688 Commits

Author SHA1 Message Date
Eran Messeri
d78a3539d0 Merge "Remove Irina from OWNERS" 2020-03-12 10:45:05 +00:00
Artur Satayev
7651f0a4c0 Use new UnsupportedAppUsage annotation.
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.

Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
Merged-In: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
2020-01-09 15:13:52 +00:00
Rob Barnes
c13f012cc5 Merge "Make KeyStoreCryptoOperationChunkedStreamer lazy." 2020-01-06 15:33:06 +00:00
Benedict Wong
048e248537 Add new Credential prefix for platform VPNs
Platform VPN profiles keyed by apps must use a different key prefix to
prevent the Settings app from seeing them (and thus exposing potentially
sensitive credential information). Thus, the profiles will be
partitioned as follows:

Custom (Settings-app) based profiles continues using VPN_* prefix
App provisioned profiles will use the new PLATFORM_VPN_* prefix

Bug: 144245359
Test: Compiles, FrameworksNetTests passing
Change-Id: If8762e468c6cbbeb80738f14b066ebbad5cc665f
2019-12-17 06:02:51 +00:00
Rob Barnes
73ea6195ac Make KeyStoreCryptoOperationChunkedStreamer lazy.
Only send updates when a configurable threshold is met.
For some scenarios this results in a significant performance
improvement. Specifically sign operations should be 10-40% faster.

Bug: 139891753
Test: atest CtsKeystoreTestCases
Change-Id: I233679d4f8582eeaaa6f21e3102cce08110f0482
2019-12-04 11:38:13 -07:00
Eran Messeri
6f278b97ae Remove Irina from OWNERS
Bug: 145120931
Test: None
Change-Id: Ifcee9021d3c4cd0464123cd3b0fd6f0e19df6baa
2019-11-26 09:27:06 +00:00
Treehugger Robot
9eb7fcfba6 Merge "Removing binder access to deprecated KeyStore function reset" 2019-11-20 01:40:28 +00:00
Treehugger Robot
1cf90f78f1 Merge "Updating accepted HMAC key sizes" 2019-11-19 23:59:32 +00:00
Rob Barnes
92743aeb44 Allow for input_data on finish.
This additional input will be unused for now, but future changes are
expected to utilize it.

Test: Keystore CTS Tests
Change-Id: I5c388032e3710e3825bdb06b26443a5ae2c034a3
2019-11-14 16:19:20 -07:00
Artur Satayev
5a525851a8 Add @UnsupportedAppUsage to test apis that are known to be used by apps.
go/testapi-enforcement

Bug: 133832325
Test: m
Change-Id: Ifc8db120640a1554dcbf1722e61e09c7ddc65dd6
Merged-In: Ifc8db120640a1554dcbf1722e61e09c7ddc65dd6
2019-11-13 15:05:56 +00:00
Max Bires
ca0d4d8f42 Updating accepted HMAC key sizes
In order to keep conformity across the ecosystem, keystore will enforce
that HMAC key sizes coming in through the framework must be limited to
the range of 64-512 bits, inclusive. This will be the case for both TEE
and StrongBox Keymaster implementations.

Bug: 143404829
Test: atest CtsKeystoreTestCases
Change-Id: I2ea867392060f4478b5a01bd747a4345e1fded4c
2019-11-12 13:42:58 -08:00
Max Bires
b8ae22895c Removing binder access to deprecated KeyStore function reset
This api call is not accessible from the java API and is intended to be
deprecated. This CL cleans up the potential to directly call into binder
and use this functionality.

Also cleans up imports to appease the repo hooks

Test: Android builds
Change-Id: I95b27a001a6d6ba6c7d1f952bdda456a78b7f99c
2019-11-11 17:43:50 -08:00
Shawn Willden
d8283a81f3 Fix encryption/decryption of large blocks.
There's a long-standing bug (since ~Marshmallow) that causes
AndroidKeyStore to truncate large (>64 KiB) blocks of data.  This can
be avoided by callers by processing data in smaller chunks, and
smaller chunks are more memory-efficient while not being much (if any)
more time-efficient.  But, Keystore should handle large blocks
correctly.  This CL adds a test to all block cipher tests that
attempts to encrypt and then decrypt a 100 KiB block.

