Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
367,804 Commits 3 Branches 0 Tags
f24d22c1e00a465c1a5477d17941ea7541fb0cfc
Commit Graph

362 Commits

Author SHA1 Message Date
Robert Berry
1df4963f44 Merge "Update RecoveryController JavaDoc" into pi-dev am: d490937854 
am: 2f960c0ed7

Change-Id: Iba933c28ed6f4a298a666891f5ec766011971a29
 2018-03-30 18:11:54 +00:00
Bo Zhu
bc173d6073 Merge "Minor correction to the javadoc to match implementation" into pi-dev am: 3cda0f2989 
am: b7a004d6a7

Change-Id: I0536dcdfdf9bacc9c26cea1118640ef832d526d9
 2018-03-30 11:17:47 +00:00
Dmitry Dementyev
493ca5a296 Merge "Add support for testing mode root certificate." into pi-dev am: 2d3e4b7437 
am: 83a1330718

Change-Id: If5fe8194e694e054f3851d1a1236118ac40cef03
 2018-03-30 10:48:52 +00:00
Robert Berry
d490937854 Merge "Update RecoveryController JavaDoc" into pi-dev 2018-03-30 10:37:41 +00:00
Robert Berry
93f38d7b3a Update RecoveryController JavaDoc 
Try to encode as many requirements as possible into the Recovery Agent
JavaDoc.

Bug: 70900575
Test: None, it is documentation
Change-Id: Iae05be24fa29d885f560943f256fd8d7ca692cf7
 2018-03-30 11:35:06 +01:00
Bo Zhu
3cda0f2989 Merge "Minor correction to the javadoc to match implementation" into pi-dev 2018-03-30 00:04:46 +00:00
Bo Zhu
ba94b9ab00 Minor correction to the javadoc to match implementation 
Change the number of bytes for the length prefix for salted hash to be
4-byte instead of 1-byte

Bug: 77294103
Test: None
Change-Id: Ifa2739c757539e9b7d2aaa1ea702de0148a311ba
 2018-03-29 16:42:29 -07:00
Dmitry Dementyev
57ca3da24f Add support for testing mode root certificate. 
1) Add Certificate
2) Helper class for end-to-end tests
3) Only create snapshot for passwords with special prefix in test mode
4) Sync only keys with insecure prefix in test mode.

Bug: 76433465
Test: adb shell am instrument -w -e package
com.android.server.locksettings.recoverablekeystore
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner

Change-Id: I6edc8c4716c3a034b6b79c7aa6f4b8478e9a3c9e
 2018-03-29 14:18:42 -07:00
Robert Berry
6d5544efe6 Add warning comment about serialization am: 52c15f1699 
am: f7a3d02464

Change-Id: Ib3e2c86f7ef41e57d4a3667cdab78c9c26d716d0
 2018-03-29 10:13:19 +00:00
Robert Berry
52c15f1699 Add warning comment about serialization 
As it's important we do not break serialization of KeyChainSnapshot
(as it could fail in weird and mysterious ways if we did), add
comments warning anybody editing those files to also update the
serializer and deserializer, as well as appropriate tests.

Test: none, just adding comments
Bug: 73921897
Change-Id: If73162b8fb2a0b44fd954b72c9030cd9e042282b
 2018-03-29 10:21:50 +01:00
Dmitry Dementyev
a72ccc76b5 Merge "Use Builder instead for KeyChainProtectionParams." into pi-dev am: 5b4a0d6751 
am: 82476a3d52

Change-Id: Iec2ea078b5804be48857f8f04c15e126d57634a7
 2018-03-26 23:36:47 +00:00
Dmitry Dementyev
16d9db57f5 Use Builder instead for KeyChainProtectionParams. 
Use Builder to create KeyChainSnapshot it tests.
Bug: 75952916
Test: apct
Change-Id: I5ab8c864a7ccc55dafa40867ec4364a705738d86
 2018-03-26 12:03:51 -07:00
Dmitry Dementyev
4a0f627f65 Merge "Remove unimplemented RecoverableKeystoreManager APIs." into pi-dev am: a5b29ffffe 
am: 55d2139ec6

Change-Id: I7d5c117889f653ca86c2c9620e68aa741a021252
 2018-03-26 02:57:38 +00:00
Dmitry Dementyev
a5b29ffffe Merge "Remove unimplemented RecoverableKeystoreManager APIs." into pi-dev 2018-03-26 02:18:33 +00:00
Dmitry Dementyev
1aeafe3251 Merge "Add more NonNull annotations to RecoveryController API" into pi-dev am: ea97f89048 
am: fdb48b6ebb

Change-Id: Ie0af325463934c440151afacb1a729569c487af9
 2018-03-24 06:56:53 +00:00
Dmitry Dementyev
4cfbeac710 Merge "Add NonNull annotation to more parameters in Recovery Controller." into pi-dev am: 9cd3e43d86 
am: 49510c9b00

Change-Id: Ib757cfe6cbdf209476d33398ecb0e93ed5904856
 2018-03-24 05:35:31 +00:00
Dmitry Dementyev
0bbaf189c2 Add more NonNull annotations to RecoveryController API 
Bug: 73959762
Test: none
Change-Id: I648c20a099d4ac1c002f4f467d7189a8bc019560
 2018-03-23 17:36:58 -07:00
Dmitry Dementyev
9cd3e43d86 Merge "Add NonNull annotation to more parameters in Recovery Controller." into pi-dev 2018-03-24 00:10:30 +00:00
Dmitry Dementyev
4da14e00fc Remove unimplemented RecoverableKeystoreManager APIs. 
Add some Nullable annotations.

