platform_packages_apps_KeyChain/robotests, branch master Unnamed repository; edit this file 'description' to name the repository. KeyChain/Keystore 2.0 2021-02-24T03:46:12+00:00 Janis Danisevskis jdanis@google.com 2021-01-25T23:04:47+00:00 069a823af57cf7d02fa5f2eaee03b4feb9816e6e Key uses mostly public Keystore API which works the same for Keystore and Keystore 2.0. The only exception is: * The public API does not allow for grants. In this cases we fall back on hidden API. Keystore 2.0 and KeyMint do not allow for key attestation outside of key generation or import, so this patch also removes attestKey from the KeyChainService implementation. Test: KeyChain tests and CTS tests. Bug: 171305387 Merged-In: Ieefaba81e36dc0adc87d0eebde8a0901c1687960 Change-Id: Ieefaba81e36dc0adc87d0eebde8a0901c1687960 
Key uses mostly public Keystore API which works the same for Keystore
and Keystore 2.0. The only exception is:
 * The public API does not allow for grants.
In this cases we fall back on hidden API.

Keystore 2.0 and KeyMint do not allow for key attestation outside of
key generation or import, so this patch also removes attestKey from
the KeyChainService implementation.

Test: KeyChain tests and CTS tests.
Bug: 171305387
Merged-In: Ieefaba81e36dc0adc87d0eebde8a0901c1687960
Change-Id: Ieefaba81e36dc0adc87d0eebde8a0901c1687960
[LSC] Add LOCAL_LICENSE_KINDS to packages/apps/KeyChain 2021-02-17T02:55:18+00:00 Bob Badour bbadour@google.com 2021-02-12T22:22:20+00:00 dee18ac2f0f80625923c427110496c43f97edc6b Added SPDX-license-identifier-Apache-2.0 to: Android.bp robotests/Android.bp support/Android.bp tests/Android.bp Bug: 68860345 Bug: 151177513 Bug: 151953481 Test: m all Exempt-From-Owner-Approval: janitorial work Change-Id: I3c8f3267c94a08bdabd3297c2c3386f0270f7bea 
Added SPDX-license-identifier-Apache-2.0 to:
  Android.bp
  robotests/Android.bp
  support/Android.bp
  tests/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: I3c8f3267c94a08bdabd3297c2c3386f0270f7bea
Add DPM.getKeyPairGrants() 2021-02-02T21:51:39+00:00 Pavel Grafov pgrafov@google.com 2020-11-30T12:51:52+00:00 ad21f42fcb39af755a5ec41bf8c7a4138c9d0f08 This CL adds the underlying method to KeyChain. The method returns UIDs of the grantee packages. Bug: 179180345 Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testKeyManagement Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDirectly Test: atest android.admin.cts.DevicePolicyManagerTest Test: atest KeyChainTests Test: m RunKeyChainRoboTests Change-Id: I73529e8871fd35ddff29f4cfddae97ed47587407 Merged-In: I73529e8871fd35ddff29f4cfddae97ed47587407 
This CL adds the underlying method to KeyChain. The method
returns UIDs of the grantee packages.

Bug: 179180345
Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testKeyManagement
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDirectly
Test: atest android.admin.cts.DevicePolicyManagerTest
Test: atest KeyChainTests
Test: m RunKeyChainRoboTests
Change-Id: I73529e8871fd35ddff29f4cfddae97ed47587407
Merged-In: I73529e8871fd35ddff29f4cfddae97ed47587407
Add KeyChain implementation credential management app 2021-02-02T21:51:28+00:00 Alex Johnston acjohnston@google.com 2020-11-28T12:03:47+00:00 74152c1a25839c8f6ed1bc06cbd0304012c0c6e9 Background * This is part of the work to support a credential management app on unmanaged devices. Changes * Add implementation for KeyChain API methods to manage the credential management app * Intercept KeyChainActivity to choose alias provided by credential management app if provided. Manual Testing * Install TestDPC * Request to manage credentials (fire intent). Add policy mapping: 'com.android.chrome' -> 'client.badssl.com:443' -> 'testAlias' * Install badssl user certificate as credential management app (TestDPC). Set alias to 'testAlias' * Check certificate is installed in Settings * Go to chrome > client.badssl.com * Verify no certificate selection prompt is displayed. User is automatically authenticated. * Remove credential management app from Settings Security > Encryption and credentials > Certificate management app * Verify credential management app is removed and 'testAlias' is uninstalled. Bug: 179180345 Test: Manual Testing atest com.android.keychain.KeyChainServiceRoboTest Change-Id: Ib3479c3b7bbd54cbc8e0782c8c58898399eda349 Merged-In: Ib3479c3b7bbd54cbc8e0782c8c58898399eda349 
Background
* This is part of the work to support
  a credential management app on
  unmanaged devices.
Changes
* Add implementation for KeyChain API
  methods to manage the credential
  management app
* Intercept KeyChainActivity to choose
  alias provided by credential management
  app if provided.

