is used.
Throw unsupported operation exception when older version of RecoveryController is used.
Bug: 77293264
Test: atest RecoveryControllerHostTest
Change-Id: I0003104a4305444fac0092f4f6929545cf7c9413
Try to encode as many requirements as possible into the Recovery Agent
JavaDoc.
Bug: 70900575
Test: None, it is documentation
Change-Id: Iae05be24fa29d885f560943f256fd8d7ca692cf7
Change the number of bytes for the length prefix for salted hash to be
4-byte instead of 1-byte
Bug: 77294103
Test: None
Change-Id: Ifa2739c757539e9b7d2aaa1ea702de0148a311ba
1) Add Certificate
2) Helper class for end-to-end tests
3) Only create snapshot for passwords with special prefix in test mode
4) Sync only keys with insecure prefix in test mode.
Bug: 76433465
Test: adb shell am instrument -w -e package
com.android.server.locksettings.recoverablekeystore
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I6edc8c4716c3a034b6b79c7aa6f4b8478e9a3c9e
As it's important we do not break serialization of KeyChainSnapshot
(as it could fail in weird and mysterious ways if we did), add
comments warning anybody editing those files to also update the
serializer and deserializer, as well as appropriate tests.
Test: none, just adding comments
Bug: 73921897
Change-Id: If73162b8fb2a0b44fd954b72c9030cd9e042282b
This adds the API methods and values for keyguard-bound keys, but
contains none of the actual functionality.
Test: CTS tests in CtsKeystoreTestCases
Bug: 67752510
Merged-In: Iccd7dafd77258d903d11353e02ba3ab956050c40
Change-Id: Iccd7dafd77258d903d11353e02ba3ab956050c40
(cherry picked from commit fd75c7232a)
Mark serverParams as nullable. Null value can be used to prevent new
snapshots creation.
Bug: 73959762
Test: Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I5c6ddd696b2882b3d27978b0146ff419bedaf5ee
Add null checks to getTrustedHardwareCertPath.
Remove unused and outdated PersistentKeyChainSnapshot class.
Use CertPath instead of public keys in KeySyncTaskTest.
Bug: 75952916
Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ifabe7d5fa250069ebe0885ce52ec29b01294f63a
The other methods expose raw key materials, which is a security flaw. This
new API is already being used by GMSCore, via reflection (although falling
back to the old methods if it is not available). Would be good to switch it
on ASAP.
Bug: 74345822
Test: Tested with GMSCore
Change-Id: I30d53c9e825888d1122c72d23b7c1c10c6edb1e9
This is so we can add a GTS test to affirm that GMS devices include the
Google Cloud Key Vault root certificate.
Test: runtest frameworks-core -p android.security.keystore.recovery
Bug: 74621045
Change-Id: Ib6431f5739f3dff066832e6aa300dd9da5bc0727
This imports the keys directly into the keystore of LockSettingsService,
allowing them to be accessed via the RecoveryController getKey method.
This is better as it does not expose raw key material to any app.
Bug: 74345822
Test: runtest frameworks-services -p \
com.android.server.locksettings.recoverablekeystore
Change-Id: I4991b0cff1d2fa2e5bd0b53a71c096499e93e98b
This CL also adds an alias param to the RecoverySession#start method.
Bug: 76033708
Test: runtest frameworks-services -p \
com.android.server.locksettings.recoverablekeystore
Change-Id: I870f4f89bd6e319e1687a981aa04af0d23f3c922
Android Security team asked us to do this.
Bug: 74621071
Test: runtest frameworks-core -p android.security.backup
Change-Id: Ieae1649b82d0143fd5d560195f74b9fc10316d02
