Previous permission doesn't consider REQUEST_INSTALL_PACKAGES permission
as an app-ops permission.
Bug: 152009905
Test: atest GtsPlayFsiTestCases
Test: remove appops setup from AndroidTest.xml, the same test failed
Change-Id: Icdbf6bb35fe146c5be8a97e29c4c554b3ce91b5d
Bug: 148240416
Test: Manually tested by installing two apps running in a shared process
and starting their shared process activities in various orders. The
value of usesCleartextTraffic gets set as expected.
Change-Id: Ib350c09c42d5524734fb259a2ab787790f2d8e30
ConfirmationPrompt passes magnified and inverted options to the keystore
service. While gathering the accessibility_display_inversion_enabled
setting, the implementation would throw an exception if this setting was
never set by the user. This causes the font scaling property to be
ignored. This patch uses default values in case the system setting is
not set.
Test: Run CTSVerifier Protected Confirmation test with increased font
size.
Change-Id: I03a3ef56209c73ca7d2b2527a5f145f744148e38
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I288969b0c22fa3a63bc2e71bb5009fe4a927e154
The corresponding service is also added.
The API can be used by a store to know whether their certificate is
trusted on the device. As optimization, they only need to download
.fsv_sig signature file if it will be used.
The API can also be used to gradually switch to stronger key. The store
can query with their certificates in priority order and download the best
signature.
Test: Passed new GTS working in progress
Bug: 142573505
Change-Id: Ic788cd04aeaed35ad62113fe9e7535b8fa63b5ee
Properly define the constant for requesting the use of device individual
attestation certificate and use it in AttestationUtils.
This lets callers to DevicePolicyManager.generateKeyPair request the use
of device-unique attestation certificate, on Keymaster implementations
that support this.
Bug: 140193672
Bug: 136494773
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: I74de89e4c121a27b0495dcb99b0775445c3d4eaf
For packages:
android.companion
android.filterfw
android.hardware.camera2.utils
android.inputmethodservice
android.net.nsd
android.os
android.preference
android.security.keymaster
android.service.dreams
android.telecom
android.telephony.ims.compat.feature
android.telephony
android.util
android.view.accessibility
android.media.effect
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I9c2f8347952f3cc65759472b0e1a2717b285e44e
If they were null, then the Parcelable would fail to work.
Bug: 126726802
Test: manual
Change-Id: I7929ffa2f20e5de1c8e68e8263cca99496e9d014
Exempt-From-Owner-Approval: Trivial API annotations
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
This metadata, if present, will be authenticated (but unencrypted)
together with the application key material.
Bug: 112191661
Test: atest FrameworksCoreTests:android.security.keystore.recovery
atest FrameworksServicesTests:com.android.server.locksettings.recoverablekeystore
atest -m RecoveryControllerHostTest RecoverableKeyStoreEndtoEndHostTest RecoverySessionHostTest
Change-Id: I2846952758a2c1a7b1f0849e1adda1f05a3e305e
This patch makes the framework use the asynchronous keystore api model.
Bug: 111443219
Test: Ran full keystore cts test suite
Change-Id: I8d1fdc70cb9eb501d3f22a97d1221904c2ef8f9a
Biometrics are now generic from KeyStore point of view
Bug: 113624536
Test: Unable to create keys when no templates enrolled
Test: Able to create keys when templates are enrolled
Test: No regression in Fingerprint
Keys are invalidated after enrolling another FP
Change-Id: I6bdc20eb58c8a0c10a986519d4ba9e1843ebc89d
We're trying to reduce unnecessary direct dependencies on Conscrypt.
These two methods are simple and the implementations can't change, so
they're good candidates for inlining directly instead of depending on
the Conscrypt implementation.
Bug: 110404540
Test: atest NetworkSecurityConfigTests (same failures pre/post)
Change-Id: I303d955e3f49885326fe75f451c06a52af745053
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ifed4da56531195f64fd53d84f14b4e8298843b2c
Merged-In: I7762dd647bede8abc9be2c538af3a3a99a25a73e
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I7762dd647bede8abc9be2c538af3a3a99a25a73e
Most of the targetSandboxVersion=2 protections have moved to target O
MR1 or P, or were reverted, so move the remaining checks to isInstantApp
and remove the requirement for Instant Apps to target
targetSandboxVersion=2
Change-Id: I448a7565e26d4eafece1bdc657192117d790ff3a
Fixes: 111314398
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/EphemeralTest.java
This reverts commit be4f735cb1.
Reason for revert: Resubmit the CL http://ag/3983388 that was reverted. The server side change has been deployed now.
Bug: 78920513
Change-Id: If676799176ecf90fd51a97027a9ff83bec5d4bed
This reverts commit 1f40978609.
Reason for revert: Will resubmit once the server side change is ready
Bug: 79513473
Bug: 78920513
Change-Id: I4c94d307a9181390a59cdc1602cc9d04c1661ad0
As part of finalizing an SDK, we need to ensure that no new APIs are
marked @Deprecated, since they're typically cleanup that someone
forgot to finish.
Someone forgot to replace Slice.getTimestamp() with Slice.getLong().
Bug: 77588754
Test: builds, boots
Exempt-From-Owner-Approval: SDK finalization
Change-Id: Ic0ec91a43d161a69c1e840c42046ad500b7aeca0
This reverts commit 0d55aa387a.
Reason for revert: aps_sidecar binary is still using some of these @removed APIs. Although HEAD of auth_folsom is fixed, aps_sidecar burned in framework is old.
Bug: 77629807
Change-Id: I2f03c7d12de30cc2eebd91bb65646caaa00fcd1d
Misc. changes but notably the ConfirmationDialog class was renamed to
ConfirmationPrompt.
Manually tested by updating sample Android Confirmations application
to use updated API.
Bug: 77242268
Test: Manually tested.
Change-Id: I1caa3c6bff9486b43ba111329d1ef83c3b67baf9
certificates with lower version. Earlier, the code just returned
silently, giving no indication that updating certs failed.
Change-Id: I3eb1b9f423791a655b47b3e76c20a170e2b632c0
Bug: 77533356
Test: runtest frameworks-services -p
com.android.server.locksettings.recoverablekeystore
RecoveryController and related Parcelables were moved to a different package long time ago. Only very old recvoery controller implementations used it.
Bug: 74944591
Test: atest RecoveryControllerHostTest
Change-Id: I803b7d8a813f7e6c3606dc77afb2e0a3d916ec3f
