID(id);
- }
+ if (obj instanceof Future) {
+ Future f = (Future)obj;
+ obj = f.getValue();
+ depClosures[index] = f.getClosure().getID(rs);
+ Script.FieldID fieldID = f.getFieldID();
+ depFieldIDs[index] = fieldID != null ? fieldID.getID(rs) : 0;
+ if (obj == null) {
+ // Value is originally created by the owner closure
+ values[index] = 0;
+ sizes[index] = 0;
+ return;
+ }
+ } else {
+ depClosures[index] = 0;
+ depFieldIDs[index] = 0;
+ }
- private static void retrieveValueAndDependenceInfo(RenderScript rs,
- int index, Object obj, long[] values, int[] sizes, long[] depClosures,
- long[] depFieldIDs) {
-
- if (obj instanceof Future) {
- Future f = (Future)obj;
- obj = f.getValue();
- depClosures[index] = f.getClosure().getID(rs);
- Script.FieldID fieldID = f.getFieldID();
- depFieldIDs[index] = fieldID != null ? fieldID.getID(rs) : 0;
- if (obj == null) {
- // Value is originally created by the owner closure
- values[index] = 0;
- sizes[index] = 0;
- return;
+ ValueAndSize vs = new ValueAndSize(rs, obj);
+ values[index] = vs.value;
+ sizes[index] = vs.size;
}
- } else {
- depClosures[index] = 0;
- depFieldIDs[index] = 0;
- }
- ValueAndSize vs = new ValueAndSize(rs, obj);
- values[index] = vs.value;
- sizes[index] = vs.size;
- }
+ public Future getReturn() {
+ if (mReturnFuture == null) {
+ mReturnFuture = new Future(this, null, mReturnValue);
+ }
- public Future getReturn() {
- if (mReturnFuture == null) {
- mReturnFuture = new Future(this, null, mReturnValue);
- }
-
- return mReturnFuture;
- }
-
- public Future getGlobal(Script.FieldID field) {
- Future f = mGlobalFuture.get(field);
-
- if (f == null) {
- // If the field is not bound to this closure, this will return a future
- // without an associated value (reference). So this is not working for
- // cross-module (cross-script) linking in this case where a field not
- // explicitly bound.
- f = new Future(this, field, mBindings.get(field));
- mGlobalFuture.put(field, f);
- }
-
- return f;
- }
-
- void setArg(int index, Object obj) {
- ValueAndSize vs = new ValueAndSize(mRS, obj);
- mRS.nClosureSetArg(getID(mRS), index, vs.value, vs.size);
- }
-
- void setGlobal(Script.FieldID fieldID, Object obj) {
- ValueAndSize vs = new ValueAndSize(mRS, obj);
- mRS.nClosureSetGlobal(getID(mRS), fieldID.getID(mRS), vs.value, vs.size);
- }
-
- private static final class ValueAndSize {
- public ValueAndSize(RenderScript rs, Object obj) {
- if (obj instanceof Allocation) {
- value = ((Allocation)obj).getID(rs);
- size = -1;
- } else if (obj instanceof Boolean) {
- value = ((Boolean)obj).booleanValue() ? 1 : 0;
- size = 4;
- } else if (obj instanceof Integer) {
- value = ((Integer)obj).longValue();
- size = 4;
- } else if (obj instanceof Long) {
- value = ((Long)obj).longValue();
- size = 8;
- } else if (obj instanceof Float) {
- value = ((Float)obj).longValue();
- size = 4;
- } else if (obj instanceof Double) {
- value = ((Double)obj).longValue();
- size = 8;
+ return mReturnFuture;
}
- }
- public long value;
- public int size;
- }
- }
- public static class Future {
- Closure mClosure;
- Script.FieldID mFieldID;
- Object mValue;
+ public Future getGlobal(Script.FieldID field) {
+ Future f = mGlobalFuture.get(field);
- Future(Closure closure, Script.FieldID fieldID, Object value) {
- mClosure = closure;
- mFieldID = fieldID;
- mValue = value;
+ if (f == null) {
+ // If the field is not bound to this closure, this will return a future
+ // without an associated value (reference). So this is not working for
+ // cross-module (cross-script) linking in this case where a field not
+ // explicitly bound.
