1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.legacykeystore; 18 19 /** 20 * Internal interface for accessing and storing legacy keystore blobs. 21 * Before Android S, Keystore offered a key-value store that was intended for storing 22 * data associated with certain types of keys. E.g., public certificates for asymmetric keys. 23 * This key value store no longer exists as part of the Keystore 2.0 protocol. 24 * However, there are some clients that used Keystore in an unintended way. 25 * This interface exists to give these clients a grace period to migrate their keys 26 * out of legacy keystore. In Android S, this legacy keystore may be used as keystore was 27 * used in earlier versions, and provides access to entries that were put into keystore 28 * before Android S. 29 * 30 * DEPRECATION NOTICE: In Android T, the `put` function is slated to be removed. 31 * This will allow clients to use the `get`, `list`, and `remove` API to migrate blobs out 32 * of legacy keystore. 33 * @hide 34 */ 35 interface ILegacyKeystore { 36 37 /** 38 * Special value indicating the callers uid. 39 */ 40 const int UID_SELF = -1; 41 42 /** 43 * Service specific error code indicating that an unexpected system error occurred. 44 */ 45 const int ERROR_SYSTEM_ERROR = 4; 46 47 /** 48 * Service specific error code indicating that the caller does not have the 49 * right to access the requested uid. 50 */ 51 const int ERROR_PERMISSION_DENIED = 6; 52 53 /** 54 * Service specific error code indicating that the entry was not found. 55 */ 56 const int ERROR_ENTRY_NOT_FOUND = 7; 57 58 /** 59 * Returns the blob stored under the given name. 60 * 61 * @param alias name of the blob entry. 62 * @param uid designates the legacy namespace. Specify UID_SELF for the caller's namespace. 63 * @return The unstructured blob that was passed as blob parameter into put() 64 */ get(in String alias, int uid)65 byte[] get(in String alias, int uid); 66 67 /** 68 * Stores one entry as unstructured blob under the given alias. 69 * Overwrites existing entries with the same alias. 70 * 71 * @param alias name of the new entry. 72 * @param uid designates the legacy namespace. Specify UID_SELF for the caller's namespace. 73 * @param blob the payload of the new entry. 74 * 75 * IMPORTANT DEPRECATION NOTICE: This function is slated to be removed in Android T. 76 * Do not add new callers. The remaining functionality will remain for the purpose 77 * of migrating legacy configuration out. 78 */ put(in String alias, int uid, in byte[] blob)79 void put(in String alias, int uid, in byte[] blob); 80 81 /** 82 * Deletes the entry under the given alias. 83 * 84 * @param alias name of the entry to be removed. 85 * @param uid designates the legacy namespace of the entry. Specify UID_SELF for the caller's 86 * namespace. 87 */ remove(in String alias, int uid)88 void remove(in String alias, int uid); 89 90 /** 91 * Returns a list of aliases of entries stored. The list is filtered by prefix. 92 * The resulting strings are the full aliases including the prefix. 93 * 94 * @param prefix used to filter results. 95 * @param uid legacy namespace to list. Specify UID_SELF for caller's namespace. 96 */ list(in String prefix, int uid)97 String[] list(in String prefix, int uid); 98 }