Vpn might be included in ConnectivityService mainline module, so
it should prevent calling @hide API. Even if Vpn isn't included
in ConnectivityService mainline module eventually, it's still
fine to use local defined default request instead of calling
@hide API.
Ideally, ConnectivityManager will provide a new API which can
provide the status of physical network even though there is a
virtual network. b/147280869 is used for tracking the new API.
Bug: 172183305
Test: atest FrameworksNetTests
Test: atest CtsNetTestCasesLatestSdk
Test: Manual setup IKEV2 VPN connection.
Change-Id: If76e7497bef4890a74641695c3ebd395795bbe7f
To prevent calling @hide API, print definition of network type
directly instead of calling @hide API.
Bug: 172183305
Test: atest FrameworksNetTests
Test: atest CtsNetTestCasesLatestSdk
Test: Setup a platform VPN and enable VPN always-on, then check
the log.
Change-Id: I807e90537f706face51c5cc221490ea742d22a0e
This change adds stubs for both the API and the internal binder
interfaces.
Bug: 163431877
Test: Compiles, boots
Change-Id: I11183d9fe3ad53944882b163eee5110e85898393
* changes:
Support converting integer to/from PersistableBundle
Support converting byte array to/from PersistableBundle
Include PersistableBundleUtils in framework-ike-shared-srcs
Add utils for converting Maps and ParcelUuid to/from PersistableBundle
Add utilities to persist lists of Persistable objects
With this patch we install the old Keystore provider as
AndroidKeyStoreLegacy when the Keystore 2.0 provider is installed as
AndroidKeyStore. This allows system components to keep using the old
keystore while we can run CTS tests against the new provider.
The tests are still mostly failing at this point. Installing the new SPI
can be enabled by setting the property
ro.android.security.keystore2.enable=true
Bug: 159476414
Test: This enables running CTS tests against Keystore 2.0.
Change-Id: I9731d9783ccf8f2705a5ca7335e00c8f4c8debba
This patch makes Zygote install the Keystore 2.0 SPI as
"AndroidKeyStore" and the old Keystore SPI as "AndroidKeyStoreLegacy"
if the platform property ro.android.security.keystore2.enable is
set to true. This allows us to boot Android with vital components, such
as LockSettingsService, still using the legacy Keystore, while we run
CTS tests against the new implementation, migrate other system
components, and perform migration tests.
This CL will be superseded by a CL that makes Zygote install the
Keystore 2.0 SPI exclusively when the migration of all dependent
components is complete.
Bug: 171305684
Test: None
Change-Id: I9e32578285167c4d63f4f536a07fe98473a883e0
We delegate the generation of self signed certificates to the KeyMint
backend. Also we use the KeyParamter AIDL type instead of
KeymasterArguments to construct parameter lists.
Bug: 159476414
Test: None
Change-Id: I441a4d4df4ef04e3da8aeaff3274c609d549c979
We no longer need to get the key characteristics from the Keystore
daemon to construct the KeyInfo for a key. Also we have to extract the
key info from the KeyParameter AIDL type rather than from the hand
written KeymasterArguments.
This patch also exposes the correct security level for a key through
KeyInfo.
Bug: 159476414
Test: None
Change-Id: I86a85e481e19fdadfed38a42aeac4ffe5f8b83fa
This patch adjusts the AndroidKeyStoreProvider to register all services
with the correct packages names. And the utility functions load key
using the correct Keystore 2.0 methods.
Bug: 159476414
Test: None
Change-Id: I9268fd66d28e89e188e85991bcf90c7f19809232
This patch evolves the Crypto SPI to use the new Keystore 2.0 shim.
The main changes are:
* The SPI uses the AIDL defined KeyParameter instead of
KeymasterArguments.
* Operations are created directly from the KeystoreSecurityLevel that
is part of the AndroidKeyStoreKey object.
Also this patch deletes the DeletatingX509Certificate class. This is no
longer needed, because public key operations are no longer performed by
Keystore 2.0. We can delegate public certificate operations simply by
wrapping such certificates into public keys that are understood by other
providers, such as BouncyCastle.
Bug: 159476414
Test: None
Change-Id: Ice874a8121d80bf788da059b4e8420c7dd799d81
The wire type for key parameters is now generated from AIDL rather than
the hand written parcelable KeymasterArguments. So we need some of the
utilities for creating key parameters that the latter provided.
We also nicked some utility function from KeymasterUtils.
Bug: 159476414
Test: None
Change-Id: I12c674b6a00dd3abbed4972d80ceb766a73881e8
This patch makes the chunked streamer observe the simplified
Keystore 2.0 operation interface. Keystore is now required to consume
all supplied data or reject data outright if too much (more than 32KiB)
is supplied in a single transaction. This allows for a simplified
streamer logic and a simplified interface. We also no longer send
entropy to Keystore. This will be handled by the Keystore 2.0 daemon.
Test: None
Bug: 159476414
Change-Id: Ie75d10fd5d5ac0da60e23e35467d0a7873230dea
Keystore 2.0 does no longer report an error code if an operation
requires user authorization. Instead this is indicated by sending us
an operation challenge. In that case we have to check if the
authorization can possibly succeed. We changed the utility class by
adding a predicate function that checks exactly that, and we handle
other errors separately instead of having one exception handling path
that does all.