+ f = new Future(this, field, mBindings.get(field));
+ mGlobalFuture.put(field, f);
+ }
+
+ return f;
+ }
+
+ void setArg(int index, Object obj) {
+ ValueAndSize vs = new ValueAndSize(mRS, obj);
+ mRS.nClosureSetArg(getID(mRS), index, vs.value, vs.size);
+ }
+
+ void setGlobal(Script.FieldID fieldID, Object obj) {
+ ValueAndSize vs = new ValueAndSize(mRS, obj);
+ mRS.nClosureSetGlobal(getID(mRS), fieldID.getID(mRS), vs.value, vs.size);
+ }
+
+ private static final class ValueAndSize {
+ public ValueAndSize(RenderScript rs, Object obj) {
+ if (obj instanceof Allocation) {
+ value = ((Allocation)obj).getID(rs);
+ size = -1;
+ } else if (obj instanceof Boolean) {
+ value = ((Boolean)obj).booleanValue() ? 1 : 0;
+ size = 4;
+ } else if (obj instanceof Integer) {
+ value = ((Integer)obj).longValue();
+ size = 4;
+ } else if (obj instanceof Long) {
+ value = ((Long)obj).longValue();
+ size = 8;
+ } else if (obj instanceof Float) {
+ value = ((Float)obj).longValue();
+ size = 4;
+ } else if (obj instanceof Double) {
+ value = ((Double)obj).longValue();
+ size = 8;
+ }
+ }
+ public long value;
+ public int size;
+ }
}
- Closure getClosure() { return mClosure; }
- Script.FieldID getFieldID() { return mFieldID; }
- Object getValue() { return mValue; }
- }
+ public static class Future {
+ Closure mClosure;
+ Script.FieldID mFieldID;
+ Object mValue;
- public static class UnboundValue {
- // Either mFieldID or mArgIndex should be set but not both.
- List<Pair<Closure, Script.FieldID>> mFieldID;
- // -1 means unset. Legal values are 0 .. n-1, where n is the number of
- // arguments for the referencing closure.
- List<Pair<Closure, Integer>> mArgIndex;
+ Future(Closure closure, Script.FieldID fieldID, Object value) {
+ mClosure = closure;
+ mFieldID = fieldID;
+ mValue = value;
+ }
- UnboundValue() {
- mFieldID = new ArrayList<Pair<Closure, Script.FieldID>>();
- mArgIndex = new ArrayList<Pair<Closure, Integer>>();
+ Closure getClosure() { return mClosure; }
+ Script.FieldID getFieldID() { return mFieldID; }
+ Object getValue() { return mValue; }
}
- void addReference(Closure closure, int index) {
- mArgIndex.add(Pair.create(closure, Integer.valueOf(index)));
+ public static class UnboundValue {
+ // Either mFieldID or mArgIndex should be set but not both.
+ List<Pair<Closure, Script.FieldID>> mFieldID;
+ // -1 means unset. Legal values are 0 .. n-1, where n is the number of
+ // arguments for the referencing closure.
+ List<Pair<Closure, Integer>> mArgIndex;
+
+ UnboundValue() {
+ mFieldID = new ArrayList<Pair<Closure, Script.FieldID>>();
+ mArgIndex = new ArrayList<Pair<Closure, Integer>>();
+ }
+
+ void addReference(Closure closure, int index) {
+ mArgIndex.add(Pair.create(closure, Integer.valueOf(index)));
+ }
+
+ void addReference(Closure closure, Script.FieldID fieldID) {
+ mFieldID.add(Pair.create(closure, fieldID));
+ }
+
+ void set(Object value) {
+ for (Pair<Closure, Integer> p : mArgIndex) {
+ Closure closure = p.first;
+ int index = p.second.intValue();
+ closure.setArg(index, value);
+ }
+ for (Pair<Closure, Script.FieldID> p : mFieldID) {
+ Closure closure = p.first;
+ Script.FieldID fieldID = p.second;
+ closure.setGlobal(fieldID, value);
+ }
+ }
}
- void addReference(Closure closure, Script.FieldID fieldID) {
- mFieldID.add(Pair.create(closure, fieldID));
- }
-
- void set(Object value) {
- for (Pair<Closure, Integer> p : mArgIndex) {
- Closure closure = p.first;
- int index = p.second.intValue();
- closure.setArg(index, value);
- }
- for (Pair<Closure, Script.FieldID> p : mFieldID) {
- Closure closure = p.first;
- Script.FieldID fieldID = p.second;
- closure.setGlobal(fieldID, value);
- }
- }
- }
-
- List<Closure> mClosures;
- List<UnboundValue> mInputs;
- Future[] mOutputs;
-
- private static final String TAG = "ScriptGroup2";
-
