This replaces int-based enums from KeyStoreKeyConstraints with
String values commonly used in JCA API.
As part of under the hood refactoring:
* KeyStoreKeyCharacteristics and KeyStoreKeyConstraints have been
merged into KeyStoreKeyProperties.
* KeymasterUtils methods operating on KeymasterArguments and
KeymasterCharacteristics have been moved to their respective
classes.
Bug: 18088752
Change-Id: I9c8b984cb3c28184adb617e34d87f2837bd1d3a1
Imposing an order on Policy objects allows us to extend the
policy writers ability to union mac_permissions.xml files.
Policy developers can now create new mac_permissions.xml
entries under their device specific directories. This is
in contrast to current methods which only allow differing
stanzas to appear outside the base mac_permissions.xml.
Also, report on stanzas with duplicate input selectors and
treat these as errors. There are some ambiguities that can
arise otherwise.
Lastly, impose an XOR condition on signer stanzas w.r.t seinfo
and package tags. This finer distinction helps the union feature
of policy to become clearer and simpler to code.
Change-Id: Idd86df8ad9a63d1b8ba6e8270670814ca6cee8d2
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This change adds new method overloads to provide volume UUID. The
older methods remain for now, and pass through the "null" UUID to
reference internal storage.
Follows the existing pattern where null arguments are passed as "!".
Bug: 19993667
Change-Id: Ia1b7c8550cabc13e4f6e1182eabb650f2c33e44f
This doesn't alter the alignment of the data within the struct, but
enforces that this structure will be appropriately aligned when used.
The image_info struct has this struct preceded by a bool, which causes
odd alignment for the members of this struct.
Change-Id: Ia2ef5c81b2f961c0f61858a10a7821d82f600919
This is a follow-up to 70376a77280551791dae62586a6bb0c77ed9429a where
I forgot to update this mapping.
Bug: 18088752
Change-Id: I322a9abd642ddee3bd2b4f49379b121012e32836
-Wall and -Werror were lost during a merge when they were added to
aaptCFLAGS instead of aaptCFlags. Fix the typo, and the warnings
that crept in while it was disabled.
Change-Id: Ib944b8d6149278e4f3861c1acac277bcd95cc7c2
This adds MD5, SHA-1, SHA-224, SHA-384, and SHA-512. SHA-256 was
already there.
MD5 is not exposed for HMAC on purpose, because MD5 has been
deprecated for years.
Bug: 18088752
Change-Id: I4df3d3f6cf10805c7910a1bdb577a91c85055945
This makes IV-using Cipher implementations backed by AndroidKeyStore
refuse to be reused. After Cipher.doFinal completes, invoking update
or doFinal will raise an exception. This is to make it harder to
violate the security best practice of not reusing IV in encryption
mode.
Bug: 18088752
Change-Id: I5102f9e8b2ff428254294703e48948ea8576603d
The original logic lets windows be able to freeze screen again (by
setting win.mOrientationChanging=true) after WINDOW_FREEZE_TIMEOUT is
triggered before mInnerFields.mOrientationChangeComplete is set to
true. In this case, we would lose the protection of
WINDOW_FREEZE_TIMEOUT. If the app never finishes drawing the window,
the screen would keep freezing that the user cannot operate the
device.
Change-Id: I45a0a9e4b3f8d5b0b0043229bfa4890236ae8ab2
crash info
Symptom:
This issue happens because the ANR process got killed
(because it crashed) before the ANR dialog dismissed.
In that case, the process record is marked as crashed
(ProcessRecord.crashing = true). When the ANR dialog
dismissed by user, it will cause NullPointerException
when writeToParcel while performing IPC because there
is no crash info (ApplicationErrorReport.crashInfo = null)
Solution:
Check crashinfo before access it
Change-Id: I2995de57684c1e13aab8297f5eea1e82ca3b7ad8
Symptom:
In some scenario, the mPausingActivity may be replaced by other
activity. When previous activity paused, the completePausedLocked()
won't be invoked because it is no longer the mPausingActivity. If
the activity is also pending to finish, it would never be done
because the activity kept in PAUSING state. Since the activity's
window also remain visible and is above on Wallpaper, user would
see it when back to home.
Solution:
Finish the failed-to-pause activity if the activity is pending to
finish.
A Real Case:
(1) Screen turn off
(2) The top activity T1 crashed
(3) When finish activity T1, the next top activity T2 will be
scheduled to resume and pause (due to screen off).
(4) The activity T2 is also set to finishing due to T1 crashed.
(5) Before T2 paused and before paused timeout occurs, there has
a new process started which brings up the next top activity T3
to resume and pause. So the pausing activity is now replaced.
(6) When activity T2 paused, it cannot completed the pause operation
T2 will remain in PAUSING and finishing state with its window
visible. The process won't be killed because the oomadj stays
at 1 (Visible).
Change-Id: Ib10fded891b21c774b26a93071c717fa50516e22
GCM mode is not yet implemented. This is just adding a constant to
KeyStoreKeyConstraints.BlockMode.
Bug: 18088752
Change-Id: Ibba5b393f56ab9f6bb96d994f110687ab8d65ff3