Bug: 123391046
Test:  CtsKeystoreTestCases
Change-Id: I0c0286fd5360d4fe62cbd8130aa0c17f97318801
2019-05-24 09:39:50 -06:00
Kevin Chyn
5e052537b7 Merge "Check PackageManager for feature before getting system service" into qt-dev 2019-04-20 02:26:16 +00:00
Kevin Chyn
1e50792d72 Check PackageManager for feature before getting system service
Fixes: 130756217

Test: See comment #3 in the bug above
Change-Id: I0008f2b2958c9ac0df4e1f8ce4f5edcd9aac4292
2019-04-18 13:39:09 -07:00
Janis Danisevskis
f924b7e25d Fix refactoring glitch in KeyStore.java
Bug: 129974578
Test: atest android.keystore.cts
Change-Id: I3ba732e15e522bd31e7eb813677d3ea884328cb6
2019-04-17 14:10:28 -07:00
Kevin Chyn
9374c9f839 Update documentation for fingerprint -> biometric
Fixes: 129909360

Test: Builds
Change-Id: I8e419e4c2b5ca2c1f0fc9d988100ceb41f193a42
2019-04-05 00:49:59 +00:00
Janis Danisevskis
eff37cca16 Merge "Keystore.java: Make apps tolerant to keystore crashes" 2019-04-02 16:13:15 +00:00
Janis Danisevskis
c9277ffd42 Keystore.java: Make apps tolerant to keystore crashes
Since keystore accepts asynchronous requests it may be that apps wait
forever if keystore dies. This patch adds a death recipient to all
keystore promises so that Keystore.java gets notified when keystore
dies.

Test: atest android.keystore.cts
Bug: 111443219
Bug: 128991260
Change-Id: Ie6e4a4f371287f83a2cdf4069d5686c67d8aebc1
2019-04-02 16:13:01 +00:00
Sasha Smundak
b61bab6a58 Convert Android.mk file to Android.bp
Files failing automerge from AOSP.
See build/soong/README.md for more information.

Bug: 122332340
Test: treehugger
Change-Id: I92f7584aeaf502336f67e04fbc22634784c9305d
2019-03-26 15:18:41 -07:00
Max Bires
f5276800d8 Merge "Fixing engineGetCertificateChain exception" am: 09e3d8c3eb am: 53187655d0
am: efb8468705

Change-Id: I8157345ed59352152c5035467f94836c0c4f216e
2019-03-18 20:45:55 -07:00
Treehugger Robot
09e3d8c3eb Merge "Fixing engineGetCertificateChain exception" 2019-03-19 03:02:31 +00:00
Treehugger Robot
f070b51670 Merge "Add Keystore get option that supresses caught exceptions warnings." 2019-03-08 21:58:46 +00:00
Max Bires
18e0781d3d Merge "Adding KEY_PERMANENTLY_INVALIDATED int" 2019-03-08 17:53:05 +00:00
Irina Dumitrescu
203bd1b113 Add Keystore get option that supresses caught exceptions warnings.
This is useful when the caught exceptions are not informative and they
act as a red herring in the adb logs.

Bug:109791294
Test: call this method in the VpnSettings and manually navigate to
adding a new VPN by searching for VPN in settings and then pressing '+'.

Change-Id: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
Merged-In: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
2019-03-07 20:42:22 +00:00
Max Bires
beae8c67dc Fixing engineGetCertificateChain exception
If a certificate is self signed, then currently KeyStore will still
attempt to find the CA certificate. When it obviously fails to find it,
a key not found exception is propagated up and thrown. This CL
suppresses that exception, as it seems to exclusively be thrown in this
condition, which is WAI. Having the stack trace show up can be very
misleading to developers.

Test: atest cts/tests/tests/keystore/src/android/keystore/cts
Change-Id: I192f54d3d8355c183e830ab09314932e8800f7ed
2019-03-07 18:19:29 +00:00
Eran Messeri
842d883f05 Device ID Attestation: Fix API review
Mark the c'tor parameters as nullable to comply with Exception's
behaviour.

