summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-06-10Snap for 8708169 from ccce73d1e1d76f357d055b5e3500df64f30bc3c4 to ↵aml_go_ads_330915100aml_go_ads_330915000aml_go_ads_330913000android13-mainline-go-adservices-releaseAndroid Build Coastguard Worker
mainline-go-adservices-release Change-Id: I76eca636d416a4bac1b39b93753052c7bafff025
2022-06-06keystore2: transfer RootOfTrust from TEE to SBDavid Drysdale
Bug: 219076736 Test: manual, RoT between locally modified KeyMints Change-Id: Iad3f14afc9d853e91cc7f7810fd6e592b48cab2d Merged-In: Iad3f14afc9d853e91cc7f7810fd6e592b48cab2d Ignore-AOSP-First: manual cp from aosp/2031823
2022-06-03Snap for 8680211 from d337c7727196f42af70aa93ab84f7c8b48cd9486 to ↵Android Build Coastguard Worker
mainline-go-adservices-release Change-Id: I43dda378f94dfc7936a2e571f000ba069decb884
2022-05-27Unbind Attestation keys when freeing up namespace.Vikram Gaur
In https://android-review.googlesource.com/c/platform/system/security/+/1698833 we added a check only for client keys. However, this means that on application deletion only the keystore keys related to the application are unbound and the attestation keys get orphaned. Through this change, I am planning to unbind the attestation keys related to the application as well. Change-Id: I1c9d1ac6d6943cc53f5d74653e3da72cd4f2adf7 Merged-In: I1c9d1ac6d6943cc53f5d74653e3da72cd4f2adf7 Test: atest keystore2_test BUG: 232534682 Ignore-AOSP-First: Picking from AOSP
2022-05-24Merge "[Compos Telemetry] Fix current_artifacts_ok in the pushed atom" into ↵TreeHugger Robot
tm-dev
2022-05-24[Compos Telemetry] Fix current_artifacts_ok in the pushed atomShikha Panwar
In cases of no pending artifacts exist, current_artifacts_ok is not set in the pushed atom. Fix this by checking the returned value of checkArtifacts() Ignore-AOSP-First: Change is required for correct telemtry from Android T, I will backport this to aosp. Bug: 233740445 Test: build succeds Change-Id: I2d7ce37960c2c0f1adea15bde06d21947668b4a4
2022-05-21Snap for 8626064 from adf6692b3e024ba997730474b3db0068209a97a4 to ↵Android Build Coastguard Worker
mainline-go-adservices-release Change-Id: Ibb29ff84cacf6475f29c7a2d2216d56bff35a704
2022-05-12Log SecurityLevel with RkpErrorStats.Hasini Gunasinghe
Bug: 230750270 Test: Local testing with statsd TestDrive script Ignore-AOSP-First: This targets T and will be cherry-picked to AOSP later. Change-Id: I8490e31df4a111ff6787ea67dd8a170b410566df (cherry picked from commit d675e225a798b2e2388a8bd2f93c61caaa87e295)
2022-04-28Snap for 8505378 from 8c6abf187fd1b233a2774b9776640262d0cf54b5 to ↵Android Build Coastguard Worker
mainline-go-adservices-release Change-Id: Ia61ceb1b88252d2a91a25434eba111e38a4d6f25
2022-04-21Merge "Do not cache rkp_only property" am: 4c348bd49f am: fb4ccc3172 am: ↵Seth Moore
2fcd798bc9 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036 Change-Id: Ie43d58a109b751b1c84ae6fa0ead319488193422 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21Merge "Do not cache rkp_only property" am: 4c348bd49f am: fb4ccc3172Seth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036 Change-Id: I7f2d3bcfbc68df85fa2345d791cff4e5e599d24e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21Merge "Do not cache rkp_only property" am: 4c348bd49fSeth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036 Change-Id: I558b6fe40d513cbea5f4db80470ba386919a68ad Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21Merge "Do not cache rkp_only property"Seth Moore
2022-04-20Do not cache rkp_only propertySeth Moore
To allow for testing, read the rkp_only properties every time instead of caching the value. This allows the RemoteProvisioner tests to alter the property, moving the device in and out of rkp-only mode. Test: RemoteProvisionerUnitTests Bug: 27306369 Change-Id: If9a616fd36095175f4aea07c897c67a11eb04bcf
2022-04-20Merge "Fix lints from Rust 1.60.0" am: 90c23a8c17 am: 62fd2a233d am: d12141441bTreehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372 Change-Id: I833a6e2347b64b08f4c8bdef605698f241b637e0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20Merge "Fix lints from Rust 1.60.0" am: 90c23a8c17 am: 62fd2a233dTreehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372 Change-Id: I4e1d5abaa7a401f077ae43bc2693665ee4a1b731 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20Merge "Fix lints from Rust 1.60.0" am: 90c23a8c17Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372 Change-Id: I7e27a7dedc0d4252509cdb53a7ca1f2bb72c1a49 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20Merge "Fix lints from Rust 1.60.0"Treehugger Robot
