| Age | Commit message (Collapse) | Author |
|---|
|
Bug: 171305684
Test: CtsKeystoreTestCases
Change-Id: I337515dadc9e45b909bff058d4e13371b4fa843c
|
|
Also have KeyStore.onDeviceOffBody call
AndroidKeyStoreMaintenance.onDeviceOffBody.
Test: N/A
Bug: 171305684
Change-Id: I0b01764bfc4c5828d17ccfffb4f8dad5f3bcea6d
|
|
Test: N/A
Bug: 171305684
Change-Id: I6fd90c29dd1fb077c25f1bd428fb8adf9782330e
|
|
Bug: 176123105
Test: TBD
Change-Id: I8bc6bf219f7c4bb3722c310debcc8a276d14ed98
|
|
Implement uid/namespace clearing for Keystore 2.0.
Test: Verified that keys get deleted when an app gets uninstalled.
Change-Id: I1b0b65e977177a6e34c500b00b5070ec18be2671
|
|
Test: N/A
Change-Id: I4da26175741c5313aec17d30a3e534a2172d87b4
|
|
Previously BouncyCastle methods were exposed as libcore APIs (@CorePlatformApi), which no longer possible when ART is updatable module (and can't guarantee BouncyCastle API stability)
Bug: 154796679
Test: Treehugger
Change-Id: I908681841a6766de88761767c77c4e2d4b5f56d5
|
|
This CL introduces the Keystore SPI class for IKeystoreAuthorization
aidl interface and implements the calling code for addAuthToken method.
Bug: 166672367
Bug: 177830239
Bug: 177791435
Bug: 177787061
Bug: 177787180
Test: VTS test
Change-Id: I9f0adc97efadd0fa1a1f16dd5ec811f4151a2b03
|
|
Revert submission 1519257-rename_auth_service
Reason for revert: breaking WM presubmit, b/177787180
Reverted Changes:
Ib847b68d4:Integrate IKeystoreAuthorization aidl's addAuthTok...
I7893ab452:Integrate IKeystoreAuthorization aidl's addAuthTok...
I4a092119c:Implement addAuthToken method of IKeystoreAuthoriz...
Change-Id: Iea9bf7e7b3d1e968bbbe39f4ec08dcc3577cee07
|
|
This CL introduces the Keystore SPI class for IKeystoreAuthorization
aidl interface and implements the calling code for addAuthToken method.
Bug: 166672367
Test: VTS test
Change-Id: I7893ab4520b16533b9fddc9909297856e0b523ae
|
|
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to
remove from the unsupported list.
Bug: 170729553
Test: Treehugger
Merged-In: I626caf7c1fe46c5ab1f39c2895b42a34319f771a
Change-Id: I54e5ecd11e76ca1de3c5893e3a98b0108e735413
|
|
am: f6574a21c2
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1340128
Change-Id: Ica523ae5269ba5e2a339653024870fefa581ad64
|
|
A normal synchronous binder call would not be influenced by an
interrupted thread. With the move to asynchronous keystore IPC we wait
on a future which can throw an interrupted exception. The Java crypto
API does not expect the implementation to throw interrupted exceptions
though. So to preserve the expected behavior we wrap the Future.get()
calls in a loop that handles the interrupted exception and sets the
interrupted state after the get completed successfully.
Bug: 147398412
Bug: 155254932
Test: atest android.keystore.cts.CipherTest#testEncryptsAndDecryptsInterrupted
Change-Id: I066180e8028cc426fa1b3739fa007faa17c8c012
Merged-In: I066180e8028cc426fa1b3739fa007faa17c8c012
|
|
Change-Id: I7ce0992bd12158655c0f4833fd924c8012386996
Merged-In: I34d1d5f9a751c1d7680a5a5941c39b9fe33a473b
Merged-In: Icd731877c220b0e3b39258812030313cbaba90c0
|
|
Update keyguard locked state from TrustManagerService
TrustManagerService holds the ground truth about whether a user is
locked or not, so update keystore using the information there,
instead of doing it from KeyguardStateMonitor. This fixes the issue
of work profile locked state not being correctly pushed to keystore.
