Remove pregenerated file android_security_keystore2.rs and
reconfigure the build to use the generated target
android.security.keystore2-rust instead.
Test: keystore2_test
Change-Id: Iad24cab05ef35ccc766f7342225d4b79e8051ada
This CL provides the fix for the issue reported in b/169959923.
Bug: 169959923
Test: tested using statsd_testdrive script.
Change-Id: I3fe42e85abd0976782795ad4fa13a804702624d6
The list permission is special keystore2 permission that allows
callers to list arbitrary namespaces. It is not a key or namespace
specific permission.
Test: N/A
Merged-In: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
Change-Id: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
For communicating with keymint and SPI.
This CL also moves all test modules to the bottom of the file.
Bug: 167744352
Test: Unit tests
Change-Id: I085dbe68076ba361c4d89f63de87c3b2f05627bc
This breaks the code that tries to insert into a database with a
random id into a helper function, since it's now shared between two
functions.
Test: keystore2_test
Change-Id: Ib03b6082246120e6b3ff2a45b5bf8d324c40f7a7
This patch adds functionality for storing and loading key parameters.
It also normalizes import names of generated types by importing
SecurityLevel as SecurityLevelType.
It also breaks out loading blob components into its own helper
function.
Bug: 159370859
Test: keystore2_test
Change-Id: I2969c7c467cb3ae9cf8c283122a6f82f775cad37
This patch adds the following functionality:
* Add the perboot grant table along with grant and ungrant
API.
* Add the persistent blobentry table along with API
to add and load blob components.
* Tests for the new API surface.
Authoship note:
This patch has joined authorship by jgalenson@google.com
and jdanis@google.com
Bug: 159370859
Test: keystore2_test
Change-Id: Ie1c6bcfb0718b7fa6ea850697b43f7d4527b3e87
* changes:
Keystore2: Handle errors from binder service calls.
Keystore selinux and permission modules accept CStr instead of Context.
Remove aidl_generated.rs
Switch database module over to generated types.
This is required for handling Keymint errors received by the Keystore
service.
Test: keystore2_test
Change-Id: I7cf1b0d53db465a738c60594d929944379179836
The libselinux wrapper provides a Context struct, that conveniently
wraps and owns a context string as returned by libselinux. However,
libbinder_rs provides a non owned string with a lifetime bounded
by the currently ongoing transaction. So instead of accepting
a reference to an owning Context, the check_access function in the
libselinux wrapper as well as the higher level permission function in
the permission module accept &CStr now which Context can also deref
into.
Test: keystore2_test
Bug: 160623310
Change-Id: Ib99435134bcabfd9c7f3217f719f8ac21d0fd84e
Initializing the Keystore 2.0 database will now open the files
persistent.sql and perboot.sql. Tables are created, if they don't
exist, once per service startup instead of on every connection
instantiation. In the test situation we make use of the module
private visibility to create in-memory test databases or attaching
to a set of temporary files.
Test: keystore2_test
Bug: 159370859
Change-Id: I88594dabc72483779d980e81dbc05f2b7a687437
This patch also removes AidlResult form the error module.
The new version of the Keystore 2.0 AIDL spec requires that ResponseCode
and ErrorCode will be returned as service specific error, instead of the
Result type.
Test: keystore2_test
Change-Id: I6f730b282c84abc8be2e693e5d2c7053648d7588
This implements conversion methods on top of basic
keyparameter implementation in aosp/1350725
Bug: 159722691, 159723797, 161798431
Test: atest --host keystore2_tests.
Change-Id: I1457ae4cf4336ebc5bff2645bca55ad285a4449c
On certain device configurations the security level reported by the
Keymaster HAL differs from the security level understood in KeyStore.
Namely, on devices with only a software Keymaster, KeyStore will set it
in the TEE slot, and create a new in-process legacy Keymaster for the
software slot.
This change introduces a field to keymaster worker to represent the
security level that KeyStore understands this worker to operate on.
Bug: 167412989
Test: atest CtsKeystoreTestCases
Change-Id: Ifeaa4782913be45d89cdd175a02302c7dc318719