2022-04-20Merge "Ensure that "rkp only" forces checks for rkp keys" am: cd6b6a7ff8 am: ↵Seth Moore
f16fb9f3a8 am: a454b17334 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831 Change-Id: I6e027e7ad0fd0d280c488e1a8fcd0d7ceba9416d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20[automerger skipped] Empty merge of ↵Xin Li
sc-v2-dev-plus-aosp-without-vendor@8433047 am: b25470cd30 -s ours am: 23a1b57bb2 -s ours am skip reason: Merged-In Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee with SHA-1 11a8dab786 is already in history Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/17805218 Change-Id: Ib42e70efda5ab061ddd74f84f9b480b823d4dd33 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-19Fix lints from Rust 1.60.0Chris Wailes
Bug: 222737227 Test: m rust Change-Id: I4f35c8e50a1837608ab69a7609caff9c485e8c85
2022-04-19Merge "Ensure that "rkp only" forces checks for rkp keys" am: cd6b6a7ff8 am: ↵Seth Moore
f16fb9f3a8 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831 Change-Id: Ida19f5b72990311f8bfe1d19a765f1539804017c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-19Merge "Ensure that "rkp only" forces checks for rkp keys" am: cd6b6a7ff8Seth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831 Change-Id: I57e85c0f306b964d3e321eb3ad690ed5d4ec923c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-19Merge "Ensure that "rkp only" forces checks for rkp keys"Seth Moore
2022-04-19[automerger skipped] Empty merge of ↵Xin Li
sc-v2-dev-plus-aosp-without-vendor@8433047 am: b25470cd30 -s ours am skip reason: Merged-In Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee with SHA-1 11a8dab786 is already in history Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/17805218 Change-Id: Iadad3bcbba5ae6cbc0a8bbbcf3435892809f724d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-18Ensure that "rkp only" forces checks for rkp keysSeth Moore
An empty key pool should not allow fallback to the batch key if the vendor indicates the system is rkp only. Additionally, if the system is misconfigured (e.g. marked as rkp only and has no remotely provisioned component hal) then we should insist on checking RKP keys anyway. This will result in the given system always returning OUT_OF_KEYS, which will fail various tests. Test: keystore2_test Test: RemoteProvisionerUnitTests Bug: 227306369 Change-Id: I027bc56ff167abf99b18be01dccf05f90dd07f2a
2022-04-18Empty merge of sc-v2-dev-plus-aosp-without-vendor@8433047Xin Li
Bug: 226662282 Merged-In: Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee Change-Id: Id87ce6ee433f6fc31d18ccdee5a2eb2bc62633e5
2022-04-16Merge "Turn on AFDO for keystore2" am: 678a6f5af4 am: 3e28b020d7 am: ad3d746a66Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047 Change-Id: I3d3a075bd7b3dc4169231c4ea166f16798df900a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-16Merge "Turn on AFDO for keystore2" am: 678a6f5af4 am: 3e28b020d7Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047 Change-Id: Icdfcd7e9b20af0dc306759050e67b5e677b83f97 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-16Merge "Turn on AFDO for keystore2" am: 678a6f5af4Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047 Change-Id: I1e950e6e444caf91f6a569ca5d1b9b9c419b64a3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-16Merge "Turn on AFDO for keystore2"Treehugger Robot
2022-04-14Merge "Fix unique id attestation on devices with keymaster" am: 451c96f1e3 ↵Seth Moore
am: 5272ab0641 am: 38be482975 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510 Change-Id: Id9934f5d6802ea89cd8987b76f46c9193b13e025 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-14Merge "Fix unique id attestation on devices with keymaster" am: 451c96f1e3 ↵Seth Moore
