)]}' { "log": [ { "commit": "f070b51670c13ff8fb1d594b8bde4263bc6e13c1", "tree": "5a4c30afb984f2b87e044779c9965d65b9dbe8d9", "parents": [ "f899e268578453ae36aec158f238fc62580d7572", "203bd1b113a3998939005395f9fefe0a4798b1fb" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Fri Mar 08 21:58:46 2019 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Fri Mar 08 21:58:46 2019 +0000" }, "message": "Merge \"Add Keystore get option that supresses caught exceptions warnings.\"" }, { "commit": "18e0781d3de56c3cad29d52f8a09e84b185da2bc", "tree": "b6c73a17fbcc79a413b79940440b287cbedeb8ae", "parents": [ "16f6deae44f89ed13de5d2aaa90164192d5fb5d3", "b2cc3dc2272133d089f1c07cde9bd8fcf0084808" ], "author": { "name": "Max Bires", "email": "jbires@google.com", "time": "Fri Mar 08 17:53:05 2019 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Fri Mar 08 17:53:05 2019 +0000" }, "message": "Merge \"Adding KEY_PERMANENTLY_INVALIDATED int\"" }, { "commit": "203bd1b113a3998939005395f9fefe0a4798b1fb", "tree": "a13b0fc489f225ccfa826c2e651bc5948c0765c2", "parents": [ "18cccec6245bee1073be460e37b74738e6f344e4" ], "author": { "name": "Irina Dumitrescu", "email": "irinaid@google.com", "time": "Fri Jun 08 19:36:34 2018 +0100" }, "committer": { "name": "Max Bires", "email": "jbires@google.com", "time": "Thu Mar 07 20:42:22 2019 +0000" }, "message": "Add Keystore get option that supresses caught exceptions warnings.\n\nThis is useful when the caught exceptions are not informative and they\nact as a red herring in the adb logs.\n\nBug:109791294\nTest: call this method in the VpnSettings and manually navigate to\nadding a new VPN by searching for VPN in settings and then pressing \u0027+\u0027.\n\nChange-Id: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab\nMerged-In: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab\n" }, { "commit": "ffeefd3cd3f09d2a59d97c5ea96bcf1cbe3d6583", "tree": "7965a27ad8c216120f939d4cae8502afc7a7682d", "parents": [ "c76c5529bf24d489f7f312de7d25fa0d6aa4f4e8" ], "author": { "name": "Andrei Onea", "email": "andreionea@google.com", "time": "Thu Feb 28 13:44:21 2019 +0000" }, "committer": { "name": "Andrei Onea", "email": "andreionea@google.com", "time": "Thu Feb 28 13:46:06 2019 +0000" }, "message": "Add @UnsupportedAppUsage annotations\n\nFor packages:\n android.security\n android.service.dreams\n android.service.euicc\n android.service.vr\n android.service.wallpaper\n\nThis is an automatically generated CL. See go/UnsupportedAppUsage\nfor more details.\n\nExempted-From-Owner-Approval: Mechanical changes to the codebase\nwhich have been approved by Android API council and announced on\nandroid-eng@\n\nBug: 110868826\nTest: m\nMerged-In: I1c8ae08f8d3b4b2f5bf365468f22155f8def09fe\nChange-Id: I09850a52193a28b0f884cfa01b564c29d25d41ed\n" }, { "commit": "b2cc3dc2272133d089f1c07cde9bd8fcf0084808", "tree": "82f725fcc772c663d5cb3f11b8da63e5a5a3d9b0", "parents": [ "ee1720cffa95d6ebe76814bbc1efa88c6a1fb651" ], "author": { "name": "Max Bires", "email": "jbires@google.com", "time": "Fri Nov 02 10:50:40 2018 -0700" }, "committer": { "name": "Max Bires", "email": "jbires@google.com", "time": "Mon Feb 18 21:11:48 2019 +0000" }, "message": "Adding KEY_PERMANENTLY_INVALIDATED int\n\nThis is to keep it in sync with response codes in keystore.h.\n\nThis commit also adds the KeyPermanentlyInvalidatedException to all the\nmethods that could receive this error code out of KeyStore.\n\nBug: 118883532\nTest: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java\nChange-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918\nMerged-In: I878a628824e2eeb639ec5678b1a5d3d10428a918\n" }, { "commit": "a24d0252121bdb72b77a1a2fca93adf26f6a522d", "tree": "c0c1c2561a93ba4f1e7ed85c2f3efeff161928bb", "parents": [ "2144164526d4f82adcc9cd5a0377d85bed9981aa", "20fa0e7c2ef8b9ce08a67cd0a734ad1dc9c74849" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Fri Feb 15 21:12:29 2019 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Fri Feb 15 21:12:29 2019 +0000" }, "message": "Merge \"Adding framework check for 3DES key size\"" }, { "commit": "20fa0e7c2ef8b9ce08a67cd0a734ad1dc9c74849", "tree": "089c05f6abaa1e840fef5e38fb4f99b05f6fa755", "parents": [ "a4c1416c28c115d9e9bdac2a63e00286d3508aa2" ], "author": { "name": "Max Bires", "email": "jbires@google.com", "time": "Wed Feb 13 15:08:13 2019 -0800" }, "committer": { "name": "Max Bires", "email": "jbires@google.com", "time": "Wed Feb 13 15:10:29 2019 -0800" }, "message": "Adding framework check for 3DES key size\n\nPreviously the framework would accept any key size that was a multiple\nof 8 for the KeyGenerator.\n\nBug: 117509689\nBug: 122274787\nTest: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java\nChange-Id: I60b52f6062a41ae52486bae0ae36616f4b532b37\n" }, { "commit": "bf0728bca82654ade4c723da035259d18d9022ae", "tree": "43c96b65743c2980dd2bfa8fe454e3d9a822e3f3", "parents": [ "643e60b0fed9d113a4a35847f61a98c2f0e3e6f9" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 31 11:48:40 2019 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 31 11:48:40 2019 +0000" }, "message": "Add owners for KeyChain code\n\nAdd the Android Enterprise Security team as OWNERS for KeyChain and\nKeyChain-related code.\n\nThe KeyChain code currently lives under keystore/, which means every\nchange requires Keystore owners approval, but it does not make sense for\nKeyChain as KeyChain is a Keystore client and is developed\nindependently.\n\nTest: Gerritt upload.\nBug: 33166666\nChange-Id: Idfedda9553add303439179ce10a1e75e437bbe83\n" }, { "commit": "55418eada51d4f5e6532ae9517af66c50ea495c4", "tree": "b93b0483b4ba377e1b4b79d344932fdf78d17de5", "parents": [ "cfc6518c48d1648bb33a0f6633132a726a9bc7f9" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Dec 20 15:30:45 2018 +0000" }, "committer": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Fri Dec 28 14:26:35 2018 +0000" }, "message": "Limit access to suspected false positives.\n\nMembers modified herein are suspected to be false positives: i.e. things\nthat were added to the greylist in P, but subsequent data analysis\nsuggests that they are not, in fact, used after all.\n\nAdd a maxTargetSdk\u003dP to these APIs. This is lower-risk that simply\nremoving these things from the greylist, as none of out data sources are\nperfect nor complete.\n\nFor APIs that are not supported yet by annotations, move them to\nhiddenapi-greylist-max-p.txt instead which has the same effect.\n\nExempted-From-Owner-Approval: Automatic changes to the codebase\naffecting only @UnsupportedAppUsage annotations, themselves added\nwithout requiring owners approval earlier.\n\nBug: 115609023\nTest: m\nChange-Id: Ia937d8c41512e7f1b6e7f67b9104c1878b5cc3a0\nMerged-In: I020a9c09672ebcae64c5357abc4993e07e744687\n" }, { "commit": "ffee7d8ce07e3b5822dbe6a9ae00e94063f8fa63", "tree": "3d58863608e1de2136df98abbb2e770e4463bc97", "parents": [ "7d615aae59f9e7001d279f4921dfb3b8d043aa3e", "d255a2136f3d3a0b618d2c6d0781245b0d88ba9b" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Thu Dec 27 01:58:05 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Dec 27 01:58:05 2018 +0000" }, "message": "Merge \"Adding check for HMAC/EC key size for StrongBox\"" }, { "commit": "7eae0132c14861a88233ad3b00e9b2ebb6b22051", "tree": "7ddb757919af4245afdec6cf774f3c6d7ae15f86", "parents": [ "321b208f0f741dc20391ff30ff3f53cecf852ef8", "ebe2674dbc34c03707e6abec69b8f64a0c5fc4da" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Thu Dec 20 23:33:25 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Dec 20 23:33:25 2018 +0000" }, "message": "Merge \"Changed uid output parameter from an int array to a list of strings.\"" }, { "commit": "d255a2136f3d3a0b618d2c6d0781245b0d88ba9b", "tree": "fc6dbb2b818f4e8f0adfad535b993bbe3ffcb07f", "parents": [ "ee1720cffa95d6ebe76814bbc1efa88c6a1fb651" ], "author": { "name": "Max Bires", "email": "jbires@google.com", "time": "Tue Dec 18 17:26:56 2018 -0800" }, "committer": { "name": "Max Bires", "email": "jbires@google.com", "time": "Wed Dec 19 14:35:55 2018 -0800" }, "message": "Adding check for HMAC/EC key size for StrongBox\n\nengineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call\ninto the backing Keymaster implementation until generate is called on it\nto actually create the key. If a disallowed spec for StrongBox is passed\nin, the backing StrongBox implementation won\u0027t be able to revoke it\nuntil engineGenerateKey() is called, which will create different\nbehaviors between TEE backed implementations (which support a wider\nrange of algorithm spec parameters) and StrongBox implementations from a\npublic API perspective. This change will make sure HMAC is the same for\nStrongBox.\n\nThis is also being done for EC keys in\nAndroidKeyStoreKeyPairGeneratorSpi.java\n\nBug: 113525261\nBug: 114487149\nTest: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java\nTest: atest\ncts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java\nChange-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186\n" }, { "commit": "ebe2674dbc34c03707e6abec69b8f64a0c5fc4da", "tree": "e9266ab0641a79c52f2659b70b32a99e6e723154", "parents": [ "0a2a1e0e2d2b9df36ab0f2b65fd536fefe854466" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Tue Nov 13 15:57:22 2018 -0700" }, "committer": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Wed Dec 12 11:05:20 2018 -0700" }, "message": "Changed uid output parameter from an int array to a list of strings.\n\nWhy?: 1) Returning an array list is unsafe because it must be allocated in Java and C++ must not change the size. 2) List\u003cInteger\u003e is not supported by AIDL, but List\u003cString\u003e is. I decided it was simpler to pass back integers encoded as strings than to create yet another parcelable.