)]}' { "log": [ { "commit": "68a6071f71b114911649698f81747dcce409779a", "tree": "cb48e0785e0e29621bd97f7df61a8d3d92371da4", "parents": [ "3661808cb75bfa1c6cb429994fbe91755f191e6f", "67046659a4cac736be27e250d0592b43e6a4b301" ], "author": { "name": "Max Bires", "email": "jbires@google.com", "time": "Fri Feb 15 13:55:45 2019 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Feb 15 13:55:45 2019 -0800" }, "message": "Merge \"Adding framework check for 3DES key size\" am: a24d025212 am: a68009941a\nam: 67046659a4\n\nChange-Id: Ibe2259a6eec6115c3bbabfd387e585ec39389a0b\n" }, { "commit": "a24d0252121bdb72b77a1a2fca93adf26f6a522d", "tree": "c0c1c2561a93ba4f1e7ed85c2f3efeff161928bb", "parents": [ "2144164526d4f82adcc9cd5a0377d85bed9981aa", "20fa0e7c2ef8b9ce08a67cd0a734ad1dc9c74849" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Fri Feb 15 21:12:29 2019 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Fri Feb 15 21:12:29 2019 +0000" }, "message": "Merge \"Adding framework check for 3DES key size\"" }, { "commit": "20fa0e7c2ef8b9ce08a67cd0a734ad1dc9c74849", "tree": "089c05f6abaa1e840fef5e38fb4f99b05f6fa755", "parents": [ "a4c1416c28c115d9e9bdac2a63e00286d3508aa2" ], "author": { "name": "Max Bires", "email": "jbires@google.com", "time": "Wed Feb 13 15:08:13 2019 -0800" }, "committer": { "name": "Max Bires", "email": "jbires@google.com", "time": "Wed Feb 13 15:10:29 2019 -0800" }, "message": "Adding framework check for 3DES key size\n\nPreviously the framework would accept any key size that was a multiple\nof 8 for the KeyGenerator.\n\nBug: 117509689\nBug: 122274787\nTest: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java\nChange-Id: I60b52f6062a41ae52486bae0ae36616f4b532b37\n" }, { "commit": "55b8d082ba1f8ab4e541469e8d4def2a5f1ea146", "tree": "363b71256a90b62c3549e35879ad653b9ec71493", "parents": [ "c63d6c2aa7471edddd28cab767f889f261967300" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 31 16:25:52 2019 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Feb 07 23:45:44 2019 +0000" }, "message": "KeyChain: Improve key override documentation.\n\nImprove the documentation on the case of key override: When a new key is\ngenerated/installed using an alias that already exists.\n\nIn particular, clarify that grants are lost and that a new call to\nKeyChain.choosePrivateKeyAlias must be issued in this case.\n\nBug: 123563258\nTest: that it builds.\nChange-Id: I055e95f57b9576883736ca0cfa6a998dec08a6c2\n" }, { "commit": "71864b4790e61fcb7f581f1896f77e5093ac425b", "tree": "79097783925a877f9710049d38bff1a3959d0033", "parents": [ "2c135398444991320f3ec99c0b2c825606f1e91e", "4cfb943d9b31167c5ff950a1c13f51203b7720da" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Fri Feb 01 05:23:03 2019 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Feb 01 05:23:03 2019 -0800" }, "message": "Merge \"Add owners for KeyChain code\" am: 0f9319ed1b am: d7fd57224d\nam: 4cfb943d9b\n\nChange-Id: I8d5ab0f2e7778c34fa0171f8b85276281ebbd6af\n" }, { "commit": "bf0728bca82654ade4c723da035259d18d9022ae", "tree": "43c96b65743c2980dd2bfa8fe454e3d9a822e3f3", "parents": [ "643e60b0fed9d113a4a35847f61a98c2f0e3e6f9" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 31 11:48:40 2019 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 31 11:48:40 2019 +0000" }, "message": "Add owners for KeyChain code\n\nAdd the Android Enterprise Security team as OWNERS for KeyChain and\nKeyChain-related code.\n\nThe KeyChain code currently lives under keystore/, which means every\nchange requires Keystore owners approval, but it does not make sense for\nKeyChain as KeyChain is a Keystore client and is developed\nindependently.\n\nTest: Gerritt upload.