Only fsverity header and extension are included in fsverity hash
calculation, not salt, nor the paddings.
Test: fsverity measure ioctl returns successfully
Bug: 30972906
Change-Id: I06fd82d96dfde21d05367caad5c54257a0e4d6ab
Need to use the old API for a bit, so the temporary API will convert
the arguments for ConfigKey from String to Long and then call the
correct API from statsd.
This can be deleted in the future.
Test: Test that marlin-eng can build.
Change-Id: Iebaf2debc08c749ecaae631201e7d039b916f0ce
The proof-of-rotation record contains a list of signing certificates
and corresponding flags. New flags may be defined in future platform
versions, but APKs targeting P would have no knowledge of them. Add
a version code to enable future platform versions to identify which
flags were deliberately set. Ignore the version code for this
platform version, though, since all flags are known.
Bug: 64686581
Test: Builds, boots.
Change-Id: I765f50918f7f337100aff3ed15999b45369fc9d1
Tuned rates that we collect PSS, to reduce how much we do
that heavy operation. Added a new way to determine
whether a process has changed to a state for the
"first" time -- now this is when it has gone to that
state for the first time since it was in a lower state.
This will reduce the amount of time we consider a
process to be first to only when it has previously
gone into a higher state than it had before.
Keep track of more fine-grained information about why we
collect a PSS sample (not just internal, but for a single
process, all processes because of a mem state change, all
processes because of a poll).
Started collecting RSS in various places, so we can start
looking at that w.r.t. PSS and see about transitioning to
it is a new primary metric.
Added logging for many of the places where the system
writes its configuration files, so we can more easily
see any bad behavior going on in those areas.
Added some currently disabled code to read smaps directly
instead of using fgets(). Probably won't help, but want
tot test.
Bug: 70859548
Test: atest CtsAppTestCases
Change-Id: I400dba0f3ae9c024df51c946cfa592561028b598
During the proof-of-rotation additional attribute parsing, each
new certificate needs to be verified by the last. When doing this
verification, the ByteBuffer position is advanced to its limit, but
it needs to be read again to extract the certificate. Reset the
signedData ByteBuffer to its original position.
Bug: 64686581
Test: Builds, boots, v3 signed app with rotated cert installs.
Change-Id: Ie95e4c7e99e3cfb9a987638a0c641456af2f34d9
Add 440dpi as a supported screen density
Bug: 72424600
Test: run android.dpi.cts.ConfigurationTest#testScreenConfiguration and android.app.cts.ActivityManagerMemoryClassTest#testGetMemoryClass
Change-Id: I0dbf998ae02515a97f0d5668eeedc7098da4cca4
Signed-off-by: weijuncheng <weijuncheng@xiaomi.com>
It works on ToT now. See b/72480435 for the ART bug.
Test: install apk with verity and succeed
Bug: 72459251
Change-Id: I409b344169b3448496d26b772b520d9b148d7baf
Since http://r.android.com/565744 , these classes do not appear
in the signature of any other Android API. There are no plans to
make them part of any future API signatures.
They do not provide useful abstractions because:
- They lack encapsulation and functionality (value is nonfinal;
lack of equals/hashCode and toString).
- It's trivial for apps to implement similar types for their
internal use.
Only three of these eight classes (Mutable{Int,Long,Boolean}) are
used internally in Android; most of these usages could be written
better with named, more specific classes.
Therefore these classes do not pull their own weight on the API
surface of android.util.
This CL deprecates all eight classes in preparation for removing
them from the Android API surface at some point in the future, and
to allow the unused classes to be removed entirely.
Bug: 71546998
Test: Treehugger
(cherry picked from commit d57219411b)
Change-Id: Ib8736faa86d0ae5eec2c47a294f21adcf21d3dc4
Merged-In: I1cc1eb5ca9c36749bbb9a233d60036f6319bf2d3
When ro.apk_verity.mode is on, full apk verification is only skipped if
the apk already has verity enabled in the file system, and if the apk
contains the Merkle tree root hash we need.