Note: since this change is likely to be backported as a security
patch, I'm refraining from doing major refactoring right now.
Bug: 141329041
Bug: 144430870
Test: manually with KeyPairSampleApp
Change-Id: I3472ece73d573a775345ebcceeeb2cc460374c9b
(cherry picked from commit f9418dbb2c2469dd271e4aebefda5b6a4b485f3a)
|
|
1) BiometricService / AuthService always need to be started, since on
Android 11 and later, the public credential auth API comes through this
path.
2) Consolidate getAuthenticatorId() and expose via AuthService. This is
used only by the platform during key generation. Instead of asking
each individual service, AuthService will return a list of IDs for
sensors which are enrolled and meet the required strength.
Test: atest com.android.server.biometrics
Test: fingerprint device, CtsVerifier biometric section
Test: face unlock device, CtsVerifier biometric section
Test: remove biometrics from device, CtsVerifier biometric section
Bug: 148419762
Bug: 149795050
Change-Id: I2c5385b1cd4f343fabb0010e1fe6fb1ea8283391
|
|
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
Merged-In: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
|
|
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
|
|
9eb7fcfba6 am: 0ae9cd3faa
am: c47567db49
Change-Id: I8e8d072dbf3edcb53eb32f86e0898c1bef791267
|
|
am: 51e842e43c
Change-Id: I3ed4477e925a203ae8a7b1dde9744ade4a32e93c
|
|
|
|
This additional input will be unused for now, but future changes are
expected to utilize it.
Test: Keystore CTS Tests
Change-Id: I5c388032e3710e3825bdb06b26443a5ae2c034a3
|
|
This api call is not accessible from the java API and is intended to be
deprecated. This CL cleans up the potential to directly call into binder
and use this functionality.
Also cleans up imports to appease the repo hooks
Test: Android builds
Change-Id: I95b27a001a6d6ba6c7d1f952bdda456a78b7f99c
|
|
TrustManagerService holds the ground truth about whether a user is
locked or not, so update keystore using the information there,
instead of doing it from KeyguardStateMonitor. This fixes the issue
of work profile locked state not being correctly pushed to keystore.
Note: since this change is likely to be backported as a security
patch, I'm refraining from doing major refactoring right now.
Bug: 141329041
Test: manually with KeyPairSampleApp
Change-Id: I3472ece73d573a775345ebcceeeb2cc460374c9b
|
|
Test: none
Change-Id: I37c535a358b0b157f0e04978658816036c52ebab
|
|
Bug: 129974578
Test: atest android.keystore.cts
Change-Id: I3ba732e15e522bd31e7eb813677d3ea884328cb6
|
|
Since keystore accepts asynchronous requests it may be that apps wait
forever if keystore dies. This patch adds a death recipient to all
keystore promises so that Keystore.java gets notified when keystore
dies.
Test: atest android.keystore.cts
Bug: 111443219
Bug: 128991260
Change-Id: Ie6e4a4f371287f83a2cdf4069d5686c67d8aebc1
|
|
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
|
|
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: I020a9c09672ebcae64c5357abc4993e07e744687
|
|
am: 7eae0132c1 am: 4718f665d4
am: 23ae50885f
Change-Id: Ieefd1262586a3fbcf13999193c1e058abf1e0a8e
|
|
Why?: 1) Returning an array list is unsafe because it must be allocated in Java and C++ must not change the size. 2) List<Integer> is not supported by AIDL, but List<String> is. I decided it was simpler to pass back integers encoded as strings than to create yet another parcelable.