Manual Testing
* Install TestDPC
* Request to manage credentials (fire intent).
  Add policy mapping: 'com.android.chrome' ->
  'client.badssl.com:443' -> 'testAlias'
* Install badssl user certificate as credential
  management app (TestDPC). Set alias to 'testAlias'
* Check certificate is installed in Settings
* Go to chrome > client.badssl.com
* Verify no certificate selection prompt is
  displayed. User is automatically authenticated.
* Remove credential management app from Settings
  Security > Encryption and credentials >
  Certificate management app
* Verify credential management app is removed and
  'testAlias' is uninstalled.

Bug: 179180345
Test: Manual Testing
      atest com.android.keychain.KeyChainServiceRoboTest

Change-Id: Ib3479c3b7bbd54cbc8e0782c8c58898399eda349
Merged-In: Ib3479c3b7bbd54cbc8e0782c8c58898399eda349
[DO NOT MERGE] Rollup changes from R 2020-07-15T14:16:16+00:00 Eran Messeri eranm@google.com 2019-08-12T14:18:55+00:00 f541a87ab6c88040fd9772c57660320c0d90253a This change includes the following commits from internal R branch: ecea8d8 Adding modern KeyChain tests 5f89de1 Expanding KeyChain service tests bb63fca KeyChain: Adding user-selectability tests 83f9c58 Add tests for key generation & attestation 9b8aa0d KeyChain: Allow specifying UID of installed key 6e5d428 KeyChain: Delete obsolete test 3dbbb36 Fix KeyChain Robolectric tests 7cb0919 Show a dialog while certificates are loaded e6435a7 KeyChain tests: Add TEST_MAPPING be8a135 Throw IllegalArgumentException for invalid alias 114a9cc Add KEY_ALIAS_SELECTION_DENIED constant processing. 51a9b9f Log user ID when installing & removing CA certs cbc62f2 Fix Cert Chooser dialog 3a91362 Inspect issuers when deciding on a certificate to display 03a1dc6 Fix theming of KeyChain activities d1088a4 Fix cert selection dialog background e18363f Protect against NullPointerException 02ff266 Add an exported flag in manifest 0a00ed1 Make cert selection prompt respect dark mode fb9bae3 KeyChain: Log aliases from DPC 77192a0 Log certificate-related events 897f391 Revert "Add check for misprovisioned Pixel 2 device." Bug: 161347472 Test: atest KeyChainTests Change-Id: Id44c8cef275b9de7ed39d8033b19d662b44a638c 
This change includes the following commits from internal R branch:

ecea8d8 Adding modern KeyChain tests
5f89de1 Expanding KeyChain service tests
bb63fca KeyChain: Adding user-selectability tests
83f9c58 Add tests for key generation & attestation
9b8aa0d KeyChain: Allow specifying UID of installed key
6e5d428 KeyChain: Delete obsolete test
3dbbb36 Fix KeyChain Robolectric tests
7cb0919 Show a dialog while certificates are loaded
e6435a7 KeyChain tests: Add TEST_MAPPING
be8a135 Throw IllegalArgumentException for invalid alias
114a9cc Add KEY_ALIAS_SELECTION_DENIED constant processing.
51a9b9f Log user ID when installing & removing CA certs
cbc62f2 Fix Cert Chooser dialog
3a91362 Inspect issuers when deciding on a certificate to display
03a1dc6 Fix theming of KeyChain activities
d1088a4 Fix cert selection dialog background
e18363f Protect against NullPointerException
02ff266 Add an exported flag in manifest
0a00ed1 Make cert selection prompt respect dark mode
fb9bae3 KeyChain: Log aliases from DPC
77192a0 Log certificate-related events
897f391 Revert "Add check for misprovisioned Pixel 2 device."

