Bug: b/174140443
Test: atest CtsKeystoreTestCases
The new CTS tests for this feature is introduced in aosp/1556464
Change-Id: I9620c4a3e5d2c10ed8a50d494e63eb2fb19dabef
Merged-In: I9620c4a3e5d2c10ed8a50d494e63eb2fb19dabef
Certificate subject, serial, not before and not after information is now
passed to keystore/keymint for certificate generation.
Also makeDate accepts negative time values for dates predating Jan 1970
because the CTS tests likes to generate historic certificates.
Test: Keystore CTS tests.
Change-Id: I7ce664b010222298bda8049aad48f7db155a836d
As general background, OWNERS files expedite code reviews by helping
code authors quickly find relevant reviewers, and they also ensure
that stakeholders are involved in code changes in their areas.
Some teams under frameworks/base/ have been using OWNERS files
successfully for many years, and we're ready to expand them to cover
more areas. Here's the historical coverage statistics for the last
two years of changes before these new OWNERS changes land:
-- 56% of changes are fully covered by OWNERS
-- 17% of changes are partially covered by OWNERS
-- 25% of changes have no OWNERS coverage
Working closely with team leads, we've now identified clear OWNERS on
a per-package basis, and we're using "include" directives whenever
possible to to simplify future maintenance. With this extensive
effort, we've now improved our coverage as follows:
-- 98% of changes are fully covered by OWNERS
-- 1% of changes are partially covered by OWNERS
-- 1% of changes have no OWNERS coverage
This specific change is automatically generated by a script from
detailed ownership information confirmed by team leads.
Bug: 174932174
Test: manual
Exempt-From-Owner-Approval: refactoring with team leads buy-in
Merged-In: I9789c97c1de8e5d962b48c29c57d82fe83729eba
Change-Id: I9789c97c1de8e5d962b48c29c57d82fe83729eba
This reverts commit efec091bcb.
Reason for revert: aosp/1513473 fixed the underlying issue That make this revert necessary.
Change-Id: Ic99a6d080b4b1140924cb89d44b1f650f283a28d
This patch adds the SecurityLevelEnum to KeyProperties. This enum can be
used by the public API surface to express levels of enforcements of key
properties. And to select a designated residence for a newly generated
or imported key.
The values UNKNOWN and UNKNOWN_SECURE are used to convey to older target
APIs API levels that have not been defined when they where published.
Test: None
Change-Id: I88681f21b8a8ea9a383d32ba99f3ab7d7c8909c3
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to
remove from the unsupported list.
Bug: 170729553
Test: Treehugger
Merged-In: I626caf7c1fe46c5ab1f39c2895b42a34319f771a
Change-Id: I54e5ecd11e76ca1de3c5893e3a98b0108e735413
Previous permission doesn't consider REQUEST_INSTALL_PACKAGES permission
as an app-ops permission.
Bug: 152009905
Test: atest GtsPlayFsiTestCases
Test: remove appops setup from AndroidTest.xml, the same test failed
Change-Id: Icdbf6bb35fe146c5be8a97e29c4c554b3ce91b5d
Bug: 148240416
Test: Manually tested by installing two apps running in a shared process
and starting their shared process activities in various orders. The
value of usesCleartextTraffic gets set as expected.
Change-Id: Ib350c09c42d5524734fb259a2ab787790f2d8e30
ConfirmationPrompt passes magnified and inverted options to the keystore
service. While gathering the accessibility_display_inversion_enabled
setting, the implementation would throw an exception if this setting was
never set by the user. This causes the font scaling property to be
ignored. This patch uses default values in case the system setting is
not set.
Test: Run CTSVerifier Protected Confirmation test with increased font
size.
Merged-In: I03a3ef56209c73ca7d2b2527a5f145f744148e38
Change-Id: I03a3ef56209c73ca7d2b2527a5f145f744148e38
ConfirmationPrompt passes magnified and inverted options to the keystore
service. While gathering the accessibility_display_inversion_enabled
setting, the implementation would throw an exception if this setting was
never set by the user. This causes the font scaling property to be
ignored. This patch uses default values in case the system setting is
not set.