\n\nBug: b/119616956\nTest: ./list_auth_bound_keys_test.sh\nTest: Temporarily modified settings app to call listUidsOfAuthBoundKeys\nChange-Id: I3bf7578c96e800c8d35fba897f52220136dcd657\n" }, { "commit": "15b123ef458ed927782b080921e987c995fc56dd", "tree": "008426beb4c3b8d4ecb62112efa17be09fe6d427", "parents": [ "58ee538e62b15dd07274beecf5f925543c5332b1", "7409b8620ff39ff0788ef1543297f0cb1d49a0e0" ], "author": { "name": "Xin Li", "email": "delphij@google.com", "time": "Tue Dec 11 14:13:44 2018 -0800" }, "committer": { "name": "Xin Li", "email": "delphij@google.com", "time": "Tue Dec 11 14:13:44 2018 -0800" }, "message": "DO NOT MERGE - Merge pie-platform-release (PPRL.181205.001) into master\n\nBug: 120502534\nChange-Id: Idc8bfb6d97a869b76cfb87ca1a494201baf9e8bd\n" }, { "commit": "6fc3189e37b3b57bc7cd42c7920c1efdd9860c9b", "tree": "64ccbbb4953e7df043c1ad6e5451764475c3331d", "parents": [ "db375f0a5a520d1dd51e4638d81e26b0ac64d8e7", "27432dba6b3529b75c025c58b43c22eef43a4b15" ], "author": { "name": "Adrian Roos", "email": "roosa@google.com", "time": "Fri Nov 30 16:25:06 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Fri Nov 30 16:25:06 2018 +0000" }, "message": "Merge \"API: Make implicit APIs from type usage explicit\"" }, { "commit": "27432dba6b3529b75c025c58b43c22eef43a4b15", "tree": "a90d69a775b592de0705f3c21e3a96ced7aa9296", "parents": [ "a2ccaf6e6802c2d2e099766176baf887a99f6467" ], "author": { "name": "Adrian Roos", "email": "roosa@google.com", "time": "Wed Nov 14 10:17:57 2018 -0800" }, "committer": { "name": "Adrian Roos", "email": "roosa@google.com", "time": "Thu Nov 22 15:22:09 2018 +0000" }, "message": "API: Make implicit APIs from type usage explicit\n\nAPI stubs generation implicitly made any types used by an API also part\nof that API. This has caused DeviceIdAttestationException and\nImsFeature.Capabilities to become implicit APIs, so they are added to\nthe API files.\n\nAfter this, using non-API types in APIs will become an error to prevent\nimplicit APIs occuring in the future.\n\nBug: 119556446\nTest: METALAVA_PREPEND_ARGS\u003d\"--error ReferencesHidden\" make\nExempt-From-Owner-Approval: Identical CL has been approved on other branch\nChange-Id: I5fe4f20502b8d4e287b28e9f07139456d4191e22\nMerged-In: I5fe4f20502b8d4e287b28e9f07139456d4191e22\n(cherry picked from commit 8f91e5fde8272e2040c60222d6a5ba0314fa44ac)\n" }, { "commit": "906147cdb3663b1aa5f6ebdc4a8ce2ce509ffa27", "tree": "dc12b2c48b0250736ea7568fe5f8d703cb7e0b8d", "parents": [ "4492ec573ae421affd3adebb1d583fcf33508bb4" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Tue Nov 06 14:14:05 2018 -0800" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Nov 21 18:42:17 2018 +0000" }, "message": "Fix deleting legacy key blobs\n\nSince the keystore alias prefix USERSKEY was deprecated\nCredentials.deleteUserKeyTypeForAlias tried to delete key the\nremaining prefix first and if that failed tried to delete the\nlegacy prefix.\nHowever, KeyStore.delete returns true if the key was deleted or\ndid not exist. So the first call to delete would return true\nwhether the key existed or not and the legacy alias would never be\ndeleted.\n\nThis patch introduces a new flavor of KeyStore.delete, that returns an\nerror code instead of a boolean. The caller can now distinguish\nthe nature of the failure. Credentials.deleteUserKeyTypeForAlias now\nchecks this return code and attempts to delete the legacy variant if\nKEY_NOT_FOUND was returned.\n\nBug: 117818447\nChange-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4\n" }, { "commit": "2b106adaf527be89a5b28f05c98907dc71c9e25a", "tree": "7c1efea865a1c1058462d7620467e125f125d9c1", "parents": [ "082bf0ccca33c986008071116c5fd07ec38b850b" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 15 09:27:16 2018 -0800" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 15 14:58:03 2018 -0800" }, "message": "Fix IllegalArgumentException in KeyChain\n\nThe legacy support importKey method uses the wrong method to add date\nfields to the import keymaster arguments.\n\nBug: 119549023\nChange-Id: Iff841086f6616303b365ad28aae429ccae1f3406\n" }, { "commit": "73e964019414fc2dad66d8c980d29dc3929fe18c", "tree": "5d0992f4372cf81dab5e0e0a0f6586b51285b522", "parents": [ "8715c1545e1f41653236d864bbcdbde1d68e92c3", "f1a678e0fedb23c53eb1890bd5a8bd8fc5438846" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Thu Nov 15 17:32:31 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Nov 15 17:32:31 2018 +0000" }, "message": "Merge \"Added listUidsForAuthBoundKeys to KeyStore\"" }, { "commit": "f1a678e0fedb23c53eb1890bd5a8bd8fc5438846", "tree": "6bd169841cc851673246f54439004f1736883275", "parents": [ "4a7a3934b606e5484524e190f67fe09e938613a2" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Tue Nov 13 15:57:22 2018 -0700" }, "committer": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Wed Nov 14 13:14:35 2018 -0700" }, "message": "Added listUidsForAuthBoundKeys to KeyStore\n\nlistUidsForAuthBoundKeys was added to IKeyStoreService.\nThis CL exposes this method in KeyStore for system apps.\nThis method will be hidden for non system apps.\n\nBug: b/112321280\nTest: listUidsForAuthBoundKeys in IKeyStoreService has its own tests\nTest: This method cannot be tested directly from CTS\nChange-Id: Iac9e863079a1367ddb3a599bc3825baea96a1c31\n" }, { "commit": "b0358e72be50107871fac26325103972e65cbe73", "tree": "b42da38eff7715139df8459d4f63cd1b72fb4b98", "parents": [ "a2b2183a2411cdb860c8ef628fcf52952e7a9704" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Nov 02 10:34:07 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Nov 14 09:59:16 2018 -0800" }, "message": "Multi-threaded keystore\n\nThis patch makes the framework use the asynchronous keystore api model.\n\nBug: 111443219\nTest: Ran full keystore cts test suite\nChange-Id: I8d1fdc70cb9eb501d3f22a97d1221904c2ef8f9a\n" }, { "commit": "d257538507d65dae23e39e8cf94bda255d1e1c65", "tree": "8f0441916aa276eba8196f5ba4fdab2ef561de6f", "parents": [ "1864c95616d515782d489f70a2009f87bbe528e6" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Mon Oct 08 07:56:58 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 08 12:53:57 2018 -0800" }, "message": "Add return code KEY_ALREADY exists\n\nIn preparation to the async keystore interface we change the semantics\nform unconditionally overwriting existing keys to reporting that the key\nexists. For compatibility we reimplement the same semantic in the\ncalling code.\n\nBug: 111443219\nTest: KeyStore CTS test\nChange-Id: I1fa5428fa7ada97d5068778cd4590593c992554d\n" }, { "commit": "1864c95616d515782d489f70a2009f87bbe528e6", "tree": "3c1fd994e73544366760289cb608bd86b92eae59", "parents": [ "93bf21dad4279db75c321c141b07c6409d6bcade" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Aug 09 11:14:49 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 08 12:53:57 2018 -0800" }, "message": "Remove legacy functions form IKeystoreService.aidl\n\nIn preparation for making the keystore service asynchronous we remove\nredundant legacy functionality from the protocol.\n\nThis patch removes the functions get_pubkey, sign, verify, generate,\nand import_key. Which have long been superseded by exportKey\n(get_pubkey), begin/update/finish (sign, verify), generateKey\n(generate), and importKey (import_key).\n\nThis patch also removes isOperationAuthorized.\n\nTest: KeyStore CTS tests\nBug: 111443219\nChange-Id: Ib3bd6f40b4e948e5ad6b2ef5278b18ff46201d71\n" }, { "commit": "dbb8dc5a712c50b81dd5ba1403d0707914be9c82", "tree": "4137ae90799026638e9f2c3d3b7545371e770027", "parents": [ "c619060612f7bcac51765df26258c214b7188911" ], "author": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Thu Aug 16 12:46:12 2018 +0100" }, "committer": { "name": "android-build-team Robot", "email": "android-build-team-robot@google.com", "time": "Fri Aug 24 22:00:28 2018 +0000" }, "message": "Added check for misprovisioned Pixel 2 device.\n\nSome Pixel devices had a wrong brand value provisioned into keymaster.\nDue to this misprovisioning those devices fail device ID attestation because it includes a check for the correct brand value.\nThis is now solved by re-trying Device ID attestation if we are running on a potentially misprovisioned device, allowing for the known incorrect brand value.\n\nBug: 69471841\nTest: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement\nChange-Id: If715ebdd4ab6d7fcfffab60b40fd2dc8fa1fda44\nMerged-In: Ia0da5478d6092c1927d26600a6893ae8ce53da51\n(cherry picked from commit 3f821a8e17f97a6f0b3ae408b2e7f2bfde666df4)\n" }, { "commit": "e2a6ad99ae03deb36271f76dd506e42b5af780bf", "tree": "4b188212428c5dc261851fe48db305eab88dea59", "parents": [ "7aa98ce2b05cda26b0843531ca77991a7ba0ae88", "d9381f5e56f5d9b7ce10c72c50795dcb1c38a8a2" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Fri Aug 17 02:13:11 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Aug 17 02:13:11 2018 -0700" }, "message": "Merge \"Add @UnsupportedAppUsage annotations\"\nam: d9381f5e56\n\nChange-Id: I3940d669bb1f4fedc8a7fbbcdb8de2ef954674a8\n" }, { "commit": "4dbdcf43ad0dfa91371ac06517317e0ea0b45b56", "tree": "bf224c82a42e0228aae034faba6fae5f947394a7", "parents": [ "43f3f60ec01a1d658cbff9386a7fbf8a839894b9" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Aug 16 18:49:37 2018 +0100" }, "committer": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Aug 16 18:49:37 2018 +0100" }, "message": "Add @UnsupportedAppUsage annotations\n\nFor packages:\n android.security.net.config\n android.security.keystore\n android.security.keymaster\n android.security\n\nThis is an automatically generated CL. See go/UnsupportedAppUsage\nfor more details.