keystore2/aidl/android/system/keystore2/KeyPermission.aidl - platform/system/hardware/interfaces - Git at Google

 /*
  * Copyright 2020, The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.system.keystore2;

 /**
  * KeyPermissions correspond to SELinux permission for the keystore2_key security class.
  * These values are used to specify the access vector for granted keys.
  * Key owners may grant a key to a another protection domain indicated by their uid.
  * Implementations must only allow granting permissions that the key owner possesses.
  * The grant permission cannot be granted.
  * Any granted permission applies only to the granted key.
  * @hide
  */
 @VintfStability
 @Backing(type="int")
 enum KeyPermission {
     /**
      * Convenience variant indicating an empty access vector.
      */
     NONE = 0,
     /**
      * Allows deleting the key.
      */
     DELETE = 0x1,
     /**
      * Allows the usage of UNIQUE ID with the given key.
      */
     GEN_UNIQUE_ID = 0x2,
     /**
      * Allows reading metadata about the key including public key and certificate.
      */
     GET_INFO = 0x4,
     /**
      * Allows granting the key. Implementations must not allow this permission
      * to be granted though, so this is mentioned here just for completeness.
      */
     GRANT = 0x8,
     /**
      * Allows using a key by specifying the key blob in the key descriptor.
      * Implementations must not allow this permission to be granted.
      */
     MANAGE_BLOB = 0x10,
     /**
      * Allows rebinding an alias to a newly imported or generated key.
      * It makes no sense to grant this permission, because the API does not
      * permit generating keys by domains other than `App` or `SELinux`.
      * Implementations must not allow this permission to be granted.
      */
     REBIND = 0x20,
     /**
      * Allow requesting a forced operation with the given key.
      * Forced operations cannot be pruned and they have special pruning power
      * allowing them to evict any non forced operation to obtain a KeyMint
      * operation slot.
      */
     REQ_FORCED_OP = 0x40,
     /**
      * Allow updating the public certificate and certificate chain fields
      * of the given key.
      */
     UPDATE = 0x80,
     /**
      * Allow using the key for cryptographic operations within the limitations
      * of the key's usage restrictions.
      */
     USE = 0x100,
     /**
      * Allow using device ids during attestation.
      * It makes no sense to grant this permission, because attestation only
      * works during key generation, and keys cannot be created through a grant.
      * Implementations must not allow this permission to be granted.
      */
     USE_DEV_ID = 0x200,
     /**
      * Allows the creation of auth bound keys that are not cryptographically bound to the LSKF.
      * System components might need this if they required a logically authentication bound key
      * that is used for the derivation of the LSKF bound key material. This is essentially breaking
      * up a circular dependency.
      * This permission is checked during key generation and import if the
      * `KeyFlag.AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING` was set. Because keys cannot
      * be generated or imported via grant, it does not make sense to grant this key.
      */
     USE_NO_LSKF_BINDING = 0x400,
     /**
      * Allows getting a per-boot wrapped ephemeral key from a long lived wrapped storage key.
      * This permission is checked on calls to IKeystoreSecurityLevel::convertStorageKeyToEphemeral()
      */
     CONVERT_STORAGE_KEY_TO_EPHEMERAL = 0x800,
  }
	/*
	* Copyright 2020, The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.system.keystore2;

	/**
	* KeyPermissions correspond to SELinux permission for the keystore2_key security class.
	* These values are used to specify the access vector for granted keys.
	* Key owners may grant a key to a another protection domain indicated by their uid.
	* Implementations must only allow granting permissions that the key owner possesses.
	* The grant permission cannot be granted.
	* Any granted permission applies only to the granted key.
	* @hide
	*/
	@VintfStability
	@Backing(type="int")
	enum KeyPermission {
	/**
	* Convenience variant indicating an empty access vector.
	*/
	NONE = 0,
	/**
	* Allows deleting the key.
	*/
	DELETE = 0x1,
	/**
	* Allows the usage of UNIQUE ID with the given key.
	*/
	GEN_UNIQUE_ID = 0x2,
	/**
	* Allows reading metadata about the key including public key and certificate.
	*/
	GET_INFO = 0x4,
	/**
	* Allows granting the key. Implementations must not allow this permission
	* to be granted though, so this is mentioned here just for completeness.
	*/
	GRANT = 0x8,
	/**
	* Allows using a key by specifying the key blob in the key descriptor.
	* Implementations must not allow this permission to be granted.
	*/
	MANAGE_BLOB = 0x10,
	/**
	* Allows rebinding an alias to a newly imported or generated key.
	* It makes no sense to grant this permission, because the API does not
	* permit generating keys by domains other than `App` or `SELinux`.
	* Implementations must not allow this permission to be granted.
	*/
	REBIND = 0x20,
	/**
	* Allow requesting a forced operation with the given key.
	* Forced operations cannot be pruned and they have special pruning power
	* allowing them to evict any non forced operation to obtain a KeyMint
	* operation slot.
	*/
	REQ_FORCED_OP = 0x40,
	/**
	* Allow updating the public certificate and certificate chain fields
	* of the given key.
	*/
	UPDATE = 0x80,
	/**
	* Allow using the key for cryptographic operations within the limitations
	* of the key's usage restrictions.
	*/
	USE = 0x100,
	/**
	* Allow using device ids during attestation.
	* It makes no sense to grant this permission, because attestation only
	* works during key generation, and keys cannot be created through a grant.
	* Implementations must not allow this permission to be granted.
	*/
	USE_DEV_ID = 0x200,
	/**
	* Allows the creation of auth bound keys that are not cryptographically bound to the LSKF.
	* System components might need this if they required a logically authentication bound key
	* that is used for the derivation of the LSKF bound key material. This is essentially breaking
	* up a circular dependency.
	* This permission is checked during key generation and import if the
	* `KeyFlag.AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING` was set. Because keys cannot
	* be generated or imported via grant, it does not make sense to grant this key.
	*/
	USE_NO_LSKF_BINDING = 0x400,
	/**
	* Allows getting a per-boot wrapped ephemeral key from a long lived wrapped storage key.
	* This permission is checked on calls to IKeystoreSecurityLevel::convertStorageKeyToEphemeral()
	*/
	CONVERT_STORAGE_KEY_TO_EPHEMERAL = 0x800,
	}