am: 5272ab0641 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510 Change-Id: I0a72c893ad979109a0610e1e81c73b5d5f7cc456 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-14Merge "Fix unique id attestation on devices with keymaster" am: 451c96f1e3Seth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510 Change-Id: I32af3807af12f5dab1201a89390e5fb102762a5e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-14Merge "Fix unique id attestation on devices with keymaster"Seth Moore
2022-04-13Fix unique id attestation on devices with keymasterSeth Moore
The wrong tag was included in the km_compat layer filter code for key generation tags. This prevented the INCLUDE_UNIQUE_ID tag from being passed to keymaster, breaking unique id attestation on platforms with keymaster (keymint functionality was correct). Test: KeyAttestationTest Fixes: 228851969 Change-Id: I81ef55bb92c9869102a741e64375b883c3443224
2022-04-08Merge "[LSC] Add LOCAL_LICENSE_KINDS to system/security" am: 4e005bddd1 am: ↵Treehugger Robot
81da41c94e am: 322bce6505 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2058510 Change-Id: Ibf2437481f75959fab48626509d85663b52a3284 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-08Merge "[LSC] Add LOCAL_LICENSE_KINDS to system/security" am: 4e005bddd1 am: ↵Treehugger Robot
81da41c94e Original change: https://android-review.googlesource.com/c/platform/system/security/+/2058510 Change-Id: Ic39bded4175e99710406b6782162acde65cb8859 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-08Merge "[LSC] Add LOCAL_LICENSE_KINDS to system/security" am: 4e005bddd1Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2058510 Change-Id: I169bf18944a760e288863988b0ad17ebbe0155db Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-08Merge "[LSC] Add LOCAL_LICENSE_KINDS to system/security"Treehugger Robot
2022-04-07Merge "[Odsign] Record compos artifacts related metrics" am: c3ab4bf4cf am: ↵Treehugger Robot
1acbe31d32 am: 19785c374c Original change: https://android-review.googlesource.com/c/platform/system/security/+/2020058 Change-Id: I2680ab33d0923ed9d176f1d8a976ad3a17c066f4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-07Merge "[Odsign] Record compos artifacts related metrics" am: c3ab4bf4cf am: ↵Treehugger Robot
1acbe31d32 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2020058 Change-Id: I50ba3d130209ecc429a208b01c054e09cbdc3916 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-07Merge "[Odsign] Record compos artifacts related metrics" am: c3ab4bf4cfTreehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2020058 Change-Id: I2f7898c0205468e8d878078213173f697e98b5b0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-07Merge "[Odsign] Record compos artifacts related metrics"Treehugger Robot
2022-04-07[LSC] Add LOCAL_LICENSE_KINDS to system/securityBob Badour
Added SPDX-license-identifier-Apache-2.0 to: keystore2/tests/legacy_blobs/Android.bp Bug: 68860345 Bug: 151177513 Bug: 151953481 Test: m all Change-Id: Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee
2022-04-07[Odsign] Record compos artifacts related metricsShikha Panwar
We write these records into odsign-metrics.txt. This will later be read by system_server and sent to statsd. comp_os_artifacts_check_record_ field in StatsReporter points to the bufer which is later flushed to the file inm the dstructor. Test: statsd_testdrive 19 Bug: 202926606 Change-Id: Ic6eca7e788a21120a0abca27b056e8ca355ac55a
2022-04-06Merge "Add a new permission check around unique id attestation" am: ↵Seth Moore
bdccd287c6 am: cd525543f6 am: 02e259f844 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2028986 Change-Id: I59bd1fd278928876c9c00989db0e823790e6a3d0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-06Merge "Add a new permission check around unique id attestation" am: ↵Seth Moore
bdccd287c6 am: cd525543f6 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2028986 Change-Id: Ifbc9f2b1fd95bc3dafe908681cbe9f7bedad5b55 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-06Merge "Add a new permission check around unique id attestation" am: bdccd287c6Seth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2028986 Change-Id: I190e20aafeb6b204efb946cf56ce125aa4ebf36d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-06Merge "Add a new permission check around unique id attestation"Seth Moore
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 20:01:27 +0000