Bug: 126702366
Test: That it compiles
Change-Id: I96a7c03cb79e7180872de02bee143b67f7a408ec
2019-03-05 22:34:29 +00:00
Brett Chabot
502ec7ae4b Migrate remainder of frameworks/base to androidx.test
See go/jetpack-test-android-migration

Exempt-From-Owner-Approval: automated package name refactoring

Test: m  m -j BroadcastRadioTests KeystoreTests mediaframeworktest ActivityManagerPerfTests AppLaunch AppLaunchWear BackgroundDexOptServiceIntegrationTests AppCompatibilityTest DynamicCodeLoggerIntegrationTests FlickerLibTest InternalTests PackageWatchdogTest RcsTests RollbackTestAppAv1 RollbackTestAppAv2 RollbackTestAppACrashingV2 RollbackTestAppBv1 RollbackTestAppBv2 RollbackTestAppASplitV1 RollbackTestAppASplitV2 RollbackTest ServiceCrashTest UsageStatsPerfTests UsbTests WindowAnimationJank
Change-Id: I32fe3297656eec6060da6c7e24582bcd5315fb16
2019-03-02 00:35:17 +00:00
Jeff Sharkey
9e8f83db6d All Parcelable CREATOR fields are @NonNull.
If they were null, then the Parcelable would fail to work.

Bug: 126726802
Test: manual
Change-Id: I7929ffa2f20e5de1c8e68e8263cca99496e9d014
Exempt-From-Owner-Approval: Trivial API annotations
2019-02-28 23:29:04 -07:00
Andrei Onea
ffeefd3cd3 Add @UnsupportedAppUsage annotations
For packages:
  android.security
  android.service.dreams
  android.service.euicc
  android.service.vr
  android.service.wallpaper

This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.

Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@

Bug: 110868826
Test: m
Merged-In: I1c8ae08f8d3b4b2f5bf365468f22155f8def09fe
Change-Id: I09850a52193a28b0f884cfa01b564c29d25d41ed
2019-02-28 13:46:06 +00:00
Andrei Onea
4aa2a2015b Add @UnsupportedAppUsage annotations
For packages:
  android.security
  android-service.dreams
  android.service.euicc
  android.service.vr
  android.service.wallpaper

This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.

Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@

Bug: 110868826
Test: m
Change-Id: I1c8ae08f8d3b4b2f5bf365468f22155f8def09fe
2019-02-27 16:28:07 +00:00
Max Bires
6b850fb4ef Merge "Adding KEY_PERMANENTLY_INVALIDATED int" 2019-02-20 17:21:22 +00:00
Max Bires
b2cc3dc227 Adding KEY_PERMANENTLY_INVALIDATED int
This is to keep it in sync with response codes in keystore.h.

This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.

Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
Merged-In: I878a628824e2eeb639ec5678b1a5d3d10428a918
2019-02-18 21:11:48 +00:00
Max Bires
13f98ce5aa Adding KEY_PERMANENTLY_INVALIDATED int
This is to keep it in sync with response codes in keystore.h.

This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.

Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
2019-02-18 20:45:46 +00:00
Max Bires
68a6071f71 Merge "Adding framework check for 3DES key size" am: a24d025212 am: a68009941a
am: 67046659a4

Change-Id: Ibe2259a6eec6115c3bbabfd387e585ec39389a0b
2019-02-15 13:55:45 -08:00
Treehugger Robot
a24d025212 Merge "Adding framework check for 3DES key size" 2019-02-15 21:12:29 +00:00
Max Bires
20fa0e7c2e Adding framework check for 3DES key size
Previously the framework would accept any key size that was a multiple
of 8 for the KeyGenerator.

Bug: 117509689
Bug: 122274787
Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java
Change-Id: I60b52f6062a41ae52486bae0ae36616f4b532b37
2019-02-13 15:10:29 -08:00
Eran Messeri
55b8d082ba KeyChain: Improve key override documentation.
Improve the documentation on the case of key override: When a new key is
generated/installed using an alias that already exists.

In particular, clarify that grants are lost and that a new call to
KeyChain.choosePrivateKeyAlias must be issued in this case.

