Mark serverParams as nullable. Null value can be used to prevent new
snapshots creation.
Bug: 73959762
Test: Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I5c6ddd696b2882b3d27978b0146ff419bedaf5ee
Add null checks to getTrustedHardwareCertPath.
Remove unused and outdated PersistentKeyChainSnapshot class.
Use CertPath instead of public keys in KeySyncTaskTest.
Bug: 75952916
Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ifabe7d5fa250069ebe0885ce52ec29b01294f63a
The other methods expose raw key materials, which is a security flaw. This
new API is already being used by GMSCore, via reflection (although falling
back to the old methods if it is not available). Would be good to switch it
on ASAP.
Bug: 74345822
Test: Tested with GMSCore
Change-Id: I30d53c9e825888d1122c72d23b7c1c10c6edb1e9
This is so we can add a GTS test to affirm that GMS devices include the
Google Cloud Key Vault root certificate.
Test: runtest frameworks-core -p android.security.keystore.recovery
Bug: 74621045
Change-Id: Ib6431f5739f3dff066832e6aa300dd9da5bc0727
This imports the keys directly into the keystore of LockSettingsService,
allowing them to be accessed via the RecoveryController getKey method.
This is better as it does not expose raw key material to any app.
Bug: 74345822
Test: runtest frameworks-services -p \
com.android.server.locksettings.recoverablekeystore
Change-Id: I4991b0cff1d2fa2e5bd0b53a71c096499e93e98b
This CL also adds an alias param to the RecoverySession#start method.
Bug: 76033708
Test: runtest frameworks-services -p \
com.android.server.locksettings.recoverablekeystore
Change-Id: I870f4f89bd6e319e1687a981aa04af0d23f3c922
Android Security team asked us to do this.
Bug: 74621071
Test: runtest frameworks-core -p android.security.backup
Change-Id: Ieae1649b82d0143fd5d560195f74b9fc10316d02
This adds the API methods and values for keyguard-bound keys, but
contains none of the actual functionality.
Test: CTS tests in CtsKeystoreTestCases
Bug: 67752510
Change-Id: Iccd7dafd77258d903d11353e02ba3ab956050c40
Added @RequiresPermission(android.permission.RECOVER_KEYSTORE) on all
public APIs of RecoveryController.
Bug: 73900159
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I1047c038603869307d7a2462a2e5635fcd1c94c2
I forgot to serialize and deserialize it in the last CL adding it.
Bug: 74359698
Change-Id: I34f9225dc63b55223c2a7db23ee3fa6abf056a0d
Test: atest RecoveryControllerHostTest
(cherry picked from commit b4d2cc684d)
As the confirmation dialog only has limited accessibility support it
may not be usable by users requiring accessibility services.
Therefore, if the user has enabled accessibility services, fail with
ConfirmationNotAvailableException so the application can handle this
case. Also document this behavior.
Bug: 74545109
Test: Manually tested.
Change-Id: Ibfb80d217f5cbdc9ec2f4e0432dfdd88add69703
I forgot to serialize and deserialize it in the last CL adding it.
Bug: 74359698
Change-Id: I34f9225dc63b55223c2a7db23ee3fa6abf056a0d
Test: atest RecoveryControllerHostTest
accepting the certificates
This change requires an additional param to the initRecoveryService()
API to take in the public-key signature.
Bug: 73904566
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I2aeead1fda51b6cd8df71ed3b5066342ebc8d5ea
