This metadata, if present, will be authenticated (but unencrypted)
together with the application key material.
Bug: 112191661
Test: atest FrameworksCoreTests:android.security.keystore.recovery
atest FrameworksServicesTests:com.android.server.locksettings.recoverablekeystore
atest -m RecoveryControllerHostTest RecoverableKeyStoreEndtoEndHostTest RecoverySessionHostTest
Change-Id: I2846952758a2c1a7b1f0849e1adda1f05a3e305e
This patch makes the framework use the asynchronous keystore api model.
Bug: 111443219
Test: Ran full keystore cts test suite
Change-Id: I8d1fdc70cb9eb501d3f22a97d1221904c2ef8f9a
Biometrics are now generic from KeyStore point of view
Bug: 113624536
Test: Unable to create keys when no templates enrolled
Test: Able to create keys when templates are enrolled
Test: No regression in Fingerprint
Keys are invalidated after enrolling another FP
Change-Id: I6bdc20eb58c8a0c10a986519d4ba9e1843ebc89d
We're trying to reduce unnecessary direct dependencies on Conscrypt.
These two methods are simple and the implementations can't change, so
they're good candidates for inlining directly instead of depending on
the Conscrypt implementation.
Bug: 110404540
Test: atest NetworkSecurityConfigTests (same failures pre/post)
Change-Id: I303d955e3f49885326fe75f451c06a52af745053
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ifed4da56531195f64fd53d84f14b4e8298843b2c
Merged-In: I7762dd647bede8abc9be2c538af3a3a99a25a73e
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I7762dd647bede8abc9be2c538af3a3a99a25a73e
Most of the targetSandboxVersion=2 protections have moved to target O
MR1 or P, or were reverted, so move the remaining checks to isInstantApp
and remove the requirement for Instant Apps to target
targetSandboxVersion=2
Change-Id: I448a7565e26d4eafece1bdc657192117d790ff3a
Fixes: 111314398
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/EphemeralTest.java
This reverts commit be4f735cb1.
Reason for revert: Resubmit the CL http://ag/3983388 that was reverted. The server side change has been deployed now.
Bug: 78920513
Change-Id: If676799176ecf90fd51a97027a9ff83bec5d4bed
This reverts commit 1f40978609.
Reason for revert: Will resubmit once the server side change is ready
Bug: 79513473
Bug: 78920513
Change-Id: I4c94d307a9181390a59cdc1602cc9d04c1661ad0
As part of finalizing an SDK, we need to ensure that no new APIs are
marked @Deprecated, since they're typically cleanup that someone
forgot to finish.
Someone forgot to replace Slice.getTimestamp() with Slice.getLong().
Bug: 77588754
Test: builds, boots
Exempt-From-Owner-Approval: SDK finalization
Change-Id: Ic0ec91a43d161a69c1e840c42046ad500b7aeca0
This reverts commit 0d55aa387a.
Reason for revert: aps_sidecar binary is still using some of these @removed APIs. Although HEAD of auth_folsom is fixed, aps_sidecar burned in framework is old.
Bug: 77629807
Change-Id: I2f03c7d12de30cc2eebd91bb65646caaa00fcd1d
Misc. changes but notably the ConfirmationDialog class was renamed to
ConfirmationPrompt.
Manually tested by updating sample Android Confirmations application
to use updated API.
Bug: 77242268
Test: Manually tested.
Change-Id: I1caa3c6bff9486b43ba111329d1ef83c3b67baf9
certificates with lower version. Earlier, the code just returned
silently, giving no indication that updating certs failed.
Change-Id: I3eb1b9f423791a655b47b3e76c20a170e2b632c0
Bug: 77533356
Test: runtest frameworks-services -p
com.android.server.locksettings.recoverablekeystore
RecoveryController and related Parcelables were moved to a different package long time ago. Only very old recvoery controller implementations used it.
Bug: 74944591
Test: atest RecoveryControllerHostTest
Change-Id: I803b7d8a813f7e6c3606dc77afb2e0a3d916ec3f
is used.
Throw unsupported operation exception when older version of RecoveryController is used.
Bug: 77293264
Test: atest RecoveryControllerHostTest
Change-Id: I0003104a4305444fac0092f4f6929545cf7c9413
Try to encode as many requirements as possible into the Recovery Agent
JavaDoc.
Bug: 70900575
Test: None, it is documentation
Change-Id: Iae05be24fa29d885f560943f256fd8d7ca692cf7
Change the number of bytes for the length prefix for salted hash to be
4-byte instead of 1-byte
Bug: 77294103
Test: None
Change-Id: Ifa2739c757539e9b7d2aaa1ea702de0148a311ba
1) Add Certificate
2) Helper class for end-to-end tests
3) Only create snapshot for passwords with special prefix in test mode
4) Sync only keys with insecure prefix in test mode.
Bug: 76433465
Test: adb shell am instrument -w -e package
com.android.server.locksettings.recoverablekeystore
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I6edc8c4716c3a034b6b79c7aa6f4b8478e9a3c9e
As it's important we do not break serialization of KeyChainSnapshot
(as it could fail in weird and mysterious ways if we did), add
comments warning anybody editing those files to also update the
serializer and deserializer, as well as appropriate tests.
Test: none, just adding comments
Bug: 73921897
Change-Id: If73162b8fb2a0b44fd954b72c9030cd9e042282b
This adds the API methods and values for keyguard-bound keys, but
contains none of the actual functionality.
Test: CTS tests in CtsKeystoreTestCases
Bug: 67752510
Merged-In: Iccd7dafd77258d903d11353e02ba3ab956050c40
Change-Id: Iccd7dafd77258d903d11353e02ba3ab956050c40
(cherry picked from commit fd75c7232a)
