tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
8233 commits 1 branch 0 tags 12 MiB
Commit graph

8233 commits

This branch
This branch
All branches
Author SHA1 Message Date
Chris Wailes
53a22af8e1 Fix errors from rustc 1.71.0 
Bug: 288268986
Test: m rust
Change-Id: If972c3856297978663642c60d162fcc504eb659d
 2023-07-12 17:02:47 -07:00
Robert Shih
d3c1f7c202 rkp_factory_extraction_tool: append drm CSRs 
Bug: 286556950
Test: rkp_factory_extraction_tool
Change-Id: I9fe2898c53012c6cd640e4504ca4d882481ea2a9
 2023-07-12 15:55:13 -07:00
Treehugger Robot
8595b2579a Merge "credstore: remove unused variable" into main am: 47617c1c0b 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2650401

Change-Id: Ic8b768b01891de3c33097ebbbd0e39a231270ce1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-10 21:00:59 +00:00
Treehugger Robot
47617c1c0b Merge "credstore: remove unused variable" into main 2023-07-10 20:21:01 +00:00
Devendra Singhi
c08a5ae0a0 keystore2_unsafe_fuzzer: Bug Fix 
Remove get_declared_instances API as it is not a part of the target module - libkeystore2

Bug: 287588482
Test: ./keystore2_unsafe_fuzzer clusterfuzz-testcase-minimized-keystore2_unsafe_fuzzer-5127790852636672

Change-Id: I7513955783f4877496f721f52b92970887bbad41
 2023-07-10 13:30:58 +05:30
Treehugger Robot
9c6aa45d65 Merge "Standardise safety comments for unsafe blocks." into main am: 51b4e481ed 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2652039

Change-Id: I9c9c6274ee159fcc15540ef741e0e1ac17e6c15c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-07 14:43:54 +00:00
Treehugger Robot
51b4e481ed Merge "Standardise safety comments for unsafe blocks." into main 2023-07-07 13:58:04 +00:00
Andrew Walbran
7f30e54158 Standardise safety comments for unsafe blocks. 
These will soon be required by a lint.

Bug: 290018030
Test: m pvmfw_bin
Change-Id: I4faf7eb14eb8825af542c2da886d93c096068cb6
 2023-07-07 13:42:25 +01:00
Eric Biggers
6ae155d8ee fsverity_init: remove unneeded functionality 
The --load-extra-key option to 'fsverity_init' was only used by odsign,
and --lock was only used by init.rc.  Since these uses have been
removed, remove the code that implemented these options as well.

Bug: 290064770
Test: presubmit
Change-Id: Iaad4b78926748f24dcaddecb27dc28e4c659a574
 2023-07-06 18:36:16 +00:00
Eric Biggers
31b4751a4d fsverity_init: cleanly support kernels without builtin sig support 
Since Android no longer uses fsverity builtin signatures, it's planned
to start configuring the kernel without
CONFIG_FS_VERITY_BUILTIN_SIGNATURES.  Therefore, make fsverity_init
cleanly handle the case of CONFIG_FS_VERITY_BUILTIN_SIGNATURES being
disabled.  Also document why fsverity_init still has to exist at all.

Bug: 290064770
Test: Booted Cuttlefish with android-mainline kernel with
      CONFIG_FS_VERITY_BUILTIN_SIGNATURES disabled.  Checked logcat for
      message indicating that 'fsverity_init --load-verified-keys'
      exited with status 0.
Change-Id: I0e232c9f4fb80f790ccafb03c10bb5dd5f24fe24
 2023-07-06 18:35:30 +00:00
Eric Biggers
5024ce5b46 Revert "fsverity_init: refactor into library + binary" 
This reverts commit 3fc82ead6b because the
only user of libfsverity_init other than fsverity_init has been removed.

(Don't add "liblogwrap" back to shared_libs, as it isn't needed.)

