Age | Commit message (Collapse) | Author |
|
mainline-sdkext-release
Change-Id: I4b11a64cb95b4a30b633ca388e4414fee80e2c1c
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/19021559
Change-Id: I51dcafea5ead99eda7db3e2c88ec8e1f8f5b8ef6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Keystore2 previously did not process the DEVICE_UNIQUE_ATTESTATION tag.
This was an unnecessary step when there was no ability to select the
attestation key provided to the backing Keymaster instance. Now,
however, Keystore2 does need to process generateKey requests for this
tag. This is because it will pass in an RKP key by default and append
those certificates to the result if RKP is present.
This change alters Keystore2 behavior during attestation key selection.
If the DEVICE_UNIQUE_ATTESTATION tag is present, it will no longer
attempt to select an RKP key and will instead pass nothing in the
attestKey argument for KM.
Bug: 234413909
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Ignore-AOSP-First: Cherry-pick from AOSP
Change-Id: Ib81fb65570a4e9eb7e7b051f9791071ee78dc02f
Merged-In: Ib81fb65570a4e9eb7e7b051f9791071ee78dc02f
|
|
mainline-sdkext-release
Change-Id: I7f11706e959d5af378f41a149828cff797d82a05
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18751588
Change-Id: I3b74349f99e9ffd9526c2df20d3cc109346f00d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Bug: 219076736
Test: manual, RoT between locally modified KeyMints
Change-Id: Iad3f14afc9d853e91cc7f7810fd6e592b48cab2d
Merged-In: Iad3f14afc9d853e91cc7f7810fd6e592b48cab2d
Ignore-AOSP-First: manual cp from aosp/2031823
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18638770
Change-Id: Ib5d142635e9f7ae2197a3652c7a3bbadca5c3737
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
In https://android-review.googlesource.com/c/platform/system/security/+/1698833
we added a check only for client keys. However, this means that on application deletion only the keystore keys related to the
application are unbound and the attestation keys get orphaned.
Through this change, I am planning to unbind the attestation keys
related to the application as well.
Change-Id: I1c9d1ac6d6943cc53f5d74653e3da72cd4f2adf7
Merged-In: I1c9d1ac6d6943cc53f5d74653e3da72cd4f2adf7
Test: atest keystore2_test
BUG: 232534682
Ignore-AOSP-First: Picking from AOSP
|
|
tm-dev am: 7b28cace73
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18580936
Change-Id: I72d8fea783c19e2d6458dcfaf8198a921b5ffa53
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
tm-dev
|
|
In cases of no pending artifacts exist, current_artifacts_ok is not set
in the pushed atom. Fix this by checking the returned value of
checkArtifacts()
Ignore-AOSP-First: Change is required for correct telemtry from Android
T, I will backport this to aosp.
Bug: 233740445
Test: build succeds
Change-Id: I2d7ce37960c2c0f1adea15bde06d21947668b4a4
|
|
mainline-sdkext-release
Change-Id: I0f5ae1b95a890e1a46cdef7e21cabc297bd5d360
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18350667
Change-Id: I68def275f8a00d950b271a17f92c385164036d20
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Bug: 230750270
Test: Local testing with statsd TestDrive script
Ignore-AOSP-First: This targets T and will be cherry-picked to AOSP later.
Change-Id: I8490e31df4a111ff6787ea67dd8a170b410566df
(cherry picked from commit d675e225a798b2e2388a8bd2f93c61caaa87e295)
|
|
mainline-sdkext-release
Change-Id: Ifd5ecaf4f43ac121a709d80bb0eb316148ec9ed6
|
|
2fcd798bc9 am: 8c6abf187f
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036
Change-Id: Iad36e83e747c08c7c037591dc34e03e0da9fb9f1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
2fcd798bc9
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036
Change-Id: Ie43d58a109b751b1c84ae6fa0ead319488193422
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036
Change-Id: I7f2d3bcfbc68df85fa2345d791cff4e5e599d24e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036
Change-Id: I558b6fe40d513cbea5f4db80470ba386919a68ad
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
To allow for testing, read the rkp_only properties every time instead
of caching the value. This allows the RemoteProvisioner tests to alter
the property, moving the device in and out of rkp-only mode.
