drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_frameworks_base/keystore/tests/AndroidManifest.xml
Eran Messeri 852c8f121f DevicePolicyManager: Add key generation functionality. 
This is the crux of the Verified Access feature implementation:
Adding the ability to generate KeyChain keys directly by the
secure hardware, rather than installing software-generated keys
into KeyChain.

Add generateKeyPair to the DevicePolicyManager, which delegates key
generation (via the DevicePolicyManagerService) to the KeyChainService.

Design highlights:
* The key generation is delegated via the DevicePolicyManagerService to
  check that only authorized callers request key generation in KeyChain.
* KeyChainService performs the actual key generation so it owns the key
  in Keystore outright.
* DevicePolicyManagerService then grants the calling app access to the
  Keystore key, so it can actually be used.
* Loading the public/private key pair, as well as attestation
  certificate chain, is done in the client code (DevicePolicyManager)
  to save parceling / unparceling those objects across process
  boundaries twice (for no good reason).

NOTE: The key attestation functionality (that includes Device ID) is
missing/untested. Will be added in a follow-up CL as this one is quite
big already.

HIGHLIGHT FOR REVIEWERS:
* API: New API in DevicePolicyManager.

Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG; adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner' (After building the KeystoreTests target and installing the apk)
Change-Id: I73762c9123f32a94d454ba4f8b533883b55c44cc
2017-12-07 15:12:30 +00:00

29 lines
1.1 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (C) 2017 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="android.security.tests">
<application>
<uses-library android:name="android.test.runner" />
</application>
<instrumentation android:name="android.support.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.tests"
android:label="Tests for Keystore">
</instrumentation>
</manifest>
Reference in New Issue View Git Blame Copy Permalink