- public ScriptGroup2(long id, RenderScript rs) {
- super(id, rs);
- }
-
- ScriptGroup2(RenderScript rs, List<Closure> closures,
- List<UnboundValue> inputs, Future[] outputs) {
- super(0, rs);
- mClosures = closures;
- mInputs = inputs;
- mOutputs = outputs;
-
- long[] closureIDs = new long[closures.size()];
- for (int i = 0; i < closureIDs.length; i++) {
- closureIDs[i] = closures.get(i).getID(rs);
- }
- long id = rs.nScriptGroup2Create(ScriptC.mCachePath, closureIDs);
- setID(id);
- }
-
- public Object[] execute(Object... inputs) {
- if (inputs.length < mInputs.size()) {
- Log.e(TAG, this.toString() + " receives " + inputs.length + " inputs, " +
- "less than expected " + mInputs.size());
- return null;
- }
-
- if (inputs.length > mInputs.size()) {
- Log.i(TAG, this.toString() + " receives " + inputs.length + " inputs, " +
- "more than expected " + mInputs.size());
- }
-
- for (int i = 0; i < mInputs.size(); i++) {
- Object obj = inputs[i];
- if (obj instanceof Future || obj instanceof UnboundValue) {
- Log.e(TAG, this.toString() + ": input " + i +
- " is a future or unbound value");
- return null;
- }
- UnboundValue unbound = mInputs.get(i);
- unbound.set(obj);
- }
-
- mRS.nScriptGroup2Execute(getID(mRS));
-
- Object[] outputObjs = new Object[mOutputs.length];
- int i = 0;
- for (Future f : mOutputs) {
- outputObjs[i++] = f.getValue();
- }
- return outputObjs;
- }
-
- /**
- @hide Pending Android public API approval.
- */
- public static final class Builder {
- RenderScript mRS;
List<Closure> mClosures;
List<UnboundValue> mInputs;
+ Future[] mOutputs;
- private static final String TAG = "ScriptGroup2.Builder";
+ private static final String TAG = "ScriptGroup2";
- public Builder(RenderScript rs) {
- mRS = rs;
- mClosures = new ArrayList<Closure>();
- mInputs = new ArrayList<UnboundValue>();
+ public ScriptGroup2(long id, RenderScript rs) {
+ super(id, rs);
}
- public Closure addKernel(Script.KernelID k, Type returnType, Object[] args,
- Map<Script.FieldID, Object> globalBindings) {
- Closure c = new Closure(mRS, k, returnType, args, globalBindings);
- mClosures.add(c);
- return c;
+ ScriptGroup2(RenderScript rs, List<Closure> closures,
+ List<UnboundValue> inputs, Future[] outputs) {
+ super(0, rs);
+ mClosures = closures;
+ mInputs = inputs;
+ mOutputs = outputs;
+
+ long[] closureIDs = new long[closures.size()];
+ for (int i = 0; i < closureIDs.length; i++) {
+ closureIDs[i] = closures.get(i).getID(rs);
+ }
+ long id = rs.nScriptGroup2Create(ScriptC.mCachePath, closureIDs);
+ setID(id);
}
- public Closure addInvoke(Script.InvokeID invoke, Object[] args,
- Map<Script.FieldID, Object> globalBindings) {
- Closure c = new Closure(mRS, invoke, args, globalBindings);
- mClosures.add(c);
- return c;
+ public Object[] execute(Object... inputs) {
+ if (inputs.length < mInputs.size()) {
+ Log.e(TAG, this.toString() + " receives " + inputs.length + " inputs, " +
+ "less than expected " + mInputs.size());
+ return null;
+ }
+
+ if (inputs.length > mInputs.size()) {
+ Log.i(TAG, this.toString() + " receives " + inputs.length + " inputs, " +
+ "more than expected " + mInputs.size());
+ }
+
+ for (int i = 0; i < mInputs.size(); i++) {
+ Object obj = inputs[i];
+ if (obj instanceof Future || obj instanceof UnboundValue) {
+ Log.e(TAG, this.toString() + ": input " + i +
+ " is a future or unbound value");
+ return null;
+ }
+ UnboundValue unbound = mInputs.get(i);
+ unbound.set(obj);
+ }
+
+ mRS.nScriptGroup2Execute(getID(mRS));
+
+ Object[] outputObjs = new Object[mOutputs.length];
+ int i = 0;
+ for (Future f : mOutputs) {
+ outputObjs[i++] = f.getValue();
+ }
+ return outputObjs;
}
- public UnboundValue addInput() {
- UnboundValue unbound = new UnboundValue();
- mInputs.add(unbound);
- return unbound;
+ /**
+ @hide Pending Android public API approval.