\n\nExempted-From-Owner-Approval: Mechanical changes to the codebase\nwhich have been approved by Android API council and announced on\nandroid-eng@\n\nBug: 110868826\nTest: m\nChange-Id: Ifed4da56531195f64fd53d84f14b4e8298843b2c\nMerged-In: I7762dd647bede8abc9be2c538af3a3a99a25a73e\n" }, { "commit": "0e43e2ef9675cdcc7126869725ac17148a4bd30b", "tree": "71c5d319c6c42af90c11f032781fb339f30a71fb", "parents": [ "2e2dcda172a4523be095c21b07be78b6b211143c", "6064a17fa40fc73888a445958c660d942c557d8e" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Wed Aug 15 18:53:16 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Aug 15 18:53:16 2018 +0000" }, "message": "Merge \"Fix symmetric key generation in strongbox\" into pi-dev" }, { "commit": "842e88250752f6492e02930f1a106a88e89fd165", "tree": "f9eab363b0c65502ead9e2293e35d08516025cb6", "parents": [ "9f0aff0d989d25ee8248296bc3f413b97bf57e0b", "02763a1c3ee13389598bfd00f895845b32cb3a93" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 16:35:28 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 01 16:35:28 2018 -0700" }, "message": "Merge \"Code reformatting for upcoming annotations.\" am: 60c8cfdd0f\nam: 02763a1c3e\n\nChange-Id: Icdbef4bd0e71876a3ddb296ca38a243209f2eaf9\n" }, { "commit": "02763a1c3ee13389598bfd00f895845b32cb3a93", "tree": "caa7dd0704a799664e9b09f53e1bd43e3a3ffde6", "parents": [ "582d18c02b706199324b38b449860e281249df4e", "60c8cfdd0ff09070ac8d121416a8df90e6c037d7" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 16:01:52 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 01 16:01:52 2018 -0700" }, "message": "Merge \"Code reformatting for upcoming annotations.\"\nam: 60c8cfdd0f\n\nChange-Id: I4fcf520f53dddd6e70edf0d59fd13ae218c336a5\n" }, { "commit": "efb481646ef5c786f4a92118ba4248a0ef3c515e", "tree": "e35381b97f7bfa1057d50410036578ef6c2cbf35", "parents": [ "b6b8516ba0f44f2d234b825cc4d568c304e9f719" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 10:24:49 2018 +0100" }, "committer": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 10:24:49 2018 +0100" }, "message": "Code reformatting for upcoming annotations.\n\n@UnsupportedAppUsage annotations are added automatically, but this does\nnot work when there are multiple definitions on the same line.\n\nTest: m\nBug: 110868826\nChange-Id: I2c26c136cdfa557e45cf1ee0b39dab9c17abde56\n" }, { "commit": "6064a17fa40fc73888a445958c660d942c557d8e", "tree": "f57504f32d0fa4daed51d15cb5d755e392ad4fd0", "parents": [ "999d9e1bf026e92699b1c20da1286498d2424f2d" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Tue Jun 05 18:47:23 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Tue Jul 31 18:19:03 2018 +0000" }, "message": "Fix symmetric key generation in strongbox\n\nThe strongbox flag was not passed to keystore by\nAndroidKeyStoreKeyGeneratorSpi. As a result keys, that were supposed to\nbe generated in strongbox would silently be generated in TEE.\n\nTest: There is no reliable way to test this other than instrumenting or\n debugging the strongbox implementation. This was done by the\n author of this patch.\nBug: 109769728\nChange-Id: I8a08838440030fab7b774762c3d6af0d3b6a4ad8\nMerged-In: I8a08838440030fab7b774762c3d6af0d3b6a4ad8\n" }, { "commit": "5a5c6e0e44fbccbf5608c1955debf1650890f5a6", "tree": "70d9eebea919172b9898bcdf0fe4e594d28d36ed", "parents": [ "143c65d520b197a271d6de282fc7759d8009ce44" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jun 28 11:20:44 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jun 28 17:20:01 2018 +0100" }, "message": "Correctly preserve key generation parameters\n\nDue to an oversight, some of the key generation parameters that are set\nin KeyGenParameterSpec were not preserved when parceling the object\n(they should have been added to ParcelableKeyGenParameterSpec but were\nnot).\n\nThis means these parameters will be ignored when generating keys using\nthe DevicePolicyManager.generateKeyPair method, leading to an\ninconsistent key generation behaviour between the DevicePolicyManager\nand KeyStore.\n\nIn particular, this would prevent callers from using StrongBox when\ngenerating keys for use in the KeyChain.\n\nFix the issue by simply persisting these parameters in\nParcelableKeyGenParameterSpec and making sure that the Builder copies\nthem too from the source KeyGenParameterSpec.\n\nLeft to do is put in place an automated measure to find out\ndiscrepancies between the two classes.\n\nBug: 110915980\nBug: 110882855\nBug: 109953656\nTest: atest KeystoreTests\nChange-Id: Ic64bd2921b6dfc97ea34ecba55f532312963ffcb\n" }, { "commit": "fe6d4769a86b1ab4cf9b5b20ea08f4e3ccd00ec6", "tree": "218fbe063b4984d9cdac0cb9c15ed1904f685d5f", "parents": [ "0eb2be3a679b146e068cf99e2dbf45b4181c0bfa" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Sat Jun 23 15:38:02 2018 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Jun 26 12:35:03 2018 +0000" }, "message": "Correct the keystore alias used for secure imports\n\nAn Android-O timeframe refactor removed all use of keystore \"skey\"\naliases. Creating one not only partially reverses that refactor, but\nit also results in a key alias which cannot be deleted in some cases,\ncausing AndroidKeyStoreTest failures during the second run of CTS.\n\nBug: 80228327\nTest: CTS tests ImportWrappedKeyTest and AndroidKeyStoreTest, in that order\nChange-Id: I348ba421f29cdf6c65fc98be3a25d19938d559c1\n" }, { "commit": "0bc50f944204c33ef0839134bcdd76a9e4badbe9", "tree": "96aa407396768bdbf86aa1b6e1255066de6449b9", "parents": [ "f225af4f6c7143fcfac837d87c9991ea91e55a5a" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Fri Jun 01 16:03:39 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Jun 04 17:12:41 2018 +0100" }, "message": "Improve KeyChain documentation\n\nImprove the choosePrivateKeyAlias documentation by:\n(1) removing reference to host+port when a URI is being passed in.\n(2) Clearing up the language about what a DPC can do.\n\nTest: N/A\nBug: 81522642\nChange-Id: I12fbf675536ea5d843dd2eec4f0379daad764bb6\n" }, { "commit": "4b9fee53319e4f679af51681c8a90777f302bdfc", "tree": "841407fd51d07227a40d0ed262fa8a8d5c41990f", "parents": [ "9e04425f9e4ba5e24ca9b2b53bf535baa80bc66d" ], "author": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Thu Apr 12 03:09:44 2018 -0700" }, "committer": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Fri May 18 18:25:33 2018 +0000" }, "message": "Make ImportWrappedKey work with real hardware:\n Get unwrapping params from WrappedKeyEntry\n\nAdd @hide API for StrongBox-backed imported keys (as opposed to wrapped or generated)\nEnable 3DES conditionally based on a system property.\n\nBug: b/79986479\nBug: b/79986680\nTest: CTS\nChange-Id: If6beedc203337027576ecd3555d11ed2874f9768\n" }, { "commit": "cd0eb716c52b20fbc051d1da79a8fe1b91c1f4c3", "tree": "7b6b3b9a071026b5cbac8f1c03f21e7ac96b5b1c", "parents": [ "8785209fd7e7172cb096350b4007d5d9f8ef3208" ], "author": { "name": "Mike Harris", "email": "mwharris@google.com", "time": "Thu Apr 26 15:20:10 2018 -0700" }, "committer": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Mon Apr 30 09:27:31 2018 +0000" }, "message": "Use the @Nullable annotations for choosePrivateKeyAlias.\n\nBoth the code and docstring support this, but the parameters weren\u0027t\nannotated.\n\nTest: it builds locally\n\nChange-Id: I16beddcd74a86047ce9aaf37007d96f3e8e0d4e0\nMerged-In: I16beddcd74a86047ce9aaf37007d96f3e8e0d4e0\nFix: 78868934\n(cherry picked from commit b7c5eddc53c3872b661222ae30270d95cfe63b4e)\n" }, { "commit": "ec6268c5146ab3257172552234bc0fe6534940a4", "tree": "b3c04a5fadb572b7020849883d25d4b070639a3a", "parents": [ "637422b2bf7ca08dde6fdfce1fba7daa4965ff2c", "52dcedca37a08bcd01f8d060e269d4eb3745831f" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Fri Apr 13 10:07:36 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Apr 13 10:07:36 2018 +0000" }, "message": "Merge \"AttestationUtils: Request MEID explicitly\" into pi-dev" }, { "commit": "52dcedca37a08bcd01f8d060e269d4eb3745831f", "tree": "24e18558d2e884c6402fb618517bf9bbbad4f47f", "parents": [ "0b5dd8e56040e2cd3dc95abfebe7fdb71cc7f0bc" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Apr 12 14:06:59 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Apr 12 17:20:35 2018 +0100" }, "message": "AttestationUtils: Request MEID explicitly\n\nRather than rely on getDeviceId to provide the MEID, explicitly use\ngetMeid to get it.\n\nFor MEID attestation to work, the right identifier needs to be passed in\nfor attestation by Keymaster.\nAttestationUtils currently gets this identifier by calling getDeviceId.\nThis would only yield the MEID if the device does not have an IMEI\nprovisioned, which means it\u0027ll get the IMEI for devices that have both\n(like Pixel 2).\n\nAccording to bartfab@ that is the correct way (see b/77584730#13).\n\nBug: 77584730\nBug: 73284024\nTest: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java\nChange-Id: I98f6c2e2a9835bf2fd681cfb4ff74fc3984c3a8e\n" }, { "commit": "9b5853d304702f1c76025ed80483276ce377f98f", "tree": "aeea93761e0e9390470edfc130587de16e8be62f", "parents": [ "10fb6582eb9c0e84938af9a2be0017e35eb59c5e" ], "author": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Tue Apr 10 10:33:42 2018 -0700" }, "committer": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Wed Apr 11 19:23:30 2018 +0000" }, "message": "keystore: Add documentation for user presence required.