Test: Run CTSVerifier Protected Confirmation test with increased font
size.
Change-Id: I03a3ef56209c73ca7d2b2527a5f145f744148e38
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I288969b0c22fa3a63bc2e71bb5009fe4a927e154
Merged-In: I288969b0c22fa3a63bc2e71bb5009fe4a927e154
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I288969b0c22fa3a63bc2e71bb5009fe4a927e154
The corresponding service is also added.
The API can be used by a store to know whether their certificate is
trusted on the device. As optimization, they only need to download
.fsv_sig signature file if it will be used.
The API can also be used to gradually switch to stronger key. The store
can query with their certificates in priority order and download the best
signature.
Test: Passed new GTS working in progress
Bug: 142573505
Change-Id: Ic788cd04aeaed35ad62113fe9e7535b8fa63b5ee
Properly define the constant for requesting the use of device individual
attestation certificate and use it in AttestationUtils.
This lets callers to DevicePolicyManager.generateKeyPair request the use
of device-unique attestation certificate, on Keymaster implementations
that support this.
Bug: 140193672
Bug: 136494773
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: I74de89e4c121a27b0495dcb99b0775445c3d4eaf
Bug: None
Test: I solemnly swear I tested this conflict resolution.
Exempt-From-Owner-Approval: Merge conflict resolution for approved change
Change-Id: I39bda8417f709f86b5b389a75ff34df8a28a3d8d
For packages:
android.companion
android.filterfw
android.hardware.camera2.utils
android.inputmethodservice
android.net.nsd
android.os
android.preference
android.security.keymaster
android.service.dreams
android.telecom
android.telephony.ims.compat.feature
android.telephony
android.util
android.view.accessibility
android.media.effect
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Merged-In: I9c2f8347952f3cc65759472b0e1a2717b285e44e
Change-Id: I14793863cf815fa3383fec6c6bf5a9365c2e17eb
For packages:
android.companion
android.filterfw
android.hardware.camera2.utils
android.inputmethodservice
android.net.nsd
android.os
android.preference
android.security.keymaster
android.service.dreams
android.telecom
android.telephony.ims.compat.feature
android.telephony
android.util
android.view.accessibility
android.media.effect
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I9c2f8347952f3cc65759472b0e1a2717b285e44e
If they were null, then the Parcelable would fail to work.
Bug: 126726802
Test: manual
Change-Id: I7929ffa2f20e5de1c8e68e8263cca99496e9d014
Exempt-From-Owner-Approval: Trivial API annotations
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
Merged-In: I878a628824e2eeb639ec5678b1a5d3d10428a918
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
This metadata, if present, will be authenticated (but unencrypted)
together with the application key material.
Bug: 112191661
Test: atest FrameworksCoreTests:android.security.keystore.recovery
atest FrameworksServicesTests:com.android.server.locksettings.recoverablekeystore
atest -m RecoveryControllerHostTest RecoverableKeyStoreEndtoEndHostTest RecoverySessionHostTest
Change-Id: I2846952758a2c1a7b1f0849e1adda1f05a3e305e
This patch makes the framework use the asynchronous keystore api model.
Bug: 111443219
Test: Ran full keystore cts test suite
Change-Id: I8d1fdc70cb9eb501d3f22a97d1221904c2ef8f9a
Biometrics are now generic from KeyStore point of view
Bug: 113624536
Test: Unable to create keys when no templates enrolled
Test: Able to create keys when templates are enrolled
Test: No regression in Fingerprint
Keys are invalidated after enrolling another FP
Change-Id: I6bdc20eb58c8a0c10a986519d4ba9e1843ebc89d
We're trying to reduce unnecessary direct dependencies on Conscrypt.
These two methods are simple and the implementations can't change, so
they're good candidates for inlining directly instead of depending on
the Conscrypt implementation.
Bug: 110404540
Test: atest NetworkSecurityConfigTests (same failures pre/post)
Change-Id: I303d955e3f49885326fe75f451c06a52af745053