+ */
+ public static final class Binding {
+ public Script.FieldID mField;
+ public Object mValue;
+ public Binding(Script.FieldID field, Object value) {
+ mField = field;
+ mValue = value;
+ }
}
- public ScriptGroup2 create(Future... outputs) {
- ScriptGroup2 ret = new ScriptGroup2(mRS, mClosures, mInputs, outputs);
- return ret;
- }
+ /**
+ @hide Pending Android public API approval.
+ */
+ public static final class Builder {
+ RenderScript mRS;
+ List<Closure> mClosures;
+ List<UnboundValue> mInputs;
+ private static final String TAG = "ScriptGroup2.Builder";
- }
+ public Builder(RenderScript rs) {
+ mRS = rs;
+ mClosures = new ArrayList<Closure>();
+ mInputs = new ArrayList<UnboundValue>();
+ }
+
+ public Closure addKernel(Script.KernelID k, Type returnType, Object[] args,
+ Map<Script.FieldID, Object> globalBindings) {
+ Closure c = new Closure(mRS, k, returnType, args, globalBindings);
+ mClosures.add(c);
+ return c;
+ }
+
+ public Closure addInvoke(Script.InvokeID invoke, Object[] args,
+ Map<Script.FieldID, Object> globalBindings) {
+ Closure c = new Closure(mRS, invoke, args, globalBindings);
+ mClosures.add(c);
+ return c;
+ }
+
+ public UnboundValue addInput() {
+ UnboundValue unbound = new UnboundValue();
+ mInputs.add(unbound);
+ return unbound;
+ }
+
+ public Closure addKernel(Script.KernelID k, Type returnType, Object... argsAndBindings) {
+ ArrayList<Object> args = new ArrayList<Object>();
+ Map<Script.FieldID, Object> bindingMap = new HashMap<Script.FieldID, Object>();
+ if (!seperateArgsAndBindings(argsAndBindings, args, bindingMap)) {
+ return null;
+ }
+ return addKernel(k, returnType, args.toArray(), bindingMap);
+ }
+
+ public Closure addInvoke(Script.InvokeID invoke, Object... argsAndBindings) {
+ ArrayList<Object> args = new ArrayList<Object>();
+ Map<Script.FieldID, Object> bindingMap = new HashMap<Script.FieldID, Object>();
+ if (!seperateArgsAndBindings(argsAndBindings, args, bindingMap)) {
+ return null;
+ }
+ return addInvoke(invoke, args.toArray(), bindingMap);
+ }
+
+ public ScriptGroup2 create(Future... outputs) {
+ ScriptGroup2 ret = new ScriptGroup2(mRS, mClosures, mInputs, outputs);
+ return ret;
+ }
+
+ private boolean seperateArgsAndBindings(Object[] argsAndBindings,
+ ArrayList<Object> args,
+ Map<Script.FieldID, Object> bindingMap) {
+ int i;
+ for (i = 0; i < argsAndBindings.length; i++) {
+ if (argsAndBindings[i] instanceof Binding) {
+ break;
+ }
+ args.add(argsAndBindings[i]);
+ }
+
+ for (; i < argsAndBindings.length; i++) {
+ if (!(argsAndBindings[i] instanceof Binding)) {
+ return false;
+ }
+ Binding b = (Binding)argsAndBindings[i];
+ bindingMap.put(b.mField, b.mValue);
+ }
+
+ return true;
+ }
+
+ }
}
diff --git a/rs/jni/android_renderscript_RenderScript.cpp b/rs/jni/android_renderscript_RenderScript.cpp
index 6d6757d..ba20881 100644
--- a/rs/jni/android_renderscript_RenderScript.cpp
+++ b/rs/jni/android_renderscript_RenderScript.cpp
@@ -40,7 +40,6 @@
#include <rsEnv.h>
#include <gui/Surface.h>
#include <gui/GLConsumer.h>
-#include <gui/Surface.h>
#include <android_runtime/android_graphics_SurfaceTexture.h>
//#define LOG_API ALOGE