\nBug: 33166666\nChange-Id: Idfedda9553add303439179ce10a1e75e437bbe83\n" }, { "commit": "add9f028fc87d114f01b626aeda705296bb6ba40", "tree": "841b2ee5880af3ae125dfc2c430ca8987aeb100b", "parents": [ "c97d0c5f12fbe9f470ef368a912abffbbaba7de3" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 24 14:50:55 2019 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 24 15:50:11 2019 +0000" }, "message": "Further Credentials-related clean-up\n\nRemove methods from the Credentials class that are no longer used,\nnow that KeyChain no longer depends on the presence of a screen lock.\n\nBug: 120901345\nTest: That it builds, manually with CtsVerifier\nChange-Id: I37ad617f076a9ea9b5a5c789cd1da77110ad7b3b\n" }, { "commit": "55418eada51d4f5e6532ae9517af66c50ea495c4", "tree": "b93b0483b4ba377e1b4b79d344932fdf78d17de5", "parents": [ "cfc6518c48d1648bb33a0f6633132a726a9bc7f9" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Dec 20 15:30:45 2018 +0000" }, "committer": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Fri Dec 28 14:26:35 2018 +0000" }, "message": "Limit access to suspected false positives.\n\nMembers modified herein are suspected to be false positives: i.e. things\nthat were added to the greylist in P, but subsequent data analysis\nsuggests that they are not, in fact, used after all.\n\nAdd a maxTargetSdk\u003dP to these APIs. This is lower-risk that simply\nremoving these things from the greylist, as none of out data sources are\nperfect nor complete.\n\nFor APIs that are not supported yet by annotations, move them to\nhiddenapi-greylist-max-p.txt instead which has the same effect.\n\nExempted-From-Owner-Approval: Automatic changes to the codebase\naffecting only @UnsupportedAppUsage annotations, themselves added\nwithout requiring owners approval earlier.\n\nBug: 115609023\nTest: m\nChange-Id: Ia937d8c41512e7f1b6e7f67b9104c1878b5cc3a0\nMerged-In: I020a9c09672ebcae64c5357abc4993e07e744687\n" }, { "commit": "31755f94e11225df5d59b8f7e535106200fdf32d", "tree": "99d4fd992001fff7b5fd15487c227c88d63936ae", "parents": [ "2f16d51c993c5957bcecf63b72ae28488355a8be" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Dec 20 13:53:36 2018 +0000" }, "committer": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Fri Dec 28 11:50:04 2018 +0000" }, "message": "Limit access to suspected false positives.\n\nMembers modified herein are suspected to be false positives: i.e. things\nthat were added to the greylist in P, but subsequent data analysis\nsuggests that they are not, in fact, used after all.\n\nAdd a maxTargetSdk\u003dP to these APIs. This is lower-risk that simply\nremoving these things from the greylist, as none of out data sources are\nperfect nor complete.\n\nFor APIs that are not supported yet by annotations, move them to\nhiddenapi-greylist-max-p.txt instead which has the same effect.\n\nExempted-From-Owner-Approval: Automatic changes to the codebase\naffecting only @UnsupportedAppUsage annotations, themselves added\nwithout requiring owners approval earlier.\n\nBug: 115609023\nTest: m\nChange-Id: I020a9c09672ebcae64c5357abc4993e07e744687\n" }, { "commit": "21ffe60b70a8f9fae6ecddb424004bd9ac016d57", "tree": "aefb9edfba4b6f1f2aa52396748a3b081514e8f8", "parents": [ "d51c624874c8937afb5c2ce894ae0252a10f3283", "717fca1d59886996d5a22481a1341c477ca5ad00" ], "author": { "name": "Max Bires", "email": "jbires@google.com", "time": "Wed Dec 26 18:44:14 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Dec 26 18:44:14 2018 -0800" }, "message": "Merge \"Adding check for HMAC/EC key size for StrongBox\" am: ffee7d8ce0 am: f5992f894a\nam: 717fca1d59\n\nChange-Id: I15c12c940722bb6a810f86b039d9a3d2f0eadac4\n" }, { "commit": "ffee7d8ce07e3b5822dbe6a9ae00e94063f8fa63", "tree": "3d58863608e1de2136df98abbb2e770e4463bc97", "parents": [ "7d615aae59f9e7001d279f4921dfb3b8d043aa3e", "d255a2136f3d3a0b618d2c6d0781245b0d88ba9b" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Thu Dec 27 01:58:05 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Dec 27 01:58:05 2018 +0000" }, "message": "Merge \"Adding check for HMAC/EC key size for StrongBox\"" }, { "commit": "03e04e83dbb9667ac32af26be6df137bcdda853e", "tree": "ab1a4ef3617cd9b5e94049972c21fde9701c36aa", "parents": [ "9d4d53746f91f1fb4e7bc349832cdba817a0fffd", "23ae50885f28790cd016ae05dc9cbf6a61c6a2e5" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Thu Dec 20 16:21:15 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Dec 20 16:21:15 2018 -0800" }, "message": "Merge \"Changed uid output parameter from an int array to a list of strings.