diff options
| author | Adam Vartanian <flooey@google.com> | 2018-06-18 15:42:30 +0100 |
|---|---|---|
| committer | Gina Dimino <gdimino@google.com> | 2018-07-16 21:02:19 +0000 |
| commit | 4ef3fde80559165d8b6ea7de3ddd9b28b3ec7761 (patch) | |
| tree | 5cb3e24acd326f35d6322c7eb7c2d496cea12698 | |
| parent | 952553fa6d8f727dbafc1cf6ad25a5d4592f7c10 (diff) | |
| download | platform_compatibility_cdd-4ef3fde80559165d8b6ea7de3ddd9b28b3ec7761.tar.gz platform_compatibility_cdd-4ef3fde80559165d8b6ea7de3ddd9b28b3ec7761.tar.bz2 platform_compatibility_cdd-4ef3fde80559165d8b6ea7de3ddd9b28b3ec7761.zip | |
CDD: Disallow modifying the default security provider list
- Security-related functionality is implemented by providing generic
classes for a category of security functionality (such as
javax.crypto.Cipher) and then security providers are registered that
provide specific implementations of that functionality which are
identified by a string identifier (such as "AES/GCM /NOPADDING").
- Interoperability is key for security functionality, and this
requirement prevents device manufacturers from adding new security
providers that are higher priority than the AOSP implementations and
thus returning a different implementation than an app expects when
it requests a specific identifier.
- If a device manufacturer wants to provide additional security
functionality, they can put it at the end of the list, which means
that developers will need to ask for it explicitly.
Test: manual inspection
Bug: 76462676
Change-Id: I20c2b6eb83488457fbebbbee6ddd10955c15410e
| -rw-r--r-- | 3_software/3_5_api-behavioral-compatibility.md | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/3_software/3_5_api-behavioral-compatibility.md b/3_software/3_5_api-behavioral-compatibility.md index 0e5b9f9b..1b3a18e4 100644 --- a/3_software/3_5_api-behavioral-compatibility.md +++ b/3_software/3_5_api-behavioral-compatibility.md @@ -40,10 +40,30 @@ of compatibility are: task that's visible to the user. * [C-0-8] if the app is targeting API level 25 or higher, they MUST release the wakelocks the app holds. +* [C-0-9] Devices MUST return the following security providers as the first + seven array values from the [`Security.getProviders()`]( + https://developer.android.com/reference/java/security/Security.html#getProviders%28%29) + method, in the given order and with the given names (as returned by + [`Provider.getName()`]( + https://developer.android.com/reference/java/security/Provider.html#getName%28%29)) + and classes, unless the app has modified the list via + [`insertProviderAt()`]( + https://developer.android.com/reference/java/security/Security.html#insertProviderAt%28java.security.Provider,%2520int%29) + or [`removeProvider()`]( + https://developer.android.com/reference/java/security/Security.html#removeProvider%28java.lang.String%29). Devices + MAY return additional providers after the specified list of providers + below. + 1. **AndroidNSSP** - `android.security.net.config.NetworkSecurityConfigProvider` + 2. **AndroidOpenSSL** - `com.android.org.conscrypt.OpenSSLProvider` + 3. **CertPathProvider** - `sun.security.provider.CertPathProvider` + 4. **AndroidKeyStoreBCWorkaround** - `android.security.keystore.AndroidKeyStoreBCWorkaroundProvider` + 5. **BC** - `com.android.org.bouncycastle.jce.provider.BouncyCastleProvider` + 6. **HarmonyJSSE** - `com.android.org.conscrypt.JSSEProvider` + 7. **AndroidKeyStore** - `android.security.keystore.AndroidKeyStoreProvider` The above list is not comprehensive. The Compatibility Test Suite (CTS) tests significant portions of the platform for behavioral compatibility, but not all. It is the responsibility of the implementer to ensure behavioral compatibility with the Android Open Source Project. For this reason, device implementers SHOULD use the source code available via the Android Open Source Project where -possible, rather than re-implement significant parts of the system.
\ No newline at end of file +possible, rather than re-implement significant parts of the system. |