Test: RemoteProvisionerUnitTests
Bug: 27306369
Change-Id: If9a616fd36095175f4aea07c897c67a11eb04bcf
|
|
d12141441b am: 9f7c9943cb
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372
Change-Id: I428968e273fa2b0591eba8bf096d1ac4bd5cfb56
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
f16fb9f3a8 am: a454b17334 am: bb485e4000
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831
Change-Id: Ieb853ce55bc51613a61c0c1b5caf81504f04e6ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
sc-v2-dev-plus-aosp-without-vendor@8433047 am: b25470cd30 -s ours am: 23a1b57bb2 -s ours am: 42622d5034 -s ours
am skip reason: Merged-In Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee with SHA-1 11a8dab786 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/17805218
Change-Id: Iae00e6098b1b1dca723fcdc86496ad8d60b74887
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372
Change-Id: I833a6e2347b64b08f4c8bdef605698f241b637e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372
Change-Id: I4e1d5abaa7a401f077ae43bc2693665ee4a1b731
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372
Change-Id: I7e27a7dedc0d4252509cdb53a7ca1f2bb72c1a49
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
f16fb9f3a8 am: a454b17334
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831
Change-Id: I6e027e7ad0fd0d280c488e1a8fcd0d7ceba9416d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
sc-v2-dev-plus-aosp-without-vendor@8433047 am: b25470cd30 -s ours am: 23a1b57bb2 -s ours
am skip reason: Merged-In Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee with SHA-1 11a8dab786 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/17805218
Change-Id: Ib42e70efda5ab061ddd74f84f9b480b823d4dd33
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Bug: 222737227
Test: m rust
Change-Id: I4f35c8e50a1837608ab69a7609caff9c485e8c85
|
|
f16fb9f3a8
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831
Change-Id: Ida19f5b72990311f8bfe1d19a765f1539804017c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831
Change-Id: I57e85c0f306b964d3e321eb3ad690ed5d4ec923c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
sc-v2-dev-plus-aosp-without-vendor@8433047 am: b25470cd30 -s ours
am skip reason: Merged-In Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee with SHA-1 11a8dab786 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/17805218
Change-Id: Iadad3bcbba5ae6cbc0a8bbbcf3435892809f724d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
An empty key pool should not allow fallback to the batch key if the
vendor indicates the system is rkp only.
Additionally, if the system is misconfigured (e.g. marked as rkp only
and has no remotely provisioned component hal) then we should insist
on checking RKP keys anyway. This will result in the given system
always returning OUT_OF_KEYS, which will fail various tests.
Test: keystore2_test
Test: RemoteProvisionerUnitTests
Bug: 227306369
Change-Id: I027bc56ff167abf99b18be01dccf05f90dd07f2a
|
|
Bug: 226662282
Merged-In: Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee
Change-Id: Id87ce6ee433f6fc31d18ccdee5a2eb2bc62633e5
|
|
ad3d746a66 am: 2ebc418ad9
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047
Change-Id: Ibc004b6ecad27aa99048629f8a007108db63d30f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047
Change-Id: I3d3a075bd7b3dc4169231c4ea166f16798df900a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047
Change-Id: Icdfcd7e9b20af0dc306759050e67b5e677b83f97
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047
Change-Id: I1e950e6e444caf91f6a569ca5d1b9b9c419b64a3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
am: 5272ab0641 am: 38be482975 am: 2b1f503a9c
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510
Change-Id: I782c44f45d853064569db5039ba03d8603163171
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
am: 5272ab0641 am: 38be482975
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510
Change-Id: Id9934f5d6802ea89cd8987b76f46c9193b13e025
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
am: 5272ab0641
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510
Change-Id: I0a72c893ad979109a0610e1e81c73b5d5f7cc456
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510
Change-Id: I32af3807af12f5dab1201a89390e5fb102762a5e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
The wrong tag was included in the km_compat layer filter code for
key generation tags. This prevented the INCLUDE_UNIQUE_ID tag from
being passed to keymaster, breaking unique id attestation on platforms
with keymaster (keymint functionality was correct).
Test: KeyAttestationTest
Fixes: 228851969
Change-Id: I81ef55bb92c9869102a741e64375b883c3443224
|
|
81da41c94e am: 322bce6505 am: cadcfdb292
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2058510
Change-Id: Ife17eabf7b939d0199cf9d40316f4e5c57bfdf50
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
81da41c94e am: 322bce6505
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2058510
Change-Id: Ibf2437481f75959fab48626509d85663b52a3284
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|