Bug: 290064770
Test: presubmit
Change-Id: Ia5a0e60a16c1f88974ceb4500084b0c3773d3e43
 2023-07-06 18:18:32 +00:00
Eric Biggers
7eb4bf7c37 credstore: remove unused variable 
Test: mmm system/security
Change-Id: I50f80bd823c9039eaa05cc724077f297af550462
 2023-07-06 17:45:32 +00:00
Eric Biggers
03ac914ac6 Merge changes Id970743f,I50643f5d am: 6055d11ab9 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2649242

Change-Id: I54e4549b4b618032d0243816d0861405be53266f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-06 17:24:38 +00:00
Eric Biggers
6055d11ab9 Merge changes Id970743f,I50643f5d 
* changes:
  ondevice-signing: merge createCertificate() into createSelfSignedCertificate()
  ondevice-signing: remove unused cert and signature code
 2023-07-06 16:44:39 +00:00
Eric Biggers
1ee88c7a3f ondevice-signing: merge createCertificate() into createSelfSignedCertificate() 
Since createSelfSignedCertificate() is now the only caller of
createCertificate(), merge createCertificate() into it.

Bug: 290064770
Test: atest odsign_e2e_tests_full
Change-Id: Id970743f1a3f3a3b7dd8a81da56c1e7b40959423
 2023-07-05 22:14:36 +00:00
Eric Biggers
17d4ec3973 ondevice-signing: remove unused cert and signature code 
Remove code that became unused due to the following commits:

- https://r.android.com/1988348
  ("Switch from compos_verify_key to compos_verify").

- https://r.android.com/2362310
  ("Stop adding cert of early boot key to fs-verity keyring")

Bug: 290064770
Test: atest odsign_e2e_tests_full
Change-Id: I50643f5ddf570d7185c577ec1d6bb8cd81c7af45
 2023-07-05 22:14:01 +00:00
Ludovic Barman
589fdae27b Merge "Update fsverity+odsign protos to protobuf3." am: d6f1ea3344 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2631029

Change-Id: Id8189b4f7f0a71c988d6580571018682bf957135
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-04 15:23:47 +00:00
Ludovic Barman
d6f1ea3344 Merge "Update fsverity+odsign protos to protobuf3." 2023-07-04 14:41:51 +00:00
Hasini Gunasinghe
eae69a6271 Adding an OWNERS file as requested in b/288143537 
This is just a copy of the OWNERS file in the parent directory with
only the members of the AHWS team filtered in, in the same order as the
parent file, except that eranm@ is added at the top of the list as
per go/atos-user-guide which says: First Owner in the OWNERS file should
be the person to triage the issues.

Bug: 288143537
Test: N/A
Change-Id: Ia9bb4773cb494e793ae3b4f0b18ebd90641051e2
 2023-06-30 21:42:52 +00:00
Robert Shih
33aacc2f06 Merge "Export rkp_factory_extraction_tool on ci" am: 919e4eb8b8 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2644756

Change-Id: I83924ebf5101abb7c51a2e2c79b2daabd42ef835
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-30 08:37:33 +00:00
Robert Shih
919e4eb8b8 Merge "Export rkp_factory_extraction_tool on ci" 2023-06-30 07:51:01 +00:00
Robert Shih
5b2d983609 Export rkp_factory_extraction_tool on ci 
Bug: 288957546
Test: TreeHugger
Change-Id: I1ef20e1e89dbec6d9b4807652b9fd8e009903aaf
 2023-06-29 19:18:40 +00:00
Matthew Maurer
954113c110 Merge "Bindgen 0.65.1 no longer supports size_t-is-usize" am: 36accbd957 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2640534

Change-Id: I2fdae73ed89210beaa3bfe3d14985cb5f2922b9b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-28 19:48:26 +00:00
Matthew Maurer
36accbd957 Merge "Bindgen 0.65.1 no longer supports size_t-is-usize" 2023-06-28 18:48:34 +00:00
Ludovic Barman
91907ce6b1 Update fsverity+odsign protos to protobuf3. 
Test: manual atest
Bug: 286984317
Change-Id: I9bcc1ad858b9076c1a08e9df06e15a599c28f92c
 2023-06-28 08:05:10 +00:00
Matthew Maurer
91a9763c5f Bindgen 0.65.1 no longer supports size_t-is-usize 
The flag has been a default, and now is not accepted.