Bug: b/119616956
Test: ./list_auth_bound_keys_test.sh
Test: Temporarily modified settings app to call listUidsOfAuthBoundKeys
Change-Id: I3bf7578c96e800c8d35fba897f52220136dcd657
|
|
am: 4d8a0decdb
Change-Id: I74ba06e7371696806a8ab1adbd7e65d806e208c4
|
|
Since the keystore alias prefix USERSKEY was deprecated
Credentials.deleteUserKeyTypeForAlias tried to delete key the
remaining prefix first and if that failed tried to delete the
legacy prefix.
However, KeyStore.delete returns true if the key was deleted or
did not exist. So the first call to delete would return true
whether the key existed or not and the legacy alias would never be
deleted.
This patch introduces a new flavor of KeyStore.delete, that returns an
error code instead of a boolean. The caller can now distinguish
the nature of the failure. Credentials.deleteUserKeyTypeForAlias now
checks this return code and attempts to delete the legacy variant if
KEY_NOT_FOUND was returned.
Bug: 117818447
Change-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4
|
|
am: 28b8cd58ca
Change-Id: I327e931490d3d81b824b134795a57add7c257c74
|
|
|
|
The legacy support importKey method uses the wrong method to add date
fields to the import keymaster arguments.
Bug: 119549023
Change-Id: Iff841086f6616303b365ad28aae429ccae1f3406
|
|
am: 919f2169e7
Change-Id: I3ed8dcb49baffac2215b0a32e25241bcbd74e9c8
|
|
|
|
am: 444162a57c
Change-Id: I2c09961a74c7de92d85f3d2045dd065c94bc6fac
|
|
listUidsForAuthBoundKeys was added to IKeyStoreService.
This CL exposes this method in KeyStore for system apps.
This method will be hidden for non system apps.
Bug: b/112321280
Test: listUidsForAuthBoundKeys in IKeyStoreService has its own tests
Test: This method cannot be tested directly from CTS
Change-Id: Iac9e863079a1367ddb3a599bc3825baea96a1c31
|
|
This patch makes the framework use the asynchronous keystore api model.
Bug: 111443219
Test: Ran full keystore cts test suite
Change-Id: I8d1fdc70cb9eb501d3f22a97d1221904c2ef8f9a
|
|
am: d46d33cf25
Change-Id: Id9fcb7d5bac0a24de8ca64e79d50131a5930b8ed
|
|
am: 5c5fe83c4d
Change-Id: Id2fa59fcbe111a968abef088b76fb97dbe2e369e
|
|
In preparation for making the keystore service asynchronous we remove
redundant legacy functionality from the protocol.
This patch removes the functions get_pubkey, sign, verify, generate,
and import_key. Which have long been superseded by exportKey
(get_pubkey), begin/update/finish (sign, verify), generateKey
(generate), and importKey (import_key).
This patch also removes isOperationAuthorized.
Test: KeyStore CTS tests
Bug: 111443219
Change-Id: Ib3bd6f40b4e948e5ad6b2ef5278b18ff46201d71
|
|
In preparation to the async keystore interface we change the semantics
form unconditionally overwriting existing keys to reporting that the key
exists. For compatibility we reimplement the same semantic in the
calling code.
Bug: 111443219
Test: KeyStore CTS test
Change-Id: I1fa5428fa7ada97d5068778cd4590593c992554d
|
|
Biometrics are now generic from KeyStore point of view
Bug: 113624536
Test: Unable to create keys when no templates enrolled
Test: Able to create keys when templates are enrolled
Test: No regression in Fingerprint
Keys are invalidated after enrolling another FP
Change-Id: I6bdc20eb58c8a0c10a986519d4ba9e1843ebc89d
|
|
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ifed4da56531195f64fd53d84f14b4e8298843b2c
Merged-In: I7762dd647bede8abc9be2c538af3a3a99a25a73e
|
|
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I7762dd647bede8abc9be2c538af3a3a99a25a73e
|
|
02763a1c3e am: 842e882507
am: e377a769bd
Change-Id: I67465690c2addbbfbe53472e5b45783821990567
|
|
am: 60c8cfdd0f
Change-Id: I4fcf520f53dddd6e70edf0d59fd13ae218c336a5
|
