Add C++ versions of the BoringSSL crypto functions we need (copied
from keystore) and create Rust wrappers for them.
Test: atest keystore2_test
Change-Id: I21ff8630df26ca73ae36395c5303270e96a6deb6
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to remove
from the unsupported list.
Bug: 170729553
Test: Treehugger
Change-Id: I54fce50d3fb9d3ba02eae312c478bac419a46ede
This patch makes the keystore2 daemon start conditionally based on the
platform property ro.android.system.keystore2.enable.
This is patch can be reverted when the Keystore 2.0 migration is
complete. b/171563717
Bug: 171563717
Bug: 171305684
Test: The keystore2 daemon is running if the property
ro.android.system.keystore2.enable is set and true
and not running otherwise.
Change-Id: I2b3d6c70f45f3dafb9edb6f2f6960be94e13ed20
This patch adds a boilerplate Keystore 2.0 service. It is configured to
run on the device but does not provide any useful service yet.
It provides basic functionality for generating, importing and using
keys, but it still lacks full Keystore functionality.
Test: VtsKeystore2V1_0TargetTest (in followup CL)
Bug: 160623310
Bug: 160930114
Bug: 160930117
Bug: 160930331
Bug: 159465122
Change-Id: I7dfa2f2f63f4da3af620aff2ec99c0cba3bda6fd
These two files add some utility functions and a thread local reference
to a database connection.
Test: None
Change-Id: I34fdf977deb233571b9a0c6d50da20e47593d6a5
The aidl to rust generator now generates tuple structs with associated
constants as variants. This patch adjusts the existing Keystore 2.0
codebase to this change.
In the process one more variant was added to the
implement_key_parameter_conversion_to_from_wire! macro and the
indentation was fixed.
Test: keystore2_test
Change-Id: I2639c76d4da7401f6799180e1bfcb3e420341628
Remove pregenerated file android_security_keystore2.rs and
reconfigure the build to use the generated target
android.security.keystore2-rust instead.
Test: keystore2_test
Change-Id: Iad24cab05ef35ccc766f7342225d4b79e8051ada
This CL provides the fix for the issue reported in b/169959923.
Bug: 169959923
Test: tested using statsd_testdrive script.
Change-Id: I3fe42e85abd0976782795ad4fa13a804702624d6
The list permission is special keystore2 permission that allows
callers to list arbitrary namespaces. It is not a key or namespace
specific permission.
Ignore-AOSP-First: This needs to land in googleplex first to updated
prebuilt vendor images. Otherwise it breaks
aosp-with-phone builds.
Test: N/A
Change-Id: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
The list permission is special keystore2 permission that allows
callers to list arbitrary namespaces. It is not a key or namespace
specific permission.
Test: N/A
Merged-In: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
Change-Id: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
For communicating with keymint and SPI.
This CL also moves all test modules to the bottom of the file.
Bug: 167744352
Test: Unit tests
Change-Id: I085dbe68076ba361c4d89f63de87c3b2f05627bc
This breaks the code that tries to insert into a database with a
random id into a helper function, since it's now shared between two
functions.
Test: keystore2_test
Change-Id: Ib03b6082246120e6b3ff2a45b5bf8d324c40f7a7
This patch adds functionality for storing and loading key parameters.
It also normalizes import names of generated types by importing
SecurityLevel as SecurityLevelType.
It also breaks out loading blob components into its own helper
function.
Bug: 159370859
Test: keystore2_test
Change-Id: I2969c7c467cb3ae9cf8c283122a6f82f775cad37
This patch adds the following functionality:
* Add the perboot grant table along with grant and ungrant
API.
* Add the persistent blobentry table along with API
to add and load blob components.
* Tests for the new API surface.
Authoship note:
This patch has joined authorship by jgalenson@google.com
and jdanis@google.com
Bug: 159370859
Test: keystore2_test
Change-Id: Ie1c6bcfb0718b7fa6ea850697b43f7d4527b3e87
* changes:
Keystore2: Handle errors from binder service calls.
Keystore selinux and permission modules accept CStr instead of Context.
Remove aidl_generated.rs
Switch database module over to generated types.
This is required for handling Keymint errors received by the Keystore
service.
Test: keystore2_test
Change-Id: I7cf1b0d53db465a738c60594d929944379179836
The libselinux wrapper provides a Context struct, that conveniently
wraps and owns a context string as returned by libselinux. However,
libbinder_rs provides a non owned string with a lifetime bounded
by the currently ongoing transaction. So instead of accepting
a reference to an owning Context, the check_access function in the
libselinux wrapper as well as the higher level permission function in
the permission module accept &CStr now which Context can also deref
into.
Test: keystore2_test
Bug: 160623310
Change-Id: Ib99435134bcabfd9c7f3217f719f8ac21d0fd84e
