1 /*
2  * Copyright (C) 2012 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.internal.widget;
18 
19 import android.app.PendingIntent;
20 import android.app.RemoteLockscreenValidationResult;
21 import android.app.RemoteLockscreenValidationSession;
22 import android.app.trust.IStrongAuthTracker;
23 import android.os.Bundle;
24 import android.security.keystore.recovery.WrappedApplicationKey;
25 import android.security.keystore.recovery.KeyChainSnapshot;
26 import android.security.keystore.recovery.KeyChainProtectionParams;
27 import android.security.keystore.recovery.RecoveryCertPath;
28 import com.android.internal.widget.ICheckCredentialProgressCallback;
29 import com.android.internal.widget.IWeakEscrowTokenActivatedListener;
30 import com.android.internal.widget.IWeakEscrowTokenRemovedListener;
31 import com.android.internal.widget.LockscreenCredential;
32 import com.android.internal.widget.VerifyCredentialResponse;
33 
34 import java.util.Map;
35 
36 /** {@hide} */
37 interface ILockSettings {
38     @UnsupportedAppUsage
setBoolean(in String key, in boolean value, in int userId)39     void setBoolean(in String key, in boolean value, in int userId);
40     @UnsupportedAppUsage
setLong(in String key, in long value, in int userId)41     void setLong(in String key, in long value, in int userId);
42     @UnsupportedAppUsage
setString(in String key, in String value, in int userId)43     void setString(in String key, in String value, in int userId);
44     @UnsupportedAppUsage
getBoolean(in String key, in boolean defaultValue, in int userId)45     boolean getBoolean(in String key, in boolean defaultValue, in int userId);
46     @UnsupportedAppUsage
getLong(in String key, in long defaultValue, in int userId)47     long getLong(in String key, in long defaultValue, in int userId);
48     @UnsupportedAppUsage
getString(in String key, in String defaultValue, in int userId)49     String getString(in String key, in String defaultValue, in int userId);
setLockCredential(in LockscreenCredential credential, in LockscreenCredential savedCredential, int userId)50     boolean setLockCredential(in LockscreenCredential credential, in LockscreenCredential savedCredential, int userId);
resetKeyStore(int userId)51     void resetKeyStore(int userId);
checkCredential(in LockscreenCredential credential, int userId, in ICheckCredentialProgressCallback progressCallback)52     VerifyCredentialResponse checkCredential(in LockscreenCredential credential, int userId,
53             in ICheckCredentialProgressCallback progressCallback);
verifyCredential(in LockscreenCredential credential, int userId, int flags)54     VerifyCredentialResponse verifyCredential(in LockscreenCredential credential, int userId, int flags);
verifyTiedProfileChallenge(in LockscreenCredential credential, int userId, int flags)55     VerifyCredentialResponse verifyTiedProfileChallenge(in LockscreenCredential credential, int userId, int flags);
verifyGatekeeperPasswordHandle(long gatekeeperPasswordHandle, long challenge, int userId)56     VerifyCredentialResponse verifyGatekeeperPasswordHandle(long gatekeeperPasswordHandle, long challenge, int userId);
removeGatekeeperPasswordHandle(long gatekeeperPasswordHandle)57     void removeGatekeeperPasswordHandle(long gatekeeperPasswordHandle);
getCredentialType(int userId)58     int getCredentialType(int userId);
getPinLength(int userId)59     int getPinLength(int userId);
refreshStoredPinLength(int userId)60     boolean refreshStoredPinLength(int userId);
getHashFactor(in LockscreenCredential currentCredential, int userId)61     byte[] getHashFactor(in LockscreenCredential currentCredential, int userId);
setSeparateProfileChallengeEnabled(int userId, boolean enabled, in LockscreenCredential managedUserPassword)62     void setSeparateProfileChallengeEnabled(int userId, boolean enabled, in LockscreenCredential managedUserPassword);
getSeparateProfileChallengeEnabled(int userId)63     boolean getSeparateProfileChallengeEnabled(int userId);
registerStrongAuthTracker(in IStrongAuthTracker tracker)64     void registerStrongAuthTracker(in IStrongAuthTracker tracker);
unregisterStrongAuthTracker(in IStrongAuthTracker tracker)65     void unregisterStrongAuthTracker(in IStrongAuthTracker tracker);
requireStrongAuth(int strongAuthReason, int userId)66     void requireStrongAuth(int strongAuthReason, int userId);
reportSuccessfulBiometricUnlock(boolean isStrongBiometric, int userId)67     void reportSuccessfulBiometricUnlock(boolean isStrongBiometric, int userId);
scheduleNonStrongBiometricIdleTimeout(int userId)68     void scheduleNonStrongBiometricIdleTimeout(int userId);
systemReady()69     void systemReady();
userPresent(int userId)70     void userPresent(int userId);
getStrongAuthForUser(int userId)71     int getStrongAuthForUser(int userId);
hasPendingEscrowToken(int userId)72     boolean hasPendingEscrowToken(int userId);
73 
74     // Keystore RecoveryController methods.
