Introduced new 'extractNativeLibs' attribute to manifest/application.
Setting it to false prevents installer from extracting library from apk.
The default value for extractNativeLibs is true.
Bug: 8076853
(cherry picked from commit ff193d642e)
Change-Id: I1aa2c039bb2a590ae72f256acc9ba5401c2c59b1
This makes the new AndroidKeyStore API conform with the latest
Keymaster API changes as well as the latest Android framework API
design guidelines.
Keymaster changes:
* Multiple paddings, block modes, and digests can be set on a key.
* "max uses per boot" and "min seconds between use" restrictions will
not be exposed in the framework API.
* Padding scheme ZERO will not be exposed.
Changes due to Android framework design guidelines:
* Sets of enum values have been replaced with bitsets represented as
ints.
* Integer has been replaced with int, with null being represented
with a special value (e.g., -1 or 0) where possible.
Bug: 18088752
Change-Id: Ib21739aa9b42d48895cb7a681e836a5c6d972ac6
This makes the hidden API android.net.Uri.toSafeString omit most parts
of HTTP, HTTPS, and FTP URLs to avoid leaking anything unsafe. Only
the host and port are retained for these URLs.
Bug: 19215516
Change-Id: I2e9e33d9afaa9de5dd07a40532d56f0a2179f62a
Application may use many threads to load data from provider.
If the target provider needs to start process, each access
will occupy one binder thread of system server until the
provider process started and published.
Sometimes application uses more than 16 threads to access
the same provider, and the provider process needs a little
long time to start, then all binder threads of system server
are waiting. But when the provider is ready, it is unable to
publish to notify those waiting threads because no availabe
binder thread to use. And device will become almost hang.
Improvement:
If there is already a thread acquiring provider, let other threads
(which try to acquire the same provider) wait the result of the
first one. That reduces IPC to save binder thread of system server.
Remove calling removeContentProvider in installProvider because
we have ensured only get one provider holder for the same provider,
the original race that gets a new useless holder will not happen.
Change-Id: I521f2603db8ced56912f5dc54342a70451e68381
In installPackageLI, dexopt is now performed on a staging directory of the app
(dexopt phase 1). For each codepath:
- /oat/<isa> directory is created
- dexopt output goes to the newly created directory. Optimized files have
.odex extension.
Bug: 19550105
Change-Id: Iec59790d97837b78af82b079fd1970de3388c91d
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
Now that the libcore's NetworkSecurityPolicy abstraction is in place,
the framework version of the abstraction should delegate to the
libcore one, to avoid them getting out of sync.
Bug: 19215516
Change-Id: Ic57341d703a13e0fb100dc414958e8fd54e03816
This is a follow-up to
https://android-review.googlesource.com/#/c/131920/, addressing some
outstanding comments.
This CL also switches the source file to the correct indentation.
Bug: 19215516
Change-Id: Ia48455ab351081e11619afcccadb8fa90340391d
Having it as a raw byte[] caused issues in keystore because keymaster
handles a null blob differently than a blob with null contents. Make
this explicit in the API.
Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
Some authorization code needs to know the actual underlying operation
handle, not simply a reference to it, so return it in case it is needed.
Note that the handle cannot be used by the application to reference an
operation.
Change-Id: I4c883dde17168b7f6c1643d81741a4c2686d3159
The initial purpose of the NetworkSecurityPolicy class is to provide a
way for network libraries to check whether cleartext network traffic
(e.g., HTTP, WebSockets, XMPP, IMAP, SMTP) should be blocked from this
process.
The policy is set declaratively by the app developer in the app's
manifest and can be queried from ApplicationInfo.flags. Unfortunately,
several network stacks (bundled and unbundled) do not have a reference
to ApplicationInfo or Context.
Alternatives:
* Keep this API hidden (and thus potentially move it from framework to
libcore), thus precluding unbundled HTTP stacks from using the API.
* Introduce a new java.lang.System property instead of this API.
However, such properties are a mess and not as powerful/extensible
as a public class.
Bug: 19215516
Change-Id: If22056a74d257bf1d805ebb4fc284240b3d338f1
The attribute declares whether the app intends to use cleartext
network traffic (e.g., HTTP, WebSockets, XMPP, SMTP, IMAP -- without
TLS or STARTTLS). The default value is true. If set to false, the app
declares that it does not intend to use cleartext network traffic. In
this case the app requests the platform, tooling, and third-party
libraries to prevent it from using cleartext traffic. The danger of
cleartext network traffic is that its confidentiality, authenticity,
and integrity are not guaranteed.
This feature is designed to help apps which care about security of
data exchanged over the network. These apps can accidentally
regress/downgrade to using cleartext network communications. This
typically happens when the server the app communicates with all of a
sudden tells it to use cleartext communications (e.g, HTTP URL
instead of an HTTPS URL) or when one of the components of the app gets
updated and regresses to cleartext communications without the
developer noticing.
In general, the prevention measures are on best effort basis. It's
impossible to automatically prevent all instances of cleartext
traffic. For example, an app bent on bypassing restrictions could
perform low-level network I/O with unusual TCP packet fragmentation,
or could use a custom application-level protocol.
The expectation is that most apps use libraries for network
communications and these libraries over time will start to honor this
flag, thus increasing the protections offered by it.
Bug: 19215516
Change-Id: I8700d51ddbc5d528faa4b6a5fa5bc9551ad02d13
Add methods for sending an auth token to keystore and to query the
authorization state of a given operation.
Change-Id: I223df5c56ae2a251ef31cfe60f06c046c12a5cd8
%p is not a valid conversion in format strings. It is also superfluous,
as it is already known that location is null.
Bug: 19797138
Change-Id: I5784e28b05b4ca9aac57e0fc9da4a7f01d9b3247
