Some issues require a system error to be raised that
indicates we should retry the process. This adds a new
error and bumps the version of the api for future use.
Test: atest keystore2_test
Bug: 238619180
Change-Id: Iff8fa83f7b223e08de9fa31434e16aa3aa2153f6
avoid issues while linking shared libraries with Rust test binaries.
This change is made to avoid vts-tradefed failure to link the shared
library while running the Rust VTS `keystore2_client_tests` test
suite. As suggested in b/314110490#24 using the libkeystore-engine
static-library to run keystore2_client_tests.
Bug: 314110490, 298668920
Test: atest keystore2_client_tests; run vts -m keystore2_client_tests
Change-Id: If956865eeb4af908f33b1ad81a2b2e26300aae0e
When a database is set once it will still maintain that
setting even if on the next connection it is not specified.
Any databases that set the wal flag will need to turn the
database back to its default when the flag is disabled or
there will be an error in the access of the database.
Bug: 314419678
Test: atest keystore2_test && atest legacykeystore_test
Change-Id: I008f2d2f6ac055704b721cdd451fc8bdfe448832
Service specific error will be part of the description if applicable.
Bug: 312671886
Test: adb shell rkp_factory_extraction_tool
Change-Id: I071cf8bd892c3731de052dafb69a7d2029bf8b03
compile_multilib set to first.
To avoid missing dependent library (libkeymaster_portable.so) error,
enforcing to compile for 64-bit on a 64-bit platform, and 32-bit on
a 32-bit platform.
Bug: 314110490
Test: run vts -m keystore2_client_tests
Change-Id: I5e8bf94ed37209f69ace2d7dd2c0ca1b680fc86d
cc_library_shared.
Since libkeystore-engine used only in keystore2_client_tests test
module, creating it as cc_test_library.
Bug: 298668920
Test: atest keystore2_client_tests
Change-Id: I656e989186610266c8a59ac11db8ac8a47d3514f
[Description]
1.Add patch to modify rkp_factory_extraction_tool, so
that it can meet TV customer's factory product line.
2.Introduce a new input parameter, serialno_prop,
to the function jsonEncodeCsrWithBuild.
3.Use the new property of serialno_prop if it is set,
otherwise defaults to "ro.serialno".
Test:
1.build pass
2.AC on/off pass
3.run "rkp_factory_extraction_tool
--output_format build+csr
--serialno_prop $(customer_prop) > csr.json" pass
4.run "rkp_factory_extraction_tool
--output_format build+csr > csr.json" pass
5.VtsHalRemotelyProvisionedComponentTargetTest pass
6.libkeymint_remote_prov_support_test pass
7.VtsAidlKeyMintTargetTest pass
Bug: 313811996
Change-Id: I261f7ae1b3b4c3e2776ec4013c77b7be355477cf
By default Android only allows processes to lock up to 65536 bytes of
memory, resulting from the command 'setrlimit memlock 65536 65536' in
system/core/rootdir/init.rc. The recent Keystore changes to create each
user's super keys at user creation time cause Keystore to sometimes lock
more memory and sometimes exceed this limit. To reproduce this issue
myself, I had to create almost 100 users. However, it apparently can
happen with fewer users too, based on CTS test failure report.
Fix this issue by setting the memlock limit for keystore2 to unlimited.
Note that the amount actually used remains fairly small, but I don't
think there's a reason to set an arbitrary limit here. A memlock limit
makes sense for unprivileged apps but not for system processes.
Bug: 296464083
Bug: 314474709
Bug: 314561033
Test: adb shell setprop debug.user.creation_override 1
for i in `seq 1 100`; do adb shell pm create-user --profileOf 0 --managed profile; done
adb logcat | grep -i keystore
# Saw ENOMEM error near the end without this CL, but not with it.
Flag: Not feasible to flag this CL, and it's a pretty safe change.
Change-Id: I3ef062d737ffb1431dca78c0d568ad6c2d713de6
Currently Keystore is notified of the device being unlocked and locked
for each user via onLockScreenEvent(lockScreenEvent, userId, password,
unlockingSids), where lockScreenEvent is UNLOCK or LOCK. This is a bit
confusing because the password parameter is only meaningful for UNLOCK,
and the unlockingSids parameter is only meaningful for LOCK. This
problem will get worse when we add a parameter that tells Keystore
whether unlocking via a weak biometric or trust agent is possible, as
that will be another parameter that is only meaningful for LOCK.
Therefore, this CL splits onLockScreenEvent into two methods
onDeviceUnlocked and onDeviceLocked, each with the appropriate
parameters. No change in behavior intended.
Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2 \
&& atest CtsKeystoreTestCases \
&& atest TrustTests \
&& atest com.android.server.locksettings
Flag: N/A, straightforward refactoring
Change-Id: Ie2afd118bddca6112a5469558569c63b68ee10fb
Legacy keystore is a old relic that was suppoed to be
disabled a while ago. It has enabled functionality that was
supposed to be removed but wasn't because it would break
changes in the VPN and WIFI code. This would begin the
process of permanently removing it.
Test: atest CtsKeystoreTestCases
Change-Id: Iedc1dca24a40eb0cf30c5280fc2842ff79cf7f17
This flag was defined as a regular flag and then was later changed to a
fixed_read_only flag. This scenario is currently "unsupported" by the
flags infrastructure; an error occurs when trying to advance the flag to
staging. Work around this by renaming the flag so that the flags
infrastructure sees it as an entirely new flag. This cl adds this flag
to the legacykeystore code as well.
Bug: 296464083
Bug: 311648623
Test: m keystore2
Change-Id: If62a5fac2404113ca0bbc0807f154401c4241bf1
This cl moves the RPC name searching logic inside the attestation
key fetch function to fix the failing tests.
Test: atest keystore2_test
Bug: 310047761
Change-Id: Ied5fbd3248cae6aec230cacfa6807b3cb2b7cf4b
This flag was defined as a regular flag and then was later changed to a
fixed_read_only flag. This scenario is currently "unsupported" by the
flags infrastructure; an error occurs when trying to advance the flag to
staging. Work around this by renaming the flag so that the flags
infrastructure sees it as an entirely new flag.
Bug: 296464083
Bug: 311648623
Test: build
Change-Id: Iafde2d63578bf65b3f5a08ab57561eadbe8f6b7a
