Implement uid/namespace clearing for Keystore 2.0.
Test: Verified that keys get deleted when an app gets uninstalled.
Change-Id: I1b0b65e977177a6e34c500b00b5070ec18be2671
Previously BouncyCastle methods were exposed as libcore APIs (@CorePlatformApi), which no longer possible when ART is updatable module (and can't guarantee BouncyCastle API stability)
Bug: 154796679
Test: Treehugger
Change-Id: I908681841a6766de88761767c77c4e2d4b5f56d5
This CL introduces the Keystore SPI class for IKeystoreAuthorization
aidl interface and implements the calling code for addAuthToken method.
Bug: 166672367
Bug: 177830239
Bug: 177791435
Bug: 177787061
Bug: 177787180
Test: VTS test
Change-Id: I9f0adc97efadd0fa1a1f16dd5ec811f4151a2b03
This CL introduces the Keystore SPI class for IKeystoreAuthorization
aidl interface and implements the calling code for addAuthToken method.
Bug: 166672367
Test: VTS test
Change-Id: I7893ab4520b16533b9fddc9909297856e0b523ae
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to
remove from the unsupported list.
Bug: 170729553
Test: Treehugger
Merged-In: I626caf7c1fe46c5ab1f39c2895b42a34319f771a
Change-Id: I54e5ecd11e76ca1de3c5893e3a98b0108e735413
A normal synchronous binder call would not be influenced by an
interrupted thread. With the move to asynchronous keystore IPC we wait
on a future which can throw an interrupted exception. The Java crypto
API does not expect the implementation to throw interrupted exceptions
though. So to preserve the expected behavior we wrap the Future.get()
calls in a loop that handles the interrupted exception and sets the
interrupted state after the get completed successfully.
Bug: 147398412
Bug: 155254932
Test: atest android.keystore.cts.CipherTest#testEncryptsAndDecryptsInterrupted
Change-Id: I066180e8028cc426fa1b3739fa007faa17c8c012
Merged-In: I066180e8028cc426fa1b3739fa007faa17c8c012
Update keyguard locked state from TrustManagerService
TrustManagerService holds the ground truth about whether a user is
locked or not, so update keystore using the information there,
instead of doing it from KeyguardStateMonitor. This fixes the issue
of work profile locked state not being correctly pushed to keystore.
Note: since this change is likely to be backported as a security
patch, I'm refraining from doing major refactoring right now.
Bug: 141329041
Bug: 144430870
Test: manually with KeyPairSampleApp
Change-Id: I3472ece73d573a775345ebcceeeb2cc460374c9b
(cherry picked from commit f9418dbb2c)
1) BiometricService / AuthService always need to be started, since on
Android 11 and later, the public credential auth API comes through this
path.
2) Consolidate getAuthenticatorId() and expose via AuthService. This is
used only by the platform during key generation. Instead of asking
each individual service, AuthService will return a list of IDs for
sensors which are enrolled and meet the required strength.
Test: atest com.android.server.biometrics
Test: fingerprint device, CtsVerifier biometric section
Test: face unlock device, CtsVerifier biometric section
Test: remove biometrics from device, CtsVerifier biometric section
Bug: 148419762
Bug: 149795050
Change-Id: I2c5385b1cd4f343fabb0010e1fe6fb1ea8283391
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
Merged-In: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
This additional input will be unused for now, but future changes are
expected to utilize it.
Test: Keystore CTS Tests
Change-Id: I5c388032e3710e3825bdb06b26443a5ae2c034a3
This api call is not accessible from the java API and is intended to be
deprecated. This CL cleans up the potential to directly call into binder
and use this functionality.
Also cleans up imports to appease the repo hooks
Test: Android builds
Change-Id: I95b27a001a6d6ba6c7d1f952bdda456a78b7f99c
TrustManagerService holds the ground truth about whether a user is
locked or not, so update keystore using the information there,
instead of doing it from KeyguardStateMonitor. This fixes the issue
of work profile locked state not being correctly pushed to keystore.
Note: since this change is likely to be backported as a security
patch, I'm refraining from doing major refactoring right now.