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 34a5249..ab1a1e8 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -1215,7 +1215,7 @@
TAG, "Death received in " + this
+ " for thread " + mAppThread.asBinder());
synchronized(ActivityManagerService.this) {
- appDiedLocked(mApp, mPid, mAppThread);
+ appDiedLocked(mApp, mPid, mAppThread, true);
}
}
}
@@ -2991,6 +2991,15 @@
if ("1".equals(SystemProperties.get("debug.checkjni"))) {
debugFlags |= Zygote.DEBUG_ENABLE_CHECKJNI;
}
+ String jitDebugProperty = SystemProperties.get("debug.usejit");
+ if ("true".equals(jitDebugProperty)) {
+ debugFlags |= Zygote.DEBUG_ENABLE_JIT;
+ } else if (!"false".equals(jitDebugProperty)) {
+ // If we didn't force disable by setting false, defer to the dalvik vm options.
+ if ("true".equals(SystemProperties.get("dalvik.vm.usejit"))) {
+ debugFlags |= Zygote.DEBUG_ENABLE_JIT;
+ }
+ }
if ("1".equals(SystemProperties.get("debug.jni.logging"))) {
debugFlags |= Zygote.DEBUG_ENABLE_JNI_LOGGING;
}
@@ -4678,10 +4687,11 @@
}
final void appDiedLocked(ProcessRecord app) {
- appDiedLocked(app, app.pid, app.thread);
+ appDiedLocked(app, app.pid, app.thread, false);
}
- final void appDiedLocked(ProcessRecord app, int pid, IApplicationThread thread) {
+ final void appDiedLocked(ProcessRecord app, int pid, IApplicationThread thread,
+ boolean fromBinderDied) {
// First check if this ProcessRecord is actually active for the pid.
synchronized (mPidsSelfLocked) {
ProcessRecord curProc = mPidsSelfLocked.get(pid);
@@ -4697,7 +4707,9 @@
}
if (!app.killed) {
- Process.killProcessQuiet(pid);
+ if (!fromBinderDied) {
+ Process.killProcessQuiet(pid);
+ }
Process.killProcessGroup(app.info.uid, pid);
app.killed = true;
}
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 8533f69..3174e69 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -1009,6 +1009,14 @@
public synchronized LegacyVpnInfo getLegacyVpnInfo() {
// Check if the caller is authorized.
enforceControlPermission();
+ return getLegacyVpnInfoPrivileged();
+ }
+
+ /**
+ * Return the information of the current ongoing legacy VPN.
+ * Callers are responsible for checking permissions if needed.
+ */
+ public synchronized LegacyVpnInfo getLegacyVpnInfoPrivileged() {
if (mLegacyVpnRunner == null) return null;
final LegacyVpnInfo info = new LegacyVpnInfo();
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index d353494..b820d7e8 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -1681,6 +1681,7 @@
//
// DO NOT MODIFY THIS FORMAT UNLESS YOU CAN ALSO MODIFY ITS USERS
// FROM NATIVE CODE. AT THE MOMENT, LOOK AT THE FOLLOWING SOURCES:
+ // system/core/logd/LogStatistics.cpp
// system/core/run-as/run-as.c
// system/core/sdcard/sdcard.c
// external/libselinux/src/android.c:package_info_init()
diff --git a/services/core/java/com/android/server/wm/DimLayer.java b/services/core/java/com/android/server/wm/DimLayer.java
index c09ea5c..3f5ae56 100644
--- a/services/core/java/com/android/server/wm/DimLayer.java
+++ b/services/core/java/com/android/server/wm/DimLayer.java
@@ -140,10 +140,9 @@
}
/**
- * @param layer The new layer value.
- * @param inTransaction Whether the call is made within a surface transaction.
+ * NOTE: Must be called with Surface transaction open.
