tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
2260 commits 1 branch 0 tags 12 MiB
Commit graph

2260 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dorin Drimus
2f43a6a754 Allow device properties attestation in attestKey 
Allow base device properties that are not unique IDs and don't
require special permission to be attested from any process.

Test: atest CtsKeystoreTestCases
Bug: 152945378
Change-Id: I45eeda0eac725fd0ad28caf25a5a183fe117fabb
 2020-05-05 19:19:24 +02:00
Bill Yi
3255773023 Merge android10-qpr2-s3-release to aosp/master - DO NOT MERGE 
Change-Id: Ic781131f8d6c84feacd1df31c5dbdd5533c3f24c
 2020-05-04 20:39:43 -07:00
Bob Badour
2b3e1f4218 Merge "Add METADATA to system/security: Apache2+BSD=NOTICE" am: e3541e4d06 am: 9c0e949ab6 
Change-Id: I45b944465d2c86c6fd83a4c90a1d7b3e0dc5bd0d
 2020-05-04 21:27:26 +00:00
Bob Badour
9c0e949ab6 Merge "Add METADATA to system/security: Apache2+BSD=NOTICE" am: e3541e4d06 
Change-Id: I2ff04b88683d6b8924c0cd723cd236555e9a0048
 2020-05-04 21:13:20 +00:00
Bob Badour
e3541e4d06 Merge "Add METADATA to system/security: Apache2+BSD=NOTICE" 2020-05-04 20:59:03 +00:00
Bob Badour
79e967ba2a Add METADATA to system/security: Apache2+BSD=NOTICE 
Bug: 68860345
Bug: 69058154
Bug: 151953481

Test: no code changes
Change-Id: I786f81a9f28b8e86062031d0479310fd432e9851
 2020-05-04 13:15:58 -07:00
Treehugger Robot
ed29c609bb Merge "Allow attest to device properties" am: 572c579ee3 am: 12f022687f 
Change-Id: I52db51d0c1b5ce927bd0e41eea906a1e73db85c7
 2020-05-04 16:04:46 +00:00
Treehugger Robot
12f022687f Merge "Allow attest to device properties" am: 572c579ee3 
Change-Id: I49fcf841b10d8f3f56031f88a4da417921595b63
 2020-05-04 15:48:43 +00:00
Treehugger Robot
572c579ee3 Merge "Allow attest to device properties" 2020-05-04 15:31:19 +00:00
Dorin Drimus
4b7a7fb5f8 Allow attest to device properties 
Attesting (only) to device properties is allowed without special
permission (android.permission.READ_PRIVILEGED_PHONE_STATE) since
base device properties should be accessible to everyone. For
unique identifying IDs attestation the permission is still needed.

Test: atest CtsKeystoreTestCases
Bug: 152945378
Change-Id: I8395e0c18cfc91916a172d20dd6049c7c027e8d9
 2020-05-01 16:45:29 +00:00
David Zeuthen
fd0e7764ef Merge "credstore: Pass additional information to Identity Credential HAL." am: 50678f526b am: bd3da07a5b 
Change-Id: Iae0f5bcf9542de384bf9f8734c130c9f49b7d5b9
 2020-04-30 00:00:23 +00:00
David Zeuthen
bd3da07a5b Merge "credstore: Pass additional information to Identity Credential HAL." am: 50678f526b 
Change-Id: I787a17e5f0e470c182249476a06f1f2a8c3a7e2a
 2020-04-29 23:47:43 +00:00
David Zeuthen
50678f526b Merge "credstore: Pass additional information to Identity Credential HAL." 2020-04-29 23:41:41 +00:00
David Zeuthen
e2a78a48c0 credstore: Pass additional information to Identity Credential HAL. 
Without this extra information passed upfront it's not practical to
implement a HAL which incrementally builds up cryptographically
authenticated data.

This information is conveyed by using two new methods on version 2 of
the Identity Credential HAL. If these methods are not implemented (if
a version 1 HAL is running) the invocation fails and we handle this
gracefully by just ignoring the error.

Bug: 154631410
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts

Change-Id: I17d516e41e800f58daa4c11dcca0305c80740d5b
 2020-04-29 09:52:51 -04:00
Treehugger Robot
e25e99247d Merge "Also load fs-verity cert from /system/etc/security/fsverity/" am: da132924a0 am: b5870ab9dc 
Change-Id: I968b6756582f8135d229490c57809ad1b3e10f55
 2020-04-14 23:27:15 +00:00
Treehugger Robot
b5870ab9dc Merge "Also load fs-verity cert from /system/etc/security/fsverity/" am: da132924a0 
Change-Id: I94c8611fee105f9ab5b5882ff6e67d5b210ead6e
 2020-04-14 23:05:29 +00:00
Treehugger Robot
da132924a0 Merge "Also load fs-verity cert from /system/etc/security/fsverity/" 2020-04-14 22:50:59 +00:00
Xin Li
4b28fdb1f0 [automerger skipped] DO NOT MERGE - Empty merge qt-qpr1-dev-plus-aosp into stag-aosp-master am: cf3c514f79 -s ours 
am skip reason: subject contains skip directive