Bug: 75952916,74859770
Test: apct
Change-Id: I25710263a1ba806d49ec11638dab00f3513631a8
 2018-03-23 16:30:51 -07:00
Robert Berry
a0696a6f9c Merge "Merge "Do not throw KeystoreException for when a key does not exist" into pi-dev am: 73b7722c13" into pi-dev-plus-aosp 
am: 2220061b45

Change-Id: I6bd7211be02e0cf755f8b88f13558c16a83bc62f
 2018-03-23 22:55:30 +00:00
Dmitry Dementyev
fd4ae0b2dd Add NonNull annotation to more parameters in Recovery Controller. 
Use Builder instead of deprecated constructor for KeyDerivationParams.
Bug: 75952916
Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I223e4dc1aa92cbde60e53b364ed74a452d3f6bbd
 2018-03-23 15:04:37 -07:00
TreeHugger Robot
73b7722c13 Merge "Do not throw KeystoreException for when a key does not exist" into pi-dev 2018-03-23 20:03:45 +00:00
Dmitry Dementyev
422a2c13ad Merge "Prepare KeyChainSnapshot to removing deprecated getTrustedHardwarePublicKey method." into pi-dev am: 95f2965a74 
am: 64a9487249

Change-Id: Ie1468db0c0a71233895ec9e1cc61665146c6f791
 2018-03-23 18:57:22 +00:00
Dmitry Dementyev
a762236f51 Merge "Update RecoverableKeyStoreManager methods to throw NullPointerException when null is passed as @NonNull argument." into pi-dev am: 364dbf1c9e 
am: e7250b6ec6

Change-Id: I283fa89f8da060180bfc89d4eb5ec61e5e43ff4c
 2018-03-23 17:42:47 +00:00
Dmitry Dementyev
95f2965a74 Merge "Prepare KeyChainSnapshot to removing deprecated getTrustedHardwarePublicKey method." into pi-dev 2018-03-23 17:16:17 +00:00
Dmitry Dementyev
364dbf1c9e Merge "Update RecoverableKeyStoreManager methods to throw NullPointerException when null is passed as @NonNull argument." into pi-dev 2018-03-23 17:06:18 +00:00
Bo Zhu
c9c790a938 Merge "Unhide the enum/function for the password hashing algorithm scrypt" into pi-dev am: 9ec7026e92 
am: 2e815c6e74

Change-Id: I3374a90dbdee1feb2eeecd054da6069c3e630802
 2018-03-23 15:57:36 +00:00
Bo Zhu
9ec7026e92 Merge "Unhide the enum/function for the password hashing algorithm scrypt" into pi-dev 2018-03-23 15:25:36 +00:00
Aseem Kumar
e7834b5677 Merge "Delete unimplemented APIs from RecoveryController." into pi-dev am: 0ed26bc8b1 
am: b0add1f630

Change-Id: I6a03ba603aa44d0ecc0b3b10dd27b896a4d0879f
 2018-03-23 11:44:23 +00:00
Robert Berry
72f5755721 Do not throw KeystoreException for when a key does not exist 
Bug: 75955240
Test: manual
Change-Id: Ibd2f4d7cd654752b69d2d22e803d4d1cc05c118f
 2018-03-23 08:08:02 +00:00
Aseem Kumar
933dfc1cd6 Delete unimplemented APIs from RecoveryController. 
Bug: 74859770
Test: make update-api builds
Change-Id: Ic547e0ee2ef13995389a71369ffa736a7d83b78a
 2018-03-23 05:16:42 +00:00
Bo Zhu
40d8a45b23 Unhide the enum/function for the password hashing algorithm scrypt 
Bug: 75024420
Test: none, it's just unhiding APIs
Change-Id: I9cbb327678d334079e2c660d85013f3073d4cb87
 2018-03-22 20:22:44 -07:00
Dmitry Dementyev
1e6a9dcecb Update RecoverableKeyStoreManager methods to throw NullPointerException when null is passed as @NonNull argument. 
Mark serverParams as nullable. Null value can be used to prevent new
snapshots creation.

Bug: 73959762
Test: Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I5c6ddd696b2882b3d27978b0146ff419bedaf5ee
 2018-03-22 19:47:20 -07:00
Dmitry Dementyev
3b67e06de5 Prepare KeyChainSnapshot to removing deprecated getTrustedHardwarePublicKey method. 
Add null checks to getTrustedHardwareCertPath.
Remove unused and outdated PersistentKeyChainSnapshot class.
Use CertPath instead of public keys in  KeySyncTaskTest.