\" am: 7eae0132c1 am: 4718f665d4\nam: 23ae50885f\n\nChange-Id: Ieefd1262586a3fbcf13999193c1e058abf1e0a8e\n" }, { "commit": "7eae0132c14861a88233ad3b00e9b2ebb6b22051", "tree": "7ddb757919af4245afdec6cf774f3c6d7ae15f86", "parents": [ "321b208f0f741dc20391ff30ff3f53cecf852ef8", "ebe2674dbc34c03707e6abec69b8f64a0c5fc4da" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Thu Dec 20 23:33:25 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Dec 20 23:33:25 2018 +0000" }, "message": "Merge \"Changed uid output parameter from an int array to a list of strings.\"" }, { "commit": "d255a2136f3d3a0b618d2c6d0781245b0d88ba9b", "tree": "fc6dbb2b818f4e8f0adfad535b993bbe3ffcb07f", "parents": [ "ee1720cffa95d6ebe76814bbc1efa88c6a1fb651" ], "author": { "name": "Max Bires", "email": "jbires@google.com", "time": "Tue Dec 18 17:26:56 2018 -0800" }, "committer": { "name": "Max Bires", "email": "jbires@google.com", "time": "Wed Dec 19 14:35:55 2018 -0800" }, "message": "Adding check for HMAC/EC key size for StrongBox\n\nengineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call\ninto the backing Keymaster implementation until generate is called on it\nto actually create the key. If a disallowed spec for StrongBox is passed\nin, the backing StrongBox implementation won\u0027t be able to revoke it\nuntil engineGenerateKey() is called, which will create different\nbehaviors between TEE backed implementations (which support a wider\nrange of algorithm spec parameters) and StrongBox implementations from a\npublic API perspective. This change will make sure HMAC is the same for\nStrongBox.\n\nThis is also being done for EC keys in\nAndroidKeyStoreKeyPairGeneratorSpi.java\n\nBug: 113525261\nBug: 114487149\nTest: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java\nTest: atest\ncts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java\nChange-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186\n" }, { "commit": "ebe2674dbc34c03707e6abec69b8f64a0c5fc4da", "tree": "e9266ab0641a79c52f2659b70b32a99e6e723154", "parents": [ "0a2a1e0e2d2b9df36ab0f2b65fd536fefe854466" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Tue Nov 13 15:57:22 2018 -0700" }, "committer": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Wed Dec 12 11:05:20 2018 -0700" }, "message": "Changed uid output parameter from an int array to a list of strings.\n\nWhy?: 1) Returning an array list is unsafe because it must be allocated in Java and C++ must not change the size. 2) List\u003cInteger\u003e is not supported by AIDL, but List\u003cString\u003e is. I decided it was simpler to pass back integers encoded as strings than to create yet another parcelable.\n\nBug: b/119616956\nTest: ./list_auth_bound_keys_test.sh\nTest: Temporarily modified settings app to call listUidsOfAuthBoundKeys\nChange-Id: I3bf7578c96e800c8d35fba897f52220136dcd657\n" }, { "commit": "15b123ef458ed927782b080921e987c995fc56dd", "tree": "008426beb4c3b8d4ecb62112efa17be09fe6d427", "parents": [ "58ee538e62b15dd07274beecf5f925543c5332b1", "7409b8620ff39ff0788ef1543297f0cb1d49a0e0" ], "author": { "name": "Xin Li", "email": "delphij@google.com", "time": "Tue Dec 11 14:13:44 2018 -0800" }, "committer": { "name": "Xin Li", "email": "delphij@google.com", "time": "Tue Dec 11 14:13:44 2018 -0800" }, "message": "DO NOT MERGE - Merge pie-platform-release (PPRL.181205.001) into master\n\nBug: 120502534\nChange-Id: