| Age | Commit message (Collapse) | Author |
|---|
|
Removing a method that had no references to it anywhere else.
Test: builds
Change-Id: I654fbafa63f0863d38827148917fcc4d48e8177a
|
|
Several utility classes were declared abstract, but there is no
intention of subclassing these classes. Instead opt for private
constructors where necessary to avoid instantiation and remove the
abstract keywords. Additionally make the classes final to clearly
indicate they are not intended to be subclassed.
Test: builds
Change-Id: I38bfe5f0685e4b333201c9c9fbb13b7aac8b4980
|
|
Bug: 341254535
Test: treehugger
Change-Id: I8544528a074cf7b871b77e9400aa1689ce68f90a
|
|
Bug: 369375199
Test: builds
Change-Id: If4a0be1314c0a98409b2fd0289d099a45120ce33
|
|
- aosp/3341662 didn't get merged to internal main
- ag/30674610 fixed that but needed a change so it compiles in all
configs
- this CL applies the same change to AOSP, but with a merged-in stanza
to prevent downstream conflicts
Bug: 369375199
Test: treehugger
Flag: android.security.keystore2.Flags.FLAG_ATTEST_MODULES
Merged-In: I7195aaca849eb53e603565a470b780ba91b3ec2c
Change-Id: I58f3c9a17894123d5536c0d556e2d1eb5ce90888
|
|
Allows clients to retrieve information required to interpret certain
attested values found in the attestation certificate.
Currently only relevant for Tag::MODULE_HASH, for which it returns the
encoded structure whose hash ends up in the attestation certificate.
Bug: 369375199
Test: treehugger
API-Coverage-Bug: 378549695
Change-Id: I2bac10ad148279ea3aa3907a982a3e598502c788
Merged-In: I29bb8f9108747a0ed2a1a678811858e8572d285f
|
|
|
|
Fixes: 377489251
Test: atest KeyStoreManagerTest
Change-Id: Ie3f8604d2d6bdc9eca48bf52ae38ea64578749fc
|
|
This typo shows up on the public-facing API docs
Change-Id: I9ac633a78359ddb9bb15770728ac338983f18456
|
|
Eran is leaving the team, time for book-keeping.
Change-Id: I0c52ddd85d2a7e091fbec2adb7ea773b313acfb3
|
|
To this point, there has been no way for an app to grant access
to keys it owns in the Android Keystore to other apps on the
device. This commit adds a new KeyStoreManager class that
interfaces with the KeyStoreService to support granting and
revoking access to keys as well as for a grantee app to access
a key in the grant domain through the key's ID.
Bug: 351158708
Test: atest KeyStoreManagerTest
Change-Id: Id2d785228fa852b21324d2792e3f34c27756034d
|
|
am: cce61395e1
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/3170019
Change-Id: I4fbc3c18d3d8c3901ff5d19074e9d7575dc2866c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
In the case of catching AssertionError, such as in Bug: 351757602, this fix can prevent android.bg thread blocking;In other cases where AssertionError is not catched, this fix can expose the problem as early as possible instead of waiting for the thread to block
Bug: 351757602
Test: Manual
Change-Id: Id2a2a960b28c77532e05c88ce9267762610f9119
|
|
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2922538
Change-Id: I0c249a6efdd53e8a73ca5cf57b02d3146b59b47c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Make the fix unconditional and remove all superseded code.
Bug: 299298338
Test: atest -p --include-subdirs system/security/keystore2
Test: atest CtsKeystoreTestCases
Test: atest com.android.server.locksettings
Test: atest TrustManagerServiceTest
Test: atest TrustTests
Change-Id: I78dd3268b2b98873a4020a9b6fe0348e935eb5aa
|
|
into main am: eac1b8d0cc am: 936249baab
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2967383
Change-Id: I802fe461e2c550e6a609d90adc0afc913b11ab30
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
into main am: eac1b8d0cc
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2967383
Change-Id: I1f740691cce53c18e39df2f20511d9f4191eab69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
We add this error for AAID in cases where keystore2 returns an error for
failing to get AAID. We are explicitly failing here, but that is a
transient error we expect the client to re-try. We return this error to
indicate to the caller that we should retry this call before failing
completely. This stops attestation from happening without the calling
application's identity.
Test: atest CtsKeystoreTestCases
Test: atest keystore2_test
Bug: 291583874
Change-Id: Ieaee2ddda124fe2b23baf3c318f4eece0b718f05
|
|
aosp-main-future
|
|
Bug: 343627215
Test: None, comment change only
Change-Id: I362e30991ca951670ae29e9a1d9b51cf31c2ef71
|
|
Bug: 343100748
Merged-In: I20b3d485a00109060a6ed206503aa3c12c812969
Change-Id: Ibbed3bbb7e2dbf06614ed1f86a628e4377bacec5
|
|
|
|
Revert submission 2864688-apc-deprecate
Reason for revert: fix inadvertent partial deprecation
Reverted changes: /q/submissionid:2864688-apc-deprecate
Change-Id: I820e2916acfc711c6a092ac1371548f54fd170af
|
|
Since android.security.KeyStore is no longer used, remove it. This
prevents this class, which had a name that made it sound much more
important than it actually is, from being confused with the classes via
which the Android Keystore is actually accessed these days.
