Age | Commit message (Collapse) | Author |
|
This allows rkpd_client to be reused by both keystore2 and
AVF pVM remote attestation.
Test: atest keystore2_test librkpd_client.test
Bug: 241428146
Change-Id: Ibdf95c4deb2ba499daaecd170c2971cda4e80bba
|
|
* changes:
keystore2: link to android.security flags library
keystore2: log super key creation
keystore2: factor out create_super_key()
|
|
This simplifies the task of creating an independent library of
rkpd_client later.
Test: atest keystore2_test
Bug: 241428146
Change-Id: Idddf37d14580e691fde5a494e54297465cb693b6
|
|
This simplifies the task of creating an independent library of
rkpd_client later.
Test: atest keystore2_test
Bug: 241428146
Change-Id: I2834c9be9f5100d52829e6392f0dd48e7c76beb1
|
|
Make it possible for keystore2 to check android.security flags.
Bug: 296464083
Test: Build
Change-Id: I263945093ed9c76d914018b7ae24bf6151157c0c
|
|
This returns the time (from CLOCK_MONOTONIC_RAW) that the specified user
last authenticated using the given authenticator.
Bug: 303839446
Test: atest keystore2_client_tests
Change-Id: Idd4c477365ffa556b7985d1d926dfa554680ff28
|
|
Add code (adapted from system/keymint/common/src/keyblob/legacy.rs)
which parses keyblobs in the format produced by the previous C++
reference implementation of KeyMint.
Bug: 283077822
Bug: 296403357
Test: tested with ARC upgrade, see b/296403357
Change-Id: I519eed0ac968d5c2595f95609ffadede5d2d2677
|
|
WAL mode allows db connections to open when the disk
is full. This is done in the current and legacy db and
tested manually by the commandline.
Testing: Filled a file with empty values until it took up all the space on the disk then accessed the database. This was not possible with this mode disabled but was once I enabled it on a new flash
Bug: 191777960
Test: atest keystore2_test and atest CtsKeystoreTestCases, filled real device to full and tested
Change-Id: Ic1a45fd635168061a6c5489a42a67cb59d3ddc6a
|
|
Remove improper import and make the flag a constant
with the read only option
Bug: 191777960
Test: m keystore2
Change-Id: I34bd2d0d891686c93a167456e8d50eec75374244
|
|
Test: m keystore2
Change-Id: I0bdd3d34a4e78500b266b8aac321ff1e2903dffb
|
|
- Created separate build file.
- Moved ffi-utils from keystore2-client-tests to test-utils.
- Updated calling apis.
Test: atest keystore2_client_tests; atest keystore2_test_utils_test;
atest keystore2_test
Bug: 194359114
Change-Id: Ia2404218b7d13a9ae43b3fc4e481899576d24e63
|
|
|
|
Using the binder object we can directly get names of interfaces
rather than hardcoding the strings. This allows for lookup to be easier.
Test: atest keystore2_test and atest CtsKeystoreTestCases
Bug: 249096262
Change-Id: I74bc696b860e2c08286b1d5175378e8d44728858
|
|
This uses the getAllHalInstanceNames method to replace calls
to vintf and return the hal names to the code. Other callers
to this function will not need to change their inputs.
Test: atest keystore2_test && atest CtsKeystoreTestCases
Bug: 249096262
Change-Id: If23cf8ca4b9d1c8cb3675964475066728bfe789f
|
|
keystore2 will always be using RKPD instead.
Bug: 261214100
Test: m keystore2 keystore2_test
Change-Id: Ibd27a8ae7d502e0fab2f728aa49175d28a6780b0
|
|
Also require root permisions so that the test can talk to KeyMint.
Test: keystore2_test
Change-Id: I265c2a05fdf0393adb81576e895009ed07dd2d46
|
|
Also replace libfutures with libtokio, as the former doesn't have
support for timeouts.