Idc8bfb6d97a869b76cfb87ca1a494201baf9e8bd\n" }, { "commit": "6fc3189e37b3b57bc7cd42c7920c1efdd9860c9b", "tree": "64ccbbb4953e7df043c1ad6e5451764475c3331d", "parents": [ "db375f0a5a520d1dd51e4638d81e26b0ac64d8e7", "27432dba6b3529b75c025c58b43c22eef43a4b15" ], "author": { "name": "Adrian Roos", "email": "roosa@google.com", "time": "Fri Nov 30 16:25:06 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Fri Nov 30 16:25:06 2018 +0000" }, "message": "Merge \"API: Make implicit APIs from type usage explicit\"" }, { "commit": "27432dba6b3529b75c025c58b43c22eef43a4b15", "tree": "a90d69a775b592de0705f3c21e3a96ced7aa9296", "parents": [ "a2ccaf6e6802c2d2e099766176baf887a99f6467" ], "author": { "name": "Adrian Roos", "email": "roosa@google.com", "time": "Wed Nov 14 10:17:57 2018 -0800" }, "committer": { "name": "Adrian Roos", "email": "roosa@google.com", "time": "Thu Nov 22 15:22:09 2018 +0000" }, "message": "API: Make implicit APIs from type usage explicit\n\nAPI stubs generation implicitly made any types used by an API also part\nof that API. This has caused DeviceIdAttestationException and\nImsFeature.Capabilities to become implicit APIs, so they are added to\nthe API files.\n\nAfter this, using non-API types in APIs will become an error to prevent\nimplicit APIs occuring in the future.\n\nBug: 119556446\nTest: METALAVA_PREPEND_ARGS\u003d\"--error ReferencesHidden\" make\nExempt-From-Owner-Approval: Identical CL has been approved on other branch\nChange-Id: I5fe4f20502b8d4e287b28e9f07139456d4191e22\nMerged-In: I5fe4f20502b8d4e287b28e9f07139456d4191e22\n(cherry picked from commit 8f91e5fde8272e2040c60222d6a5ba0314fa44ac)\n" }, { "commit": "a258be6742d355591fe155078214101bb6d9d335", "tree": "d939f7ffda6e1252334865660145cce2f3b634e8", "parents": [ "bec8b4d1b739d1fc274587c62b944d181dfcae19", "4d8a0decdb6381137e3769f4d9d4b1b3ab63c997" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Nov 21 15:15:17 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Nov 21 15:15:17 2018 -0800" }, "message": "Merge \"Fix deleting legacy key blobs\" am: c24a4b5f44 am: b3c61fac5f\nam: 4d8a0decdb\n\nChange-Id: I74ba06e7371696806a8ab1adbd7e65d806e208c4\n" }, { "commit": "4d8a0decdb6381137e3769f4d9d4b1b3ab63c997", "tree": "6351ce4998d39b1acd95d1a747cafb37eafecdcf", "parents": [ "deadb0cbbb82496d519ababcbf3eb8ade97fa5e0", "b3c61fac5fef8679c929a24241a1e8973e1ecb17" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Nov 21 15:06:01 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Nov 21 15:06:01 2018 -0800" }, "message": "Merge \"Fix deleting legacy key blobs\" am: c24a4b5f44\nam: b3c61fac5f\n\nChange-Id: I90950d0ecd4b5995ae513ed343f4d8b250183ff5\n" }, { "commit": "906147cdb3663b1aa5f6ebdc4a8ce2ce509ffa27", "tree": "dc12b2c48b0250736ea7568fe5f8d703cb7e0b8d", "parents": [ "4492ec573ae421affd3adebb1d583fcf33508bb4" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Tue Nov 06 14:14:05 2018 -0800" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Nov 21 18:42:17 2018 +0000" }, "message": "Fix deleting legacy key blobs\n\nSince the keystore alias prefix USERSKEY was deprecated\nCredentials.deleteUserKeyTypeForAlias tried to delete key the\nremaining prefix first and if that failed tried to delete the\nlegacy prefix.\nHowever, KeyStore.delete returns true if the key was deleted or\ndid not exist. So the first call to delete would return true\nwhether the key existed or not and the legacy alias would never be\ndeleted.\n\nThis patch introduces a new flavor of KeyStore.delete, that returns an\nerror code instead of a boolean. The caller can now distinguish\nthe nature of the failure. Credentials.deleteUserKeyTypeForAlias now\nchecks this return code and attempts to delete the legacy variant if\nKEY_NOT_FOUND was returned.