\n\nTest: make -j50 docs\nBug: 77600728\nChange-Id: I6334bc0fc7a7d4faced6b03522c350ce74303443\nSigned-off-by: Allen Webb \u003callenwebb@google.com\u003e\n" }, { "commit": "13e230f5d6a757f1a7ecd53d6254ac3e2826163d", "tree": "a845c7dfaa5c4aebf14a08aed628781433497185", "parents": [ "1c5ee613be6ac28877468d89272ad76bf03440c9" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Apr 10 17:21:39 2018 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Apr 10 18:15:22 2018 -0600" }, "message": "Mark CTS-tested APIs as @TestApi\n\nBug: 77596526\nTest: Keystore CTS\nChange-Id: Ic4280db3d9ff093138f0a361ac6a52ca69187cca\n" }, { "commit": "1c5ee613be6ac28877468d89272ad76bf03440c9", "tree": "257878e6ec396df4e95bd7b1770b39ec9fc3d579", "parents": [ "26f00b9d87dd49bbb69c3cfc87fe1a243c2d4c78" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Tue Apr 10 08:43:53 2018 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Apr 10 17:05:39 2018 -0600" }, "message": "Allow CTS tests to access more from KeyProtection\n\nAdd @TestApi to allow CTS tests to use that call.\nEncryption and decryption are reversed in some documentation.\n\nTest: CtsKeystoreTestCases\nBug: 77596526\nChange-Id: Ifaf8b3fa0e231eef256451a2514219fff1b16699\n" }, { "commit": "aa5c335a60f8316e2935bf2281c4f985b607d586", "tree": "65f0c67c0d763f533f7c6a1e3f4ce57d39249c19", "parents": [ "93a10eb1d2535f2ab9c3edfa10bb31e439a825e9", "be10891cab6ef8942cdeb6fd36920804199161a5" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Thu Apr 05 00:58:18 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Apr 05 00:58:18 2018 +0000" }, "message": "Merge \"keystore: Change superclass of UserPresenceUnavailableException.\" into pi-dev" }, { "commit": "084f9aee9a54a86680feed7cafd56a06ba6f24f8", "tree": "9f094fc4b33c4e2132786a15025725915ab45ce0", "parents": [ "6d24a1c8bef4c70ac1e646ffb21299ad7fe4a22b", "6f8fa9ac83e8690728400ca78e7b969d01fceb62" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Apr 02 21:40:34 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Apr 02 21:40:34 2018 +0000" }, "message": "Merge \"\"Unlocked device required\" javadoc clarification\" into pi-dev" }, { "commit": "840c29eb0be73a875c883863cf1421ca789f7041", "tree": "0746509d6debe27d2d3704105e47d58599dc8fbb", "parents": [ "540f74786135b5c99170a518ef246ecfd0588739", "3c1830bd7f85f35fe216b8bc5bc7f515b8f6d777" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Apr 02 20:36:34 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Apr 02 20:36:34 2018 +0000" }, "message": "Merge \"Rename trustedUserPresenceRequired.\" into pi-dev" }, { "commit": "6f8fa9ac83e8690728400ca78e7b969d01fceb62", "tree": "c3a6cc2ff0b058f42e78bcba518b54e880b83c12", "parents": [ "50228a647183c9315312f8f36ba849f8b1e6d3d0" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Mon Apr 02 12:40:58 2018 -0700" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Mon Apr 02 12:40:58 2018 -0700" }, "message": "\"Unlocked device required\" javadoc clarification\n\nWording changes on the public API functions for these keys.\n\nTest: CTS\nBug: 67752510\nChange-Id: Iaf620e8c0e06d436d09f50d308268653bec196ce\n" }, { "commit": "3c1830bd7f85f35fe216b8bc5bc7f515b8f6d777", "tree": "ec912d970d6eabc3731e190e15c5fccfc321d869", "parents": [ "78e805684b427d3ba903a3ee5d12d3ea47be68b9" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Mar 27 16:10:37 2018 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Mon Apr 02 13:03:14 2018 -0600" }, "message": "Rename trustedUserPresenceRequired.\n\nThe existing name is misleading, because it can be read as requiring\nthat a trusted user be present, rather than the intended meaning of\nrequiring trusted proof of user presence. Since this is all about\nTEE/SE-based keys, the \"trusted\" part is implied, so the simple\n\"userPresenceRequired\" name makes more sense.\n\nBug: 77151288\nTest: Keystore CTS tests\nChange-Id: If8b533b9f34a1875eaf35cdd1bb8f3709da9761b\n" }, { "commit": "50228a647183c9315312f8f36ba849f8b1e6d3d0", "tree": "a8d176ad21064b96cf4ba6f00abc38faded35b05", "parents": [ "ea31cbea935a20d9d290453c2ba2f8b8670e45ca", "b631503200c8de47bbd83a71f17c798f5c2f1582" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Apr 02 18:45:35 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Apr 02 18:45:35 2018 +0000" }, "message": "Merge \"Revise secure key import API after review\" into pi-dev" }, { "commit": "f5f6bb2d888ada9b4bb3a92b106f4b1416968ea7", "tree": "85a711efe72b59f1b429702d0a63451cd4774476", "parents": [ "77fcc0da3b95b5a191fa65751aa86bc696260df7" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Fri Mar 30 14:03:15 2018 -0700" }, "committer": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Mar 30 21:37:48 2018 +0000" }, "message": "Remove getCurrentUser call to find an alternative\n\nThe call the framework uses to get the current user ID requires the\nINTERACT_ACROSS_USERS permission, which not a lot of apps will have.\nFind a better way to do that.\n\nBug: 76430246\n\nTest: CtsKeystoreTestCases\nChange-Id: I8a0637d351fff9cfbf40e02946325f90466b68c5\n" }, { "commit": "1e0a9b0b1b706e4ef31522cdbc7d3d5232e6c382", "tree": "f52a975589283f52c50799e4ea3d61edfe8c6245", "parents": [ "4ced90cb12c915db0cac0bbea25a1b8a43d93164", "9e8749058039b92fbed6ecf5a78eb9bf0c45c0e8" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Fri Mar 30 18:54:39 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Mar 30 18:54:39 2018 +0000" }, "message": "Merge \"Enable \"Unlocked device required\" API\" into pi-dev" }, { "commit": "b631503200c8de47bbd83a71f17c798f5c2f1582", "tree": "1999d958dd37941c66ed99972244e64afb1142bc", "parents": [ "3d8fa52f59dcfae93e8ecc7a669fd3757e87c63f" ], "author": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Thu Mar 15 17:33:16 2018 -0700" }, "committer": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Fri Mar 30 10:25:22 2018 -0700" }, "message": "Revise secure key import API after review\n\n• WrappedKeyEntry: add doc (based on IKeymasterDevice.hal comments)\n• StrongBoxUnavailableException: add public ctors, match superclass\n• SecureKeyImportUnavailableException: new first class exception\n• ORIGIN_SECURELY_IMPORTED: elaborated on properties\n\nTest: make doc \u0026 review output\nBug: b/74218267\nChange-Id: Ice9adc60ede618870e57bb58ca66fd0218cd2bf7\n" }, { "commit": "be10891cab6ef8942cdeb6fd36920804199161a5", "tree": "edcf91ceffed8bffc6ee06886d5f85872d2682b7", "parents": [ "912853be102cc854f77d25f0946f4e6435b100b9" ], "author": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Thu Mar 29 09:50:45 2018 -0700" }, "committer": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Fri Mar 30 10:02:46 2018 -0700" }, "message": "keystore: Change superclass of UserPresenceUnavailableException.\n\nAlso add additional comments to isTrustedUserPresenceRequired().\n\nTest: m -j KeystoreTests \u0026\u0026 adb install -r\nout/target/product/${TARGET_PRODUCT}/data/app/KeystoreTests/KeystoreTests.apk\n adb shell am instrument\n\nBug: 73392697\nBug: 76462141\nChange-Id: Iabcc331adda53e2a5cad5ead6002dfbc29188da2\nSigned-off-by: Allen Webb \u003callenwebb@google.com\u003e\n" }, { "commit": "0186b42f2ae7e2c7b3e88043c2d1cb255f09514e", "tree": "500b6e1233f875e8f93f98759f3130234d637832", "parents": [ "69196f6fadf2445c2b9c06c17162d0cd3dfaeb5a", "9272dab49efa9c70ab92879c3e79a76fc8364d34" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Mar 30 14:21:19 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Mar 30 14:21:19 2018 +0000" }, "message": "Merge changes from topics \"niap-asym-write-pi-dev\", \"niap-asym-write-api-pi-dev\" into pi-dev\n\n* changes:\n Restore \"Add \"Unlocked device required\" parameter to keys\"\n Add \"Unlocked device required\" key API\n" }, { "commit": "9e8749058039b92fbed6ecf5a78eb9bf0c45c0e8", "tree": "3359c0d9694c908007e45d67ca5648df657d973e", "parents": [ "9272dab49efa9c70ab92879c3e79a76fc8364d34" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Mon Mar 26 11:40:13 2018 -0700" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Mar 29 10:25:33 2018 -0700" }, "message": "Enable \"Unlocked device required\" API\n\nRemove the @hide annotations so the SDP asymmetric-write functionality\nis included in the public API.\n\nTest: CtsKeystoreTestCases\n\nBug: 63928827\nChange-Id: I8f462b0ebe4d9a7b96b48fa1672dd2ab9140c505\n" }, { "commit": "9272dab49efa9c70ab92879c3e79a76fc8364d34", "tree": "9155709e2901fd9e5fe2a9ff2608765d87ce9b02", "parents": [ "36716eb4709503f2ef370c6f67273440cd91d18c" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Feb 23 18:04:20 2018 +0000" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Mar 29 10:24:18 2018 -0700" }, "message": "Restore \"Add \"Unlocked device required\" parameter to keys\"\n\nAdd a keymaster parameter for keys that should be inaccessible when\nthe device screen is locked. \"Locked\" here is a state where the device\ncan be used or accessed without any further trust factor such as a\nPIN, password, fingerprint, or trusted face or voice.\n\nThis parameter is added to the Java keystore interface for key\ncreation and import, as well as enums specified by and for the native\nkeystore process.\n\nThis reverts commit da82e2cb7193032867f86b996467bcd117545616.\n\nTest: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed\n\nBug: 67752510\n\nMerged-In: Ia162f1db81d050f64995d0360f714e79033ea8a5\nChange-Id: Ia162f1db81d050f64995d0360f714e79033ea8a5\n(cherry picked from d7c961ee914192e09ec10727da6d31a6b597bf51)\n" }, { "commit": "6169239b942fc2f6e8721b219f84b506c106fbe1", "tree": "9826db736692e5d9d870117d4b4be68e770c6fce", "parents": [ "3a5dabbb10861a5cea627936c56693550345b9a8" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Mar 26 16:43:14 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Mar 29 10:58:20 2018 +0100" }, "message": "Utilize verbose KeyChain errors\n\nAs KeyChain reports detailed error codes about failure to generate keys\nor attestation records for them, log these detailed errors and throw an\nexception if the hardware does not support Device ID attestation.