Bug: 123563258
Test: that it builds.
Change-Id: I055e95f57b9576883736ca0cfa6a998dec08a6c2
2019-02-07 23:45:44 +00:00
Eran Messeri
71864b4790 Merge "Add owners for KeyChain code" am: 0f9319ed1b am: d7fd57224d
am: 4cfb943d9b

Change-Id: I8d5ab0f2e7778c34fa0171f8b85276281ebbd6af
2019-02-01 05:23:03 -08:00
Eran Messeri
bf0728bca8 Add owners for KeyChain code
Add the Android Enterprise Security team as OWNERS for KeyChain and
KeyChain-related code.

The KeyChain code currently lives under keystore/, which means every
change requires Keystore owners approval, but it does not make sense for
KeyChain as KeyChain is a Keystore client and is developed
independently.

Test: Gerritt upload.
Bug: 33166666
Change-Id: Idfedda9553add303439179ce10a1e75e437bbe83
2019-01-31 11:48:40 +00:00
Eran Messeri
add9f028fc Further Credentials-related clean-up
Remove methods from the Credentials class that are no longer used,
now that KeyChain no longer depends on the presence of a screen lock.

Bug: 120901345
Test: That it builds, manually with CtsVerifier
Change-Id: I37ad617f076a9ea9b5a5c789cd1da77110ad7b3b
2019-01-24 15:50:11 +00:00
Mathew Inwood
55418eada5 Limit access to suspected false positives.
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.

Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.

For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.

Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.

Bug: 115609023
Test: m
Change-Id: Ia937d8c41512e7f1b6e7f67b9104c1878b5cc3a0
Merged-In: I020a9c09672ebcae64c5357abc4993e07e744687
2018-12-28 14:26:35 +00:00
Mathew Inwood
31755f94e1 Limit access to suspected false positives.
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.

Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.

For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.

Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.

Bug: 115609023
Test: m
Change-Id: I020a9c09672ebcae64c5357abc4993e07e744687
2018-12-28 11:50:04 +00:00
Max Bires
21ffe60b70 Merge "Adding check for HMAC/EC key size for StrongBox" am: ffee7d8ce0 am: f5992f894a
am: 717fca1d59

Change-Id: I15c12c940722bb6a810f86b039d9a3d2f0eadac4
2018-12-26 18:44:14 -08:00
Treehugger Robot
ffee7d8ce0 Merge "Adding check for HMAC/EC key size for StrongBox" 2018-12-27 01:58:05 +00:00
Rob Barnes
03e04e83db Merge "Changed uid output parameter from an int array to a list of strings." am: 7eae0132c1 am: 4718f665d4
am: 23ae50885f

Change-Id: Ieefd1262586a3fbcf13999193c1e058abf1e0a8e
2018-12-20 16:21:15 -08:00
Rob Barnes
7eae0132c1 Merge "Changed uid output parameter from an int array to a list of strings." 2018-12-20 23:33:25 +00:00
Max Bires
d255a2136f Adding check for HMAC/EC key size for StrongBox
engineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call
into the backing Keymaster implementation until generate is called on it
to actually create the key. If a disallowed spec for StrongBox is passed
in, the backing StrongBox implementation won't be able to revoke it
until engineGenerateKey() is called, which will create different
behaviors between TEE backed implementations (which support a wider
range of algorithm spec parameters) and StrongBox implementations from a
public API perspective. This change will make sure HMAC is the same for
StrongBox.

This is also being done for EC keys in
AndroidKeyStoreKeyPairGeneratorSpi.java

Bug: 113525261
Bug: 114487149
Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java
Test: atest
cts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
Change-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186
2018-12-19 14:35:55 -08:00
Rob Barnes
ebe2674dbc Changed uid output parameter from an int array to a list of strings.
Why?: 1) Returning an array list is unsafe because it must be allocated in Java and C++ must not change the size. 2) List<Integer> is not supported by AIDL, but List<String> is. I decided it was simpler to pass back integers encoded as strings than to create yet another parcelable.

Bug: b/119616956
Test: ./list_auth_bound_keys_test.sh
Test: Temporarily modified settings app to call listUidsOfAuthBoundKeys
Change-Id: I3bf7578c96e800c8d35fba897f52220136dcd657
2018-12-12 11:05:20 -07:00
Xin Li
15b123ef45 DO NOT MERGE - Merge pie-platform-release (PPRL.181205.001) into master
Bug: 120502534
Change-Id: Idc8bfb6d97a869b76cfb87ca1a494201baf9e8bd
2018-12-11 14:13:44 -08:00