*/
- void adjustSurface(int layer, boolean inTransaction) {
+ private void adjustBounds() {
final int dw, dh;
final float xPos, yPos;
if (!mStack.isFullscreen()) {
@@ -163,29 +162,31 @@
yPos = -1 * dh / 6;
}
- try {
- if (!inTransaction) {
- SurfaceControl.openTransaction();
- }
- mDimSurface.setPosition(xPos, yPos);
- mDimSurface.setSize(dw, dh);
- mDimSurface.setLayer(layer);
- } catch (RuntimeException e) {
- Slog.w(TAG, "Failure setting size or layer", e);
- } finally {
- if (!inTransaction) {
- SurfaceControl.closeTransaction();
- }
- }
+ mDimSurface.setPosition(xPos, yPos);
+ mDimSurface.setSize(dw, dh);
+
mLastBounds.set(mBounds);
- mLayer = layer;
}
- // Assumes that surface transactions are currently closed.
- void setBounds(Rect bounds) {
+ /**
+ * @param bounds The new bounds to set
+ * @param inTransaction Whether the call is made within a surface transaction.
+ */
+ void setBounds(Rect bounds, boolean inTransaction) {
mBounds.set(bounds);
if (isDimming() && !mLastBounds.equals(bounds)) {
- adjustSurface(mLayer, false);
+ try {
+ if (!inTransaction) {
+ SurfaceControl.openTransaction();
+ }
+ adjustBounds();
+ } catch (RuntimeException e) {
+ Slog.w(TAG, "Failure setting size", e);
+ } finally {
+ if (!inTransaction) {
+ SurfaceControl.closeTransaction();
+ }
+ }
}
}
@@ -224,9 +225,10 @@
return;
}
- if (!mLastBounds.equals(mBounds) || mLayer != layer) {
- adjustSurface(layer, true);
+ if (!mLastBounds.equals(mBounds)) {
+ adjustBounds();
}
+ setLayer(layer);
long curTime = SystemClock.uptimeMillis();
final boolean animating = isAnimating();
diff --git a/services/core/java/com/android/server/wm/TaskStack.java b/services/core/java/com/android/server/wm/TaskStack.java
index 802cf4b..d313e3f 100644
--- a/services/core/java/com/android/server/wm/TaskStack.java
+++ b/services/core/java/com/android/server/wm/TaskStack.java
@@ -126,8 +126,8 @@
return false;
}
- mDimLayer.setBounds(bounds);
- mAnimationBackgroundSurface.setBounds(bounds);
+ mDimLayer.setBounds(bounds, false);
+ mAnimationBackgroundSurface.setBounds(bounds, false);
mBounds.set(bounds);
return true;
diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java
index 7b389f5..109785c 100644
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -508,6 +508,7 @@
boolean mClientFreezingScreen = false;
int mAppsFreezingScreen = 0;
int mLastWindowForcedOrientation = ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED;
+ int mLastKeyguardForcedOrientation = ActivityInfo.SCREEN_ORIENTATION_NOSENSOR;
int mLayoutSeq = 0;
@@ -3126,6 +3127,10 @@
}
winAnimator.mEnteringAnimation = true;
if (toBeDisplayed) {
+ if ((win.mAttrs.softInputMode & SOFT_INPUT_MASK_ADJUST)
+ == SOFT_INPUT_ADJUST_RESIZE) {
+ win.mLayoutNeeded = true;
+ }
if (win.isDrawnLw() && okToDisplay()) {
winAnimator.applyEnterAnimationLocked();
}
@@ -3714,43 +3719,70 @@
}
}
- public int getOrientationFromWindowsLocked() {
- if (mDisplayFrozen || mOpeningApps.size() > 0 || mClosingApps.size() > 0) {
- // If the display is frozen, some activities may be in the middle
- // of restarting, and thus have removed their old window. If the
- // window has the flag to hide the lock screen, then the lock screen
- // can re-appear and inflict its own orientation on us. Keep the
- // orientation stable until this all settles down.
- return mLastWindowForcedOrientation;
+ public int getOrientationLocked() {
+ if (mDisplayFrozen) {
+ if (mLastWindowForcedOrientation != ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED) {
+ if (DEBUG_ORIENTATION) Slog.v(TAG, "Display is frozen, return "
+ + mLastWindowForcedOrientation);
+ // If the display is frozen, some activities may be in the middle
+ // of restarting, and thus have removed their old window. If the
+ // window has the flag to hide the lock screen, then the lock screen
+ // can re-appear and inflict its own orientation on us. Keep the
+ // orientation stable until this all settles down.