\n\nBug: 117818447\nChange-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4\n" }, { "commit": "271339ffdf3772de6a5760965d223a1cd90f7790", "tree": "b88bedf0695f2a32df4d7e135bcbdd1a93805870", "parents": [ "fb76d050fd0fd11320dfa91eb0eb07816d292042", "8f91e5fde8272e2040c60222d6a5ba0314fa44ac" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Nov 19 17:21:27 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Nov 19 17:21:27 2018 +0000" }, "message": "Merge \"API: Make implicit APIs from type usage explicit\"" }, { "commit": "e299490621edadf52e9f820670cb1cc9f01c99b7", "tree": "6869a071822aad776655800f33d4f0dd0265fd4e", "parents": [ "86e1d8f3070185a4905d50e2f09528c3b339c243", "28b8cd58cae36430ed4ab77467814b11cf57f89e" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Nov 16 15:18:16 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Nov 16 15:18:16 2018 -0800" }, "message": "Merge \"Fix IllegalArgumentException in KeyChain\" am: 932f96b27f am: e73f8e8827\nam: 28b8cd58ca\n\nChange-Id: I327e931490d3d81b824b134795a57add7c257c74\n" }, { "commit": "28b8cd58cae36430ed4ab77467814b11cf57f89e", "tree": "33930be43e038cd76d737743c50e71cc12ccdcd8", "parents": [ "a3e159a48079253242a8c026835da571ab2e8dc9", "e73f8e8827502d2f29a569788e74715b7c1a3d12" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Nov 16 14:55:26 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Nov 16 14:55:26 2018 -0800" }, "message": "Merge \"Fix IllegalArgumentException in KeyChain\" am: 932f96b27f\nam: e73f8e8827\n\nChange-Id: I3b779c5456525d4980284baa532eafb415695b47\n" }, { "commit": "278913ae620c06f1bbdf70e8d52c0a6eae33ce29", "tree": "078be8d2624cd984f0a82ec7161c5eb7220ee1af", "parents": [ "992cd354fcebfd78ff7dc0eb2acf362d14497eef", "057b743fe90ff6b9d19db297e12d9f6055439276" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Fri Nov 16 22:52:30 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Nov 16 22:52:30 2018 +0000" }, "message": "Merge \"Update KeyStore for new biometric modalities\"" }, { "commit": "2b106adaf527be89a5b28f05c98907dc71c9e25a", "tree": "7c1efea865a1c1058462d7620467e125f125d9c1", "parents": [ "082bf0ccca33c986008071116c5fd07ec38b850b" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 15 09:27:16 2018 -0800" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 15 14:58:03 2018 -0800" }, "message": "Fix IllegalArgumentException in KeyChain\n\nThe legacy support importKey method uses the wrong method to add date\nfields to the import keymaster arguments.\n\nBug: 119549023\nChange-Id: Iff841086f6616303b365ad28aae429ccae1f3406\n" }, { "commit": "bf5c28da563c7f216142949a7898e3d5584c285c", "tree": "921679b7027e5ed4841a737f974a89e5b824f481", "parents": [ "0c3f04af814581029f498bed2601c16aa2a9ced1", "919f2169e720b52485ceb73af37adf08fbf71bc8" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Thu Nov 15 10:12:38 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Nov 15 10:12:38 2018 -0800" }, "message": "Merge \"Added listUidsForAuthBoundKeys to KeyStore\" am: 73e9640194 am: 3090f045a7\nam: 919f2169e7\n\nChange-Id: I3ed8dcb49baffac2215b0a32e25241bcbd74e9c8\n" }, { "commit": "919f2169e720b52485ceb73af37adf08fbf71bc8", "tree": "21ed65e1fd523bc9c80c31a7d9923a819bae2493", "parents": [ "bc9e3a0d16d2e1503c7671bb67ecefbb4bf7460e", "3090f045a71815082db64f40b1358d62f2a9eadd" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Thu Nov 15 10:01:53 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Nov 15 10:01:53 2018 -0800" }, "message": "Merge \"Added listUidsForAuthBoundKeys to KeyStore\" am: 73e9640194\nam: 3090f045a7\n\nChange-Id: I10ebfdc276a6af84b32b116c6d93f488ad0c97b8\n" }, { "commit": "73e964019414fc2dad66d8c980d29dc3929fe18c", "tree": "5d0992f4372cf81dab5e0e0a0f6586b51285b522", "parents": [ "8715c1545e1f41653236d864bbcdbde1d68e92c3", "f1a678e0fedb23c53eb1890bd5a8bd8fc5438846" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Thu Nov 15 17:32:31 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Nov 15 17:32:31 2018 +0000" }, "message": "Merge \"Added listUidsForAuthBoundKeys to