Bug: 161347472
Test: atest KeyChainTests
Change-Id: Id44c8cef275b9de7ed39d8033b19d662b44a638c
Merge changes I243417e1,I2a40fe87 am: 1cb3918e25 2019-05-24T14:16:32+00:00 Colin Cross ccross@android.com 2019-05-24T14:16:32+00:00 c03fb91c109f994b0253c4a3da7353fe2bd7880e am: 730615db25 Change-Id: I476708b578f26bef85a37e67ea43a07425edd9e9 
am: 730615db25

Change-Id: I476708b578f26bef85a37e67ea43a07425edd9e9
Convert KeyChain robotests to Android.bp 2019-05-23T22:30:40+00:00 Colin Cross ccross@android.com 2019-05-23T22:28:52+00:00 1f708c1f53a80cf9cdbe3d337adfad6e54feb819 See build/soong/README.md for more information. Test: m RunKeyChainRoboTests Fixes: 122332719 Change-Id: I243417e181e7cec4fc31be4130c63b9f4d85b03b 
See build/soong/README.md for more information.

Test: m RunKeyChainRoboTests
Fixes: 122332719
Change-Id: I243417e181e7cec4fc31be4130c63b9f4d85b03b
Use tip-of-tree robolectric 2019-05-23T22:30:35+00:00 James Lemieux jplemieux@google.com 2018-10-18T00:34:19+00:00 1f9b27e48fe8b0b63c730b8995b4307929398000 Bug: 117904612 Test: make -j56 RunKeyChainRoboTests Change-Id: I2a40fe8727eae089b613713a3acc55cd8c3e1331 Merged-In: I2a40fe8727eae089b613713a3acc55cd8c3e1331 (cherry picked from commit ee8749e94e96a025467881c070efc861096d5199) 
Bug: 117904612
Test: make -j56 RunKeyChainRoboTests
Change-Id: I2a40fe8727eae089b613713a3acc55cd8c3e1331
Merged-In: I2a40fe8727eae089b613713a3acc55cd8c3e1331
(cherry picked from commit ee8749e94e96a025467881c070efc861096d5199)
Better handling of key override 2019-02-08T14:57:49+00:00 Eran Messeri eranm@google.com 2019-01-31T16:23:11+00:00 27451d95b5e3676844b09b9cef7cf56f3bd6606d Handle better the case where a new key is installed/generated, overriding a key that was associated with the same alias: * When a new key is generated using an existing alias, remove the existing grants first - making the behaviour consistent with key import. * When a key is removed, show a warning in the log that grants associated with this alias are lost. * If the caller has no grant to access the key or the key with the specified alias does not exist, return null rather than throw (which is consistent with the documentation). Bug: 123563258 Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement Test: m RunKeyChainRoboTests Change-Id: I36a5941093545f757bdbff7360311212f4183e57 
Handle better the case where a new key is installed/generated,
overriding a key that was associated with the same alias:
* When a new key is generated using an existing alias, remove the
  existing grants first - making the behaviour consistent with key
  import.
* When a key is removed, show a warning in the log that grants
  associated with this alias are lost.
* If the caller has no grant to access the key or the key with the
  specified alias does not exist, return null rather than throw (which
  is consistent with the documentation).

Bug: 123563258
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Test: m RunKeyChainRoboTests
Change-Id: I36a5941093545f757bdbff7360311212f4183e57
KeyChain: Add grants for existing keys on upgrade 2019-01-08T13:07:25+00:00 Eran Messeri eranm@google.com 2018-12-13T09:28:33+00:00 cea0531fa8852e1f3bafaf4f393d032636bec66e When the KeyChain database is created or upgraded, create entries in the grants table for keys that already exist in KeyStore. This fixes a bug where keys that were installed in KeyStore but never used (in O) are accessible in newer releases. Change-Id: Ic4935c80f37d77a3c83fea172f30fb42623b3ff6 Merged-In: Ic4935c80f37d77a3c83fea172f30fb42623b3ff6 Bug: 120039077 Test: m -j RunKeyChainRoboTests Test: Manual, flashed a sailfish device with O, installed a key, upgraded to P, made sure it's user-selectable. 
When the KeyChain database is created or upgraded, create entries in the
grants table for keys that already exist in KeyStore.

This fixes a bug where keys that were installed in KeyStore but never
used (in O) are accessible in newer releases.

Change-Id: Ic4935c80f37d77a3c83fea172f30fb42623b3ff6
Merged-In: Ic4935c80f37d77a3c83fea172f30fb42623b3ff6
Bug: 120039077
Test: m -j RunKeyChainRoboTests
Test: Manual, flashed a sailfish device with O, installed a key, upgraded to P, made sure it's user-selectable.