Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
Merged-In: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
Platform VPN profiles keyed by apps must use a different key prefix to
prevent the Settings app from seeing them (and thus exposing potentially
sensitive credential information). Thus, the profiles will be
partitioned as follows:
Custom (Settings-app) based profiles continues using VPN_* prefix
App provisioned profiles will use the new PLATFORM_VPN_* prefix
Bug: 144245359
Test: Compiles, FrameworksNetTests passing
Change-Id: If8762e468c6cbbeb80738f14b066ebbad5cc665f
Only send updates when a configurable threshold is met.
For some scenarios this results in a significant performance
improvement. Specifically sign operations should be 10-40% faster.
Bug: 139891753
Test: atest CtsKeystoreTestCases
Change-Id: I233679d4f8582eeaaa6f21e3102cce08110f0482
This additional input will be unused for now, but future changes are
expected to utilize it.
Test: Keystore CTS Tests
Change-Id: I5c388032e3710e3825bdb06b26443a5ae2c034a3
In order to keep conformity across the ecosystem, keystore will enforce
that HMAC key sizes coming in through the framework must be limited to
the range of 64-512 bits, inclusive. This will be the case for both TEE
and StrongBox Keymaster implementations.
Bug: 143404829
Test: atest CtsKeystoreTestCases
Change-Id: I2ea867392060f4478b5a01bd747a4345e1fded4c
This api call is not accessible from the java API and is intended to be
deprecated. This CL cleans up the potential to directly call into binder
and use this functionality.
Also cleans up imports to appease the repo hooks
Test: Android builds
Change-Id: I95b27a001a6d6ba6c7d1f952bdda456a78b7f99c
There's a long-standing bug (since ~Marshmallow) that causes
AndroidKeyStore to truncate large (>64 KiB) blocks of data. This can
be avoided by callers by processing data in smaller chunks, and
smaller chunks are more memory-efficient while not being much (if any)
more time-efficient. But, Keystore should handle large blocks
correctly. This CL adds a test to all block cipher tests that
attempts to encrypt and then decrypt a 100 KiB block.
Bug: 123391046
Test: CtsKeystoreTestCases
Change-Id: I0c0286fd5360d4fe62cbd8130aa0c17f97318801
Since keystore accepts asynchronous requests it may be that apps wait
forever if keystore dies. This patch adds a death recipient to all
keystore promises so that Keystore.java gets notified when keystore
dies.
Test: atest android.keystore.cts
Bug: 111443219
Bug: 128991260
Change-Id: Ie6e4a4f371287f83a2cdf4069d5686c67d8aebc1
Files failing automerge from AOSP.
See build/soong/README.md for more information.
Bug: 122332340
Test: treehugger
Change-Id: I92f7584aeaf502336f67e04fbc22634784c9305d
This is useful when the caught exceptions are not informative and they
act as a red herring in the adb logs.
Bug:109791294
Test: call this method in the VpnSettings and manually navigate to
adding a new VPN by searching for VPN in settings and then pressing '+'.
Change-Id: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
Merged-In: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
If a certificate is self signed, then currently KeyStore will still
attempt to find the CA certificate. When it obviously fails to find it,
a key not found exception is propagated up and thrown. This CL
suppresses that exception, as it seems to exclusively be thrown in this
condition, which is WAI. Having the stack trace show up can be very
misleading to developers.
Test: atest cts/tests/tests/keystore/src/android/keystore/cts
Change-Id: I192f54d3d8355c183e830ab09314932e8800f7ed
Mark the c'tor parameters as nullable to comply with Exception's
behaviour.
Bug: 126702366
Test: That it compiles
Change-Id: I96a7c03cb79e7180872de02bee143b67f7a408ec
If they were null, then the Parcelable would fail to work.
Bug: 126726802
Test: manual
Change-Id: I7929ffa2f20e5de1c8e68e8263cca99496e9d014
Exempt-From-Owner-Approval: Trivial API annotations
For packages:
android.security
android.service.dreams
android.service.euicc
android.service.vr
android.service.wallpaper
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Merged-In: I1c8ae08f8d3b4b2f5bf365468f22155f8def09fe
Change-Id: I09850a52193a28b0f884cfa01b564c29d25d41ed
For packages:
android.security
android-service.dreams
android.service.euicc
android.service.vr
android.service.wallpaper
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I1c8ae08f8d3b4b2f5bf365468f22155f8def09fe
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
Merged-In: I878a628824e2eeb639ec5678b1a5d3d10428a918
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
Previously the framework would accept any key size that was a multiple
of 8 for the KeyGenerator.
Bug: 117509689
Bug: 122274787
Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java
Change-Id: I60b52f6062a41ae52486bae0ae36616f4b532b37
Improve the documentation on the case of key override: When a new key is
generated/installed using an alias that already exists.
In particular, clarify that grants are lost and that a new call to
KeyChain.choosePrivateKeyAlias must be issued in this case.
Bug: 123563258
Test: that it builds.
Change-Id: I055e95f57b9576883736ca0cfa6a998dec08a6c2
Add the Android Enterprise Security team as OWNERS for KeyChain and
KeyChain-related code.
The KeyChain code currently lives under keystore/, which means every
change requires Keystore owners approval, but it does not make sense for
KeyChain as KeyChain is a Keystore client and is developed
independently.
Test: Gerritt upload.
Bug: 33166666
Change-Id: Idfedda9553add303439179ce10a1e75e437bbe83
Remove methods from the Credentials class that are no longer used,
now that KeyChain no longer depends on the presence of a screen lock.
Bug: 120901345
Test: That it builds, manually with CtsVerifier
Change-Id: I37ad617f076a9ea9b5a5c789cd1da77110ad7b3b
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: Ia937d8c41512e7f1b6e7f67b9104c1878b5cc3a0
Merged-In: I020a9c09672ebcae64c5357abc4993e07e744687
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: I020a9c09672ebcae64c5357abc4993e07e744687
engineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call
into the backing Keymaster implementation until generate is called on it
to actually create the key. If a disallowed spec for StrongBox is passed
in, the backing StrongBox implementation won't be able to revoke it
until engineGenerateKey() is called, which will create different
behaviors between TEE backed implementations (which support a wider
range of algorithm spec parameters) and StrongBox implementations from a
public API perspective. This change will make sure HMAC is the same for
StrongBox.
This is also being done for EC keys in
AndroidKeyStoreKeyPairGeneratorSpi.java
Bug: 113525261
Bug: 114487149
Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java
Test: atest
cts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
Change-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186
Why?: 1) Returning an array list is unsafe because it must be allocated in Java and C++ must not change the size. 2) List<Integer> is not supported by AIDL, but List<String> is. I decided it was simpler to pass back integers encoded as strings than to create yet another parcelable.
Bug: b/119616956
Test: ./list_auth_bound_keys_test.sh
Test: Temporarily modified settings app to call listUidsOfAuthBoundKeys
Change-Id: I3bf7578c96e800c8d35fba897f52220136dcd657