KeyStore\"" }, { "commit": "8f91e5fde8272e2040c60222d6a5ba0314fa44ac", "tree": "c34d3f650d5d7d7b6181fb3015f176b159728931", "parents": [ "145401596c4ffeee2d62ae28ad2f2db4f5bf7309" ], "author": { "name": "Adrian Roos", "email": "roosa@google.com", "time": "Wed Nov 14 10:17:57 2018 -0800" }, "committer": { "name": "Adrian Roos", "email": "roosa@google.com", "time": "Thu Nov 15 07:14:49 2018 -0800" }, "message": "API: Make implicit APIs from type usage explicit\n\nAPI stubs generation implicitly made any types used by an API also part\nof that API. This has caused DeviceIdAttestationException and\nImsFeature.Capabilities to become implicit APIs, so they are added to\nthe API files.\n\nAfter this, using non-API types in APIs will become an error to prevent\nimplicit APIs occuring in the future.\n\nBug: 119556446\nTest: METALAVA_PREPEND_ARGS\u003d\"--error ReferencesHidden\" make\nChange-Id: I5fe4f20502b8d4e287b28e9f07139456d4191e22\n" }, { "commit": "463e2b0d3cb68eb8693a6dcaece240b2e9ca6304", "tree": "68bdb0870a4bfad4a4e6270c89235547b960c992", "parents": [ "a12f80da7a2af78ebf8138ee5dc1c667c8768e50", "444162a57c7fa5050c87a547e32a3e294220c4c3" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 15 06:39:39 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Nov 15 06:39:39 2018 -0800" }, "message": "Merge \"Multi-threaded keystore\" am: 9f248989bf am: cbd890315e\nam: 444162a57c\n\nChange-Id: I2c09961a74c7de92d85f3d2045dd065c94bc6fac\n" }, { "commit": "444162a57c7fa5050c87a547e32a3e294220c4c3", "tree": "a6b785bddaabe4503d11fc45c61a6373dd2cdeb6", "parents": [ "29a29e452cf14e34d51137219043df1c9ad1140d", "cbd890315e169a32f93b3bbf02899501b7af0b68" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Nov 14 17:56:37 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Nov 14 17:56:37 2018 -0800" }, "message": "Merge \"Multi-threaded keystore\" am: 9f248989bf\nam: cbd890315e\n\nChange-Id: Ie394840ac3e0bd571b9dfb6654c28d8a4032617f\n" }, { "commit": "f1a678e0fedb23c53eb1890bd5a8bd8fc5438846", "tree": "6bd169841cc851673246f54439004f1736883275", "parents": [ "4a7a3934b606e5484524e190f67fe09e938613a2" ], "author": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Tue Nov 13 15:57:22 2018 -0700" }, "committer": { "name": "Rob Barnes", "email": "robbarnes@google.com", "time": "Wed Nov 14 13:14:35 2018 -0700" }, "message": "Added listUidsForAuthBoundKeys to KeyStore\n\nlistUidsForAuthBoundKeys was added to IKeyStoreService.\nThis CL exposes this method in KeyStore for system apps.\nThis method will be hidden for non system apps.\n\nBug: b/112321280\nTest: listUidsForAuthBoundKeys in IKeyStoreService has its own tests\nTest: This method cannot be tested directly from CTS\nChange-Id: Iac9e863079a1367ddb3a599bc3825baea96a1c31\n" }, { "commit": "b0358e72be50107871fac26325103972e65cbe73", "tree": "b42da38eff7715139df8459d4f63cd1b72fb4b98", "parents": [ "a2b2183a2411cdb860c8ef628fcf52952e7a9704" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Nov 02 10:34:07 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Nov 14 09:59:16 2018 -0800" }, "message": "Multi-threaded keystore\n\nThis patch makes the framework use the asynchronous keystore api model.\n\nBug: 111443219\nTest: Ran full keystore cts test suite\nChange-Id: I8d1fdc70cb9eb501d3f22a97d1221904c2ef8f9a\n" }, { "commit": "3a33ccca7d382bbd2f517628c162168277479e87", "tree": "f3fa11fa37319b12eb92d68a8585bb782d5373ce", "parents": [ "3a72e2b08e2590c28ce84c36c7b0b35d4da28bb5", "d46d33cf25a8f6ecabad27bf6c4cace330a1cd9d" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Nov 09 13:28:56 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Nov 09 13:28:56 2018 -0800" }, "message": "Merge changes from topic \"async_keystore\" am: e8c144fe17 am: 07b06e1bdb\nam: d46d33cf25\n\nChange-Id: Id9fcb7d5bac0a24de8ca64e79d50131a5930b8ed\n" }, { "commit": "3a72e2b08e2590c28ce84c36c7b0b35d4da28bb5", "tree": "fc2e67da775661c612a89c14195bc096616d0950", "parents": [ "5efda82dada66d807133ae9303a1cf4bb415696e", "5c5fe83c4dd9a8c82e725ef1fa84165cca37d8ed" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Nov 09 13:21:46 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Nov 09 13:21:46 2018 -0800" }, "message": "Remove legacy functions form IKeystoreService.aidl am: 1864c95616 am: 036229c8df\nam: 5c5fe83c4d\n\nChange-Id: Id2fa59fcbe111a968abef088b76fb97dbe2e369e\n" }, { "commit": "d46d33cf25a8f6ecabad27bf6c4cace330a1cd9d", "tree": "58e5f50049f84764c1046ad88a28967406b99e5d", "parents": [ "5c5fe83c4dd9a8c82e725ef1fa84165cca37d8ed", "07b06e1bdb74f517dd0f36804cd88bc2f049381a" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 08 15:38:43 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Nov 08 15:38:43 2018 -0800" }, "message": "Merge changes from topic \"async_keystore\" am: e8c144fe17\nam: 07b06e1bdb\n\nChange-Id: Ie2326ec19b82bf3977e490617fb9935b07dd818a\n" }, { "commit": "5c5fe83c4dd9a8c82e725ef1fa84165cca37d8ed", "tree": "4b212c446812ad57d5153db9a7fa8477f82c634b", "parents": [ "305869b27ec726aed77423b3f78b466290d6cfeb", "036229c8df47bbee7eae7b6503c7e6c80d6fa4a1" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 08 15:33:21 2018 -0800" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Nov 08 15:33:21 2018 -0800" }, "message": "Remove legacy functions form IKeystoreService.aidl am: 1864c95616\nam: 036229c8df\n\nChange-Id: I7475f8bd936147efaf4344ba625e50875534b8b8\n" }, { "commit": "1864c95616d515782d489f70a2009f87bbe528e6", "tree": "3c1fd994e73544366760289cb608bd86b92eae59", "parents": [ "93bf21dad4279db75c321c141b07c6409d6bcade" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Aug 09 11:14:49 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 08 12:53:57 2018 -0800" }, "message": "Remove legacy functions form IKeystoreService.aidl\n\nIn preparation for making the keystore service asynchronous we remove\nredundant legacy functionality from the protocol.\n\nThis patch removes the functions get_pubkey, sign, verify, generate,\nand import_key. Which have long been superseded by exportKey\n(get_pubkey), begin/update/finish (sign, verify), generateKey\n(generate), and importKey (import_key).\n\nThis patch also removes isOperationAuthorized.\n\nTest: KeyStore CTS tests\nBug: 111443219\nChange-Id: Ib3bd6f40b4e948e5ad6b2ef5278b18ff46201d71\n" }, { "commit": "d257538507d65dae23e39e8cf94bda255d1e1c65", "tree": "8f0441916aa276eba8196f5ba4fdab2ef561de6f", "parents": [ "1864c95616d515782d489f70a2009f87bbe528e6" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Mon Oct 08 07:56:58 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Nov 08 12:53:57 2018 -0800" }, "message": "Add return code KEY_ALREADY exists\n\nIn preparation to the async keystore interface we change the semantics\nform unconditionally overwriting existing keys to reporting that the key\nexists. For compatibility we reimplement the same semantic in the\ncalling code.\n\nBug: 111443219\nTest: KeyStore CTS test\nChange-Id: I1fa5428fa7ada97d5068778cd4590593c992554d\n" }, { "commit": "057b743fe90ff6b9d19db297e12d9f6055439276", "tree": "dc7b240902511fdc9e940150db04388f31b530ea", "parents": [ "353eab924f0a00034189caf7142080a1e6cb346f" ], "author": { "name": "Kevin Chyn", "email": "kchyn@google.com", "time": "Mon Sep 24 14:36:39 2018 -0700" }, "committer": { "name": "Kevin Chyn", "email": "kchyn@google.com", "time": "Fri Nov 02 18:09:25 2018 -0700" }, "message": "Update KeyStore for new biometric modalities\n\nBiometrics are now generic from KeyStore point of view\n\nBug: 113624536\n\nTest: Unable to create keys when no templates enrolled\nTest: Able to create keys when templates are enrolled\nTest: No regression in Fingerprint\n Keys are invalidated after enrolling another FP\n\nChange-Id: I6bdc20eb58c8a0c10a986519d4ba9e1843ebc89d\n" }, { "commit": "9ccec4d2d4ea4a3ccb80bae8687782cd8fb99e77", "tree": "acd456e98341aba6f4639801eb95dada9713e275", "parents": [ "bf57547efb4bda96f5af5d3dc9100599ecf779ff" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Fri Aug 24 15:29:05 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Wed Sep 05 13:58:32 2018 +0100" }, "message": "Handle issuer and key type restrictions.