Change-Id: Ib2adfbdb270ae0b0311c483626eb30151ad29542
 2020-04-10 03:26:12 +00:00
Xin Li
cf3c514f79 DO NOT MERGE - Empty merge qt-qpr1-dev-plus-aosp into stag-aosp-master 
Bug: 151763422
Change-Id: I8b1de23d7b2d5bbd98859531529ca9f2e3920849
 2020-04-09 17:51:29 -07:00
Victor Hsieh
753ac2a34b Also load fs-verity cert from /system/etc/security/fsverity/ 
Bug: 153112812
Test: able to use the new cert after reboot
Change-Id: I01085913f81898592a3a1edcaa97aff6dc8ac89c
 2020-04-03 15:30:09 -07:00
Xin Li
1e933e5f5c DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp@6304901 into stage-aosp-master am: 783cebfdbc 
Change-Id: I1755589989b35d4add98d87fce5092e8d18359bb
 2020-03-20 18:32:34 +00:00
Xin Li
31451a1742 [automerger skipped] DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp@6304901 into stage-aosp-master am: 783cebfdbc -s ours 
am skip reason: subject contains skip directive

Change-Id: I4fa0e742ef50dbb885b5ea5486f6decb903eb3e6
 2020-03-20 18:32:02 +00:00
Xin Li
783cebfdbc DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp@6304901 into stage-aosp-master 
Bug: 151763422
Change-Id: I8bbb12db6494ceb2925a0126f72f03b04b6f20eb
 2020-03-19 10:10:44 -07:00
android-build-team Robot
bbbd112dfb Merge cherrypicks of [10745155, 10743283, 10746098, 10735615, 10743284, 10745369, 10745156, 10745157, 10746136, 10746137, 10745215, 10746138, 10745216, 10745217, 10746139, 10745218, 10743285, 10746118, 10746119, 10745827, 10745158, 10745159, 10743224, 10743225, 10745492] into qt-qpr2-release 
Change-Id: I16583efcd9db10fd33938f0dbf4cf3adf6a98a18
 2020-03-19 04:53:27 +00:00
Janis Danisevskis
1642dc0039 Add permission check on onKeyguardVisibilityChanged 
Without this permission check any app can toggle the locked state of
keymaster once it has been unlocked for the first time.

Bug: 144285084
Test: Manually tested with debugger that the requred code paths are
      run.

Merged-In: Idb8a200dc2963e1085e9fddd0c565c5172465e65
Change-Id: Idb8a200dc2963e1085e9fddd0c565c5172465e65
(cherry picked from commit 21f452c372)
(cherry picked from commit aad9178b57)
 2020-03-19 04:53:04 +00:00
Automerger Merge Worker
adfdb18872 [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: 3cac4c660a -s ours am: 092ed74fbd -s ours am: 7033e889be -s ours am: fc96b70b56 -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 ed9a255fc6 is in history

Change-Id: I6e5bfc719de7b22480bd8b4e2fcd39babeb28af7
 2020-03-12 01:27:13 +00:00
Automerger Merge Worker
35cc0d0309 [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: 3cac4c660a -s ours am: 092ed74fbd -s ours am: 7033e889be -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 ed9a255fc6 is in history

Change-Id: I2d38d3f8a335fd20e96d91170bb53cd8562e8605
 2020-03-12 01:15:03 +00:00
Automerger Merge Worker
fc96b70b56 [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: 3cac4c660a -s ours am: 092ed74fbd -s ours am: 7033e889be -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 ed9a255fc6 is in history

Change-Id: I454e27a7acbfdd5f43608df0f35871079d4cb3ac
 2020-03-12 01:14:43 +00:00
Automerger Merge Worker
7033e889be [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: 3cac4c660a -s ours am: 092ed74fbd -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 ed9a255fc6 is in history

Change-Id: Iba53a6f79c445039c711e1b4683714183dda14f6
 2020-03-12 00:55:55 +00:00
Automerger Merge Worker
092ed74fbd [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: 3cac4c660a -s ours 
am skip reason: skipped by user jdanis

Change-Id: I404d35d60df4eb7630ded0759086750aaccfa85d
 2020-03-12 00:40:04 +00:00
Automerger Merge Worker
18cf3bd23d [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: ed9a255fc6 -s ours am: 6b4ea906b3 -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 86022f2ab8 is in history

Change-Id: I3049e82171c69c2b4d23a157218b989e4d9c59c4
 2020-03-12 00:39:59 +00:00
Automerger Merge Worker
b7a3bc85b3 [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: aad9178b57 -s ours 
am skip reason: skipped by user jdanis

Change-Id: Id71ef84fa6c9f0c0112639ff21206921f8bbf660
 2020-03-12 00:39:43 +00:00
Automerger Merge Worker
669ee76d63 [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: ed9a255fc6 -s ours am: 6b4ea906b3 -s ours am: 53b77ad226 -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 aad9178b57 is in history