+ return mLastWindowForcedOrientation;
+ }
+ } else {
+ // TODO(multidisplay): Change to the correct display.
+ final WindowList windows = getDefaultWindowListLocked();
+ int pos = windows.size() - 1;
+ while (pos >= 0) {
+ WindowState win = windows.get(pos);
+ pos--;
+ if (win.mAppToken != null) {
+ // We hit an application window. so the orientation will be determined by the
+ // app window. No point in continuing further.
+ break;
+ }
+ if (!win.isVisibleLw() || !win.mPolicyVisibilityAfterAnim) {
+ continue;
+ }
+ int req = win.mAttrs.screenOrientation;
+ if((req == ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED) ||
+ (req == ActivityInfo.SCREEN_ORIENTATION_BEHIND)){
+ continue;
+ }
+
+ if (DEBUG_ORIENTATION) Slog.v(TAG, win + " forcing orientation to " + req);
+ if (mPolicy.isKeyguardHostWindow(win.mAttrs)) {
+ mLastKeyguardForcedOrientation = req;
+ }
+ return (mLastWindowForcedOrientation = req);
+ }
+ mLastWindowForcedOrientation = ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED;
+
+ if (mPolicy.isKeyguardLocked()) {
+ // The screen is locked and no top system window is requesting an orientation.
+ // Return either the orientation of the show-when-locked app (if there is any) or
+ // the orientation of the keyguard. No point in searching from the rest of apps.
+ WindowState winShowWhenLocked = (WindowState) mPolicy.getWinShowWhenLockedLw();
+ AppWindowToken appShowWhenLocked = winShowWhenLocked == null ?
+ null : winShowWhenLocked.mAppToken;
+ if (appShowWhenLocked != null) {
+ int req = appShowWhenLocked.requestedOrientation;
+ if (req == ActivityInfo.SCREEN_ORIENTATION_BEHIND) {
+ req = mLastKeyguardForcedOrientation;
+ }
+ if (DEBUG_ORIENTATION) Slog.v(TAG, "Done at " + appShowWhenLocked
+ + " -- show when locked, return " + req);
+ return req;
+ }
+ if (DEBUG_ORIENTATION) Slog.v(TAG,
+ "No one is requesting an orientation when the screen is locked");
+ return mLastKeyguardForcedOrientation;
+ }
}
- // TODO(multidisplay): Change to the correct display.
- final WindowList windows = getDefaultWindowListLocked();
- int pos = windows.size() - 1;
- while (pos >= 0) {
- WindowState win = windows.get(pos);
- pos--;
- if (win.mAppToken != null) {
- // We hit an application window. so the orientation will be determined by the
- // app window. No point in continuing further.
- return (mLastWindowForcedOrientation=ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED);
- }
- if (!win.isVisibleLw() || !win.mPolicyVisibilityAfterAnim) {
- continue;
- }
- int req = win.mAttrs.screenOrientation;
- if((req == ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED) ||
- (req == ActivityInfo.SCREEN_ORIENTATION_BEHIND)){
- continue;
- }
-
- if (DEBUG_ORIENTATION) Slog.v(TAG, win + " forcing orientation to " + req);
- return (mLastWindowForcedOrientation=req);
- }
- return (mLastWindowForcedOrientation=ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED);
- }
-
- public int getOrientationFromAppTokensLocked() {
+ // Top system windows are not requesting an orientation. Start searching from apps.
int lastOrientation = ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED;
boolean findingBehind = false;
boolean lastFullscreen = false;
@@ -3822,8 +3854,11 @@
findingBehind |= (or == ActivityInfo.SCREEN_ORIENTATION_BEHIND);
}
}
- if (DEBUG_ORIENTATION) Slog.v(TAG, "No app is requesting an orientation");
- return ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED;
+ if (DEBUG_ORIENTATION) Slog.v(TAG, "No app is requesting an orientation, return "
+ + mForcedAppOrientation);
+ // The next app has not been requested to be visible, so we keep the current orientation
+ // to prevent freezing/unfreezing the display too early.
