It won't actually do anything until the 'bu' tool and framework are
updated to respond properly, but this is the adb side of the
necessary infrastructure: we copy the tarfile into the socket pointed
at the device, using the existing mechanisms.
Change-Id: Ic3b5779ade256bd1ad989a94b0685f7b1a7d59d2
frameworks/base
Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl
libcore
Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java
Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directory for system.
Added support for removing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java
Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algorithms doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java
TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Added private PKIXParameters contructor for use by
IndexedPKIXParameters to avoid wart of having to lookup and pass
a TrustAnchor to satisfy the super-class sanity check.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
luni/src/main/java/java/security/cert/PKIXParameters.java
packages/apps/CertInstaller
Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.
src/com/android/certinstaller/CertInstaller.java
Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.
AndroidManifest.xml
Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.
src/com/android/keychain/KeyChainService.java
packages/apps/Settings
Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.
src/com/android/settings/CredentialStorage.java
Added toast text value for failure case
res/values/strings.xml
system/core
Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.
rootdir/init.rc
Change-Id: I768ca8e8e990ff333ce0f7069a0935173498c5ed
Just pass them through to their specific GCC builtins. If we find
that the builtins are not performing well or have other issues, we can
pull in existing public implementations and/or write arch-specific
helpers if necessary.
Change-Id: I278e6b73d75fac88808ed4546070d288c06f79e0
Signed-off-by: Dima Zavin <dima@android.com>
Includes a version bump to make it possible to determine if a given
binary has this fix or not.
Bug: 4111855
Change-Id: I86d902a7fa0c4b906264141d2467b7bdddb61801
This patch moves the definition of ANativeWindow from frameworks/base into
system/core. We move ANativeWindow for two reasons.
Firstly, the native-window interface may need to be used by lower-level code
than the framework. Such code (such as the camera HAL) is not allowed to use
definitions from frameworks/base, since the latter is stacked on top of the
former. Thus moving (the interface definition) ANativeWindow under system/core
lowers the level at which we can work with windows.
Secondly, this enables an implementation of ANativeWindow that lies outside of
frameworks, enabling quick initial bringup of graphics.
Change-Id: I851b9bb2834bcec73255b5af82f66411e54bb1a5
Signed-off-by: Iliyan Malchev <malchev@google.com>
This patch moves camera- and graphics-related definitions out of the hardware
HAL layer and into system/core. These definitions are used both by the HAL and
by higher-level code as well. More functionality (e.g., audio definitions)
will be moved here as well.
Change-Id: I225f12374ce54fa393640dce53738267d0d703e9
Signed-off-by: Iliyan Malchev <malchev@google.com>