Bug: 326508120
Test: build
Flag: NONE mechanical refactoring with no behavior change
Change-Id: I2f8471971b2816a4a830a48cb99ff118c21a6ad8
|
|
To make it possible to remove the obsolete and misleadingly named helper
class android.security.KeyStore, the UID_SELF constant will be moved to
KeyProperties. This CL completes the first half of the move by adding
the constant to the new location. A later CL will delete the constant
from the old location once all users have been updated.
Bug: 326508120
Test: build
Flag: NONE mechanical refactoring with no behavior change
Change-Id: I5aa839a19d548d9d5a86afc30ab39431c0b93aa5
|
|
4073ee27ad
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/3008298
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:05b1440e06c84212b4353be7f5cbe97fd1bccafb)
Merged-In: Ia6d83f7582ce0d976c857c7318a1f9ed1fe3bae8
Change-Id: Ia6d83f7582ce0d976c857c7318a1f9ed1fe3bae8
|
|
This method no longer has any callers, so remove it.
(As with other methods in android.security.KeyStore, this did have
@UnsupportedAppUsage. However, there is no reason for apps to use this.
Therefore, removing it is allowed by the non-SDK interface policy.)
Bug: 326508120
Test: Build
Change-Id: I76facc1d54bf656188d1d4c5745224fc49836132
|
|
Adds deleteSecrets() to RecoverySystemService. This method is called
from rebootRecoveryWithCommand () before the --wipe_data command is
passed to recovery and the device is force-rebooted.
deleteSecerts() calls IKeystoreMaintenance.deleteAllKeys() in order to
quickly destroy the keys protecting the synthetic password blobs
used to derive FBE encryption keys.
The intent is to make FBE-encrypted data unrecoverable even if the full
data wipe in recovery is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
Test: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...'
Change-Id: I5eb8e97f3ae1a18d5e7e7c2c7eca048ebff3440a
|
|
Currently the IKeystoreAuthorization service is intended to be accessed
through the helper class android.security.Authorization. However,
because Authorization provides only static methods, it can only be
unit-tested by static mocking, which is only available in
mockingservicestests. BiometricService works around this in two
different ways: (a) using IKeystoreAuthorization directly, and (b) using
android.security.KeyStore, which is an obsolete class which is now
almost empty and just contains a couple random helpers. I'd like to
remove it to avoid confusion with java.security.KeyStore.
This CL solves the testability problem in a consistent way by renaming
Authorization to KeyStoreAuthorization and changing all public static
methods to instance methods. It updates all callers of the keystore
authorization service to go through a KeyStoreAuthorization instance.
Finally, it updates the unit tests for TrustManagerService and
BiometricService to inject a mock KeyStoreAuthorization.
Bug: 326508120
Test: atest TrustManagerServiceTest
Test: atest FrameworksServicesTests:{BiometricServiceTest,AuthSessionTest}
Test: atest CtsBiometricsTestCases:BiometricSimpleTests
Flag: N/A. Refactoring with no behavior change intended.
Change-Id: I68504f447b1b880c08a60cf027b13f77a6567ec9
|
|
This reverts commit abbaa445ea424d2cb0eae3b267fee154ab03f4fe.
Reason for revert: frameworks change should not have gone into 24Q2
(cherry picked from https://android-review.googlesource.com/q/commit:ad79ede464a1d95508e4f7e65a29459c77219814)
Bug: 329008459
Ignore-AOSP-First: reverting incorrect merge into release branch
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3b5a6bfb75f489033c5601c965a9236fb2a64903)
Merged-In: Ie9b5218a707cf3ef8cb34f5fadd68e34683a5b15
Change-Id: Ie9b5218a707cf3ef8cb34f5fadd68e34683a5b15
|
|
There's no such thing as a NO_ERROR Keystore error code anymore, let
alone one whose numeric value is 1. The field
android.security.KeyStore.NO_ERROR is a remnant from Keystore1.
NO_ERROR existed in Keystore1 because Keystore1's binder methods used a
binder exception code of 0 ("success") even on failure, so they had to
use the return value to convey a Keystore error code or NO_ERROR.
Keystore2 instead uses binder's support for service-specific errors, and
there is no NO_ERROR error code because the success case is conveyed via
the binder exception code being 0 instead of EX_SERVICE_SPECIFIC.
