As part of finalizing an SDK, we need to ensure that no new APIs are
marked @Deprecated, since they're typically cleanup that someone
forgot to finish.
Someone forgot to replace Slice.getTimestamp() with Slice.getLong().
Bug: 77588754
Test: builds, boots
Exempt-From-Owner-Approval: SDK finalization
Change-Id: Ic0ec91a43d161a69c1e840c42046ad500b7aeca0
This reverts commit 0d55aa387a.
Reason for revert: aps_sidecar binary is still using some of these @removed APIs. Although HEAD of auth_folsom is fixed, aps_sidecar burned in framework is old.
Bug: 77629807
Change-Id: I2f03c7d12de30cc2eebd91bb65646caaa00fcd1d
Misc. changes but notably the ConfirmationDialog class was renamed to
ConfirmationPrompt.
Manually tested by updating sample Android Confirmations application
to use updated API.
Bug: 77242268
Test: Manually tested.
Change-Id: I1caa3c6bff9486b43ba111329d1ef83c3b67baf9
certificates with lower version. Earlier, the code just returned
silently, giving no indication that updating certs failed.
Change-Id: I3eb1b9f423791a655b47b3e76c20a170e2b632c0
Bug: 77533356
Test: runtest frameworks-services -p
com.android.server.locksettings.recoverablekeystore
RecoveryController and related Parcelables were moved to a different package long time ago. Only very old recvoery controller implementations used it.
Bug: 74944591
Test: atest RecoveryControllerHostTest
Change-Id: I803b7d8a813f7e6c3606dc77afb2e0a3d916ec3f
is used.
Throw unsupported operation exception when older version of RecoveryController is used.
Bug: 77293264
Test: atest RecoveryControllerHostTest
Change-Id: I0003104a4305444fac0092f4f6929545cf7c9413
Try to encode as many requirements as possible into the Recovery Agent
JavaDoc.
Bug: 70900575
Test: None, it is documentation
Change-Id: Iae05be24fa29d885f560943f256fd8d7ca692cf7
Change the number of bytes for the length prefix for salted hash to be
4-byte instead of 1-byte
Bug: 77294103
Test: None
Change-Id: Ifa2739c757539e9b7d2aaa1ea702de0148a311ba
1) Add Certificate
2) Helper class for end-to-end tests
3) Only create snapshot for passwords with special prefix in test mode
4) Sync only keys with insecure prefix in test mode.
Bug: 76433465
Test: adb shell am instrument -w -e package
com.android.server.locksettings.recoverablekeystore
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I6edc8c4716c3a034b6b79c7aa6f4b8478e9a3c9e
As it's important we do not break serialization of KeyChainSnapshot
(as it could fail in weird and mysterious ways if we did), add
comments warning anybody editing those files to also update the
serializer and deserializer, as well as appropriate tests.
Test: none, just adding comments
Bug: 73921897
Change-Id: If73162b8fb2a0b44fd954b72c9030cd9e042282b
This adds the API methods and values for keyguard-bound keys, but
contains none of the actual functionality.
Test: CTS tests in CtsKeystoreTestCases
Bug: 67752510
Merged-In: Iccd7dafd77258d903d11353e02ba3ab956050c40
Change-Id: Iccd7dafd77258d903d11353e02ba3ab956050c40
(cherry picked from commit fd75c7232a)
Mark serverParams as nullable. Null value can be used to prevent new
snapshots creation.
Bug: 73959762
Test: Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I5c6ddd696b2882b3d27978b0146ff419bedaf5ee
Add null checks to getTrustedHardwareCertPath.
Remove unused and outdated PersistentKeyChainSnapshot class.
Use CertPath instead of public keys in KeySyncTaskTest.
Bug: 75952916
Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ifabe7d5fa250069ebe0885ce52ec29b01294f63a
The other methods expose raw key materials, which is a security flaw. This
new API is already being used by GMSCore, via reflection (although falling
back to the old methods if it is not available). Would be good to switch it
on ASAP.
Bug: 74345822
Test: Tested with GMSCore
Change-Id: I30d53c9e825888d1122c72d23b7c1c10c6edb1e9
This is so we can add a GTS test to affirm that GMS devices include the
Google Cloud Key Vault root certificate.
Test: runtest frameworks-core -p android.security.keystore.recovery
Bug: 74621045
Change-Id: Ib6431f5739f3dff066832e6aa300dd9da5bc0727
