summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-06-22Snap for 8756029 from dbea77ebb5345c9ce1d84db198ae78d7b1536fe5 to ↵aml_sdk_331812000aml_sdk_331811100aml_sdk_331811000aml_sdk_331412000aml_sdk_331410000aml_sdk_331310010aml_sdk_331111000aml_sdk_330810050aml_sdk_330810010android13-mainline-sdkext-releaseAndroid Build Coastguard Worker
mainline-sdkext-release Change-Id: I4b11a64cb95b4a30b633ca388e4414fee80e2c1c
2022-06-21Do not use RKP for DEVICE_UNIQUE_ATTESTATION. am: 7409f7c8ddMax Bires
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/19021559 Change-Id: I51dcafea5ead99eda7db3e2c88ec8e1f8f5b8ef6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-21Do not use RKP for DEVICE_UNIQUE_ATTESTATION.android13-devMax Bires
Keystore2 previously did not process the DEVICE_UNIQUE_ATTESTATION tag. This was an unnecessary step when there was no ability to select the attestation key provided to the backing Keymaster instance. Now, however, Keystore2 does need to process generateKey requests for this tag. This is because it will pass in an RKP key by default and append those certificates to the result if RKP is present. This change alters Keystore2 behavior during attestation key selection. If the DEVICE_UNIQUE_ATTESTATION tag is present, it will no longer attempt to select an RKP key and will instead pass nothing in the attestKey argument for KM. Bug: 234413909 Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement Ignore-AOSP-First: Cherry-pick from AOSP Change-Id: Ib81fb65570a4e9eb7e7b051f9791071ee78dc02f Merged-In: Ib81fb65570a4e9eb7e7b051f9791071ee78dc02f
2022-06-14Snap for 8720775 from 867f1aaf33862dbc68c830fb416fa0568b07ab96 to ↵Android Build Coastguard Worker
mainline-sdkext-release Change-Id: I7f11706e959d5af378f41a149828cff797d82a05
2022-06-07keystore2: transfer RootOfTrust from TEE to SB am: ccce73d1e1David Drysdale
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18751588 Change-Id: I3b74349f99e9ffd9526c2df20d3cc109346f00d2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-06keystore2: transfer RootOfTrust from TEE to SBDavid Drysdale
Bug: 219076736 Test: manual, RoT between locally modified KeyMints Change-Id: Iad3f14afc9d853e91cc7f7810fd6e592b48cab2d Merged-In: Iad3f14afc9d853e91cc7f7810fd6e592b48cab2d Ignore-AOSP-First: manual cp from aosp/2031823
2022-05-28Unbind Attestation keys when freeing up namespace. am: d337c77271Vikram Gaur
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18638770 Change-Id: Ib5d142635e9f7ae2197a3652c7a3bbadca5c3737 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-27Unbind Attestation keys when freeing up namespace.Vikram Gaur
In https://android-review.googlesource.com/c/platform/system/security/+/1698833 we added a check only for client keys. However, this means that on application deletion only the keystore keys related to the application are unbound and the attestation keys get orphaned. Through this change, I am planning to unbind the attestation keys related to the application as well. Change-Id: I1c9d1ac6d6943cc53f5d74653e3da72cd4f2adf7 Merged-In: I1c9d1ac6d6943cc53f5d74653e3da72cd4f2adf7 Test: atest keystore2_test BUG: 232534682 Ignore-AOSP-First: Picking from AOSP
2022-05-24Merge "[Compos Telemetry] Fix current_artifacts_ok in the pushed atom" into ↵TreeHugger Robot
tm-dev am: 7b28cace73 Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18580936 Change-Id: I72d8fea783c19e2d6458dcfaf8198a921b5ffa53 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-24Merge "[Compos Telemetry] Fix current_artifacts_ok in the pushed atom" into ↵TreeHugger Robot
tm-dev
2022-05-24[Compos Telemetry] Fix current_artifacts_ok in the pushed atomShikha Panwar
In cases of no pending artifacts exist, current_artifacts_ok is not set in the pushed atom. Fix this by checking the returned value of checkArtifacts() Ignore-AOSP-First: Change is required for correct telemtry from Android T, I will backport this to aosp. Bug: 233740445 Test: build succeds Change-Id: I2d7ce37960c2c0f1adea15bde06d21947668b4a4
2022-05-17Snap for 8603585 from 174994c487e8af0bc46d3072ba736731c6d4bbe0 to ↵Android Build Coastguard Worker
mainline-sdkext-release Change-Id: I0f5ae1b95a890e1a46cdef7e21cabc297bd5d360
2022-05-12Log SecurityLevel with RkpErrorStats. am: adf6692b3eHasini Gunasinghe
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18350667 Change-Id: I68def275f8a00d950b271a17f92c385164036d20 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-12Log SecurityLevel with RkpErrorStats.Hasini Gunasinghe
Bug: 230750270 Test: Local testing with statsd TestDrive script Ignore-AOSP-First: This targets T and will be cherry-picked to AOSP later. Change-Id: I8490e31df4a111ff6787ea67dd8a170b410566df (cherry picked from commit d675e225a798b2e2388a8bd2f93c61caaa87e295)
