Rename the LskfBound superencryption key and superencryption type (also
known as per-boot) to AfterFirstUnlock.
This makes it much clearer what the protection of this key is. This
includes avoiding the misleading use of "LSKF"; the secret that's
actually relevant is the user's synthetic password, which is most
commonly unlocked with the LSKF but can potentially be unlocked in other
ways. This is also helpful for the planned change to make the user's
super keys exist even while the user doesn't have an LSKF.
Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2
Test: atest CtsKeystoreTestCases
Flag: exempt, mechanical refactoring and comment changes
Change-Id: I9b16934f37222fef2bf01830f521928ef2c1853a
This CL addresses various gaps in legacy support.
* Encrypted legacy blobs.
* Encrypted key characteristics files (pre Android Q).
* Encrypted certificate and certificate chain entries
(pre Android R).
To support key migration even when the corresponding user is locked,
keys can now be migrated in the legacy database by renaming files.
In order to construct a complete a key characteristics cache from old
characteristics files the information must be augmented with the
characteristics that can be extracted from the key blob by calling
KeyMintDevice::getKeyCharacteristics. For this to work, the blob
may need to be decrypted, upgraded, and reencrypted. The crypto steps
may fail with ResponseCode::LOCKED though if the user is locked.
If the key was upgraded in the process both the old and the new key
blob must be inserted into the database in order for the garbage
collector to reap and invalidate the superseded blob correctly.
At the time APPLICATION_ID and APPLICATION_DATA are usually not
available. This would cause such bound keys to fail with
ErrorCode::INVALID_KEY_BLOB. However, APPLICATION_ID/DATA were
never exposed to applications though, so this should be acceptable
for now.
Bug: 213173772
Bug: 213172664
Bug: 203101472
Test: keystore2_test
Change-Id: Id8561d3f98d53182709d9f4feeeecda3b1535077
The noicu build rules were only used by microdroid which no longer has a
special variant of keystore2.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: Iefa4d22beb0074bc95e0ff20c7689ad8b62372f4
This patch adds detailed error messages to the service specific
exceptions. The error messages are formated anyhow::Errors, the same
that already get logged to logcat. Returning them to the client, allows
them to be included in java stack traces which will lead to easier
diagnosis of bugreports.
Test: N/A
Bug: 197890905
Change-Id: Ie6178292650327a1382b04f478ed5fa9e5fd7feb
Instead of changing keystore2 to use libsqlite_noicu, create another
variant of keystore2 (keystore2-microdroid) which uses libsqlite_noicu,
and use it only for microdroid.
Although keystore2 doesn't actually depend on the ICU extension, doing
it for Android caused a small regression (6ms) to the boot time because
keystore2 should spend time for loading the new library
libsqlite_noicu instead of sharing text pages from libsqlite.so which
were already preloaded by zygote.
With this change, keystore2 for Android goes back to use libsqlite.so.
The use of the noicu variant is limited to Microdroid.
Bug: 201344281
Test: measure SystemServerTiming_StartLockSettingsService-total
Change-Id: I6ff123415cdc3e7494a7857864e04525322bc079
keystore has used libsqlite which was built with the ICU extension [1].
The extension brings huge (> 60MB) dependency to the i18n APEX which is
too big for microdroid. Since the use of sqlite in keystore doesn't
seem to require operations like upper/lower, sorting, and regex for all
unicode strings, drop the dependency to the i18n APEX.
[1] https://www.sqlite.org/src/file?name=ext/icu/README.txt
Bug: 199674764
Test: m
Change-Id: I1e7a83283c3e79e69793a2076c97bc1bf6b9e0bf
Without this patch apps may leave the legacy keystore in an undefined
state when uninstalled and when the UID is reused the new app would find
stale entries in the legacy keystore.
There is no public API to use legacy keystore, but malicious apps could
use this to leave identifying information across installs.
Bug: 192575371
Test: legacykeystore_test
Merged-In: I06e8a4927af66092140ec84e7f5d83621cbb0b62
Change-Id: I06e8a4927af66092140ec84e7f5d83621cbb0b62
It turns out there are more clients that use Keystore in a creative
way. This patch renames the VpnProfileStore to LegacyKeystore and
extends the functionality such that it allows access to all blobs with
alias prefixes that were not known to Keystore. It also brings back the
option to specify a uid argument. Specifically, for AID_SYSTEM to
manipulate the WIFI namespace.
Test: TBD
Bug: 191373871
Merged-In: Iaf81e7ccaee3c09a465dcec0fd5899b781c31db5
Change-Id: Iaf81e7ccaee3c09a465dcec0fd5899b781c31db5
