tequilaOS/platform_system_security

Author	SHA1	Message	Date
Bill Yi	3255773023	Merge android10-qpr2-s3-release to aosp/master - DO NOT MERGE Change-Id: Ic781131f8d6c84feacd1df31c5dbdd5533c3f24c	2020-05-04 20:39:43 -07:00
Bob Badour	9c0e949ab6	Merge "Add METADATA to system/security: Apache2+BSD=NOTICE" am: `e3541e4d06` Change-Id: I2ff04b88683d6b8924c0cd723cd236555e9a0048	2020-05-04 21:13:20 +00:00
Bob Badour	e3541e4d06	Merge "Add METADATA to system/security: Apache2+BSD=NOTICE"	2020-05-04 20:59:03 +00:00
Bob Badour	79e967ba2a	Add METADATA to system/security: Apache2+BSD=NOTICE Bug: 68860345 Bug: 69058154 Bug: 151953481 Test: no code changes Change-Id: I786f81a9f28b8e86062031d0479310fd432e9851	2020-05-04 13:15:58 -07:00
Treehugger Robot	12f022687f	Merge "Allow attest to device properties" am: `572c579ee3` Change-Id: I49fcf841b10d8f3f56031f88a4da417921595b63	2020-05-04 15:48:43 +00:00
Treehugger Robot	572c579ee3	Merge "Allow attest to device properties"	2020-05-04 15:31:19 +00:00
Dorin Drimus	4b7a7fb5f8	Allow attest to device properties Attesting (only) to device properties is allowed without special permission (android.permission.READ_PRIVILEGED_PHONE_STATE) since base device properties should be accessible to everyone. For unique identifying IDs attestation the permission is still needed. Test: atest CtsKeystoreTestCases Bug: 152945378 Change-Id: I8395e0c18cfc91916a172d20dd6049c7c027e8d9	2020-05-01 16:45:29 +00:00
David Zeuthen	bd3da07a5b	Merge "credstore: Pass additional information to Identity Credential HAL." am: `50678f526b` Change-Id: I787a17e5f0e470c182249476a06f1f2a8c3a7e2a	2020-04-29 23:47:43 +00:00
David Zeuthen	50678f526b	Merge "credstore: Pass additional information to Identity Credential HAL."	2020-04-29 23:41:41 +00:00
David Zeuthen	e2a78a48c0	credstore: Pass additional information to Identity Credential HAL. Without this extra information passed upfront it's not practical to implement a HAL which incrementally builds up cryptographically authenticated data. This information is conveyed by using two new methods on version 2 of the Identity Credential HAL. If these methods are not implemented (if a version 1 HAL is running) the invocation fails and we handle this gracefully by just ignoring the error. Bug: 154631410 Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: I17d516e41e800f58daa4c11dcca0305c80740d5b	2020-04-29 09:52:51 -04:00
Treehugger Robot	b5870ab9dc	Merge "Also load fs-verity cert from /system/etc/security/fsverity/" am: `da132924a0` Change-Id: I94c8611fee105f9ab5b5882ff6e67d5b210ead6e	2020-04-14 23:05:29 +00:00
Treehugger Robot	da132924a0	Merge "Also load fs-verity cert from /system/etc/security/fsverity/"	2020-04-14 22:50:59 +00:00
Xin Li	cf3c514f79	DO NOT MERGE - Empty merge qt-qpr1-dev-plus-aosp into stag-aosp-master Bug: 151763422 Change-Id: I8b1de23d7b2d5bbd98859531529ca9f2e3920849	2020-04-09 17:51:29 -07:00
Victor Hsieh	753ac2a34b	Also load fs-verity cert from /system/etc/security/fsverity/ Bug: 153112812 Test: able to use the new cert after reboot Change-Id: I01085913f81898592a3a1edcaa97aff6dc8ac89c	2020-04-03 15:30:09 -07:00
Xin Li	1e933e5f5c	DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp@6304901 into stage-aosp-master am: `783cebfdbc` Change-Id: I1755589989b35d4add98d87fce5092e8d18359bb	2020-03-20 18:32:34 +00:00
Xin Li	783cebfdbc	DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp@6304901 into stage-aosp-master Bug: 151763422 Change-Id: I8bbb12db6494ceb2925a0126f72f03b04b6f20eb	2020-03-19 10:10:44 -07:00
android-build-team Robot	bbbd112dfb	Merge cherrypicks of [10745155, 10743283, 10746098, 10735615, 10743284, 10745369, 10745156, 10745157, 10746136, 10746137, 10745215, 10746138, 10745216, 10745217, 10746139, 10745218, 10743285, 10746118, 10746119, 10745827, 10745158, 10745159, 10743224, 10743225, 10745492] into qt-qpr2-release Change-Id: I16583efcd9db10fd33938f0dbf4cf3adf6a98a18	2020-03-19 04:53:27 +00:00