Test: Treehugger, m rust
Bug: 279198502
Bug: 276464273
Change-Id: I71ebcdbd3606c5dc55bf3454acfba9cc55ad85dd
 2023-06-26 22:38:57 +00:00
Treehugger Robot
07fc29b1fd Merge "Added tests to attest keys with attestation id." am: 152dd52ee6 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2072814

Change-Id: I14a7f3c0af3ffdc394f19eff15d73ed50bbebb1c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-26 18:28:38 +00:00
Treehugger Robot
152dd52ee6 Merge "Added tests to attest keys with attestation id." 2023-06-26 17:46:13 +00:00
Rajesh Nyamagoud
a42dee61ce Added tests to attest keys with attestation id. 
- Generate an RSA/EC attested keys with attestation of the device's
  identifiers. Test should succeed in generatating a attested key with
  attestation of device identifier. Test might fail on devices which
  doesn't support device id attestation with error response code
  `CANNOT_ATTEST_IDS or INVALID_TAG`.

- Try to generate an attested key with attestation of invalid device's
  identifiers. Test should fail with error response `CANNOT_ATTEST_IDS`

- Test to make sure `CANNOT_ATTEST_IDS` error code is returned while
  trying to generate a key on a device which doesn't support
  `FEATURE_DEVICE_ID_ATTESTATION`.

Bug: 194359114
Test: atest keystore2_client_test
Change-Id: Ib57c58d3ea89279eb69db342c3343b8d99ddc639
 2023-06-20 19:07:27 +00:00
David Drysdale
4e38abe492 Merge "keystore: log receipt of auth tokens" am: cdeb7302af am: 7bb448fa2b am: 9123b585c2 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2628119

Change-Id: Ibca9686587ff0399c9d1b59ceef9d43239029eec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-16 06:31:32 +00:00
David Drysdale
9123b585c2 Merge "keystore: log receipt of auth tokens" am: cdeb7302af am: 7bb448fa2b 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2628119

Change-Id: Ie7717ee6d4a2477f44ad3223872f8d4ef72406c0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-16 06:07:41 +00:00
David Drysdale
7bb448fa2b Merge "keystore: log receipt of auth tokens" am: cdeb7302af 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2628119

Change-Id: I606835e31c4c2c23101188442bcf5cc543f75428
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-16 05:48:07 +00:00
David Drysdale
cdeb7302af Merge "keystore: log receipt of auth tokens" 2023-06-16 05:22:30 +00:00
Marcin Radomski
be0421a601 Merge "audit_log.rs: handle Results in LogContext handling" am: 402750dae1 am: 69bfd9e86a am: 8ab3d975c9 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2625929

Change-Id: Idefaf4eca3e097f732ab164b756346351950d418
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-15 16:56:58 +00:00
Marcin Radomski
8ab3d975c9 Merge "audit_log.rs: handle Results in LogContext handling" am: 402750dae1 am: 69bfd9e86a 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2625929

Change-Id: Id79dedfbf799359e09b5de800268d750ad335060
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-15 16:12:11 +00:00
Marcin Radomski
69bfd9e86a Merge "audit_log.rs: handle Results in LogContext handling" am: 402750dae1 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2625929

Change-Id: I2204328271c3f6aab4ec003a7dfe51fc6fd35532
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-15 15:05:01 +00:00
Marcin Radomski
402750dae1 Merge "audit_log.rs: handle Results in LogContext handling" 2023-06-15 14:29:35 +00:00
David Drysdale
bf2d72f6e4 keystore: log receipt of auth tokens 
Various recent bugs would have been easier to investigate if the auth
tokens received by keystore were logged.

