On certain device configurations the security level reported by the
Keymaster HAL differs from the security level understood in KeyStore.
Namely, on devices with only a software Keymaster, KeyStore will set it
in the TEE slot, and create a new in-process legacy Keymaster for the
software slot.
This change introduces a field to keymaster worker to represent the
security level that KeyStore understands this worker to operate on.
Bug: 167412989
Test: atest CtsKeystoreTestCases
Change-Id: Ifeaa4782913be45d89cdd175a02302c7dc318719
This updated the "generated" AIDL interface code to observe the changes
in the AIDL spec.
Test: None
Change-Id: I82d52df370c77208c5f94fb6fd053a122d80dcba
This file maps to about 4 minutes and 15 seconds of tests within
Keystore to be added to presubmit.
Bug: 158797959
Test: atest --test-mapping
Change-Id: I3cb6614d3f3b3fe43f326f50e2dfa915a1b81d21
The options for the rustfmt repo hook have been updated
in change 1399689 to support multiple commits. Update
the configuration for system/security.
Bug: 164111102
Test: repo upload
Change-Id: I516200c81f31a2b3891a229277ac1cd15e5738a9
This patch makes KeystoreKeyBackend Sync and uses a lazy static to cache
the back end in the permissions module.
Test: atest keystore2_test
Bug: 159466840
Change-Id: Ibc7851baede3506acbdf962e59c281fa16cfaf0e
This patch provides higher level functions to query Keystore 2.0
specific SEPolicy.
It provides abstractions for the permissions of the security classes
"keystore2" and "keystore2_key".
It also provides functions to check permission for general Keystore
requests as well as Keystore key and grant requests.
Bug: 159466840
Test: keystore2_test
Change-Id: Ie743cff76fe27f8ad96b2405f5d77b298ba35293
Provide safe wrappers around the libselinux API needed for keystore.
* getcon
* selinux_check_acces
* selabel_lookup
Test: keystore2_selinux_test
Test: keystore2_selinux_rust_bindings_host_test
Bug: 159466840
Change-Id: I73b4aa2e1da9b477965b10927eba069e6346ce6e
This patch adds #[derive(Debug, Copy, Clone, Eq, PartialEq)]
to android.security.keystore2.Result.
We only add these features by demand until the modified code is reliable
generated form AIDL.
Test: None
Change-Id: I79970df31b759845c0ecd7026925792d6786741a
This adds support for persisting the database on disk. Tests do not
do this to avoid race conditions (except for one test that ensures
that persistence works).
Bug: 159370859
Test: atest keystore2_test
Change-Id: Idaf23a271e269902f34c32509dfd923db08df067
The KeystoreDB struct contains the interface with sqlite.
This commit introduces the KeystoreDB object and a sqlite connection
but does not add any operations.
Bug: 159370859
Test: atest keystore2_test
Change-Id: Ie5ec091a01d25ecd520ac29be67117cc3c3fd83c
This is the third CL on sending keystore logging to statsd.
This creates the logs for key attestation events.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Merged-In: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790
Change-Id: I16cac8c4ee950adc330659dcb648052e8b2b41a2
This is the second CL on migrating keystore logging to statsd.
This migrates the logging for key operation events.
Three new ResponseCodes are added for the logging purpose of the
abort operations.
Test: Adding tests for logging is yet to be decided.
Change-Id: Iede72341b0f4c80199c9e16cef96a5d98bca8754
Merged-In: I68c1d89beeb733e4b6ba493b8d95935b7e73df60
This is the first CL on migrating keystore logging to use statsd.
This migrates the logging for key creation events
(generation/import).
A work-around is implemented to handle repeated fields via bitmaps
because statsd does not support repeated fields as of now.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Change-Id: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
Merged-In: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
This patch provides some convenience methods for error handling in
Keystore 2.0. Specifically, a way to convert errors into messages to the
client and logging errors.
Test: keystore2_test
Bug: 159378374
Change-Id: Ifa6b5745533863bfd76319bc991748a47453d31e
