| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Key uses mostly public Keystore API which works the same for Keystore
and Keystore 2.0. The only exception is:
* The public API does not allow for grants.
In this cases we fall back on hidden API.
Keystore 2.0 and KeyMint do not allow for key attestation outside of
key generation or import, so this patch also removes attestKey from
the KeyChainService implementation.
Test: KeyChain tests and CTS tests.
Bug: 171305387
Merged-In: Ieefaba81e36dc0adc87d0eebde8a0901c1687960
Change-Id: Ieefaba81e36dc0adc87d0eebde8a0901c1687960
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added SPDX-license-identifier-Apache-2.0 to:
Android.bp
robotests/Android.bp
support/Android.bp
tests/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: I3c8f3267c94a08bdabd3297c2c3386f0270f7bea
|
| |
|
|
|
|
|
|
|
| |
reset() is deprecated in the frameworks layer. This commit removes one
of two references left to it.
Bug: 143309987
Test: These are the tests
Change-Id: Ieaf5f8172fef113f386e2c4d5664fcff7132bf45
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a test mapping for running KeyChain tests for any changes to the
KeyChain package.
Note that the Robolectric tests are not added yet because a test suite
cannot be specified for them.
The support service had to be built as an Android app (rather than
Android test) and specified as a dependency for the tests.
Bug: 138375478
Test: atest in packages/apps/KeyChain
Change-Id: Ia5d316f77791176ef63396a468b90491acc7a9eb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is part of the work to unify manual and programmatic key
installation flows.
Since the manual key installation flow allowed installing keys to the
WiFi Keystore, this capability needs to be preserved and so to make
KeyChainService usable for installing WiFi keys, take the destination
UID as parameter to the installKeyPair method.
As a safety measure, only allow installation of keys to the "self" UID
and the WiFi UID (and the WiFi UID is only acceptable on the primary
user).
Test: Manual CtsVerifier tests: KeyChain Storage Test, CA Cert Notification Test
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Bug: 138375478
Change-Id: Ibd6d840142cda6bc4fd5f28f4797867f91a5bb60
|
| |
|
|
|
|
|
|
|
|
| |
Test that generateKeyPair, attestKey and setKeyPairCertificate operate correctly:
* Test successful key generation and attestation.
* Test various error conditions (missing attestation challenge, etc).
Bug: 138375478
Test: atest KeyChainTests
Change-Id: I62673c35a6729dcc4a3f2fa7761c82cd0a2dc6e4
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add a test exercising isUserSelectable/setUserSelectable.
Since setting user-selectability is privileged to system callers,
add a method to the key chain service test support service for doing
so.
Bug: 138375478
Test: atest KeyChainTests
Change-Id: Iacd4a04115c6ea354a0abf8e1092c1417761f233
|
| |
|
|
|
|
|
|
|
|
|
| |
Exercise the installKeyPair / removeKeyPair functionality.
As the test is not a system app, the support service was extended
to proxy the call to these methods on KeyChainService.
Bug: 138375478
Test: atest KeyChainTests
Change-Id: Iab015bb0c707f29789104d661d092e5177e89666
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old KeyChain tests had to be manually run, which meant they never
ran and were mostly broken.
Add new, modern KeyChain tests that can be run with atest, as they are
based on instrumentation tests.
In particular:
* Add BasicKeyChainServiceTest which currently includes one test case:
importing a key and validating access to a key given a grant.
* Removed mentioning of the KeyChainServiceTest as a service from the
tests' AndroidManifest.xml because there's no reason this service
should be bound anymore.
* Adding AndroidTest.xml to describe the dependency between the support
package and the tests: The KeyChainServiceSupport package must be
installed alongside the test apk as this is a system package that
is used to manipulate the KeyStore state directly. Its service
is directly bound.
* Overhaul the AndroidManifest.xml to indicate use of the instrumentation
test runner.
Bug: 138375478
Test: atest KeyChainTests
Change-Id: If12251b40e5b089e2658788b008ce0a1be062a97
|
| |
|
|
|
|
|
|
| |
See build/soong/README.md for more information.
Bug: 122332719
Test: treehugger
Change-Id: Ia33b9c8ba013be83922c8f352fe6c91b19ccf840
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KeyChain used to depend on KeyStore's initialization state since it
was importing keys using the FLAG_ENCRYPTED flag.
With that flag, imported keys were encrypted using an AES key derived
from the user's screen lock.
However, said AES key is stored in the filesystem next to the key
material and so does not provide additional security beyond filesystem
encryption.
Additionally, there are now better ways to protect key access via
Keymaster.
This change removes the use of this flag as well as the dependency on
KeyStore's initialization state.
That allows getting rid of the requirement for the device to have a
screen lock.
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedProfileOwnerTest#testKeyManagement
Bug: 120901345
Change-Id: Ief36a1fb4250c66c88d8d6aebbccbc43cd5ef2b0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change sets LOCAL_SDK_VERSION for all packages where
this is possible without breaking the build, and
LOCAL_PRIVATE_PLATFORM_APIS := true otherwise.
Setting one of these two will be made required soon, and this
is a change in preparation for that. Not setting LOCAL_SDK_VERSION
makes the app implicitly depend on the bootclasspath, which is
often not required. This change effectively makes depending on
private apis opt-in rather than opt-out.
Test: make relevant packages
Bug: 73535841
Change-Id: Ib45c692389f1ef7a27a3a6ba03f88f35c97dc56a
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In preparation for removing junit classes from the Android API
the legacy-test target will be removed from the
TARGET_DEFAULT_JAVA_LIBRARIES. This change adds explicit
dependencies on junit and/or legacy-android-test to ensure that
modules will compile properly once it is removed.
Bug: 30188076
Test: make checkbuild
Change-Id: Id49fe842c3b086fbe6a853a58cc801942439e88d
|
| |
|
|
| |
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
|
| |
|
|
|
|
|
|
| |
Remove the call sites that don't have the flags specified. This is to
ensure that callers know what flags they're setting.
Bug: 8122243
Change-Id: I207cc0152f73c779af71a3410e5de3d8c35a259b
|
| |
|
|
| |
Change-Id: I531ca8fbf8c7008383488cba1dd73f59537edb01
|
| |
|
|
|
|
| |
AccountManagerService handle them.
Change-Id: I44d437d5d8100e3c79415862186bc2908cd15537
|
| |
|
|
|
|
|
| |
Now that the system user can read values from keystore, the keychain user is unneeded.
Bug: 4970237
Change-Id: I5b998ce29c2b32d8014c9ec1814c1e0837951cb5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification
packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use
packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints
packages/apps/KeyChain
Tracking KeyStore API changes
Details:
frameworks/base
Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.
cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp
Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.
core/java/com/android/internal/widget/LockPatternUtils.java
Changed unlock screens to pass values for keystore unlock or initialization
policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java
KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required
keystore/java/android/security/KeyStore.java
In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.
keystore/tests/src/android/security/KeyStoreTest.java
packages/apps/Settings
Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.
AndroidManifest.xml
src/com/android/settings/CredentialStorage.java
Remove layout for entering new password
res/layout/credentials_dialog.xml
Remove enable credentials checkbox
res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java
Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.
src/com/android/settings/ChooseLockGeneric.java
Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.
src/com/android/settings/CryptKeeperSettings.java
Tracking KeyStore API changes
src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java
Removing now unused string resources
res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml
packages/apps/CertInstaller
Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java
Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
Change-Id: Id7250fdb29c8a6d52d599c39a869ab22b1cc53da
|
|
|
Change-Id: I6c862d3e687cf80fb882966adb3245f2244244fe
|