Change-Id: Ia94efe818f1041dbe040e955e9728ff187fdec7c
 2020-03-11 23:50:02 +00:00
Automerger Merge Worker
53b77ad226 [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: ed9a255fc6 -s ours am: 6b4ea906b3 -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 aad9178b57 is in history

Change-Id: If0eb9aa3ac043734ec4006975b59bba1adb21ed8
 2020-03-11 23:35:17 +00:00
Automerger Merge Worker
6b4ea906b3 [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: ed9a255fc6 -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 aad9178b57 is in history

Change-Id: I27da261e0838c804115fb72ba02495619c5cc824
 2020-03-11 23:22:43 +00:00
Janis Danisevskis
a6eaaf427b Merge "Add permission check on onKeyguardVisibilityChanged" into qt-qpr1-dev-plus-aosp 2020-03-11 23:06:20 +00:00
Automerger Merge Worker
f9b879cb7b [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: aad9178b57 -s ours am: 4bfcb32809 -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 21f452c372 is in history

Change-Id: I7d4ad1240bc9210cf50fca27f96668ff3f83d912
 2020-03-11 22:50:45 +00:00
Automerger Merge Worker
4bfcb32809 [automerger skipped] Add permission check on onKeyguardVisibilityChanged am: aad9178b57 -s ours 
am skip reason: Change-Id Idb8a200dc2963e1085e9fddd0c565c5172465e65 with SHA-1 21f452c372 is in history

Change-Id: I033f6086e462c4324ad64e95559a1c4bce692235
 2020-03-11 22:38:05 +00:00
Automerger Merge Worker
bef60fca96 [automerger skipped] Merge "credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval()." into rvc-dev am: ff7e85efda -s ours 
am skip reason: Change-Id If2479a10f80fba748591c30aa7b8662e1063787e with SHA-1 55975ecbcf is in history

Change-Id: Ib79f9e2b38241e19ccb631297b4e53bed060001c
 2020-03-09 22:14:51 +00:00
TreeHugger Robot
ff7e85efda Merge "credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval()." into rvc-dev 2020-03-09 22:07:45 +00:00
Automerger Merge Worker
9f4ddf49d6 [automerger skipped] Revert "Make keystore a core service" am: 44106186ae -s ours 
am skip reason: Change-Id I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18 with SHA-1 19f1caefba is in history

Change-Id: Ia9281e6b5c18f98fa153e51632634d685068d6d2
 2020-03-09 21:48:36 +00:00
Automerger Merge Worker
c597b58aaa [automerger skipped] Stop reading fs-verity certificate from keystore am: d8f95847b3 -s ours 
am skip reason: Change-Id I3bc342a7df0c47c02494ef6fdae24e7ad00a8507 with SHA-1 2bcd5376ec is in history

Change-Id: I7c768bafd66bfb27db2dc91cd711f9369e671021
 2020-03-09 21:48:35 +00:00
Automerger Merge Worker
3196336ea7 Merge "Stop reading fs-verity certificate from keystore" am: 21b6c38fa0 am: d26b301d8b 
Change-Id: Ieddef0ad1caaea59acc22f3d8b2566fffd031daf
 2020-03-09 20:32:00 +00:00
Automerger Merge Worker
dfa3fcb3ae Merge "Stop reading fs-verity certificate from keystore" am: 21b6c38fa0 am: d26b301d8b 
Change-Id: I119a34e7c9365862ee37687222e8ecfbe20df719
 2020-03-09 20:31:55 +00:00
Automerger Merge Worker
00142e2ee2 Merge "Revert "Make keystore a core service"" am: 4b6865baa0 am: 181826633e 
Change-Id: Ie3c1209012b787c7364843c8b00b13de5b61746a
 2020-03-09 20:31:42 +00:00
Automerger Merge Worker
97cb30027a Merge "Revert "Make keystore a core service"" am: 4b6865baa0 am: 181826633e 
Change-Id: Ia3defe8f38353b561d8719d5b3b40373ad1e3cd9
 2020-03-09 20:31:40 +00:00
Automerger Merge Worker
d26b301d8b Merge "Stop reading fs-verity certificate from keystore" am: 21b6c38fa0 
Change-Id: I1225c319b281b6bdc63bac44d55fbf06e3943b9f
 2020-03-09 20:15:54 +00:00
Automerger Merge Worker
181826633e Merge "Revert "Make keystore a core service"" am: 4b6865baa0 
Change-Id: Id6a961dc1bfec6083c9f749984ca1b0c213126eb
 2020-03-09 20:15:24 +00:00
Victor Hsieh
44106186ae Revert "Make keystore a core service" 
This reverts commit 7fd8e853e9.

Test: still see keystore process running
Bug: 112038744
Bug: 150267620
Change-Id: I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18
Merged-In: I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18
 2020-03-09 12:44:37 -07:00
Victor Hsieh
d8f95847b3 Stop reading fs-verity certificate from keystore 
We punting support for extra certificate to S.

Test: boot
Bug: 112038744
Change-Id: I3bc342a7df0c47c02494ef6fdae24e7ad00a8507
Merged-In: I3bc342a7df0c47c02494ef6fdae24e7ad00a8507
 2020-03-09 12:43:52 -07:00