Bug: 264921138
Test: keystore2_test
Change-Id: I97c9749e93b2d001afe5d17bda8c665f884b0e05
|
|
Bug: 261214100
Test: keystore2_test
Change-Id: I87ec83dd700b4e3e24c65ce0650cd5643000a390
|
|
Bug: 254112961
Test: vts_treble_vintf_vendor_test
Merged-In: I5506757aaebdf37d42bf7ac0a68e83f2d3c12049
Change-Id: I5506757aaebdf37d42bf7ac0a68e83f2d3c12049
|
|
Test: m
Change-Id: I19510de8dcf384fc30bb8d2b1bf9116de5bd7eb1
|
|
Creates multiple child procs and creates opearations in it and
parent proc waits for all child procs operations status, expects
one or more opearations to fail with backeend busy error.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I52f95a7cfd031d80c88bfc2ca478a26572f40150
|
|
|
|
- authorizations: helper struct to create set of key authorizations
- key_generations: helper methods to generate various keys.
Test: N/A
Change-Id: I23250838b7b6d8ad59f5ef8682861a07e856299f
|
|
Creating a new library "libkeystore2_with_test_utils" where it includes blob utils
apis and sample test vectors based on feature flag keystore2_blob_test_utils.
Bug: 213173772
Bug: 213172664
Bug: 203101472
Test: keystore2_test
Change-Id: I869d27d1d3e8c6d28d8f5e5d6aed4305b5265816
|
|
The noicu build rules were only used by microdroid which no longer has a
special variant of keystore2.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: Iefa4d22beb0074bc95e0ff20c7689ad8b62372f4
|
|
keystore2 has been removed from microdroid so the build variant is no
longer needed.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I46395d04535a3084e995324445e6b52bef4d8154
|
|
Enable PGO (profile guided optimisation) for better performance.
Bug: 195134194
Bug: 165018530
Test: presubmit
Change-Id: I35128221a8022095d6ef6dcef8f3baffa7b9439e
|
|
6b96760c1be3c517d549edcb96a35798788edd27
Change-Id: I93fb064c0e8cd5a92b440daca0f417663fb3ed9e
|
|
Revert "Advertise support of KeyMint V2"
Revert submission 1900930-version-bump
Reason for revert: Broken build on sc-qpr1-dev-plus-aosp, b/210450339
Reverted Changes:
I42a9b854f:keystore2: cope with new curve25519 enum
I167d568d6:Bump keystore2 AIDL API version 1->2
I3a16d072e:Advertise support of KeyMint V2
Ibf2325329:KeyMint HAL: add curve 25519, bump version
Change-Id: Ifc713bfb2753677e933f572d385f26cea11a3ef2
|
|
The keystore2 AIDL definitions include types from KeyMint, so a bump in
the keymint version necessitates a bump in the keystore2 version.
Test: TreeHugger
Change-Id: I167d568d64fae5a615d1c38e32416e32348c203d
|
|
This allows for easier bumping of the KeyMint version level.
At the moment this change should have no effect: the same dependency
is used, just reached via a default rather than explicitly.
However, when the KeyMint version increases in the near future, using
this default should mean that no change is needed here: the default
definition will change to -V2 and this will be referenced here.
Test: TreeHugger
Change-Id: I8cce78e7f56179db23b2de792764ea2cae2d3cb7
|
|
|
|
This was previously added as a hack to work around a build system bug in
which rlib dependencies would not result in their corresponding C DSOs
being installed on the device. Now that it is fixed, we can remove this.
Bug: 187412695
Test: m installclean && m; boot AVD
Change-Id: I61f14d7a60e80034d24f0e6e4c3a8e2ea8831c96
|
|
This change strips out all of the manually written CBOR parsing and
serialization code in favor of using the serde-cbor library in order to
make the code more robust and the error messages more actionable.
Fixes: 180392379
Test: atest RemoteProvisionerUnitTests
Change-Id: I1b08b26b6192763e393b061cd9b919cfd71c13c9
|
|
Test: atest keystore2_test_utils_test
Change-Id: Ic88fcc5fa0eea0e8b5b03160a76d8e64fe699f06
|
|
Instead of changing keystore2 to use libsqlite_noicu, create another
variant of keystore2 (keystore2-microdroid) which uses libsqlite_noicu,
and use it only for microdroid.