\n\nBug: 72642093\nBug: 73448533\nTest: cts-tradefed run commandAndExit cts-dev -s 127.0.0.1:50487 -a x86_64 -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG\nChange-Id: Ib12efcf48c158373e1fc28cc51d67e70282d029e\n" }, { "commit": "36716eb4709503f2ef370c6f67273440cd91d18c", "tree": "26dd3eedac52c5fdcb27fda06bb8180eeacf4232", "parents": [ "ff23ffa8ff352b9c7178d19779783d7c231fabda" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Feb 23 18:04:20 2018 +0000" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Wed Mar 28 08:38:56 2018 -0700" }, "message": "Add \"Unlocked device required\" key API\n\nThis adds the API methods and values for keyguard-bound keys, but\ncontains none of the actual functionality.\n\nTest: CTS tests in CtsKeystoreTestCases\n\nBug: 67752510\n\nMerged-In: Iccd7dafd77258d903d11353e02ba3ab956050c40\nChange-Id: Iccd7dafd77258d903d11353e02ba3ab956050c40\n(cherry picked from commit fd75c7232aebc8690f004de3486b3b9a44f3e0b0)\n" }, { "commit": "56e9c026b33da783088c10a3d1162076a8e25cb6", "tree": "36bd56d58d0890d16be28c3877d59b40f78357b8", "parents": [ "cdaba41a6f36262ae37b3425b8da981d2266345b", "5437b81696e19e40be3f6f9cc95b8ef14fa93ae3" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Tue Mar 27 22:13:37 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Mar 27 22:13:37 2018 +0000" }, "message": "Merge \"Refactor AddUserAuthArgs for extensibility\" into pi-dev" }, { "commit": "4b4a0539b662695570d7d1ddbf96db93fc987e8d", "tree": "597ff21c0806a55348875361c42ec2bdc4614734", "parents": [ "9cd3e43d86ea00fb93ef7561bb309e3a53f1a582" ], "author": { "name": "Dmitry Dementyev", "email": "dementyev@google.com", "time": "Fri Mar 23 17:46:52 2018 -0700" }, "committer": { "name": "Dmitry Dementyev", "email": "dementyev@google.com", "time": "Fri Mar 23 17:46:52 2018 -0700" }, "message": "Add missing @NonNull annotation to AndroidKeyStoreProvider method.\n\nBug: 73959762\nTest: none\nChange-Id: I2298c8fe0893032f374629a5af128474ba0f679c\n" }, { "commit": "5437b81696e19e40be3f6f9cc95b8ef14fa93ae3", "tree": "c3aa310e3b0f093d25b3260d15c456f207d35d58", "parents": [ "6b71daa0c2d9e01fdf3aa8ce09dbd96c4d2ab8ea" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Feb 23 18:04:20 2018 +0000" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Mar 22 16:10:40 2018 -0700" }, "message": "Refactor AddUserAuthArgs for extensibility\n\nCreate an interface that encapsulates the common arguments to\nAddUserAuthArgs, add that interface to KeyProtection and\nKeyGenParameterSpec, and refactor AddUserAuthArgs to accept an\ninstance of that interface.\n\nTest: CTS Module CtsKeystoreTestCases\n\nBug: 74017618\n\nMerged-In: I591e34e5d08421ea1c022bbb6e955ee3c01eb435\nChange-Id: I591e34e5d08421ea1c022bbb6e955ee3c01eb435\n(cherry picked from commit df16c56fbf05908e03f3a95a8a3d981bbc2fdb91)\n" }, { "commit": "bbb7f65a23937eeeabcc4caac5a3ea53ad836749", "tree": "fefa23fa352d64bcfd70e1dc1e69cbadbb6e7bfb", "parents": [ "c5f5ad103fb9416cb63ec9f7c2397bb343cb2f44" ], "author": { "name": "David Zeuthen", "email": "zeuthen@google.com", "time": "Mon Feb 26 11:04:18 2018 -0500" }, "committer": { "name": "David Zeuthen", "email": "zeuthen@google.com", "time": "Mon Feb 26 11:08:00 2018 -0500" }, "message": "ConfirmationDialog: Pass accessibility options and implement isSupported().\n\nBug: 63928580\nTest: Manually tested.\nChange-Id: I6a06d10a4cb924c3e57c8e212ba4626cad00f4a1\n" }, { "commit": "da82e2cb7193032867f86b996467bcd117545616", "tree": "7585d5778078b208575e2a535454946794490cb9", "parents": [ "efc3f16be7870c84227b79f73f0ad7cab72a260f" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Thu Feb 22 23:36:34 2018 +0000" }, "committer": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Feb 23 01:31:49 2018 +0000" }, "message": "Revert \"Add \"Unlocked device required\" parameter to keys\"\n\nThis reverts commit efc3f16be7870c84227b79f73f0ad7cab72a260f.\n\nReason for revert: Regression in creating auth-bound keys\n\nBug: 73773914\n\nBug: 67752510\n\nChange-Id: Ic3886ceb3c3c0c4274682ed9f5f2bfbf8fdd71b9\n" }, { "commit": "efc3f16be7870c84227b79f73f0ad7cab72a260f", "tree": "9bc781e0e7caf005e6037866954262fbb6f3152d", "parents": [ "5f76688c5a8eefd16bc51569263667e7f403f242" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Nov 16 15:36:43 2017 -0800" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Wed Feb 14 12:19:13 2018 -0800" }, "message": "Add \"Unlocked device required\" parameter to keys\n\nAdd a keymaster parameter for keys that should be inaccessible when\nthe device screen is locked. \"Locked\" here is a state where the device\ncan be used or accessed without any further trust factor such as a\nPIN, password, fingerprint, or trusted face or voice.\n\nThis parameter is added to the Java keystore interface for key\ncreation and import, as well as enums specified by and for the native\nkeystore process.\n\nTest: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed\n\nBug: 67752510\n\nChange-Id: I314b848f6971d1849a7a6347d52e41d9604639ae\n" }, { "commit": "a8e8b659d0a872c9221e70b94c094cb6bff0508a", "tree": "82e4bab84a85a3cb6153fe3512b185b2f4b603be", "parents": [ "f100eea32f6ca4cfb858a53820a0b93f91b24942" ], "author": { "name": "David Zeuthen", "email": "zeuthen@google.com", "time": "Wed Oct 25 14:25:55 2017 -0400" }, "committer": { "name": "David Zeuthen", "email": "zeuthen@google.com", "time": "Tue Jan 30 17:33:21 2018 -0500" }, "message": "Add Confirmation API.\n\nThis CL adds new Framework APIs that can be used for the secure\nconfirmations. This includes support for configuring a key such that\nit can only sign data returned by the confirmation APIs.\n\nBug: 63928580\nTest: Manually tested.\nChange-Id: I94c1fc532376bd555b3dc37fc4709469450cfde6\n" }, { "commit": "3a28570b285d9248206fc0ab8b30e3b2a51ae5b3", "tree": "9d63c735395cb8389297c8f41bcc400d92be7fc8", "parents": [ "55fff3a89d96d0d0f8b8cb161bb0dda170c21ccb" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Mon Jan 29 23:56:59 2018 +0000" }, "committer": { "name": "Ian Pedowitz", "email": "ijpedowitz@google.com", "time": "Tue Jan 30 15:31:42 2018 +0000" }, "message": "Revert \"Add \"Unlocked device required\" parameter to keys\"\n\nThis reverts commit 55fff3a89d96d0d0f8b8cb161bb0dda170c21ccb.\n\nReason for revert: Build breakages on elfin, gce_x86_phone.\n\nBug: 67752510\n\nBug: 72679761\nChange-Id: Ia495e9cb158b64fcf015e37b170554a7ed6810a7\n" }, { "commit": "55fff3a89d96d0d0f8b8cb161bb0dda170c21ccb", "tree": "dbe7cbcb2d2af17be47e8f4dd69a07a672b456c1", "parents": [ "e2975162dca148be4be46b5bfbacdce7c74513ee" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Nov 16 15:36:43 2017 -0800" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Mon Jan 29 10:16:02 2018 -0800" }, "message": "Add \"Unlocked device required\" parameter to keys\n\nAdd a keymaster parameter for keys that should be inaccessible when\nthe device screen is locked. \"Locked\" here is a state where the device\ncan be used or accessed without any further trust factor such as a\nPIN, password, fingerprint, or trusted face or voice.\n\nThis parameter is added to the Java keystore interface for key\ncreation and import, as well as enums specified by and for the native\nkeystore process.\n\nTest: go/asym-write-test-plan\n\nBug: 67752510\n\nChange-Id: I8b88ff8fceeafe14e7613776c9cf5427752d9172\n" }, { "commit": "4dadff8be0d8aebe41822eb2daeaaacd72631865", "tree": "96007a29171585eb80e70ae0da43c88c91f1b721", "parents": [ "7f1e49f2ff6b97a85dca041a72398d4a56149787", "7dacad8dc88c820cc750495017c11e322ac7309f" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Thu Jan 25 17:31:38 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Jan 25 17:31:38 2018 +0000" }, "message": "Merge \"Add confirmation UI protocol to Keystore AIDL definition\"" }, { "commit": "7f1e49f2ff6b97a85dca041a72398d4a56149787", "tree": "fda5bc4917b7555423ecebaa493bc83c76eeaccb", "parents": [ "0ad372a7e40cb18115b881175430ce7c3cdc65d0", "ea5e038bc11f234553043c24b10134406444f601" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Thu Jan 25 17:24:17 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Jan 25 17:24:17 2018 +0000" }, "message": "Merge \"Generating StrongBox backed keys\"" }, { "commit": "fcd05a94ef0642857abcd0e7746c40d601a787e7", "tree": "da7f18190651f370d8277a8d44672b13052fc775", "parents": [ "5e24057999b51f13d868dbe46f74701cb403697e" ], "author": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Thu Jan 18 08:34:45 2018 -0800" }, "committer": { "name": "nagendra modadugu", "email": "ngm@google.com", "time": "Wed Jan 24 23:06:35 2018 -0800" }, "message": "keystore: Add Trusted User Presence (TUP) APIs.\n\nTest: m -j KeystoreTests \u0026\u0026 adb install -r\nout/target/product/crosshatch/data/app/KeystoreTests/KeystoreTests.apk\n adb shell am instrument\n \u0027android.security.tests/android.support.test.runner.AndroidJUnitRunner\u0027\nBug: 72476834\n\nChange-Id: I61ee4326a5e31f1cefacd47470b53634fa94c2ef\n" }, { "commit": "ea5e038bc11f234553043c24b10134406444f601", "tree": "e9d39663dacbcc531cea1b3bd2ff5aebf049ed9f", "parents": [ "f88fdc995fbd23ecc3e9b6b8a94186cd96969085" ], "author": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Tue Jan 23 22:42:29 2018 -0800" }, "committer": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Wed Jan 24 23:45:54 2018 +0000" }, "message": "Generating StrongBox backed keys\n\n•Add FLAG_STRONGBOX when the generator spec requires it.\n•Throw StrongBoxUnavailableException when the request\nfails due to HARDWARE_UNAVAILABLE.