Therefore, this CL removes the obsolete field
android.security.KeyStore.NO_ERROR and its two users. These users were:
- AndroidKeyStoreCipherSpiBase checked for NO_ERROR "errors" from
createOperation(). But this case is unreachable, and the operation
cannot continue without the CreateOperationResponse anyway. So this
obsolete code can just be removed.
- AuthenticationClient checked the return value of
KeyStore#addAuthToken() against NO_ERROR. But this method actually
just wraps Authorization#addAuthToken() which returns 0 on success, as
per its javadoc. So this was a bug, though it didn't matter much
since it just caused a misleading log message. Check for 0 instead.
Finally, NO_ERROR did have @UnsupportedAppUsage. But since there's no
use case for it, removing it is allowed by the non-SDK interface policy.
Bug: 326508120
Test: atest CtsKeystoreTestCases
Change-Id: I735e005d7ca39e231667dd95da533519085ba4ef
|
|
* changes:
Remove onDeviceOffBody()
Document that setUserAuthenticationValidWhileOnBody() doesn't actually work
|
|
Bug: 277946433
Test: 'm offline-sdk-docs' and view in web browser
Change-Id: I40b7811963169da5195a482088bf18d9d70db010
|
|
Remove KeyStore#onDeviceOffBody(), since its only caller was removed by
http://ag/24518980. Also remove
AndroidKeyStoreMaintenance#onDeviceOffBody() which was only called by
KeyStore#onDeviceOffBody().
Bug: 289849354
Test: Build
Change-Id: I3db2672b8038e947a974f703aa2c273ecb65414e
|
|
Bug: 289849354
Test: Build
Change-Id: I8e61eb8c9b0ef94c70ce797497b472e2985973d6
|
|
9f6d9acba5
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2974616
Change-Id: I1c9781606d6b4559f54ded1b2c7ff03d20d15d9f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
Many files that reference android.security.KeyStore don't actually do
anything with it. This is apparently because the functionality of this
class got moved to other places, but it was forgotten to remove the
actual references to the class. This CL removes all such references
from frameworks/base. Where made possible by removing an import of
android.security.KeyStore, it also updates references to
java.security.KeyStore to be simply KeyStore. java.security.KeyStore is
the real KeyStore that is part of the public API.
Bug: 326508120
Test: presubmit
Change-Id: Ie63b8dfc8bb562b33e6e529d537bde64ae2c6d53
|
|
c5f61a2d42
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2971712
Change-Id: I2d4ec11d691db24b672b4a93841ca2bd44d47653
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
c264cd5c43
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2974617
Change-Id: I597324ce344f20769ce01ec9d4a70ae647fe4fba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Remove methods from android.security.KeyStore that have no real callers.
The methods with @UnsupportedAppUsage could be called via reflection by
apps targeting an old SDK level. But since there is no valid use case
for these and they were already replaced with stubs in Android 12,
removing them is allowed by the non-SDK interface policy.
Bug: 326508120
Test: presubmit
Change-Id: Id742604786e71a212244f7800b9c245cea193057
|
|
Bug: 296475382
Test: atest CtsKeystoreTestCases:KeyInfoTest
Change-Id: I30cc00ec39dc1552eb2b7c12b0fab41e844c952e
|
|
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2956173
Change-Id: Idb1025a94dd75e252d1c9d0d22193af057acd8c4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Rename the MGF1 Digest Setter flag to "v2" so it can
be set as a read-only flag.
Test: atest CtsWebkitTestCases:android.webkit.cts.WebViewSslTest#testProceedClientCertRequestKeyWithAndroidKeystoreKey CtsKeystoreTestCases:android.keystore.cts.CipherTest#testKatBasicWithDifferentProviders CtsKeystoreWycheproofTestCases:RsaOaepTest
Bug: 308378912
Bug: 308069562
Change-Id: Id46ffc14f2b02cb51cd7df39f30ea757073a2144
|
|
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2952674
Change-Id: I9191ab78edc6439830caea8269c2865032b46948
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Add a method to get the list of apps that have auth-bound keys bound to
a specific SID.
Bug: 302109605
Test: Manual, installed an app that creates auth-bound keys and observed
it is included in the list of apps that have auth-bound keys.
A CtsVerifier is forthcoming.
Change-Id: Id41398bd29e6f80f963b142bb16719761308198e
|
|
Bug: 319669529
Merged-In: I46c7859ff042ee7aa9193757e5df8269f4892362
Change-Id: I0c7b5036c0b0f5f2caad551edb063350f6eb87e7
|
|
|
|
653ac0cdc7fb5e96a73eed3066f84abf432ba22c
Change-Id: I4afba276e84a4f535d1cfca8aa7863e463e61880
|