This patch makes KeystoreKeyBackend Sync and uses a lazy static to cache
the back end in the permissions module.
Test: atest keystore2_test
Bug: 159466840
Change-Id: Ibc7851baede3506acbdf962e59c281fa16cfaf0e
This patch provides higher level functions to query Keystore 2.0
specific SEPolicy.
It provides abstractions for the permissions of the security classes
"keystore2" and "keystore2_key".
It also provides functions to check permission for general Keystore
requests as well as Keystore key and grant requests.
Bug: 159466840
Test: keystore2_test
Change-Id: Ie743cff76fe27f8ad96b2405f5d77b298ba35293
Provide safe wrappers around the libselinux API needed for keystore.
* getcon
* selinux_check_acces
* selabel_lookup
Test: keystore2_selinux_test
Test: keystore2_selinux_rust_bindings_host_test
Bug: 159466840
Change-Id: I73b4aa2e1da9b477965b10927eba069e6346ce6e
This patch adds #[derive(Debug, Copy, Clone, Eq, PartialEq)]
to android.security.keystore2.Result.
We only add these features by demand until the modified code is reliable
generated form AIDL.
Test: None
Change-Id: I79970df31b759845c0ecd7026925792d6786741a
This adds support for persisting the database on disk. Tests do not
do this to avoid race conditions (except for one test that ensures
that persistence works).
Bug: 159370859
Test: atest keystore2_test
Change-Id: Idaf23a271e269902f34c32509dfd923db08df067
The KeystoreDB struct contains the interface with sqlite.
This commit introduces the KeystoreDB object and a sqlite connection
but does not add any operations.
Bug: 159370859
Test: atest keystore2_test
Change-Id: Ie5ec091a01d25ecd520ac29be67117cc3c3fd83c
This is the third CL on sending keystore logging to statsd.
This creates the logs for key attestation events.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Merged-In: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790
Change-Id: I16cac8c4ee950adc330659dcb648052e8b2b41a2
This is the second CL on migrating keystore logging to statsd.
This migrates the logging for key operation events.
Three new ResponseCodes are added for the logging purpose of the
abort operations.
Test: Adding tests for logging is yet to be decided.
Change-Id: Iede72341b0f4c80199c9e16cef96a5d98bca8754
Merged-In: I68c1d89beeb733e4b6ba493b8d95935b7e73df60
This is the first CL on migrating keystore logging to use statsd.
This migrates the logging for key creation events
(generation/import).
A work-around is implemented to handle repeated fields via bitmaps
because statsd does not support repeated fields as of now.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Change-Id: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
Merged-In: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
This patch provides some convenience methods for error handling in
Keystore 2.0. Specifically, a way to convert errors into messages to the
client and logging errors.
Test: keystore2_test
Bug: 159378374
Change-Id: Ifa6b5745533863bfd76319bc991748a47453d31e
Adds an empty crate with a build config for libkeystore2 and the
keystore2 test.
Also add a TEST_MAPPING file setting up keystore2_test as presubmit
test.
Bug: 160623310
Test: keystore2_test
Change-Id: I2cda9a74a43422453cf5d1d44867107c9f0292bf
Recent versions of Clang will flag this use of `count` in namespace
`std` as ambiguous due to the existence of `std::count`. To remove this
problem, we can switch to the commonly used `N` for array sizes.
Bug: http://b/155835175
Test: m with aosp_blueline
Change-Id: I983180b6e2e94dadb095f531e13ea415468ee104