Bug: 141329041
Test: manually with KeyPairSampleApp
Change-Id: I3472ece73d573a775345ebcceeeb2cc460374c9b
Since keystore accepts asynchronous requests it may be that apps wait
forever if keystore dies. This patch adds a death recipient to all
keystore promises so that Keystore.java gets notified when keystore
dies.
Test: atest android.keystore.cts
Bug: 111443219
Bug: 128991260
Change-Id: Ie6e4a4f371287f83a2cdf4069d5686c67d8aebc1
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: I020a9c09672ebcae64c5357abc4993e07e744687
Why?: 1) Returning an array list is unsafe because it must be allocated in Java and C++ must not change the size. 2) List<Integer> is not supported by AIDL, but List<String> is. I decided it was simpler to pass back integers encoded as strings than to create yet another parcelable.
Bug: b/119616956
Test: ./list_auth_bound_keys_test.sh
Test: Temporarily modified settings app to call listUidsOfAuthBoundKeys
Change-Id: I3bf7578c96e800c8d35fba897f52220136dcd657
Since the keystore alias prefix USERSKEY was deprecated
Credentials.deleteUserKeyTypeForAlias tried to delete key the
remaining prefix first and if that failed tried to delete the
legacy prefix.
However, KeyStore.delete returns true if the key was deleted or
did not exist. So the first call to delete would return true
whether the key existed or not and the legacy alias would never be
deleted.
This patch introduces a new flavor of KeyStore.delete, that returns an
error code instead of a boolean. The caller can now distinguish
the nature of the failure. Credentials.deleteUserKeyTypeForAlias now
checks this return code and attempts to delete the legacy variant if
KEY_NOT_FOUND was returned.
Bug: 117818447
Change-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4
The legacy support importKey method uses the wrong method to add date
fields to the import keymaster arguments.
Bug: 119549023
Change-Id: Iff841086f6616303b365ad28aae429ccae1f3406
listUidsForAuthBoundKeys was added to IKeyStoreService.
This CL exposes this method in KeyStore for system apps.
This method will be hidden for non system apps.
Bug: b/112321280
Test: listUidsForAuthBoundKeys in IKeyStoreService has its own tests
Test: This method cannot be tested directly from CTS
Change-Id: Iac9e863079a1367ddb3a599bc3825baea96a1c31
This patch makes the framework use the asynchronous keystore api model.
Bug: 111443219
Test: Ran full keystore cts test suite
Change-Id: I8d1fdc70cb9eb501d3f22a97d1221904c2ef8f9a
In preparation for making the keystore service asynchronous we remove
redundant legacy functionality from the protocol.
This patch removes the functions get_pubkey, sign, verify, generate,
and import_key. Which have long been superseded by exportKey
(get_pubkey), begin/update/finish (sign, verify), generateKey
(generate), and importKey (import_key).
This patch also removes isOperationAuthorized.
Test: KeyStore CTS tests
Bug: 111443219
Change-Id: Ib3bd6f40b4e948e5ad6b2ef5278b18ff46201d71
In preparation to the async keystore interface we change the semantics
form unconditionally overwriting existing keys to reporting that the key
exists. For compatibility we reimplement the same semantic in the
calling code.
Bug: 111443219
Test: KeyStore CTS test
Change-Id: I1fa5428fa7ada97d5068778cd4590593c992554d
Biometrics are now generic from KeyStore point of view
Bug: 113624536
Test: Unable to create keys when no templates enrolled
Test: Able to create keys when templates are enrolled
Test: No regression in Fingerprint
Keys are invalidated after enrolling another FP
Change-Id: I6bdc20eb58c8a0c10a986519d4ba9e1843ebc89d
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ifed4da56531195f64fd53d84f14b4e8298843b2c
Merged-In: I7762dd647bede8abc9be2c538af3a3a99a25a73e
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I7762dd647bede8abc9be2c538af3a3a99a25a73e
@UnsupportedAppUsage annotations are added automatically, but this does
not work when there are multiple definitions on the same line.
Test: m
Bug: 110868826
Change-Id: I2c26c136cdfa557e45cf1ee0b39dab9c17abde56
