This imports the keys directly into the keystore of LockSettingsService,
allowing them to be accessed via the RecoveryController getKey method.
This is better as it does not expose raw key material to any app.
Bug: 74345822
Test: runtest frameworks-services -p \
com.android.server.locksettings.recoverablekeystore
Change-Id: I4991b0cff1d2fa2e5bd0b53a71c096499e93e98b
This CL also adds an alias param to the RecoverySession#start method.
Bug: 76033708
Test: runtest frameworks-services -p \
com.android.server.locksettings.recoverablekeystore
Change-Id: I870f4f89bd6e319e1687a981aa04af0d23f3c922
Android Security team asked us to do this.
Bug: 74621071
Test: runtest frameworks-core -p android.security.backup
Change-Id: Ieae1649b82d0143fd5d560195f74b9fc10316d02
Added @RequiresPermission(android.permission.RECOVER_KEYSTORE) on all
public APIs of RecoveryController.
Bug: 73900159
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I1047c038603869307d7a2462a2e5635fcd1c94c2
I forgot to serialize and deserialize it in the last CL adding it.
Bug: 74359698
Change-Id: I34f9225dc63b55223c2a7db23ee3fa6abf056a0d
Test: atest RecoveryControllerHostTest
(cherry picked from commit b4d2cc684d)
As the confirmation dialog only has limited accessibility support it
may not be usable by users requiring accessibility services.
Therefore, if the user has enabled accessibility services, fail with
ConfirmationNotAvailableException so the application can handle this
case. Also document this behavior.
Bug: 74545109
Test: Manually tested.
Change-Id: Ibfb80d217f5cbdc9ec2f4e0432dfdd88add69703
accepting the certificates
This change requires an additional param to the initRecoveryService()
API to take in the public-key signature.
Bug: 73904566
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I2aeead1fda51b6cd8df71ed3b5066342ebc8d5ea
can also be synced to the remote service
This API may be useful for backward-compatibility work, e.g., recovering
a key that's backed up in Android Q+ to Android P without updating the
Android P Frameworks code. This API may also be useful for other use cases.
Bug: 73785182
Change-Id: I1022dffb6a12bdf3df2022db5739169fcc9347d2
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Recovery controller will no longer be aware of accounts. It is up to
the recovery agent to decide where to upload keys, and if so what
accounts to use.
Bug: 73811828
Test: runtest frameworks-core -p android.security.keystore.recovery
Change-Id: I929076d948f4d36ba88b68cca08058a5cdde0107
CertPath will include a cert of the trusted hardware and necessary
intermediate certificates.
Bug: 73784851
Change-Id: Ic70616b8f119891a82402b91035456e404c5f6de
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Package name is implicit. Recovery agent can only act for the same uid.
Bug: 73757432
Test: runtest frameworks-services -p
com.android.server.locksettings.recoverablekeystore
Change-Id: I45abf4b956fa4e97d981614d9e61295e85d5669e
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I314b848f6971d1849a7a6347d52e41d9604639ae
This commit moves "IConfirmationPromptCallback.aidl" and
"IKeystoreService.aidl" to "system/security/keystore/binder" so that
"libkeystore_aidl" can be built in PDK builds.
Test: Run `cts-tradefed run cts -m CtsKeystoreTestCases` on Pixel 2017
and the test results are idential with and without this CL.
Test: Build PDK with special manifest described in
http://b/69539820#comment18 and http://b/69539820#comment19.
Test: Build a target (described in http://b/72961456) with
`platform.zip` built from master FSK source tree.
Bug: 69539820
Bug: 72961456
Change-Id: I7350f0ca943b15a6f3e40023a6cc299bdf8aed0e
Missing parts:
1) Whitelist locksettingsservice to use grant API.
2) Probably have similar update for recovered keys - they will live in
system service and RecoveryAgent will use getKey() method to access
them.
3) ApplicationKeyStorageTest
Bug: 66499222
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I584b89e3f777bed679b2eb5173750f3f1dee3635
This CL adds new Framework APIs that can be used for the secure
confirmations. This includes support for configuring a key such that
it can only sign data returned by the confirmation APIs.
Bug: 63928580
Test: Manually tested.
Change-Id: I94c1fc532376bd555b3dc37fc4709469450cfde6