2022-05-10Snap for 8564071 from d95da2a5b65368932520d776b1cbeff69cb30024 to ↵Android Build Coastguard Worker
mainline-sdkext-release Change-Id: Ifd5ecaf4f43ac121a709d80bb0eb316148ec9ed6
2022-04-21Merge "Do not cache rkp_only property" am: 4c348bd49f am: fb4ccc3172 am: ↵Seth Moore
2fcd798bc9 am: 8c6abf187f Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036 Change-Id: Iad36e83e747c08c7c037591dc34e03e0da9fb9f1 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21Merge "Do not cache rkp_only property" am: 4c348bd49f am: fb4ccc3172 am: ↵Seth Moore
2fcd798bc9 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036 Change-Id: Ie43d58a109b751b1c84ae6fa0ead319488193422 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21Merge "Do not cache rkp_only property" am: 4c348bd49f am: fb4ccc3172Seth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036 Change-Id: I7f2d3bcfbc68df85fa2345d791cff4e5e599d24e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21Merge "Do not cache rkp_only property" am: 4c348bd49fSeth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2070036 Change-Id: I558b6fe40d513cbea5f4db80470ba386919a68ad Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21Merge "Do not cache rkp_only property"Seth Moore
2022-04-20Do not cache rkp_only propertySeth Moore
To allow for testing, read the rkp_only properties every time instead of caching the value. This allows the RemoteProvisioner tests to alter the property, moving the device in and out of rkp-only mode. Test: RemoteProvisionerUnitTests Bug: 27306369 Change-Id: If9a616fd36095175f4aea07c897c67a11eb04bcf
2022-04-20Merge "Fix lints from Rust 1.60.0" am: 90c23a8c17 am: 62fd2a233d am: ↵Treehugger Robot
d12141441b am: 9f7c9943cb Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372 Change-Id: I428968e273fa2b0591eba8bf096d1ac4bd5cfb56 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20Merge "Ensure that "rkp only" forces checks for rkp keys" am: cd6b6a7ff8 am: ↵Seth Moore
f16fb9f3a8 am: a454b17334 am: bb485e4000 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831 Change-Id: Ieb853ce55bc51613a61c0c1b5caf81504f04e6ed Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20[automerger skipped] Empty merge of ↵Xin Li
sc-v2-dev-plus-aosp-without-vendor@8433047 am: b25470cd30 -s ours am: 23a1b57bb2 -s ours am: 42622d5034 -s ours am skip reason: Merged-In Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee with SHA-1 11a8dab786 is already in history Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/17805218 Change-Id: Iae00e6098b1b1dca723fcdc86496ad8d60b74887 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20Merge "Fix lints from Rust 1.60.0" am: 90c23a8c17 am: 62fd2a233d am: d12141441bTreehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372 Change-Id: I833a6e2347b64b08f4c8bdef605698f241b637e0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20Merge "Fix lints from Rust 1.60.0" am: 90c23a8c17 am: 62fd2a233dTreehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372 Change-Id: I4e1d5abaa7a401f077ae43bc2693665ee4a1b731 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20Merge "Fix lints from Rust 1.60.0" am: 90c23a8c17Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2068372 Change-Id: I7e27a7dedc0d4252509cdb53a7ca1f2bb72c1a49 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20Merge "Fix lints from Rust 1.60.0"Treehugger Robot
2022-04-20Merge "Ensure that "rkp only" forces checks for rkp keys" am: cd6b6a7ff8 am: ↵Seth Moore
f16fb9f3a8 am: a454b17334 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831 Change-Id: I6e027e7ad0fd0d280c488e1a8fcd0d7ceba9416d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20[automerger skipped] Empty merge of ↵Xin Li
sc-v2-dev-plus-aosp-without-vendor@8433047 am: b25470cd30 -s ours am: 23a1b57bb2 -s ours am skip reason: Merged-In Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee with SHA-1 11a8dab786 is already in history Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/17805218 Change-Id: Ib42e70efda5ab061ddd74f84f9b480b823d4dd33 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-19Fix lints from Rust 1.60.0Chris Wailes
Bug: 222737227 Test: m rust Change-Id: I4f35c8e50a1837608ab69a7609caff9c485e8c85
2022-04-19Merge "Ensure that "rkp only" forces checks for rkp keys" am: cd6b6a7ff8 am: ↵Seth Moore
f16fb9f3a8 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831 Change-Id: Ida19f5b72990311f8bfe1d19a765f1539804017c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-19Merge "Ensure that "rkp only" forces checks for rkp keys" am: cd6b6a7ff8Seth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066831 Change-Id: I57e85c0f306b964d3e321eb3ad690ed5d4ec923c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-19Merge "Ensure that "rkp only" forces checks for rkp keys"Seth Moore
