This adds a new public API for attesting the device's hardware ids
(e.g. serial number and IMEI).
Bug: 34597337
Test: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest
Change-Id: I2e9c1b4f8eb24afa4a09c71c137ce33a6b87eb27
In N, passing a null context to getPrivateKey provoked a
NullPointerException, which is validated by a CTS test. In commit
28d68b1 this behavior was changed (inadvertently, I believe) causing
getPrivateKey to wrap the NPE in a KeyChainException. This CL restores
the previous behavior, fixing the test and avoiding breaking any apps
that were catching the NPE.
Test: Fixing broken test
Change-Id: Icb0c75b03efc478b7310998cf3e7108a2c419107
To protect system stability, any Binder calls leaving the
system_server must carefully be performed using FLAG_ONEWAY (or
the 'oneway' verb in AIDL) which prevents the call from blocking
indefinitely on the remote process.
In this CL, the system_server uses the new Binder.setWarnOnBlocking()
method to enable detection by default for all remote Binder
interfaces. It can also use Binder.allowBlocking() to allow
blocking calls on certain remote interfaces that have been
determined to be safe.
This CL adds the 'oneway' verb to several interfaces and methods
where it should have been added, and marks a handful of system
ContentProviders as being safe to call into. Also, we assume that
any services obtained from ServiceManager are part of the core
OS, and are okay to make blocking calls to.
Test: builds, boots, runs with minimal logs triggered
Bug: 32715088
Change-Id: Ide476e120cb40436a94b7faf7615c943d691f4c0
This is necessary for allowing the KeyStore to lock keys that remain
authorized as long as the device is on-body.
Bug 28911985
Change-Id: If50bc84d5a1cb23f9b01b1950c3676d1519cc4f5
It's better to use an Application Context rather than hoping the
activity won't be destroyed in another thread (because it will).
Change-Id: I9bf842d0d7dbedcc509a4a314d23a9a6cfca4d48
Fix: 29873669
This leaves the binder connection open for far too long, which keeps
the keychain app alive longer than necessary.
Bug: 29873669
Change-Id: I037c2b91400202ba6a474819867df16b6342ec0d
ACTION_STORAGE_CHANGED is too noisy and fires on too many events. It has
been split into ACTION_KEYCHAIN_CHANGED for
addition/modification/removal of user certificates and keys,
ACTION_TRUST_STORE_CHANGED for changes the the user added and system CA
stores on the device and ACTION_KEY_ACCESS_CHANGED for changes to key
grants.
ACTION_STORAGE_CHANGED will only be sent to applications targeting N
and below. Applications targeting future releases should use the new
broadcasts.
Bug:28450538
Change-Id: I34ff838e9858db65f7308ca2b0f7d652c48fae17
If any /data/system_[c|d]e folders were not erased
when the user was removed (maybe due to a reboot),
make sure they're cleaned up on restart as well
as when the userId is recycled later.
Mark the users' system folders with the correct
serial number for later verification.
AccountManager shouldn't be querying accounts of
partially created/destroyed users.
Change-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb
Fixes: 29285673
Architectural changes from the Wear team have required changes to the
semantics of the Keystore on-body feature. Although no devices will
actually implement this feature until the release of new Wear devices
with the necessary sensors, we need to get the API documentation right
now.
Bug: 29369151
Change-Id: I857e00928f994a1337313123eae7e00534c53c3c
This undoes the automerger skip which occured in
commit e740c84dc32180214a7fd157105d6c18d30408ee and
replays it as a standard (NOT -s ours) merge.
Change-Id: If5a47be26f73d6a0735c425cd66310a3e2a89086
When installing a keypair the caller will have the option to specify a
certificate chain which will later be returned to whoever requests access
to the keypair via KeyChain.
Bug: 18239590
Change-Id: Id21ef026e31537db38d891cb9b712dd4fe7159c7
The Standard Names documentation says that "ECDSA" should not be used
due to its ambiguity. Bouncycastle has switched from "ECDSA" to
"SHA1withECDSA" so therefore we should switch this "workaround" Provider
to use the same name to keep it functioning correctly.
(cherry picked from commit 8a6c191094b3d1f74dbb71a7f262496377596ba8)
Bug: 27753949
Change-Id: I5acfca9d89c85bf005902a2f06cb5d7b1ef9dff2
If keychain is removed from a device, there will be no sensible
resolution and client apps will bind to whatever is available.
Doesn't affect system apps which are forcibly prevented from wildcard
binding.
Bug: 27475655
Change-Id: Ide1aab3778e12f0b9a96662deb297a76d2f4997f
Was: result = True iff nDeleted != 0
Now: result = True iff nDeleted == nExisted
The most common reason you'd want to delete all credentials under an
alias is to be sure they no longer exist. The new contract gives a
way to do this without multiple IPCs to the same service.
Bug: 27335182
Change-Id: I8762b9b4fcc48037387dd805dbd0dbbe141d5b24
The body of {@code} must not be HTML escaped. This is one of
several changes that fix the source in conjunction with a
doclava fix.
Bug: 25757239
(cherry-picked from commit 71fbb81b14958b80fe55738607740c6630e4e9da)
Change-Id: I19dafddc6501be6fee362c396ac5bbdc934ae39d
According to documentation:
Returns the {@code PrivateKey} for the requested alias, or null if
there is no result.
@throws KeyChainException if the alias was valid but there was some
problem accessing it.
@throws IllegalStateException if called from the main thread.
In this case the alias doesn't exist or isn't visible to the caller so
they should get null back instead of KeyChainException.
Change-Id: Ied5603ac6aefbcef79050f24c2aa7ee8f386be0b
The keypair is specified by alias and removed via a call to the
KeyChainService, which will have installed the pair in the first place.
Bug: 22541933
Change-Id: I37317e7c22e89816156e6e9a7abf4c5a59e8440a
The body of {@code} must not be HTML escaped. This is one of
several changes that fix the source in conjunction with a
doclava fix.
Bug: 25757239
Change-Id: Ib38a0fa2dd2a3d68e467f78a812071e763d7e881
This makes Android Keystore's Cipher implementation use a custom
implementation of engineUpdate(ByteBuffer, ByteBuffer) and
engineDoFinal(ByteBuffer, ByteBuffer). The implementation is
explicitly designed around the fact that Android Keystore transmits
input and receives output via Binder and thus there's no need to
attempt any optimizations to avoid copying input and output.
Bug: 25863382
Change-Id: I311072891f02f5e7a283628b51b8d6058b55231c