Since the configuration in the file system is duplicated from the apk
(including the offset and size of Signing Block and the Merkle tree),
in order to prevent offline attacker from changing it, we need to
measure the observed configuration and make sure it matches the kernel's
view.
Test: observed package manager's requeset to installd (only) for updated
priv apps.
Bug: 30972906
Change-Id: I33531a3f6148232b777ea8bfd02f13700649e317
This change also contains a workaround that ByteBuffer#put(byte)
sometimes does not work at all. See comments.
Test: saw correct debugging output of struct in dmesg.
Bug: 30972906
Bug: 72459251
Change-Id: I54553a8f20b8ef01c81c648f9aa588d28ab5eea5
Allows a uid that uploads a statsd config to additionally
register a BroadcastSubscriber with statsd. If statsd
detects an anomaly (according to the config's Alert),
statsd can inform a BroadcastSubscriber provided in the config.
The config uses a subscriberId (just an int) to identify the
BroadcastSubscriber. It then uses StatsManager.setBroadcastSubscriber
to associate that subscriberId with a given PendingIntent.
Then, when the anomaly is detected, statsd sends a broadcast
using that PendingIntent, alerting whoever was specified by
the config/setBroadcastSubscriber.
Bug: 70356901
Test: cts-tradefed run cts-dev -m CtsStatsdHostTestCases -t android.cts.statsd.alert.BroadcastSubscriberTests
Change-Id: I4d9ea9a6c8a85e61fadfd99c1513c55abbadd5e9
Since http://r.android.com/565744 , these classes do not appear
in the signature of any other Android API. There are no plans to
make them part of any future API signatures.
They do not provide useful abstractions because:
- They lack encapsulation and functionality (value is nonfinal;
lack of equals/hashCode and toString).
- It's trivial for apps to implement similar types for their
internal use.
Only three of these eight classes (Mutable{Int,Long,Boolean}) are
used internally in Android; most of these usages could be written
better with named, more specific classes.
Therefore these classes do not pull their own weight on the API
surface of android.util.
This CL deprecates all eight classes in preparation for removing
them from the Android API surface at some point in the future, and
to allow the unused classes to be removed entirely.
Bug: 71546998
Test: Treehugger
Change-Id: I1cc1eb5ca9c36749bbb9a233d60036f6319bf2d3
This also adds a feature flag to read to see if the feature is enabled
on a given device.
Bug: 66679618
Test: Used in Settings Robotest
Change-Id: Idb892aa78f244d026a8d4b7dc104d47e0f611085
With the addition of APK Signature Scheme v3, the platform now can
support key rotation by using the proof-of-rotation provided by the
new scheme. Create a new API which allows checking of the entire
provided history of an APK's signing certificates, not just the
current signer. This should allow for changes of APK signing
certificates without fear of losing access to resources that would
have been provided under the old signing certificate.
Change getPackageInfo(GET_SIGNATURES) to return the oldest signing
certificate in the chain so that apps which do programmatic checks,
but are not updated to use the new API, still get the same information
they would have gotten had there been no rotation.
Bug: 64686581
Test: Builds, boots.
Change-Id: I8982fd4cce60f5d85a6180d157a6e2a661b1a6d7
APK Signature Scheme v3 enables APK signing key rotation by allowing
an APK to embed a proof-of-rotation structure linking past signing
certificates to the current one. This information needs to be exposed
to the system before it can be used to make authorization decisions.
Bug: 64686581
Test: Builds and boots.
Change-Id: I49961f92fcec141d73b36197147d5d8fa64c149e
Changes the default value of the settings_zone_picker_v2 to true to
allow more wide spread testing of the new zone picker.
Bug: 62255208
Test: manual
Change-Id: I6755a527ffa38835c126e4598be37b1d7035d0df
