Age | Commit message (Collapse) | Author |
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2070154
Change-Id: I9771a37c62bca0710c959335dc7c6df95bf93f43
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2060247
Change-Id: I385c2e76fec523bda61cb08e3f6c2fa36bed69b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
This additional test finishes up coverage of the API changes around
retry on rkp-only devices by ensuring unregistered devices correctly
recognize the response from the RKP backend and do not retry.
Bug: 227306369
Test: RemoteProvisionerUnitTests
Change-Id: I6097c9c96a7aa9b4c5ef2ce5c2655aad42d7137d
|
|
This change reworks the internals of the RemoteProvisioner APK in order
to do a better job of propagating error information from deeper within
the call stack up to the entry points. This is primarily to convey error
information to callers of GenerateRkpKeyService, to allow them to
differentiate whether or not a failure is permanent or transient.
Add unit tests to verify proper error handling and retry detection.
Bug: 227306369
Test: atest RemoteProvisionerUnitTests
Change-Id: If44d9c5b46b2dfce65c31f3cbd372cc754e1dfbe
|
|
tm-qpr1-release
Change-Id: I350a53b4ede781c8c7a9f284c20698103383de2c
|
|
Change-Id: Ic059879df09a7141d21fe16c247958f2004353bd
|
|
20a798509c am: ac5694043e am: e94aed0956
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2064809
Change-Id: Ic780396dafcefd1917296d4204c6e75588eadb96
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
20a798509c am: ac5694043e
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2064809
Change-Id: I422b6d0421ab4cb8f47c1a525f07c43f2a4f2b73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
20a798509c
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2064809
Change-Id: I1ff24c6321125f7eb2b3d9469a22a95733204a2e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2064809
Change-Id: Ie8a0cb0ba937b2900600b5012259f43ba0483bdc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2064809
Change-Id: If24ed36d1c51fae8d525a5063839d63e2301cc89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Change-Id: I6dff4c1bd9bc56ac607ce76b77fca2dc18b61f41
Test: m RemoteProvisioner
|
|
tm-qpr1-release
Change-Id: I66a8d88e52992332255db1dee1dc42042b2044fc
|
|
Change-Id: Id7e74f8d2ee83767aad151e30e0c45d7d11f5cd3
|
|
monitoring." into sc-v2-dev am: 2baccaa5f4 -s ours am: 100534bf33 -s ours
am skip reason: Merged-In Idbd767202c30a24e3522ff431dec2d66d2ef631b with SHA-1 96b0cb6cfe is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/17415211
Change-Id: I94266f69ad22046f1e05efaaf6c6e193a53ce1f1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
"presubmit-am-b2aa8f33bcec4273b0ddcee37a71919c" into sc-v2-dev-plus-aosp am: 4c0d40e7df -s ours
am skip reason: Merged-In Idbd767202c30a24e3522ff431dec2d66d2ef631b with SHA-1 d5c4b82e1b is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/17415211
Change-Id: I6b84db735a59b28e26a2ca2563c8d6b53857ac59
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
monitoring. 2p: 96b0cb6cfe am: 570d384a5a -s ours
am skip reason: Merged-In Idbd767202c30a24e3522ff431dec2d66d2ef631b with SHA-1 d5c4b82e1b is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/17415211
Change-Id: I0ce6561adeef9425f67b7c550e00767ce354dd66
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
monitoring." into sc-v2-dev am: 2baccaa5f4 -s ours
am skip reason: Merged-In Idbd767202c30a24e3522ff431dec2d66d2ef631b with SHA-1 96b0cb6cfe is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/17415211
Change-Id: Ia6597bb36801699ad0dfe8312b6034931ca49543
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
into sc-v2-dev-plus-aosp
* changes:
[automerged blank] Improve practical performance of key monitoring. 2p: 96b0cb6cfe
Improve practical performance of key monitoring.
|
|
|
|
expiration pruning. 2p: e7d6002eb7 am: 126fcc2a3c -s ours
am skip reason: Merged-In Ie1d158ab7858aa2013b898e68a5c4a18b1ef4f98 with SHA-1 2c708c67a2 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/17412390
Change-Id: I7f1fdf1bb6e5e12e8ff61f3458bd46714d1d8df0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
96b0cb6cfe
Blank merge reason: Change-Id Idbd767202c30a24e3522ff431dec2d66d2ef631b with SHA-1 d5c4b82e1b is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/17415211
Bug: 223489842
Change-Id: I0a572b239769a587309c922169c39e2aae768a82
Merged-In: Idbd767202c30a24e3522ff431dec2d66d2ef631b
|
|
e7d6002eb7
Blank merge reason: Change-Id Ie1d158ab7858aa2013b898e68a5c4a18b1ef4f98 with SHA-1 2c708c67a2 is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/17412390
Bug: 220065678
Change-Id: I114bdf9c8e4fb077755f696ac8f1d2bf261b5924
Merged-In: Ie1d158ab7858aa2013b898e68a5c4a18b1ef4f98
|
|
This change fixes:
1) The potential for there to be a period between when the pool is last
regularly checked and when the expired keys are cleaned out by making
GenerateRkpKeyService much more proactive about triggering the
reprovisioning process. It now bases the decision based on the same
logic as the JobSchedule'd code, instead of just trying to act as an
absolute last chance stopgap.
2) Unnecessarily overeager provisioning. The code will now allow the
number of unassigned keys to drop below the "ideal" amount set by the
server and avoid reprovisioning until a minimum remaining threshold
is crossed. That threshold is currently set to 25% of the ideal
amount. E.g. a system that is instructed to keep 20 extra attestation
keys available for assignment won't trigger reprovisioning to top up
the key pool unless fewer than 5 remain. This does not change the
behavior when keys are expiring.