Janis Danisevskis	1642dc0039	Add permission check on onKeyguardVisibilityChanged Without this permission check any app can toggle the locked state of keymaster once it has been unlocked for the first time. Bug: 144285084 Test: Manually tested with debugger that the requred code paths are run. Merged-In: Idb8a200dc2963e1085e9fddd0c565c5172465e65 Change-Id: Idb8a200dc2963e1085e9fddd0c565c5172465e65 (cherry picked from commit `21f452c372`) (cherry picked from commit `aad9178b57`)	2020-03-19 04:53:04 +00:00
Automerger Merge Worker	35cc0d0309	[automerger skipped] Add permission check on onKeyguardVisibilityChanged am: `3cac4c660a` -s ours am: `092ed74fbd` -s ours am: `7033e889be` -s ours am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 `ed9a255fc6` is in history Change-Id: I2d38d3f8a335fd20e96d91170bb53cd8562e8605	2020-03-12 01:15:03 +00:00
Automerger Merge Worker	7033e889be	[automerger skipped] Add permission check on onKeyguardVisibilityChanged am: `3cac4c660a` -s ours am: `092ed74fbd` -s ours am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 `ed9a255fc6` is in history Change-Id: Iba53a6f79c445039c711e1b4683714183dda14f6	2020-03-12 00:55:55 +00:00
Automerger Merge Worker	092ed74fbd	[automerger skipped] Add permission check on onKeyguardVisibilityChanged am: `3cac4c660a` -s ours am skip reason: skipped by user jdanis Change-Id: I404d35d60df4eb7630ded0759086750aaccfa85d	2020-03-12 00:40:04 +00:00
Automerger Merge Worker	18cf3bd23d	[automerger skipped] Add permission check on onKeyguardVisibilityChanged am: `ed9a255fc6` -s ours am: `6b4ea906b3` -s ours am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 `86022f2ab8` is in history Change-Id: I3049e82171c69c2b4d23a157218b989e4d9c59c4	2020-03-12 00:39:59 +00:00
Automerger Merge Worker	b7a3bc85b3	[automerger skipped] Add permission check on onKeyguardVisibilityChanged am: `aad9178b57` -s ours am skip reason: skipped by user jdanis Change-Id: Id71ef84fa6c9f0c0112639ff21206921f8bbf660	2020-03-12 00:39:43 +00:00
Automerger Merge Worker	6b4ea906b3	[automerger skipped] Add permission check on onKeyguardVisibilityChanged am: `ed9a255fc6` -s ours am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 `aad9178b57` is in history Change-Id: I27da261e0838c804115fb72ba02495619c5cc824	2020-03-11 23:22:43 +00:00
Janis Danisevskis	a6eaaf427b	Merge "Add permission check on onKeyguardVisibilityChanged" into qt-qpr1-dev-plus-aosp	2020-03-11 23:06:20 +00:00
Automerger Merge Worker	3196336ea7	Merge "Stop reading fs-verity certificate from keystore" am: `21b6c38fa0` am: `d26b301d8b` Change-Id: Ieddef0ad1caaea59acc22f3d8b2566fffd031daf	2020-03-09 20:32:00 +00:00
Automerger Merge Worker	97cb30027a	Merge "Revert "Make keystore a core service"" am: `4b6865baa0` am: `181826633e` Change-Id: Ia3defe8f38353b561d8719d5b3b40373ad1e3cd9	2020-03-09 20:31:40 +00:00
Automerger Merge Worker	d26b301d8b	Merge "Stop reading fs-verity certificate from keystore" am: `21b6c38fa0` Change-Id: I1225c319b281b6bdc63bac44d55fbf06e3943b9f	2020-03-09 20:15:54 +00:00
Automerger Merge Worker	181826633e	Merge "Revert "Make keystore a core service"" am: `4b6865baa0` Change-Id: Id6a961dc1bfec6083c9f749984ca1b0c213126eb	2020-03-09 20:15:24 +00:00
Treehugger Robot	21b6c38fa0	Merge "Stop reading fs-verity certificate from keystore"	2020-03-09 19:42:41 +00:00
Treehugger Robot	4b6865baa0	Merge "Revert "Make keystore a core service""	2020-03-09 19:41:43 +00:00
Automerger Merge Worker	edb3cfac3e	Merge "credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval()." am: `37d5b94d14` am: `567cff88a1` Change-Id: I097ab43d8c6e14a625d488fcaa48183fa1a27453	2020-02-28 15:33:41 +00:00
Automerger Merge Worker	567cff88a1	Merge "credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval()." am: `37d5b94d14` Change-Id: I955a93741dd2eea92e2d13822b6d982029ea7355	2020-02-28 15:22:35 +00:00
Treehugger Robot	37d5b94d14	Merge "credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval()."	2020-02-28 15:08:41 +00:00