+ return mForcedAppOrientation;
}
@Override
@@ -3903,11 +3938,7 @@
boolean updateOrientationFromAppTokensLocked(boolean inTransaction) {
long ident = Binder.clearCallingIdentity();
try {
- int req = getOrientationFromWindowsLocked();
- if (req == ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED) {
- req = getOrientationFromAppTokensLocked();
- }
-
+ int req = getOrientationLocked();
if (req != mForcedAppOrientation) {
mForcedAppOrientation = req;
//send a message to Policy indicating orientation change to take
diff --git a/tools/aapt/printapk.cpp b/tools/aapt/printapk.cpp
deleted file mode 100644
index def6e2e..0000000
--- a/tools/aapt/printapk.cpp
+++ /dev/null
@@ -1,127 +0,0 @@
-#include <utils/ResourceTypes.h>
-#include <utils/String8.h>
-#include <utils/String16.h>
-#include <zipfile/zipfile.h>
-#include <stdio.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <stdlib.h>
-
-using namespace android;
-
-static int
-usage()
-{
- fprintf(stderr,
- "usage: apk APKFILE\n"
- "\n"
- "APKFILE an android packge file produced by aapt.\n"
- );
- return 1;
-}
-
-
-int
-main(int argc, char** argv)
-{
- const char* filename;
- int fd;
- ssize_t amt;
- off_t size;
- void* buf;
- zipfile_t zip;
- zipentry_t entry;
- void* cookie;
- void* resfile;
- int bufsize;
- int err;
-
- if (argc != 2) {
- return usage();
- }
-
- filename = argv[1];
- fd = open(filename, O_RDONLY);
- if (fd == -1) {
- fprintf(stderr, "apk: couldn't open file for read: %s\n", filename);
- return 1;
- }
-
- size = lseek(fd, 0, SEEK_END);
- amt = lseek(fd, 0, SEEK_SET);
-
- if (size < 0 || amt < 0) {
- fprintf(stderr, "apk: error determining file size: %s\n", filename);
- return 1;
- }
-
- buf = malloc(size);
- if (buf == NULL) {
- fprintf(stderr, "apk: file too big: %s\n", filename);
- return 1;
- }
-
- amt = read(fd, buf, size);
- if (amt != size) {
- fprintf(stderr, "apk: error reading file: %s\n", filename);
- return 1;
- }
-
- close(fd);
-
- zip = init_zipfile(buf, size);
- if (zip == NULL) {
- fprintf(stderr, "apk: file doesn't seem to be a zip file: %s\n",
- filename);
- return 1;
- }
-
- printf("files:\n");
- cookie = NULL;
- while ((entry = iterate_zipfile(zip, &cookie))) {
- char* name = get_zipentry_name(entry);
- printf(" %s\n", name);
- free(name);
- }
-
- entry = lookup_zipentry(zip, "resources.arsc");
- if (entry != NULL) {
- size = get_zipentry_size(entry);
- bufsize = size + (size / 1000) + 1;
- resfile = malloc(bufsize);
-
- err = decompress_zipentry(entry, resfile, bufsize);
- if (err != 0) {
- fprintf(stderr, "apk: error decompressing resources.arsc");
- return 1;
- }
-
- ResTable res(resfile, size, resfile);
- res.print();
-#if 0
- size_t tableCount = res.getTableCount();
- printf("Tables: %d\n", (int)tableCount);
- for (size_t tableIndex=0; tableIndex<tableCount; tableIndex++) {
- const ResStringPool* strings = res.getTableStringBlock(tableIndex);
- size_t stringCount = strings->size();
- for (size_t stringIndex=0; stringIndex<stringCount; stringIndex++) {
- size_t len;
- const char16_t* ch = strings->stringAt(stringIndex, &len);
- String8 s(String16(ch, len));
- printf(" [%3d] %s\n", (int)stringIndex, s.string());
- }
- }
-
- size_t basePackageCount = res.getBasePackageCount();
- printf("Base Packages: %d\n", (int)basePackageCount);
- for (size_t bpIndex=0; bpIndex<basePackageCount; bpIndex++) {
- const String16 ch = res.getBasePackageName(bpIndex);
- String8 s = String8(ch);
- printf(" [%3d] %s\n", (int)bpIndex, s.string());
- }
-#endif
- }
-
-
- return 0;
-}