This change also refactors the code a bit to follow DRY, while also
increasing the testability of the logic that determines if provisioning
is needed.
Bug: 223489842
Test: atest RemoteProvisionerUnitTests
Change-Id: Idbd767202c30a24e3522ff431dec2d66d2ef631b
Merged-In: Idbd767202c30a24e3522ff431dec2d66d2ef631b
|
|
The expired certificate pruning is more aggressive now, both pruning on
access to attestation keys and with a significant look ahead buffer of
twenty seconds to make sure the attestation certs are still valid when
they hit a relying party's servers.
Bug: 220065678
Test: atest RemoteProvisionerUnitTests
Change-Id: Ie1d158ab7858aa2013b898e68a5c4a18b1ef4f98
Merged-In: Ie1d158ab7858aa2013b898e68a5c4a18b1ef4f98
|
|
Change-Id: I1b72ab787a5a0659cc58904701ca91073d79c0f2
|
|
8d06ee9e10 am: 8786651d0c
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2016384
Change-Id: Ieeb1969d095ae4589355444a18f3376f3b8042a3
|
|
8d06ee9e10
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2016384
Change-Id: Ie3321b2d850e5d2620df44da498c033327075dda
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/2016384
Change-Id: I201829b95345c766c1c18eeec3886477b18f79a4
|
|
|
|
This change fixes:
1) The potential for there to be a period between when the pool is last
regularly checked and when the expired keys are cleaned out by making
GenerateRkpKeyService much more proactive about triggering the
reprovisioning process. It now bases the decision based on the same
logic as the JobSchedule'd code, instead of just trying to act as an
absolute last chance stopgap.
2) Unnecessarily overeager provisioning. The code will now allow the
number of unassigned keys to drop below the "ideal" amount set by the
server and avoid reprovisioning until a minimum remaining threshold
is crossed. That threshold is currently set to 25% of the ideal
amount. E.g. a system that is instructed to keep 20 extra attestation
keys available for assignment won't trigger reprovisioning to top up
the key pool unless fewer than 5 remain. This does not change the
behavior when keys are expiring.
This change also refactors the code a bit to follow DRY, while also
increasing the testability of the logic that determines if provisioning
is needed.
Bug: 223489842
Test: atest RemoteProvisionerUnitTests
Change-Id: Idbd767202c30a24e3522ff431dec2d66d2ef631b
|
|
Change-Id: I91ce2b66764aecc8d1b23e6673c56e9317108e11
|
|
ff9e6f3751 am: 0351446add
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1989054
Change-Id: I43747905963aba53529b340258df006fa7f335e7
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1989054
Change-Id: I0831c611933781273e1c4c4996d39f6294da4b3f
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1989054
Change-Id: I4da448dc73e1d19e799d43a2eb874553f3605e77
|
|
The expired certificate pruning is more aggressive now, both pruning on
access to attestation keys and with a significant look ahead buffer of
twenty seconds to make sure the attestation certs are still valid when
they hit a relying party's servers.
Bug: 220065678
Test: atest RemoteProvisionerUnitTests
Change-Id: Ie1d158ab7858aa2013b898e68a5c4a18b1ef4f98
|
|
Change-Id: I93218e5c7c2be2f918d8a1ef282a359a647c8688
|
|
sc-v2-dev-plus-aosp-without-vendor@8084891 am: 0391397888 -s ours am: e7842cfb3b -s ours
am skip reason: Merged-In If87f3b5438697b5a5eaa52cda71d6960176a9e91 with SHA-1 c8a7ae45dc is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/16843721
Change-Id: I947e2d373e06f336d982024d57799d1da4bf917a
|
|
sc-v2-dev-plus-aosp-without-vendor@8084891 am: 0391397888 -s ours
am skip reason: Merged-In If87f3b5438697b5a5eaa52cda71d6960176a9e91 with SHA-1 c8a7ae45dc is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/16843721
Change-Id: I07b15369e8d4731e395e2d27d0dcd0c537f3e482
|
|
Bug: 214455710
Merged-In: If87f3b5438697b5a5eaa52cda71d6960176a9e91
Change-Id: Icbe663361e2fb4a2d0faab0e558e7591c68f5885
|
|
Change-Id: I44ee4dabbaebd2a7b07cb619975bd17f2e7fcbb4
|
|
ad3096f97c am: d1775071c1 am: 2f18188660
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1960035
Change-Id: Iafc3d5e1135278c56139ee47f104a708c9406a84
|
|
ad3096f97c am: d1775071c1
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1960035
Change-Id: Ia634af1cf955ae5eaef52a654d327f1e91ed3aa1
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1960035
Change-Id: I6cb7f83dd6f0079c3506e65eb643230f90d82ad9
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1960035
Change-Id: Ifceb021a5e246bbb6378f35f7326fc8b1cfa470e
|
|
This change fixes a bug in which multiple instances of the
PeriodicProvisioner Task could be scheduled, due to the enqueue method
on boot not specifying a unique task. The task replacement policy is set
such that a new task will always run on boot and then replace the old
task in the scheduler.
Test: "adb shell dumpsys jobscheduler" and check for the job
Change-Id: I6e05d0057fa9be7cfea25a4cc3424ce90d7ddbaf
|
|
Change-Id: If6522bcf2ea47de4a7b65ecc29b0a7864d73a42b
|
|
1895e95a3b am: 75553e050e
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1927880
Change-Id: I4bb04344c9700afc39a96bf5c2b3cf524871184d
|
|
1895e95a3b
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1927880
Change-Id: Idd057d7b8c4c19a4c725bbb00a3e948adf998270
|
|
Original change: https://android-review.googlesource.com/c/platform/packages/apps/RemoteProvisioner/+/1927880
Change-Id: I9f91c76302cd3bb9bfab5f8031b1186398614e77
|