\n•Add PackageManager.FEATURE_STRONGBOX_KEYSTORE\n\nTest: KeyStore CTS tests under development on an emulator\nBug: 63931634\nChange-Id: I42d32b22981e43e504d30e5657d21ac555c71ebe\n" }, { "commit": "7dacad8dc88c820cc750495017c11e322ac7309f", "tree": "95e5a4a87059b23d8032eb226081b54955af3355", "parents": [ "f88fdc995fbd23ecc3e9b6b8a94186cd96969085" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Jan 24 15:12:11 2018 -0800" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Jan 24 15:45:08 2018 -0800" }, "message": "Add confirmation UI protocol to Keystore AIDL definition\n\nTest: Manually tested\nBug: 63928580\nChange-Id: Ief1cdb9a64737d5aac08aa1c48ff60c34218d5ba\n" }, { "commit": "21d9c1d44a4a5e788d2a84e65b8509cb04c6d432", "tree": "4fb6b51bc7475147c63b5d6a41a3f6ae193e7a7e", "parents": [ "504039b1d36075f03f2923a457b03694380c529f" ], "author": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Tue Dec 19 22:38:09 2017 -0800" }, "committer": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Tue Jan 23 00:29:11 2018 -0800" }, "message": "Keystore APIs for Import Wrapped Key, Strongbox, 3DES\n\nImport Wrapped Key:\nApplications can import keys in a wrapped, encrypted format. Wrapped keys are\nunwrapped inside of a Keymaster device.\n\nStrongbox:\nApplications can import and generate keys in secure hardware.\n\n3DES:\nAdd KeyProperties and KeymasterDefs\nAdd AndroidKeyStore3DESCipherSpi and provider registrations\n\nBug: 63931634\nTest: Keystore CTS tests in progress\n\nChange-Id: I80b6db865b517fa108f14aced7402336212c441b\n" }, { "commit": "eab62566ef5caff37098f034db46b39f0e06317a", "tree": "428368182f2359cfa84afc774f5624de8cdad141", "parents": [ "2bb444136a10731f73fe7e7052a0fcbec0472262" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Tue Jan 16 16:33:22 2018 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Tue Jan 16 16:33:22 2018 +0000" }, "message": "KeyStore: Remove duplicate method\n\nRemove the duplicate() method from KeyStore.\nIt is backed by dead code in the Keystore service, which (as far as I\ncan tell) is not doing the right thing.\n\nPrevious conversations with Keystore team members suggested this API\nshould not be used and it is marked for removal in the Keystore service.\n\nBug: 72037261\nTest: That it compiles.\nChange-Id: I7f8af95473c876340cbd5c73dd88c5d0282897b3\n" }, { "commit": "94d56761249a8e8c073867c17bba59b4a898f113", "tree": "a5d48db4ef71a6e105810d282ea3c8af32e42697", "parents": [ "ea713a3882d11675ca067ad63ab01a664d012f3b" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Dec 21 20:50:54 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Tue Jan 02 23:36:15 2018 +0000" }, "message": "DPM: Implement Device ID attestation\n\nEnable requesting inclusion of device identifiers in the attestation\nrecord issued for keys generated by generateKeyPair.\nThis is done by passing an array of flags with values indicating which\nidentifiers should be included.\nSince the attestation record will include sensitive identifiers, it can\nonly be requested by the DPC in Device Owner mode or by the Delegated\nCert Installer in Device Owner mode.\n\nDesign note:\nDevicePolicyManager defines its own set of constants for the different\nidentifier types (ID_TYPE_*) and prior to calling\nDevicePolicyManagerService it translates them to the values defined by\nAttestationUtils (which is not a public class).\nThe reason is to allow re-use of code in AttestationUtils for preparing\nthe attestation arguments.\nIn theory, these constants could be moved from AttestationUtils to\nDevicePolicyManager, however that would create a dependency on DPM from\nKeystore, which logically does not make sense as Keystore is independent\nof the DPM (and in a lower level of the system, conceptually).\n\nBug: 63388672\nTest: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement; runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest#testTranslationOfIdAttestationFlag\nChange-Id: Ifb42e8e813fa812a08203b4a81d15b1f91152354\n" }, { "commit": "7b27036950574a51edd6ade7b3c8d82b950b857a", "tree": "4f54b9dab58679d803a9f575be246183efb3ae36", "parents": [ "43fce46bcd2f77cbcf53fcb8d64d16b3eb92da2a", "03dd82792e41ed76602ca5f2ea32446da741c737" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Thu Dec 28 02:16:55 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Dec 28 02:16:55 2017 +0000" }, "message": "Merge changes from topics \"wrapped_key_import\", \"keystore_seclevels\"\n\n* changes:\n Add importWrappedKey to IKeystoreService.aidl\n Keystore: Use security levels\n" }, { "commit": "0aadf935cbaa0a0f3b1570e162790fd04cbef530", "tree": "a59e946d1a27852741295fd14961e204377840f3", "parents": [ "39b4499d943d2a078b7c7ca2936908d7aac719d1" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Mon Dec 18 17:28:52 2017 -0800" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Dec 22 00:02:39 2017 +0000" }, "message": "Keystore: Use security levels\n\nIn anticipation of the availability of Keymaster implementations with\nmultiple security levels this patch adds the additional\nkeystore flags FLAG_SOFTWARE and FLAG_STROGBOX.\n\nAlso, the IKeystore method addRngEntropy got a new flags parameter\nfor the caller to express which implementation shall be awarded the\nprecious entropy.\n\nTest: Keystore CTS tests\nBug: 63931634\nChange-Id: I4a4eafbdbe1290f0c7bd2bfa2ce3e5fbb06c2dd8\n" }, { "commit": "ecf0f22e5831832afb48c86abfaa81234c8db619", "tree": "06616aa20a0ffe77805d314c2b24bae9a3866534", "parents": [ "171fec8c356ffa8cd4837092fce3b5cd5e2712fe" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Dec 11 12:32:13 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Dec 18 13:26:01 2017 +0000" }, "message": "DPM: Implement installing certificates for generated keys\n\nAdd a new method in the DevicePolicyManager to associate certificates (and\nset the user-visibility) with a given key alias.\nConceptually, the new method, setKeyPairCertificate is very similar to\ninstallKeyPair, except it does not install a key, only certificates.\n\n(The new setKeyPairCertificate, together with generateKeyPair is\nfunctionally equivalent to installKeyPair, except the keys are generated\nin hardware rather than supplied externally).\n\nBug: 63388672\nTest: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG\nChange-Id: Idbfe151f6e5311766decbc1a010bff78dc60249f\n" }, { "commit": "39b4499d943d2a078b7c7ca2936908d7aac719d1", "tree": "d6740506d01771f9d169666d48aba5359129d1cd", "parents": [ "cc1b3e0e89c738503f99a4fe23de1712425c67e4", "64338c0e4d0ec64c55abc34c0559d94ee352723c" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Dec 15 23:48:55 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Dec 15 23:48:55 2017 +0000" }, "message": "Merge \"Consolidate Keystore alias prefixes.\"" }, { "commit": "64338c0e4d0ec64c55abc34c0559d94ee352723c", "tree": "ca55c1153ac4e02df80af05dcf7fc2581f193e88", "parents": [ "bb91f5fe94188de451726dd83cdaffd5944f5108" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Apr 19 09:17:17 2017 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Dec 15 00:14:40 2017 +0000" }, "message": "Consolidate Keystore alias prefixes.\n\nCurrently, the keystore SPI assigns different prefixes to user key\nentries depending on the algorithm. Symmetric keys (secret keys) get\nthe prefix USERSKEY_ and asymmetric keys (private keys) get the\nprefix USERPKEY_. This distinction is superfluous, as the information\ncan always be retrieved from the key characteristics. Also moving\nforward it is desirable to be able to import keys the nature\nof which is not known a priori. In these cases the prefix cannot be\nchosen meaningfully.\n\nThis patch deprecates one of the prefixes (i.e. USERSKEY_) and uses\nthe other for both types of keys. Legacy keys with the old prefix\ncan still be used, but all new keys will have the prefix USERPKEY_.\n\nBug: 63931634\nTest: CTS test and Manual upgrade test with KeyStoreTool app\n Also performed upgrade test with device PIN set\nChange-Id: I5b4bb0b0d2b82c276659d55b862150326bb68d5d\n" }, { "commit": "a173064047d304837d907b9b39ece5c14adf2b25", "tree": "6b8716f7f503e84cb257b3154bf5cdded48e43f9", "parents": [ "7d6688f35e37a96579db8ae2342eda3239a92c3c" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Dec 11 17:48:47 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Dec 14 18:09:05 2017 +0000" }, "message": "DevicePolicyManager: Support attestation for generated keys.\n\nIf the KeyGenParameterSpec passed into\nDevicePolicyManager.generateKeyPair contains an attestation challenge,\nrequest an attestation record for the newly-generated key with the\nchallenge provided.\n\nThis particular implementation was chosen, rather than letting the\nattestation record be generated at the same time as key generation, to\navoid having the attestation chain stored in Keystore and associated\nwith the generated alias.\n\nThe rationale is that this is a key that is potentially accessible by\nmultiple applications and the attestation chain may end up being sent\nas a TLS client certificate chain, for example.\n\nAs the attestation challenge should be unique per device, to avoid\nthe potential of sending / sharing unique device information, by\nexplicitly requesting an attestation record after key generation, the\nattestation record is only returned to the generateKeyPair client and\nnot persistend in Keystore.\n\nBug: 63388672\nTest: New CTS test to be run with: \u0027cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG\u0027\nChange-Id: I95a9aef179173b571b533301ac438c675e8fe702\n" }, { "commit": "27674aedc0c2fe6f013ea0d6722bdb0d17fc7c57", "tree": "746a77641c8f5a615b8415b3e55f87d897b557a7", "parents": [ "e5634eeba63e975f8d69f7673596a5dc59908438", "5db9a911354271abdc13a2a645d0de7d2619010e" ], "author": { "name": "Jeff Sharkey", "email": "jsharkey@google.com", "time": "Mon Dec 11 16:47:13 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Dec 11 16:47:13 2017 +0000" }, "message": "Merge \"Add auto-doc support for @StringDef.