David Zeuthen	55975ecbcf	credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval(). The implementation of the Identity Credential TA in constrained environments may need to incrementally update the HMAC-SHA256 of DeviceAuthencation CBOR to avoid keeping the entire CBOR structure in memory. To do this they need to calculate the derived key before starting to build the CBOR so they need access to the signingKey earlier on. Update credstore to pass the signingKey earlier. Bug: 150390415 Test: atest android.security.identity.cts Test: VtsHalIdentityTargetTest Change-Id: If2479a10f80fba748591c30aa7b8662e1063787e	2020-02-27 14:32:55 -05:00
Victor Hsieh	2bcd5376ec	Stop reading fs-verity certificate from keystore We punting support for extra certificate to S. Test: boot Bug: 112038744 Change-Id: I3bc342a7df0c47c02494ef6fdae24e7ad00a8507	2020-02-26 12:39:15 -08:00
Victor Hsieh	19f1caefba	Revert "Make keystore a core service" This reverts commit `7fd8e853e9`. Test: still see keystore process running Bug: 112038744 Bug: 150267620 Change-Id: I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18	2020-02-26 12:37:41 -08:00
Automerger Merge Worker	a970ec3877	Merge "Revert "Making software km implementation both backup and default"" am: `24dce34ad5` am: `4f0fd48c01` Change-Id: Ibf9b3f005e55400ac2c2a1f02e499950438a53df	2020-02-20 14:32:32 +00:00
Automerger Merge Worker	4f0fd48c01	Merge "Revert "Making software km implementation both backup and default"" am: `24dce34ad5` Change-Id: I19932e3111b573ec45d7a36e145bbdb804f043b5	2020-02-20 14:16:40 +00:00
Wale Ogunwale	24dce34ad5	Merge "Revert "Making software km implementation both backup and default""	2020-02-20 14:05:52 +00:00
Wale Ogunwale	ba61bbbc0b	Revert "Making software km implementation both backup and default" This reverts commit `cfc8b73b67`. Reason for revert: Causing pre-submit failure with window manager Bug: 148773266 Bug: 149892576 Change-Id: I1acd288aa1a1cb004d1118b7db775511a2cda344	2020-02-20 12:35:36 +00:00
Automerger Merge Worker	10938d3e26	Merge "Port credstore to IdentityCredential AIDL." am: `c092adeb2b` am: `4718a821b3` Change-Id: I88470d983520d63de2aa25c775187fcd05f05c6e	2020-02-19 22:38:30 +00:00
Automerger Merge Worker	4718a821b3	Merge "Port credstore to IdentityCredential AIDL." am: `c092adeb2b` Change-Id: Ie497c7c1f9e38a88411ba7acab83f4ee85ddbb84	2020-02-19 22:23:14 +00:00
David Zeuthen	c092adeb2b	Merge "Port credstore to IdentityCredential AIDL."	2020-02-19 21:14:41 +00:00
Automerger Merge Worker	81ff06ea77	Merge "Making software km implementation both backup and default" am: `67be8d72bf` am: `803b6971a7` Change-Id: Ib11f2cc51a2a262642911f2fff6da65f25c6fa63	2020-02-19 18:44:03 +00:00
Automerger Merge Worker	803b6971a7	Merge "Making software km implementation both backup and default" am: `67be8d72bf` Change-Id: Ie1a107c4904e8bcd507ec5d25cb61f98fe09f0b5	2020-02-19 18:32:18 +00:00
Treehugger Robot	67be8d72bf	Merge "Making software km implementation both backup and default"	2020-02-19 18:20:06 +00:00
Max Bires	cfc8b73b67	Making software km implementation both backup and default If there were no secure keymasters on a device, but software keymasters offered, then keystore would shuffle the software keymaster to the TRUSTED_ENVIRONMENT securityLevel keymaster slot and generate a software fallback keymaster. This change lets the software keymaster slot occupy both the default and software slot. A fallback keymaster implementation should only be invoked if there actually is no other keymaster implementation. Bug: 148773266 Test: atest KeyChainTests:com.android.keychain.tests.BasicKeyChainServiceTest#testAttestKeySucceedsOnGeneratedKey -- --abi x86 Change-Id: Ia845b6d8be85dcd6dfd3aecbb1dbda972e9cfff2	2020-02-16 15:24:34 -08:00
David Zeuthen	a6f9fba382	Port credstore to IdentityCredential AIDL. Bug: 111446262 Test: atest android.security.identity.cts Test: VtsHalIdentityTargetTest Test: android.hardware.identity-support-lib-test Change-Id: I338b35f57f2bb7345c3f8f0c608c7a6213a0dc6b	2020-02-14 13:41:52 -05:00
Automerger Merge Worker	de4f404080	Merge "Update keystore to use KM4.1." am: `c0ef4595c8` am: `840fd26eb0` Change-Id: Ib93cb21f1ebf8bf73b9aedf74a1b05d186f2cf1e	2020-02-12 01:11:28 +00:00

1 2 3 4 5 ...

2065 commits