Test: adb logcat while lock/unlock
Bug: 285328437
Bug: 284802403
Change-Id: Ia955d344a2bb47820c0616cc1b9784f5fcbecb0a
 2023-06-15 13:38:36 +01:00
Marcin Radomski
b948e92b70 audit_log.rs: handle Results in LogContext handling 
The Rust liblog_event_list API used to silently ignore any errors
reported by liblog. aosp/2617613 attempts to make the operations
propagate the failure instead.

Note that this introduces a subtle behavior change: when *creating the
log record* fails, the API with Results does not allow submitting a
partially constructed log. Otherwise, the result of the write operation
is ignored as it was before.

Bug: 282691103
Test: m
Test: atest keystore2_test
Change-Id: I7c43100149b4ca831050af0a9229b95d2f7f8392
 2023-06-14 13:44:04 +00:00
Pawan Wagh
d9d609277b Merge "Adding AIDL Service fuzzer for identity service" am: 4468e1458a am: 086d548832 am: 40e5805cba 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2619161

Change-Id: Ic238e3a7b878848cefb45dcd853cc5a240f608eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 18:03:16 +00:00
Pawan Wagh
40e5805cba Merge "Adding AIDL Service fuzzer for identity service" am: 4468e1458a am: 086d548832 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2619161

Change-Id: I750bb688862b319a2ba793e0016f236775e5ac4d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 17:18:48 +00:00
Pawan Wagh
086d548832 Merge "Adding AIDL Service fuzzer for identity service" am: 4468e1458a 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2619161

Change-Id: I76f38628f1bd95b7af162676f44569ec413b9cc1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 16:39:25 +00:00
Pawan Wagh
4468e1458a Merge "Adding AIDL Service fuzzer for identity service" 2023-06-13 15:30:53 +00:00
Pawan Wagh
c14ae0d81f Adding AIDL Service fuzzer for identity service 
Test: m credstore_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/credstore_service_fuzzer/credstore_service_fuzzer
Test: atest android.security.identity.cts
Bug: 232439428
Change-Id: I57494ad6a17e1a4a9dcb80d778edfd77a892790a
 2023-06-12 20:31:57 +00:00
Treehugger Robot
5450cd289f Merge "Adding tests to verify EVP_PKEY_from_keystore2 API [Keystore2-engine]." am: 96947c9d89 am: ebc0be13aa am: 610b646a34 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2518307

Change-Id: I8ed5e94c9e970d6d5a0435f8b83accbe8c83ca52
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 19:39:49 +00:00
Treehugger Robot
610b646a34 Merge "Adding tests to verify EVP_PKEY_from_keystore2 API [Keystore2-engine]." am: 96947c9d89 am: ebc0be13aa 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2518307

Change-Id: I7b5bb0a7f5648351a697fe6320c3b2d2b7ebc3e5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 18:55:59 +00:00
Treehugger Robot
ebc0be13aa Merge "Adding tests to verify EVP_PKEY_from_keystore2 API [Keystore2-engine]." am: 96947c9d89 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2518307

Change-Id: I59daff060d7c022506eec79caed59ed0286a5702
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-09 18:08:53 +00:00
Treehugger Robot
96947c9d89 Merge "Adding tests to verify EVP_PKEY_from_keystore2 API [Keystore2-engine]." 2023-06-09 17:23:00 +00:00
Treehugger Robot
bef0ff4f5a Merge "Fix keystore2 crash counting" am: 1600dc1a47 am: 91a058df4e am: 639911cd0e 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2610327

Change-Id: Id5c2adf15ca30794fc5b9e5e80863c6a6af6c987
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-05 18:38:00 +00:00
Nathan Huckleberry
dffe8c1f61 Merge changes from topic "super-key-cleanups" am: efb59be97a am: f72bab5cf6 am: f2e91ffaf7 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2585605

Change-Id: Ie1fd5f205bfa14a5e15244fdf62d91d9113706f1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-05 18:37:24 +00:00