Although keystore2 doesn't actually depend on the ICU extension, doing
it for Android caused a small regression (6ms) to the boot time because
keystore2 should spend time for loading the new library
libsqlite_noicu instead of sharing text pages from libsqlite.so which
were already preloaded by zygote.
With this change, keystore2 for Android goes back to use libsqlite.so.
The use of the noicu variant is limited to Microdroid.
Bug: 201344281
Test: measure SystemServerTiming_StartLockSettingsService-total
Change-Id: I6ff123415cdc3e7494a7857864e04525322bc079
|
|
|
|
The run_as function allows a test with sufficient privileges to run a
closure as different identity given by a tuple of UID, GID, and SELinux
context. This is infrastructure in preparation for the keystore2 vts
test.
Test: keystore2_test_utils_test
Bug: 182508302
Change-Id: Ic1923028e5bc4ca4b1112e34669d52687450fd14
|
|
|
|
keystore has used libsqlite which was built with the ICU extension [1].
The extension brings huge (> 60MB) dependency to the i18n APEX which is
too big for microdroid. Since the use of sqlite in keystore doesn't
seem to require operations like upper/lower, sorting, and regex for all
unicode strings, drop the dependency to the i18n APEX.
[1] https://www.sqlite.org/src/file?name=ext/icu/README.txt
Bug: 199674764
Test: m
Change-Id: I1e7a83283c3e79e69793a2076c97bc1bf6b9e0bf
|
|
This simplifies things by removing code and unsafe blocks.
Test: Boot
Test: keystore2_vintf_test
Change-Id: I5858a2a25e0ee27e42ee9846d44762da2454f706
|
|
Add a trace callback and forward all log messages to the keystore2 logs
so that we catch any sqlite errors.
Test: keystore2_test, legacykeystore_test
Change-Id: I655a78153bc855678b9012b75dc522611e1ff671
|
|
* changes:
Migrate to the librustutils cutils bindings.
Migrate to the librustutils system property bindings.
|
|
Bug: 182498247
Test: Build
Change-Id: I0ab7fb092574c74b09c1b5b60e82ff776a214d53
|
|
Bug: 182498247
Test: Build
Change-Id: Ic16033d7f5e302a3cb7e591a0fa2ae403755fc2e
|
|
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: Ibeb4178f99857be75bb5f83a073a2d679058d921
|
|
This is purely a port: it does not add or change any functionality
(other than renaming the library).
Bug: 182498247
Test: Use library.
Change-Id: Ice0c07d5afcbdd2029775fd61eb04a6f7058fdcf
|
|
Keystore2 atoms need to be routed to statsd via a proxy.
The proxy needs to call this API in order to pull metrics from
keystore.
Bug: 188590587
Test: Statsd Testdrive script
Merged-In: I28f8675fe5467b0760418c4d2d87808e45657be1
Change-Id: I28f8675fe5467b0760418c4d2d87808e45657be1
|
|
It turns out there are more clients that use Keystore in a creative
way. This patch renames the VpnProfileStore to LegacyKeystore and
extends the functionality such that it allows access to all blobs with
alias prefixes that were not known to Keystore. It also brings back the
option to specify a uid argument. Specifically, for AID_SYSTEM to
manipulate the WIFI namespace.
Test: TBD
Bug: 191373871
Merged-In: Iaf81e7ccaee3c09a465dcec0fd5899b781c31db5
Change-Id: Iaf81e7ccaee3c09a465dcec0fd5899b781c31db5
|
|
* Fix keystore_cli_v2 and have it installed on the device by default
again.
* Fix confirmationui invocation test by statically linking dependencies.
Bug: 188450250
Test: atest confirmationui_invocation_test
run any keystore_cli_v2 command
Merged-In: I7097646b6714214782cf15c51dffb7368d62761b
Change-Id: I7097646b6714214782cf15c51dffb7368d62761b
|