Age | Commit message (Collapse) | Author |
|
Making changes to use cpp backend generated by aidl_interface
build system for KeyAttestationApplicationProvider.
Removed custom parcelables defined for AAID.
Updated the tests to use the aidl_interface generated bindings.
Bug: 267452060
Test: atest android.keystore.cts.KeyAttestationTest; atest
keystore_unit_tests; keystoreSignature_fuzzer;
keystorePackageInfo_fuzzer; keystoreApplicationId_fuzzer;
keystoreAttestationId_fuzzer
Change-Id: Ibdfb8e2837538d01a04b6771b1a71c38529d1307
|
|
Test: m credstore_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/credstore_service_fuzzer/credstore_service_fuzzer
Test: atest android.security.identity.cts
Bug: 232439428
Change-Id: I57494ad6a17e1a4a9dcb80d778edfd77a892790a
|
|
This library is expensive and getting info from it should be delegated
to service manager.
Test: showmap $(pidof credstore) # before and after
Bug: 280829178
Change-Id: I26524e2c519a869b4cd5bd44b16f92cc8e29f50d
|
|
These libraries are only used by this process on a device and gain no
benifit from being included as shared libraries.
Moving them to static saves disk space, memory, and cpu cycles from the
dynamic linker.
With 3 reboots before and after I'm seeing average savings of 419KB of
storage space from installed files, 84KB private dirty memory,
485KB PSS from libraries/binary only, and 496KB PSS from everything in showmap.
go/shared-to-static for more info on how this was determined.
Test: m
Bug: 280829178
Change-Id: Ib22870d3c291e3063872934a1431b0827d67833c
|
|
Test: m credstore
Change-Id: I0049d5ba59936943336c7a531d1b022d4d64e4a6
|
|
Test: m credstore
Change-Id: I5aa0a389083b28cb51dbd47297403b955104b8a6
|
|
Fixes:
- Revert to pre-RKPD behavior of getting an attestation key each time
a credential is created.
- Revert to pre-RKPD behavior of falling back to factory key.
- Check RKPD feature flag each time before calling into RKPD.
- Correct service name used to call into RKPD.
- Add another thread to handle async responses from RKPD.
- Switch to new RKPD build flag "remote_provisioning.enable_rkpd".
Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: Idc11abb3c0e46de1a77609969e8539e9e96549d5
|
|
Bug: 261214100
Test: TBD
Change-Id: I760ba8c23be0889e7d01ac6c1513eba348ff96b2
|
|
Bug: 254112961
Test: vts_treble_vintf_vendor_test
Merged-In: I5506757aaebdf37d42bf7ac0a68e83f2d3c12049
Change-Id: I5506757aaebdf37d42bf7ac0a68e83f2d3c12049
|
|
Test: m
Change-Id: I5cf1ad1ca8ac28ee02f875b3c3a8957b288300db
|
|
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2066807
Change-Id: Ic7837ef3c0d97cdf3fa32fcc494582ecc5508a95
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Deleted deprecated clang property in Android.bp files using bpmodify.
Bug: 208980553
Test: treehugger
Change-Id: Id79d4e319ffc7d45b508772ae0df2e43bd22bf8f
|
|
Ignore-AOSP-First: part of TM API freeze
Bug: 225941299
Test: m
Change-Id: I56f8f46b5216a0105a918dc58ae329f8a6acafe6
|
|
Call out to keystore and request remotely provisioned attestation keys.
This reduces our dependence on factory-provisioned attestation keys.
Test: CtsIdentityTestCases
Bug: 194696876
Change-Id: Ief07750ef6b2a465060c64207063568b9a51af68
|
|
a45b3815bde1a7834f0abd3e8d3abd298937d02a
Change-Id: Ibb935a42a0f2ac2a424f5b3b970866f80997fce6
|
|
Revert "Allow default identity service to call keymint"
Revert submission 1956689-add rkp to identity-default
Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint
Change-Id: Icdc0f41021c5f07ed349e0421179718f9db20e67
|
|
android.hardware.identity-V4-cpp depends on the keymint cpp lib, so
we need to also link to it to satisfy all the link-time dependencies.
Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: Id686ac33a4112880b205c5c612fd8b51d2715e3b
|
|
Also fix a bug so the same AuthKey is used for several getEntries()
calls on a credential. This matches the behavior in the Jetpack.
Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I344f44b5655f0977ee650b518ce669e3c8a7b47a
|
|
This allows for easier bumping of the KeyMint version level.
At the moment this change should have no effect: the same dependency
is used, just reached via a default rather than explicitly.
However, when the KeyMint version increases in the near future, using
this default should mean that no change is needed here: the default
definition will change to -V2 and this will be referenced here.
Test: TreeHugger
Change-Id: I8cce78e7f56179db23b2de792764ea2cae2d3cb7
|
|
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: Ibeb4178f99857be75bb5f83a073a2d679058d921
|
|
This change replaces libcppbor with libcppbor_external as part of the
effort to remove the partial libcppbor copy that lives in
hardware/interfaces.
Bug: 182445123
Test: It builds
Change-Id: I9c96cdf807979ecf806c80edd3cec9c443294c22
|
|
This CL removes dependency to keystore1 from credstore.
Test: yet to be tested.
Change-Id: I75934d1154d955aca3ea0cd0651690f68c6a8b55
|
|
Bug: 159341610
Test: CtsVerifier
Change-Id: Ia2b7f1a27a05e92c7b5bb5da14caa423a70ac15b
|
|
Added SPDX-license-identifier-Apache-2.0 to:
fsverity_init/Android.bp
identity/Android.bp
keystore/tests/Android.bp
keystore2/Android.bp
keystore2/aaid/Android.bp
keystore2/aidl/Android.bp
keystore2/apc_compat/Android.bp
keystore2/selinux/Android.bp
keystore2/src/crypto/Android.bp
keystore2/src/km_compat/Android.bp
ondevice-signing/Android.bp
provisioner/Android.bp
Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD to:
Android.bp
keystore/Android.bp
Added SPDX-license-identifier-BSD to:
keystore-engine/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: Ic9e19695bd19c3f127dfd545df60e4c9df89af77
|
|
Bug: 150578172
Test: m
Change-Id: I5101d318c40268af8b8965910c0ff9d621f96740
|
|
- Add Credential.proveOwership()
- Add Credential.deleteWithChallenge()
- Add Credential.updateCredential()
- Add Credential.storeStaticAuthenticationDataWithExpirationDate()
- Store this on disk. For entries stored without this parameter
assume they never expire.
- Add allowUsingExpiredKeys to Credential.selectAuthKey() and
Credential.getEntries()
- Unless set to true, never select an expired key
- Introduce ERROR_NOT_SUPPORTED and return this if HAL does not
support operation
Bug: 170146643
Test: atest android.security.identity.cts
Change-Id: Ic5dafc6498c9c59b82942def9d348d974f008589
|
|
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I338b35f57f2bb7345c3f8f0c608c7a6213a0dc6b
|
|
This was needed because credstore needs to generate and pass the
generated AttestationApplicationId to the Identity Credential HAL.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: Id22b85ca083e23c7e1fbd3459910fba37a5db137
|
|
The credstore system daemon is sitting below the Identity Credential
Framework APIs and on top of the Identity Credential HALs. Its main
job is to store credential data and provide a way for applications to
communicate with the secure hardware abstracted by the HAL.
This daemon runs as an unprivileged user, credstore.
The auth-tokens needed by credstore are supplied by keystore and this
CL includes the requisite changes to keystore for this to work.
Bug: 111446262
Test: CTS tests for Framework APIs
Change-Id: Ieb4d59852a143482436a1c418c25ed96e25c0047
|