\"" }, { "commit": "47670548e07140f3308c2aa4741b1bbf4f25d7bc", "tree": "eff6958afdadc70e5a27b06f6a0f8f9593f06bc2", "parents": [ "b8f2728a787db8dc551345b464705f049d970502" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Sat Dec 09 21:25:04 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Dec 11 12:28:13 2017 +0000" }, "message": "Keystore: Fix KeyGenParameterSpec parceling\n\nFix the way KeyGenParameterSpec is parceled, by correctly handling\ndefault and null values for some of the fields.\n\nA recent CL added the ability to parcel/unparcel KeyGenParameterSpec (by\na separate class).\nDue to refactoring late in the CL review cycle, the parceling code did\nnot take into account a few edge cases.\n\nUnit tests:\nm -j KeystoreTests \u0026\u0026 adb install -r out/target/product/marlin/data/app/KeystoreTests/KeystoreTests.apk\nadb shell am instrument \u0027android.security.tests/android.support.test.runner.AndroidJUnitRunner\u0027\n\nCTS tests:\ncts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG\n\nBug: 69337278\nTest: Keystore unit tets (see instructions above) and cts Key Management test.\nChange-Id: Ie08f42b07fb55b6fa1d8fb73c89d69687c97e214\n" }, { "commit": "5db9a911354271abdc13a2a645d0de7d2619010e", "tree": "cca7ffd53bc9355afa36e96124912a7af62fd90e", "parents": [ "6e15c2a89ae9733d2552d9d0a20504a4bdf69c29" ], "author": { "name": "Jeff Sharkey", "email": "jsharkey@android.com", "time": "Fri Dec 08 17:32:32 2017 -0700" }, "committer": { "name": "Jeff Sharkey", "email": "jsharkey@android.com", "time": "Fri Dec 08 17:33:40 2017 -0700" }, "message": "Add auto-doc support for @StringDef.\n\nBehaves pretty much the same as @IntDef, but now supports \"suffix\"\nin addition to \"prefix\" when matching constants.\n\nTest: manual docs output looks sane\nBug: 70406696\nChange-Id: I35064b0f9f36f1f13ccdb40302d818a004014f15\n" }, { "commit": "b2795710f33ce03f4106b4bbd3b41faec0c31bad", "tree": "020ae2fc5a5d7770f6868df4947dbd9036bffc72", "parents": [ "f20ed0321032d70d715eb1ccdde338689a30c7f1", "852c8f121f2e502e1e8503bfc230dccb81b681d4" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Thu Dec 07 18:20:45 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Dec 07 18:20:45 2017 +0000" }, "message": "Merge \"DevicePolicyManager: Add key generation functionality.\"" }, { "commit": "852c8f121f2e502e1e8503bfc230dccb81b681d4", "tree": "27c90a754791b77990afbcb369cac3fad401a3bf", "parents": [ "d52efa56adaca0bc70fb72082c7c663adcb669cc" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Wed Nov 15 05:55:52 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Dec 07 15:12:30 2017 +0000" }, "message": "DevicePolicyManager: Add key generation functionality.\n\nThis is the crux of the Verified Access feature implementation:\nAdding the ability to generate KeyChain keys directly by the\nsecure hardware, rather than installing software-generated keys\ninto KeyChain.\n\nAdd generateKeyPair to the DevicePolicyManager, which delegates key\ngeneration (via the DevicePolicyManagerService) to the KeyChainService.\n\nDesign highlights:\n* The key generation is delegated via the DevicePolicyManagerService to\n check that only authorized callers request key generation in KeyChain.\n* KeyChainService performs the actual key generation so it owns the key\n in Keystore outright.\n* DevicePolicyManagerService then grants the calling app access to the\n Keystore key, so it can actually be used.\n* Loading the public/private key pair, as well as attestation\n certificate chain, is done in the client code (DevicePolicyManager)\n to save parceling / unparceling those objects across process\n boundaries twice (for no good reason).\n\nNOTE: The key attestation functionality (that includes Device ID) is\nmissing/untested. Will be added in a follow-up CL as this one is quite\nbig already.\n\nHIGHLIGHT FOR REVIEWERS:\n* API: New API in DevicePolicyManager.\n\nBug: 63388672\nTest: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG; adb shell am instrument \u0027android.security.tests/android.support.test.runner.AndroidJUnitRunner\u0027 (After building the KeystoreTests target and installing the apk)\nChange-Id: I73762c9123f32a94d454ba4f8b533883b55c44cc\n" }, { "commit": "dcb520b4ed5889281124d3520a1675d0a7418a0a", "tree": "550daa9592c6c688bbc2916876f597b8fbb7cf10", "parents": [ "231d50e799108b709d576400419a292908988e37", "9271333842c402d8486acfd781a87fac9d3eced9" ], "author": { "name": "Kevin Hufnagle", "email": "khufnagle@google.com", "time": "Thu Dec 07 05:47:03 2017 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Dec 07 05:47:03 2017 +0000" }, "message": "Merge \"docs: Fixed key generator initialize method call.\" into oc-mr1-dev am: a1150e90e0\nam: 9271333842\n\nChange-Id: If099ce9dc3a35a1617de54c0187f718a0b391dcc\n" }, { "commit": "8cc88984c8e62aba0d79c1b4b0e1c8c506b40df5", "tree": "0812746e83d84693f73e5dbdd045947de3d6375b", "parents": [ "b94e697dcff23569f2b2bcc77173bed329a38242" ], "author": { "name": "Kevin Hufnagle", "email": "khufnagle@google.com", "time": "Wed Nov 29 12:06:52 2017 -0800" }, "committer": { "name": "Kevin Hufnagle", "email": "khufnagle@google.com", "time": "Wed Nov 29 12:06:52 2017 -0800" }, "message": "docs: Fixed key generator initialize method call.\n\nThe guide within the KeyGenParameterSpec class now uses the correct\nmethod (init() instead of initialize()) to initialize the key\ngenerator in the examples that show how to create AES and HMAC keys.\n\nTest: make ds-docs -j8\n\nBug: 69093664\nChange-Id: I6a9cbe6decd895c2505538f6ad4be91cd9133714\n" }, { "commit": "23c438d711c15541312dbb5a83548967874f9ccb", "tree": "83b5160da7a62def6f3d014964fc53042926d83d", "parents": [ "78252a23d6d38e4b1c938fef3d7b1dc6b7dfbe05" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Nov 23 17:20:52 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Nov 23 17:59:36 2017 +0000" }, "message": "KeyChain: Provide public \u0026 private keys\n\nIn order for the DevicePolicyManager to provide key generation\nfunctionality, it has to return both the private and public keys\nin form of a KeyPair.\n\nSince the KeyChainService will perform the key generation on behalf\nof the DevicePolicyManager (so that KeyChain will be the owner of\nthe generated keys outright), the DevicePolicyManager needs a way\nto get both the private and public key representations from KeyChain.\n\nA getKeyPair method is added that gets the private and public\nkey pair associated with a given alias from Keystore.\nThe getPrivateKey now delegates to the getKeyPair method and returns\nonly the private key.\n\nTested using existing CTS tests.\n\nBug: 63388672\nTest: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement\nChange-Id: I06b8511acd2049a0053ec8893de6de7429f7c92e\n" }, { "commit": "5c0a517dffc67aac4c8b6df1b3324f1ff0311704", "tree": "308257396bbcb792a63aae1ecc18a1ab462a9ac0", "parents": [ "a9a65af6ac4414b2df2a17bb2d3d5fb9254450c3", "7039f416c3db02bafc43dda0fc6db87b6ace2745" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Tue Nov 14 13:43:03 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Nov 14 13:43:03 2017 +0000" }, "message": "Merge \"KeyChain: Adding methods for user-visibility.\"" }, { "commit": "7039f416c3db02bafc43dda0fc6db87b6ace2745", "tree": "e32cadf31e53155c2a3451eaa4c6e549d4681d1e", "parents": [ "2b267dfbe967661879b54c638e1f72ab85c5b2f5" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Wed Nov 08 01:03:30 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Nov 09 20:51:35 2017 +0000" }, "message": "KeyChain: Adding methods for user-visibility.\n\nAdd to the KeyChain aidl two methods for getting and setting whether\na key can be selectable by the user or not.\n\nSee\nhttps://googleplex-android-review.git.corp.google.com/#/c/platform/packages/apps/KeyChain/+/3199414/\n\nTest: To be determined.\nBug: 65624467\nChange-Id: Ib31a11ca432a5d29fdb8ed5349598dbff4bcb516\n" }, { "commit": "efc4311a3fb84cacc98f0afe669c69f9d5196bd3", "tree": "7084786efb494627bfb7446704e49072a62d8b13", "parents": [ "843f07e2d31e64b57357bbfc106b5c3a28315332" ], "author": { "name": "Dmitry Dementyev", "email": "dementyev@google.com", "time": "Fri Oct 27 23:10:28 2017 -0700" }, "committer": { "name": "Dmitry Dementyev", "email": "dementyev@google.com", "time": "Tue Nov 07 10:21:08 2017 -0800" }, "message": "Get rid of manually created IKeystoreService.\n\nJava/aidl side changes necessary to generate IKeystoreService.cpp\nGenerated C++ service currently doesn\u0027t support null parameters, so lots\nof parameters were updated to pass default value instead of null.\n\nTest: cts-tradefed run cts -m CtsKeystoreTestCases\nBug: 68389643\n\nChange-Id: Ifaf2ab48b2bcd7b081e4b336aa279fa8ba4fbbbf\n" }, { "commit": "5596642a1035bcc120071d715336b965a51040fa", "tree": "9c16ea5cf15093e46ba18884173de6b5fc664302", "parents": [ "ce7416809a6953ad2d421977de2aae81cc0549f8" ], "author": { "name": "Kevin Chyn", "email": "kchyn@google.com", "time": "Mon Oct 23 16:08:47 2017 -0700" }, "committer": { "name": "Kevin Chyn", "email": "kchyn@google.com", "time": "Tue Oct 24 02:29:15 2017 +0000" }, "message": "Check FEATURE_FINGERPRINT before trying to getSystemService\n\nFixes: 65838275\n\nTest: Tested on Ryu/Walleye, the stack trace is not seen anymore\nChange-Id: I7b12fdca81d5f2523dea5a981fcf1daa69254eb4\n" }, { "commit": "da5dae23f9cd5a2776b7f70a58e234dd8a9fcdf7", "tree": "788854828cf3a1b6b9e2c6345c3b882c3589add3", "parents": [ "ec02583438effc8b3559ccdfa6c78a8fe1da6fc4" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Sep 01 14:45:16 2017 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Sep 12 04:13:11 2017 +0000" }, "message": "Fix use of auth-bound keys after screen lock removal\n\nWhen an auth-bound key is used after the screen lock has been removed by\nthe user, KeyStore.begin retruns UNINITIALIZED.