75     // {@code ServiceSpecificException} may be thrown to signal an error, which caller can
76     // convert to  {@code RecoveryManagerException}.
initRecoveryServiceWithSigFile(in String rootCertificateAlias, in byte[] recoveryServiceCertFile, in byte[] recoveryServiceSigFile)77     void initRecoveryServiceWithSigFile(in String rootCertificateAlias,
78             in byte[] recoveryServiceCertFile, in byte[] recoveryServiceSigFile);
getKeyChainSnapshot()79     KeyChainSnapshot getKeyChainSnapshot();
generateKey(String alias)80     String generateKey(String alias);
generateKeyWithMetadata(String alias, in byte[] metadata)81     String generateKeyWithMetadata(String alias, in byte[] metadata);
importKey(String alias, in byte[] keyBytes)82     String importKey(String alias, in byte[] keyBytes);
importKeyWithMetadata(String alias, in byte[] keyBytes, in byte[] metadata)83     String importKeyWithMetadata(String alias, in byte[] keyBytes, in byte[] metadata);
getKey(String alias)84     String getKey(String alias);
removeKey(String alias)85     void removeKey(String alias);
setSnapshotCreatedPendingIntent(in PendingIntent intent)86     void setSnapshotCreatedPendingIntent(in PendingIntent intent);
setServerParams(in byte[] serverParams)87     void setServerParams(in byte[] serverParams);
setRecoveryStatus(in String alias, int status)88     void setRecoveryStatus(in String alias, int status);
getRecoveryStatus()89     Map getRecoveryStatus();
setRecoverySecretTypes(in int[] secretTypes)90     void setRecoverySecretTypes(in int[] secretTypes);
getRecoverySecretTypes()91     int[] getRecoverySecretTypes();
startRecoverySessionWithCertPath(in String sessionId, in String rootCertificateAlias, in RecoveryCertPath verifierCertPath, in byte[] vaultParams, in byte[] vaultChallenge, in List<KeyChainProtectionParams> secrets)92     byte[] startRecoverySessionWithCertPath(in String sessionId, in String rootCertificateAlias,
93             in RecoveryCertPath verifierCertPath, in byte[] vaultParams, in byte[] vaultChallenge,
94             in List<KeyChainProtectionParams> secrets);
recoverKeyChainSnapshot( in String sessionId, in byte[] recoveryKeyBlob, in List<WrappedApplicationKey> applicationKeys)95     Map/*<String, String>*/ recoverKeyChainSnapshot(
96             in String sessionId,
97             in byte[] recoveryKeyBlob,
98             in List<WrappedApplicationKey> applicationKeys);
closeSession(in String sessionId)99     void closeSession(in String sessionId);
startRemoteLockscreenValidation()100     RemoteLockscreenValidationSession startRemoteLockscreenValidation();
validateRemoteLockscreen(in byte[] encryptedCredential)101     RemoteLockscreenValidationResult validateRemoteLockscreen(in byte[] encryptedCredential);
hasSecureLockScreen()102     boolean hasSecureLockScreen();
tryUnlockWithCachedUnifiedChallenge(int userId)103     boolean tryUnlockWithCachedUnifiedChallenge(int userId);
removeCachedUnifiedChallenge(int userId)104     void removeCachedUnifiedChallenge(int userId);
registerWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener)105     boolean registerWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener);
unregisterWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener)106     boolean unregisterWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener);
addWeakEscrowToken(in byte[] token, int userId, in IWeakEscrowTokenActivatedListener callback)107     long addWeakEscrowToken(in byte[] token, int userId, in IWeakEscrowTokenActivatedListener callback);
removeWeakEscrowToken(long handle, int userId)108     boolean removeWeakEscrowToken(long handle, int userId);
isWeakEscrowTokenActive(long handle, int userId)109     boolean isWeakEscrowTokenActive(long handle, int userId);
isWeakEscrowTokenValid(long handle, in byte[] token, int userId)110     boolean isWeakEscrowTokenValid(long handle, in byte[] token, int userId);
unlockUserKeyIfUnsecured(int userId)111     void unlockUserKeyIfUnsecured(int userId);
112 }
113