Errno values have been hard-coded inside java code. On the native side
however, bionic's errno.h is used (through utils/Errors.h). Some of
the numbers are architecture dependent (EOPNOTSUPP, ETIMEDOUT...).
This causes Camera app to crash on MIPS devices. There is a check for
expected errors, in CameraBinderDecorator.throwOnError, but the error
(EOPNOTSUPP) is not recognized and an exception is thrown.
Change-Id: I8bcac8f1ced50c76614f566a6e624967a18a25e1
This allows for faster lookups of TrustAnchors when checking pin
overrides without needing to iterate over all certificates.
Currently only the system and user trusted certificate store are
optimized to avoid reading the entire source before doing the trust
anchor lookup, improvements to the resource source will come in a later
commit.
This also refactors System/UserCertificateSource to avoid code
duplication.
Change-Id: Ice00c5e047140f3d102306937556b761faaf0d0e
This was returning false on some test keystores even when
getCertificate would correct return a certificate. Remove the check to
be consistent with how conscrypt loads trust anchors from the keystore.
Bug: 25897324
Change-Id: Ie87658a261ee7ba1cca6896e34b6c53b8abfba85
This defers looking up the meta-data from the install call to when the
rest of the config is lazily initialized.
Change-Id: I008a86f885e158ebe06a2bacdc358cd217635d05
Needed by AbstractVerifier in framework/base
DistinguishedNameParser taken from libcore, commit
b5259fcf87994ee18658f07887156aef3cab3b56
Change-Id: I924dc7cd21262e5e91857edf178e46c9916f3f6b
Change-Id: I4013e0700369764a26485d8620ebf16d8bea1951
Test: Built and ran Android in an emulator
Bug: 25242023
Signed-off-by: Casey Dahlin <sadmac@google.com>
When getting trust anchors we need to dedup them based on the
certificate to avoid having multiple trust anchors with the same cert
but different pin override behavior. If there are multiple trust anchors
with the same cert, the trust anchor which overrides pins wins.
Change-Id: Ida31f2551f56997418b8b091bb2598c5593cb069
mPendingConfiguration is a parameter of IWindowSession.relayout.
And IWindowSession.aidl declared "out Configuration outConfig",
it will always create a new configuration for remote side to write.
If remote side does not write (WMS does not have config change),
the new default configuration will be returned.
In original code passes mPendingConfiguration to updateConfiguration
directly, then callbacks (sConfigCallbacks) receive the same
instance of mPendingConfiguration. And because the implementation
of callback may use the configuration after relayout has reset
the configuration to default, then it may have timing that results
"showing hybrid of portrait and landscape modes" which try to fix
in commit e36d6e27.
To avoid this, always create a copy to updateConfiguration.
MSG_RESIZED_REPORT from dispatchResized also did the same thing.
Related commit:
e36d6e277e694f79b5d1
Change-Id: Ic1abd596e384918224b3a7020583d9a04641cccc
X509TrustManagerExtensions assumes that the default X509TrustManager is
an instance of conscrypt's TrustManagerImpl. That's no longer going to
always be the case. Instead use duck typing to support any
X509TrustManagers that have the extra methods required for
X509TrustManagerExtensions.
Change-Id: If23471bda590d5e131bb1e802a60599957bc7f37
Debug overrides are only used if the application is debuggable in
order to help local debugging and development by trusting additional
CAs. In a non-debuggable version of the application the debug-overrides
are ignored.
Trust anchors in the debug override configuration have two key
differences from those in base-config and domain-config:
1) trust anchors in the debug-overrides are trusted for all connections
in addition to any trust anchors included in the relevant base/domain
configs.
2) By default trust anchors in the debug config override pins, as their
purpose is for connecting to non-standard servers for debugging and
testing and those servers should not be pinned in the production
configuration.
Change-Id: I15ee98eae182be0ffaa49b06bc5e1c6c3d22baee
Add system_server to AID_READPROC, to allow system_server to read
/proc entries associated with other UIDs.
Bug: 23310674
Change-Id: I1602b8ee30670cde4ed56e2f901524c105895352
Nested domain-config inherit unset parameters from the domain-config
they are nested in. This helps avoid copy and pasted configs that are
almost the same except a few minor differences for a domain with
slightly different requirements.
For example: Consider a domain-config for example.com that, among other
settings, does not enforce hsts. Now if you want the rules for
example.com to apply to secure.example.com except that hsts _is_
enforced you can make a nested domain-config for secure.example.com
under example.com that sets hstsEnforced="true" and nothing else.
Change-Id: I9e33f7e62127fd7f4f15c3560fff2f2626477bd4
XmlConfigSource parses an ApplicationConfig from an xml resource.
Currently this supports app-wide default configuration via the
base-config element, per domain via the domain-config element and
inheritance of unset properties at parse time.
Inheritance of unset properties is currently only:
domain-config -> base-config -> platform default configuration
Where the most specific value is used.
For example: If the base-config specifies trust anchors, all connections
will use those anchors except for connections to a domain which has a
domain-config that specifies trust anchors, in which case the
domain-config's trust anchors will be used. If the domain-config or
base-config don't set trust anchors, or don't exist, then the platform
default trust anchors will be used.
Nested domain-config entries, debug-overrides, and thorough
documentation of the xml format will follow in later commits.
Change-Id: I1232ff1e8079a81b340bc12e142f0889f6947aa0
If the user has not added any CAs to the user trust store the user-added
directory will not have been created.
Change-Id: I8b5f73af3c0761c56969874231004fedbf7badda
The builder supports all the standard builder set* methods as well as
setting a parent builder to use when values are not set (recursively).
This allows us to have a level of inheretence in configurations without
complicating the lookup and trust checking logic by doing inheretence
when building the configs.
Change-Id: I054af83451e52761227479eadf9cb9803437505f
Initial implementation of a unified application wide static
network security configuration.
This currently encompases:
* Trust decisions such as what trust anchors to use as well as static
certificate pinning.
* Policy on what to do with cleartext traffic.
In order to prevent issues due to interplay of various components in an
application and their potentially different security requirements
configuration can be specified at a per-domain granularity in addition
to application wide defaults.
This change contains the internal data structures and trust management
code, hooking these up in application startup will come in a future
commit.
Change-Id: I53ce5ba510a4221d58839e61713262a8f4c6699c
An OTA package needs to be uncrypted before rebooting into recovery if
it sits on an encrypted /data partition. Once uncrypt gets started, we
cannot re-run it on the package again. Because the file may have been
fully or particially uncrypted and we may end up with a corrupt file
under recovery. Always clean up the package when the device boots into
the normal system to avoid that.
Bug: 24973532
Change-Id: I91682c103d1f2b603626c4bf8d818bced71e3674
With the original logic, if an app creates a system window, when the
user goes to home screen, the system window will be still there and
become unable to receive input events, because the system window will
be also changed to the stopped state with the app window, and the
current logic of ViewRootImpl forbid a stopped window receiving input
events.
This change prevents assigning the token of the app window to system
windows created by the app, so that when the app goes to the stopped
state, its system windows won't be affected (can still receive input
events).
This change is related to the following changes:
a5d29971f815ed2754a3c3672cd3f741725dedc3
Bug:
https://code.google.com/p/android/issues/detail?id=189710
Change-Id: I515e47bafcf39a2b1bdf92f11f623bef8fb6263c