\n\nThis patch adds handling for this error code, indicating that the key\nthat was to be used was permanently invalidated.\n\nBug: 65200397\nTest: CtsVerifier ScreenLockBoundKeysTest:\n 1. Run test\n 2. with CtsVerifier in the background remove the screen lock\n through the settings dialog\n 3. Select VtsVerifier in \u0027recents\u0027\n 4. Run test again\n\nChange-Id: If68ba0eb2f9c04655fe8c9eea28c4491eae8e92f\n(cherry picked from commit d07d3384279c0c07c5c6747ea8d0c5684264c9d0)\n" }, { "commit": "d07d3384279c0c07c5c6747ea8d0c5684264c9d0", "tree": "a0cac335651521d9d60d6381087fd05c93715b85", "parents": [ "9f5e99159056da901aefc4ac4ff26aa382a23765" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Sep 01 14:45:16 2017 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Sep 01 14:45:16 2017 -0700" }, "message": "Fix use of auth-bound keys after screen lock removal\n\nWhen an auth-bound key is used after the screen lock has been removed by\nthe user, KeyStore.begin retruns UNINITIALIZED.\n\nThis patch adds handling for this error code, indicating that the key\nthat was to be used was permanently invalidated.\n\nBug: 65200397\nTest: CtsVerifier ScreenLockBoundKeysTest:\n 1. Run test\n 2. with CtsVerifier in the background remove the screen lock\n through the settings dialog\n 3. Select VtsVerifier in \u0027recents\u0027\n 4. Run test again\n\nChange-Id: If68ba0eb2f9c04655fe8c9eea28c4491eae8e92f\n" }, { "commit": "735aa14f4ea01f0fc9d38f5cad2f17ddfc6285b3", "tree": "321b6f3162008b6df00e4e3228859bbd4ad20508", "parents": [ "7745a7975f23577db755cb03f50df038f21d00a3", "1ed1ee3c7040259ca13a8017c7bdb4d42d092f94" ], "author": { "name": "Cindy Kuang", "email": "ckuang@google.com", "time": "Wed Aug 16 17:24:05 2017 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 16 17:24:05 2017 +0000" }, "message": "Merge \"docs: corrected code example mistakes\" into oc-dev am: 5714da6e93\nam: 1ed1ee3c70\n\nChange-Id: I979b54f30b9a09c2160b3d2087c619ba979a868e\n" }, { "commit": "3311ba316adaf6837e2d8623e2df3ae86ff93d4a", "tree": "ac3d9fcc85945ed1feae5ad843f02fc4d16c6ce7", "parents": [ "44cab75cb0ec40368597180e06d6d037a76ef41a", "5714da6e93271324b020be990b8274463b441b4b" ], "author": { "name": "Cindy Kuang", "email": "ckuang@google.com", "time": "Wed Aug 16 17:12:08 2017 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 16 17:12:08 2017 +0000" }, "message": "Merge \"docs: corrected code example mistakes\" into oc-dev\nam: 5714da6e93\n\nChange-Id: I75b35bd6ff92b345c3fd9d27fdf03e5db2927be9\n" }, { "commit": "2b1a5b8fd9efc41451f933fff27f615961f2d6d1", "tree": "85d278260f6a51cf75972355922f00148071d03c", "parents": [ "744976e2985a07f602c02721db8969a638d51c82" ], "author": { "name": "Cindy Kuang", "email": "ckuang@google.com", "time": "Wed Aug 09 14:18:02 2017 -0700" }, "committer": { "name": "Cindy Kuang", "email": "ckuang@google.com", "time": "Fri Aug 11 10:49:04 2017 -0700" }, "message": "docs: corrected code example mistakes\n\nTest: make ds-docs\n\nBug: 10808505\nChange-Id: I9ee4efab9f0cbac00213179d06a6f0919cb82756\n" }, { "commit": "e06f53372649b766cefe0cc408381f497426a2b8", "tree": "0c47f0012d0bd55948411ccc5005fabab6d0888c", "parents": [ "5898d52184c436c473c577d7c7f6ce5d16769046" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Jun 08 17:53:34 2017 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Mon Jul 24 10:58:33 2017 -0700" }, "message": "Refurbish granting mechanism\n\nKeystore stores key blobs in with filenames that include the symbolic\nname and the uid of the owner. This behaviour should have been\ncompletely opaque to the user keystore. However, the granting mechanism,\nby which an app can allow another app to use one of its keys, leaked the\ninternal structure in that the grantee had to specify the key name with\nthe granter\u0027s uid prefix in order to use the granted key. This in turn\ncollided with prefix handling in other parts of the framework.\n\nThis patch refurbishes the granting mechanism such that keystore can\nchoose a name for the grant. It uses the original symbolic key name as\nprefix and appends _KEYSTOREGRANT_\u003cgrant_no\u003e where the grant_no is\nchosen as first free slot starting from 0. Each uid has its own grant_no\nspace.\n\nThis changes the grant call such that it now returns a string, which is\nthe alias name of the newly created grant. The string is empty if the\ngrant operation failed.\n\nAs before apps can still mask granted keys by importing a key with the\nexact same name including the added suffix. But everybody deserves the\nright to shoot themselves in the foot if they really want to.\n\nBug: 37264540\nBug: 62237038\nTest: run cts-dev --module CtsDevicePolicyManagerTestCases --test\n com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement\n\t because it grants a key\nMerged-In: I047512ba345c25e6e691e78f7a37fc3f97b95d32\nChange-Id: I047512ba345c25e6e691e78f7a37fc3f97b95d32\n" }, { "commit": "6396ccb82e368a5f4ca06c5e47f287930608cc3e", "tree": "a0e2e50638e1e34e74569cd6b45b7706250df074", "parents": [ "001956c626c8c2c8c02c6065ea0964dd505e5406" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Jun 08 17:53:34 2017 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Sun Jul 23 09:39:04 2017 -0700" }, "message": "Refurbish granting mechanism\n\nKeystore stores key blobs in with filenames that include the symbolic\nname and the uid of the owner. This behaviour should have been\ncompletely opaque to the user keystore. However, the granting mechanism,\nby which an app can allow another app to use one of its keys, leaked the\ninternal structure in that the grantee had to specify the key name with\nthe granter\u0027s uid prefix in order to use the granted key. This in turn\ncollided with prefix handling in other parts of the framework.\n\nThis patch refurbishes the granting mechanism such that keystore can\nchoose a name for the grant. It uses the original symbolic key name as\nprefix and appends _KEYSTOREGRANT_\u003cgrant_no\u003e where the grant_no is\nchosen as first free slot starting from 0. Each uid has its own grant_no\nspace.\n\nThis changes the grant call such that it now returns a string, which is\nthe alias name of the newly created grant. The string is empty if the\ngrant operation failed.\n\nAs before apps can still mask granted keys by importing a key with the\nexact same name including the added suffix. But everybody deserves the\nright to shoot themselves in the foot if they really want to.\n\nBug: 37264540\nBug: 62237038\nTest: run cts-dev --module CtsDevicePolicyManagerTestCases --test\n com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement\n\t because it grants a key\nMerged-In: I047512ba345c25e6e691e78f7a37fc3f97b95d32\nChange-Id: I047512ba345c25e6e691e78f7a37fc3f97b95d32\n" }, { "commit": "7eeab2cdd99f84ecef12ebbb92e0731b26508da1", "tree": "07400ff228dba5e9cb51c6d9cf0bcb66bcd91f85", "parents": [ "7cf5f74f3fda19901d8c572f8c47981eda96e091" ], "author": { "name": "phweiss", "email": "phweiss@google.com", "time": "Wed Apr 19 20:15:06 2017 +0200" }, "committer": { "name": "phweiss", "email": "phweiss@google.com", "time": "Tue May 09 15:35:30 2017 +0200" }, "message": "Implement CACert queries in SecurityController\n\nCherry-pick note:\ntestCACertLoader() was flaky, so this cherry-pick contains\ntwo attempted fixes and a CL that disables the test. The original commit\nmessages of the squashed CLs are below.\nMerged-In: I3b9cc3d85c9f49d0a892613b63d1fba184ab647e\n\nImplement CACert queries in SecurityController\n\nQueries are run (on a AsyncTask) when user is switched and when\nACTION_TRUST_STORE_CHANGED is broadcasted. Otherwise, the result is cached\nin the SecurityController.\n\nBug: 37535489\nTest: runtest --path frameworks/base/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java\nChange-Id: I3b9cc3d85c9f49d0a892613b63d1fba184ab647e\n\nIncrease timeout for flaky testCACertLoader()\n\nBug: 37535489\nBug: 38045871\nTest: runtest --path frameworks/base/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java\nChange-Id: I5778082973af7c6d4d719b83e334fec552b0a89e\n\nFix flaky SecurityControllerTest.testCaCertLoader\n\nFixes: 38108698\nTest: runtest -c .statusbar.policy.SecurityControllerTest systemui\nChange-Id: I6029a09984b72599622f0df57187a20aba4dab30\n\nDisable flaky test\n\nTest: treehugger\nBug: 38118260\nChange-Id: I05c6504acee6a787e1cc5071bed0118388963212\n\n(cherry picked from commit e375fc441cc889890d1cff5bc771039bb65f08ef)\n" }, { "commit": "e375fc441cc889890d1cff5bc771039bb65f08ef", "tree": "3723d89aebe8f973f72a57717c6ed25772d16ea9", "parents": [ "83abc4f26d470ed032d91c65c66eff71a2499f53" ], "author": { "name": "phweiss", "email": "phweiss@google.com", "time": "Wed Apr 19 20:15:06 2017 +0200" }, "committer": { "name": "phweiss", "email": "phweiss@google.com", "time": "Fri May 05 19:03:29 2017 +0200" }, "message": "Implement CACert queries in SecurityController\n\nQueries are run (on a AsyncTask) when user is switched and when\nACTION_TRUST_STORE_CHANGED is broadcasted. Otherwise, the result is cached\nin the SecurityController.\n\nBug: 37535489\nTest: runtest --path frameworks/base/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java\n\nChange-Id: I3b9cc3d85c9f49d0a892613b63d1fba184ab647e\n" } ], "next": "237f4b369bfd8021882007d103b9921fca789263" }