This workaround prevents use of keys with randomized encryption
(IND-CPA). Since randomized encryption is on by default, it's better
to keep it working and break non-randomized encryption (until
Keymaster is fixed).
Bug: 18088752
Change-Id: I4b11ce72cff705be41d3e66f28b507d6ddc1da79
This tracks 59f977c6988e21b3b8aa6c83428bd6ee1a98816d due to which
AndroidKeyStore is unable to provide symmetric keys because it
assumes that the digest field is not repeating.
Bug: 18088752
Change-Id: Ie8ed01449280b7c759e81aeaf2066953b0abaf2a
fix return value scale of notifyANR()
from milliseconds to nanoseconds when windowState is not null
This prevent unintended frequent method calls of notifyANR()
in a very short time.
Change-Id: Icc1f363b3ed3538821a42c080809567473bfb833
Signed-off-by: Baik Han <baik.han@lge.com>
This removes the need to specify the three parameters of the
self-signed certificate (serial number, subject, validity range) when
generating key pairs in AndroidKeyStore. This is achieved by
providing sensible defaults for these parameters:
* serial number: 1
* subject: CN=fake
* validity range: Jan 1 1970 to Jan 1 2048.
Bug: 18088752
Change-Id: I5df918b1ef8b26ed3ddd43828c4c78c9fa58cd43
This was originally to avoid RuntimeException in RouteInfo#matches():
When an IPv6 prefix with a length greater than the max permitted
for IPv4 is matched against an Inet4Address, the call to
NetworkUtils throws RuntimeException.
Change-Id: I92e2bd19a4e7d656cf682fd27678da07e211850d
The name is not used in any meaningful way yet, but would be used
to name the file for generated code for fused kernels in other
coming CLs.
A script group name cannot be null or empty, or longer than 100
characters. It can only contain letters, digits, '-', or '_'.
Change-Id: I95fdbf58e6689da91ca98c2057dfa1a803d3b27b
This replaces int-based enums from KeyStoreKeyConstraints with
String values commonly used in JCA API.
As part of under the hood refactoring:
* KeyStoreKeyCharacteristics and KeyStoreKeyConstraints have been
merged into KeyStoreKeyProperties.
* KeymasterUtils methods operating on KeymasterArguments and
KeymasterCharacteristics have been moved to their respective
classes.
Bug: 18088752
Change-Id: I9c8b984cb3c28184adb617e34d87f2837bd1d3a1
We can get a number of exceptions (e.g. SecurityException) when
a process is acquiring a provider. We need to clean-up correctly
so that other threads that try to acquire the provider the progress.
Bug: 20122809
Change-Id: Icac1d391df7e8c24198be89035b1c5a23da834cf
Fine tune commit 9ac9609f.
Because process may reuse same process record to restart.
It is better to check below conditions to skip:
1. Simple dead and has been cleaned.
=> .thread will be null
2.The process has restarted with new pid but has not attached yet.
=> .thread will be null
3.The process has restarted and attached.
=> The IBinder will be different
Change-Id: Ic052f5025558ca93e1a6ab11bca61fe995126bb9
Imposing an order on Policy objects allows us to extend the
policy writers ability to union mac_permissions.xml files.
Policy developers can now create new mac_permissions.xml
entries under their device specific directories. This is
in contrast to current methods which only allow differing
stanzas to appear outside the base mac_permissions.xml.
Also, report on stanzas with duplicate input selectors and
treat these as errors. There are some ambiguities that can
arise otherwise.
Lastly, impose an XOR condition on signer stanzas w.r.t seinfo
and package tags. This finer distinction helps the union feature
of policy to become clearer and simpler to code.
Change-Id: Idd86df8ad9a63d1b8ba6e8270670814ca6cee8d2
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