Test: None
Bug: 159476414
Change-Id: I9a373cf8f0a0b181df54c26fe314d71b6835bb97
KeyStoreKeys can now be constructed from key entry metadata and key
descriptors as defined by the new Keystore AIDL spec.
AndroidKeystorePublicKey can now create the private key proxy.
KeyStoreKeys also cache the key characteristic, which should drastically
reduce the frequency by which the SPI has to call into the Keystore 2.0
daemon.
Test: None
Bug: 159476414
Change-Id: Ia0a7841582621897760be49d39dd5442b70b3aa0
This patch adds a shim around the Keystore 2.0 AIDL spec. The new shim
is modularized like the AIDL spec into the base Keystore module
Keystore2, the security level specific interface KeystoreSecurityLevel,
and the operation specific interface KeystoreOperation.
Other system maintenance specific interfaces have yet to be added.
Bug: 159476414
Bug: 171305684
Test: None
Change-Id: I070f73739e4b37ce10568939ac666e40b14a52a8
This CL is for facilitating converting Map and List that
contains integer type objects.
Bug: 163604823
Test: PersistableBundleUtilsTest(new tests added)
Change-Id: I24239caf70035e19c3fb5eb4a85b6a0c6ccadb5a
This commit expands the PersistableBundleUtils by adding maps.
LinkedHashMap is used in an attempt to preserve ordering where stability
is important.
Similarly, this commit adds the ability to persist ParcelUuid(s) via
conversion to Strings.
This commit also adds a helper method to safely read and write to and
from disk
Bug: 163611304
Test: New tests added, passing
Change-Id: Ife24e94006445007be68ab0e03f27b2fd5643aa2
This change adds a utility class to enable persistance of Lists of
objects.
The PersistableBundle class does not currently support lists or arrays
of PersistableBundles, presumably due to the potential for key
conflicts. The utility classes added here avoid that concern by
nesting all lists as separate persistable bundles.
Bug: 163594033
Test: New PersistableBundleUtilsTest added, passing
Change-Id: I89478cf0d05d41a4b0d769de4859421061a1f1d9
This patch copies the relevant portion of the Keystore SPI to the new
package name android.security.keystore2. The purpose of this is to
illustrate the evolution from the existing Keystore SPI to the
Keystore 2.0 SPI while keeping the existing Keystore SPI intact.
Reviewers are advised to check the equivalence of this code to the
corresponding files in
android/security/keystore (<-- no 2 here).
Subsequent patches can them be reviewed as evolution towards the new SPI
rather than completely new code.
Test: None. When the evolution is complete, Keystore CTS tests can be
used to check for regressions.
Bug: 159476414
Change-Id: I21a01a679e789868ce820b5f73221e616a456a61
Remove the build rule for updating api/current.txt and other files,
which makes it easier to remove the txt files themselves.
Bug: 171029603
Test: m nothing
Change-Id: I987fd9f6075d0f7c6817f16bf7282c6239afb7db
This change removes the "pi.append_native_lib_paths" property added as a kill switch for a feature that has been out in the wild now for several releases now.
Change-Id: I21f9d158f60d0cf47e3631bb37ece711b3450494
Merged-In: I21f9d158f60d0cf47e3631bb37ece711b3450494
Fixes: 173103133
(cherry picked from commit 22efaa84228c277c436b4537a9189778c022fab5)
Having a hidden abstract method for a class that can be extended
means that public implementors cannot implement these hidden methods
posing a risk that custom implementations will not have required
abstract methods resulting in an exception.
Bug: 151134792
Test: make update-api
Change-Id: I758d12465fabc671be19bedeeceb16885de23c87
Merged-In: I758d12465fabc671be19bedeeceb16885de23c87
Exempt-From-Owner-Approval: large scale suppression of existing issues,
no-op in terms of behavior
@SuppressLint("Doclava125") is a legacy way of suppressing
RequiresPermission check. Updating to the new style of suppression
so metalava no longer has to support the legacy mode.
sed -i "s/@SuppressLint(\"Doclava125/@SuppressLint(\"RequiresPermission/" \
core/java/android/app/admin/DevicePolicyManager.java \
core/java/android/hardware/hdmi/HdmiControlManager.java \
core/java/android/hardware/location/ContextHubManager.java \
core/java/android/hardware/usb/UsbDeviceConnection.java \
core/java/android/net/TrafficStats.java \
core/java/android/os/RecoverySystem.java \
core/java/android/os/storage/StorageManager.java \
core/java/android/service/persistentdata/PersistentDataBlockManager.java \
location/java/android/location/LocationManager.java \
media/java/android/media/AudioManager.java \
telecomm/java/android/telecom/TelecomManager.java \
telephony/java/android/telephony/CarrierConfigManager.java \
telephony/java/android/telephony/TelephonyManager.java \
wifi/java/android/net/wifi/RttManager.java \
wifi/java/android/net/wifi/WifiScanner.java
Test: make
Exempt-From-Owner-Approval: No-op change
Merged-In: I6d5df95cfca2950ea86872d2f0afc1ba828841dc
Change-Id: I6d5df95cfca2950ea86872d2f0afc1ba828841dc
This fixes a SystemUI loopcrash when casting as a guest user.
Bug: 173026465
Test: Manual - install media app that can cast on guest user only,
then cast from guest user. SystemUI should not crash.
Test: atest com.android.systemui.media
Change-Id: I70f5de89a813c54a616eb701a02aa43272754580
