This disables throwing BackendBusyException in Android S. Instead we
keep the legacy behavior of spinning until an operation can be created.
Bug: 180133780
Test: N/A
Change-Id: I802148c59338b91e751498607fa903e156e40aa6
This change adds an AIDL interface which the RemoteProvisioner app
implements that allows the keystore SPI to inform the app when an
attestation key may have been used, and when the underlying attestation
key pool is totally empty. The former is a non-blocking call, and the
latter blocks until completion.
Since the latter involves network, there are timeouts involved on the
app side to ensure that the blocking call doesn't hang indefinitely if
there's no network.
Test: atest CtsKeystoreTestCases && atest RemoteProvisionerUnitTests
Change-Id: Ie49e37659c96ce5c1626d1b99a4a7ccc62028156
The legacy provider is obsolete now that all calling code has
been fixed.
Bug: 183100147
Bug: 183093711
Bug: 171305684
Test: N/A
Merged-In: I0d71d3c9cdd586a508827eb26120c872cb8643ea
Change-Id: I0d71d3c9cdd586a508827eb26120c872cb8643ea
AttestationUtils calls directly into keystore1 to generate ID
attesations. This needs to change prior to keystore2 being enabled
and keystore1 deleted. This CL changes the AttestationUtils to use
the public API (and one SystemAPI method) to generate ID attestations,
allowing the lower layers to handle the transition between keystore1
and keystore2.
Test: CtsKeystoreTestCases
Change-Id: I64a230b9983cc90767a60d6e7cf2abcf5dfb0108
* Use public stable API to load certificates from keystore.
* Also use grants to allow racoon to use keystore keys without
special exceptions in keystore.
* Use LegacyProfileStore instead of Keystore for storing VPN profiles.
Bug: 175068876
Bug: 171305607
Test: atest android.net.cts.Ikev2VpnTest
atest android.net.cts.IpSecManagerTest
atest com.android.server.connectivity.VpnTest
atest com.android.server.ConnectivityServiceTest
Merged-In: I27975113896ea137260a9f94a34fb1c3ca173fe3
Change-Id: I27975113896ea137260a9f94a34fb1c3ca173fe3
Implement uid/namespace clearing for Keystore 2.0.
Test: Verified that keys get deleted when an app gets uninstalled.
Change-Id: I1b0b65e977177a6e34c500b00b5070ec18be2671
This patch adds function for and end decoding grant identfiers as
understood by the keystore boringssl engine.
Test: N/A
Change-Id: I619d8f460163e6270e41da81ca549efb71138113
KeyChain supports device id attestation through KeyGenParameterSpec now.
No need to call attest key individually. Also calling attest key
individually is no longer supported by Keystore 2.0 and KeyMint.
Also isBoundKeyAlgorithm returns true.
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Bug: 171305387
Merged-In: I759fe245b48fe435153fded2c74c9ae99634c146
Change-Id: I759fe245b48fe435153fded2c74c9ae99634c146
AndroidKeyStoreKeyPairGeneratorSpi used the Uid as namespace which is
wrong, and ParcelableKeyGenParameterSpec inadvertently used the Uid as
namespace specifier during conversion.
Bug: 160623310
Test: com.android.keychain.tests.BasicKeyChainServiceTest#testGenerateKeyPairErrorsOnBadUid
Change-Id: I84b4c69c639e42922449e00a3708cef89b82f63e
This CL introduces the client side for IKeystoreUserManager aidl and
integrates it with the LockSettingsService.
Bug: 171305115
Test: TBD
Change-Id: I7560e98f95aaec6b85cdcfc01ba83aea0ccc52ae
This allows apps to request that AndroidKeyStore generate attestation
keys that can be used to sign attestations of other keys that the app
generates or imports.
Bug: 163606833
Test: atest CtsKeystoreTests
Change-Id: I943a6922271cbe909cb3a9d67021663b5646aa70