Bug: 75952916
Test: adb shell am instrument \
-w -e package com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner

Change-Id: Ifabe7d5fa250069ebe0885ce52ec29b01294f63a
 2018-03-22 19:43:17 -07:00
Robert Berry
d76a3d2716 Merge "Unhide RecoveryController#getRootCertificates()" into pi-dev am: c6bd185565 
am: be910a789e

Change-Id: I5fdaf507def6a7f679b2ce4569f5787864e31f45
 2018-03-22 18:13:14 +00:00
Robert Berry
bdafd55ff0 Merge "Unhide RecoverySession#recoverKeyChainSnapshot() method" into pi-dev am: 3818de595b 
am: 986afbd959

Change-Id: Id38a53ef38e7d493e715cff747ebd2b0a9880a98
 2018-03-22 18:07:58 +00:00
Robert Berry
c6bd185565 Merge "Unhide RecoveryController#getRootCertificates()" into pi-dev 2018-03-22 17:23:05 +00:00
Robert Berry
3818de595b Merge "Unhide RecoverySession#recoverKeyChainSnapshot() method" into pi-dev 2018-03-22 17:19:33 +00:00
Robert Berry
6909539a2d Merge "Small fix for the key grant alias used in importKey" into pi-dev am: f9332469a4 
am: 157aee22f5

Change-Id: Ida134803f6c251448ba65cfcc87669c01ea99f2b
 2018-03-22 14:25:30 +00:00
Robert Berry
ce50efa321 Merge "Unhide the new RecoverySession#start with the alias for root cert" into pi-dev am: 98ea60c427 
am: 60efe8379d

Change-Id: I5b04c097bb5f26fe031191bcc208db9408f998a3
 2018-03-22 14:20:27 +00:00
Robert Berry
f9332469a4 Merge "Small fix for the key grant alias used in importKey" into pi-dev 2018-03-22 13:55:31 +00:00
Robert Berry
750b71c651 Unhide RecoverySession#recoverKeyChainSnapshot() method 
The other methods expose raw key materials, which is a security flaw. This
new API is already being used by GMSCore, via reflection (although falling
back to the old methods if it is not available). Would be good to switch it
on ASAP.

Bug: 74345822
Test: Tested with GMSCore
Change-Id: I30d53c9e825888d1122c72d23b7c1c10c6edb1e9
 2018-03-22 13:49:54 +00:00
Robert Berry
93d002ca5f Unhide RecoveryController#getRootCertificates() 
This is so we can add a GTS test to affirm that GMS devices include the
Google Cloud Key Vault root certificate.

Test: runtest frameworks-core -p android.security.keystore.recovery
Bug: 74621045
Change-Id: Ib6431f5739f3dff066832e6aa300dd9da5bc0727
 2018-03-22 13:49:20 +00:00
Bo Zhu
e7997a3ea7 Unhide the new RecoverySession#start with the alias for root cert 
Bug: 76033708
Test: none, it's just unhiding APIs
Change-Id: Iec1e44d24bb1704da082404566233ada83b8eb81
 2018-03-21 19:50:50 -07:00
Bo Zhu
c5ab69469d Small fix for the key grant alias used in importKey 
Bug: 74345822
Test: atest RecoveryControllerHostTest#testImportKey_ValidKey
Change-Id: I54812b3d7465ee508fe48886f5897470fe7455a0
 2018-03-21 23:46:20 +00:00
Robert Berry
cececb6d19 Merge "Add RecoverySession importKeyChainSnapshot method" into pi-dev am: 889e78cb28 
am: b0850c9a16

Change-Id: Ib6df86c889582368e8129ebf0e5d0d543c520b41
 2018-03-21 12:51:12 +00:00
Bo Zhu
06cf154386 Merge "Use the new root cert file under the core/ folder" into pi-dev am: 82235880f6 
am: 518b7de5af

Change-Id: If4e987b389c529cce4c0e252e100d7d84b5579cf
 2018-03-21 12:44:02 +00:00
Robert Berry
889e78cb28 Merge "Add RecoverySession importKeyChainSnapshot method" into pi-dev 2018-03-21 12:25:37 +00:00
Robert Berry
4a5c87def0 Add RecoverySession importKeyChainSnapshot method 
This imports the keys directly into the keystore of LockSettingsService,
allowing them to be accessed via the RecoveryController getKey method.
This is better as it does not expose raw key material to any app.

Bug: 74345822
Test: runtest frameworks-services -p \
      com.android.server.locksettings.recoverablekeystore

Change-Id: I4991b0cff1d2fa2e5bd0b53a71c096499e93e98b
 2018-03-21 10:24:41 +00:00
Bo Zhu
deea4dcb58 Merge "Move the trusted root CA certs for RecoverableKeyStore to our own folder" into pi-dev am: 62fa81f7b4 
am: 71802f34c2

Change-Id: Ib9f4be5e23d50fd6bbd32cd7469eea67b1e82386
 2018-03-21 06:06:58 +00:00