Summary:
frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification
packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use
packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints
packages/apps/KeyChain
Tracking KeyStore API changes
Details:
frameworks/base
Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.
cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp
Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.
core/java/com/android/internal/widget/LockPatternUtils.java
Changed unlock screens to pass values for keystore unlock or initialization
policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java
KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required
keystore/java/android/security/KeyStore.java
In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.
keystore/tests/src/android/security/KeyStoreTest.java
packages/apps/Settings
Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.
AndroidManifest.xml
src/com/android/settings/CredentialStorage.java
Remove layout for entering new password
res/layout/credentials_dialog.xml
Remove enable credentials checkbox
res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java
Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.
src/com/android/settings/ChooseLockGeneric.java
Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.
src/com/android/settings/CryptKeeperSettings.java
Tracking KeyStore API changes
src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java
Removing now unused string resources
res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml
packages/apps/CertInstaller
Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java
Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
Change-Id: I80533bf8986a92b0b99cd5fb1c4943e0f23fc1c8
This is the settings part of the change for adding
support for accessibility service specific settings.
1. Added the first cut of a SettingsCheckBoxPreference
that is a CheckBoxPreference that optionally takes
an intent to be lauched as settings of the item
represented by the preference.
2. Updated the AccessibilitySettigns to use the
SettingsCheckBoxPreference.
Change-Id: If44262b8965c65620c6b8c252f8ef356eb0d95cf
Depends on change Ied691856 for
Settings.Secure.DREAM_TIMEOUT and
Settings.Secure.DREAM_COMPONENT.
Change-Id: Ib6f74b74036e12637efb891b97e459a4e33444e7
Storage categories are dynamically created from list of StorageVolumes instead
of a static XML.
Unknown files' sizes are part of Misc rather than Apps.
Categories with a size of 0 are removed.
TODO : remove the notion of a "nosdcard" product. Change strings accordingly.
See all TODO in code
Change-Id: I017ac20f5fa50ad9bdeba8e666754ec84acf3858
The user dictionary interface now works the following way:
* Locale gathering
- The current locale is always considered as present, even if
there are no words for it in the user dictionary.
- Any locale for which at least one word is registered is
considered present.
- A null locale is considered a valid locale meaning "all
languages".
- If no words are present at all, since the current locale is
always considered present, the system will consider there is
exactly one locale present - and allow editing this user
dictionary.
* Options display
- If only one locale is present, the interface is the same as
for Honeycomb: display a "User dictionary" PreferenceScreen
that brings up the dictionary editor interface.
- If there are several locales present, then the user
dictionary option will jump to a screen that will display a
list of available locales.
* Word insertion
- Inserting a word will always use the locale of the currently
displayed dictionary. If it is the "all languages" null
pseudo-locale, that will still hold and the word will be added
to this pseudo-locale.
It is worthy to note that the "All languages" locale is only
accessible if for some reason there are already words with a
null locale in the database before this is installed. For
example, if an application has inserted some words that way,
or if the user inserted words with a previous version of the
settings application.
On a freshly flashed device, barring the use of third-party
application that would add such words, it is not possible to
access the "all languages" locale any more because there is
no interface to do it, though it works if such words are
inside.
Bug: 3479738
Change-Id: Iba323e5aeb3f4f575896903a4e8bef6ffb3ea306
frameworks/base
Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl
libcore
Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java
Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directory for system.
Added support for removing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java
Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algorithms doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java
TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Added private PKIXParameters contructor for use by
IndexedPKIXParameters to avoid wart of having to lookup and pass
a TrustAnchor to satisfy the super-class sanity check.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
luni/src/main/java/java/security/cert/PKIXParameters.java
packages/apps/CertInstaller
Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.
src/com/android/certinstaller/CertInstaller.java
Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.
AndroidManifest.xml
Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.
src/com/android/keychain/KeyChainService.java
packages/apps/Settings
Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.
src/com/android/settings/CredentialStorage.java
Added toast text value for failure case
res/values/strings.xml
system/core
Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.
rootdir/init.rc
Change-Id: Ie329aafe88f6ebe108d25382f587c933f3244e55
Currently show MEID for CDMA devices. For LTE devices, this should be IMEI.
Both values are the same for CDMA-LTE devices. Update "MEID" to "IMEI / MEID".
bug:4356748
Change-Id: I39b1f1c4c776a4acb045aa9ef7d8869ed66a30e4
- Updated hint text for BT tethering checkbox to
"[Sharing|not sharing] this [tablet|phone]'s mobile data connection".
- Show correct hint text when user enters tethering screen.
- Show correct status after user enables tethering when Bluetooth is off.
When BluetoothPan.setBluetoothTethering(true) is called with BT off,
BluetoothPanProfileHandler will add a broadcast receiver to enable
tethering after BT turns on. This happens too late to show the correct
status when TetherSettings gets the adapter state changed event, so set
a flag (mBluetoothEnableForTether) instead, and call setBluetoothTethering
ourselves after the state changes to ON. Also, clear the flag if the
adapter state changes to OFF or ERROR.
- Show correct status when user enables tethering, then disables Bluetooth,
then returns to the tethering screen. Previously it would show
Bluetooth tethering enabled, even though adapter state was OFF.
- Show the number of connected devices in tethering preference screen.
- Distinguish between PANU and NAP in device profiles screen, and show
appropriate text to clarify the direction of tethering.
- Remove profiles from device profiles list when the device removes the UUID
(e.g. Mac OS X turning NAP on/off) and after a NAP disconnection when the
remote device only supports PANU.
Bug: 3414575
Change-Id: I2c0830876d5b9bddb293e57c4d3ca74f105911b8
Fix dual display of IP addresses for static IP
Fix inputType for proxy and IP fields
Add hint texts for IP fields
Change-Id: I5b556a07c2a5b69ecec959c933f2872e70496946
I have implemented most of what the UX designer proposed. except these
1. Percentage Bar chart left padding should be 16dip
2. Percentage Bar chart and Total Space preferences should be combined into
one singne ViewGroup or something. and "total Space" shoudl be aligned
on the right border
Change-Id: I9b238eaa561c9837b47b9955e7d718d92543ca34
Bug: 3249998
Remove an extra level of menu by moving the Configure Wi-Fi hotspot preference to the Tethering settings page.
Change-Id: I20b67ae1ddd7e9967c99ff6a8039799be792382f