2022-04-19[automerger skipped] Empty merge of ↵Xin Li
sc-v2-dev-plus-aosp-without-vendor@8433047 am: b25470cd30 -s ours am skip reason: Merged-In Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee with SHA-1 11a8dab786 is already in history Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/17805218 Change-Id: Iadad3bcbba5ae6cbc0a8bbbcf3435892809f724d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-18Ensure that "rkp only" forces checks for rkp keysSeth Moore
An empty key pool should not allow fallback to the batch key if the vendor indicates the system is rkp only. Additionally, if the system is misconfigured (e.g. marked as rkp only and has no remotely provisioned component hal) then we should insist on checking RKP keys anyway. This will result in the given system always returning OUT_OF_KEYS, which will fail various tests. Test: keystore2_test Test: RemoteProvisionerUnitTests Bug: 227306369 Change-Id: I027bc56ff167abf99b18be01dccf05f90dd07f2a
2022-04-18Empty merge of sc-v2-dev-plus-aosp-without-vendor@8433047Xin Li
Bug: 226662282 Merged-In: Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee Change-Id: Id87ce6ee433f6fc31d18ccdee5a2eb2bc62633e5
2022-04-16Merge "Turn on AFDO for keystore2" am: 678a6f5af4 am: 3e28b020d7 am: ↵Treehugger Robot
ad3d746a66 am: 2ebc418ad9 Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047 Change-Id: Ibc004b6ecad27aa99048629f8a007108db63d30f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-16Merge "Turn on AFDO for keystore2" am: 678a6f5af4 am: 3e28b020d7 am: ad3d746a66Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047 Change-Id: I3d3a075bd7b3dc4169231c4ea166f16798df900a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-16Merge "Turn on AFDO for keystore2" am: 678a6f5af4 am: 3e28b020d7Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047 Change-Id: Icdfcd7e9b20af0dc306759050e67b5e677b83f97 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-16Merge "Turn on AFDO for keystore2" am: 678a6f5af4Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1956047 Change-Id: I1e950e6e444caf91f6a569ca5d1b9b9c419b64a3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-16Merge "Turn on AFDO for keystore2"Treehugger Robot
2022-04-14Merge "Fix unique id attestation on devices with keymaster" am: 451c96f1e3 ↵Seth Moore
am: 5272ab0641 am: 38be482975 am: 2b1f503a9c Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510 Change-Id: I782c44f45d853064569db5039ba03d8603163171 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-14Merge "Fix unique id attestation on devices with keymaster" am: 451c96f1e3 ↵Seth Moore
am: 5272ab0641 am: 38be482975 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510 Change-Id: Id9934f5d6802ea89cd8987b76f46c9193b13e025 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-14Merge "Fix unique id attestation on devices with keymaster" am: 451c96f1e3 ↵Seth Moore
am: 5272ab0641 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510 Change-Id: I0a72c893ad979109a0610e1e81c73b5d5f7cc456 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-14Merge "Fix unique id attestation on devices with keymaster" am: 451c96f1e3Seth Moore
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2064510 Change-Id: I32af3807af12f5dab1201a89390e5fb102762a5e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-14Merge "Fix unique id attestation on devices with keymaster"Seth Moore
2022-04-13Fix unique id attestation on devices with keymasterSeth Moore
The wrong tag was included in the km_compat layer filter code for key generation tags. This prevented the INCLUDE_UNIQUE_ID tag from being passed to keymaster, breaking unique id attestation on platforms with keymaster (keymint functionality was correct). Test: KeyAttestationTest Fixes: 228851969 Change-Id: I81ef55bb92c9869102a741e64375b883c3443224
2022-04-08Merge "[LSC] Add LOCAL_LICENSE_KINDS to system/security" am: 4e005bddd1 am: ↵Treehugger Robot
81da41c94e am: 322bce6505 am: cadcfdb292 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2058510 Change-Id: Ife17eabf7b939d0199cf9d40316f4e5c57bfdf50 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-08Merge "[LSC] Add LOCAL_LICENSE_KINDS to system/security" am: 4e005bddd1 am: ↵Treehugger Robot
81da41c94e am: 322bce6505 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2058510 Change-Id: Ibf2437481f75959fab48626509d85663b52a3284 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 08:54:57 +0000