\n\nThe caller to KeyChain.choosePrivateKeyAlias can restrict the set of\naliases that are displayed to the user to select from by specifying the\nissuers that the associated certificates should be issued by or the key\ntypes that these certificates should contain.\n\nUntil now this functionality was not implemented. This was mostly\naffecting Chrome\n(https://bugs.chromium.org/p/chromium/issues/detail?id\u003d753756).\n\nSupport this functionality by passing the issuers and key types into the\nKeyChainActivity (from KeyChain) and, prior to displaying the aliases\nassociated with the certificates, check if each certificate adheres to\nthe criteria (key type, issues) specified.\n\nBug: 62910781\nTest: m -j RunKeyChainRoboTests\nChange-Id: I75e071545699891cfbd77d4f706fc5ef35b85516\n" }, { "commit": "f1bbe75ede256ffccecbdf9929422dadfe246e60", "tree": "51476e948e4693abd60fb386eec3314efe7612e4", "parents": [ "32f68e6b6b4a686268d75c868b9682fdd91a6e81" ], "author": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Tue Aug 28 15:31:53 2018 +0100" }, "committer": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Tue Aug 28 17:19:51 2018 +0100" }, "message": "Minor changes to check for misprovisioned Pixel 2 devices\n\nCheck for brand parameter specified in config file. Implementing suggestion that was added to the original CL (ag/4791307) after it was submitted.\n\nBug: 69471841\nTest: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement\nChange-Id: I9b257f406d5b47265db4dbf022df75865f496cdd\n" }, { "commit": "dbb8dc5a712c50b81dd5ba1403d0707914be9c82", "tree": "4137ae90799026638e9f2c3d3b7545371e770027", "parents": [ "c619060612f7bcac51765df26258c214b7188911" ], "author": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Thu Aug 16 12:46:12 2018 +0100" }, "committer": { "name": "android-build-team Robot", "email": "android-build-team-robot@google.com", "time": "Fri Aug 24 22:00:28 2018 +0000" }, "message": "Added check for misprovisioned Pixel 2 device.\n\nSome Pixel devices had a wrong brand value provisioned into keymaster.\nDue to this misprovisioning those devices fail device ID attestation because it includes a check for the correct brand value.\nThis is now solved by re-trying Device ID attestation if we are running on a potentially misprovisioned device, allowing for the known incorrect brand value.\n\nBug: 69471841\nTest: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement\nChange-Id: If715ebdd4ab6d7fcfffab60b40fd2dc8fa1fda44\nMerged-In: Ia0da5478d6092c1927d26600a6893ae8ce53da51\n(cherry picked from commit 3f821a8e17f97a6f0b3ae408b2e7f2bfde666df4)\n" }, { "commit": "eeedc9e27683188d7663d6442e26af9f10b3ec79", "tree": "5385a6e69a2d15a7420522b555c32af88a256d2d", "parents": [ "faefa61c222c2b722ef62e6b3027238580d9295f", "ec94be1526b7aede547077840a33291edb0a5593" ], "author": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Fri Aug 24 11:21:06 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Aug 24 11:21:06 2018 -0700" }, "message": "Merge \"Added check for misprovisioned Pixel 2 device.\" into pi-dev\nam: ec94be1526\n\nChange-Id: I443bd4a96e616616e4608f1e9a8c5d8554647e56\n" }, { "commit": "e238d589f1e212c81cd5f3b3453b361e99538fed", "tree": "4a953b8d892554e668eaab8222572c3e56b773af", "parents": [ "0cf90160c6948df621b15dd07e007d69a7ad1a1b" ], "author": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Thu Aug 16 12:46:12 2018 +0100" }, "committer": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Fri Aug 24 13:43:47 2018 +0100" }, "message": "Added check for misprovisioned Pixel 2 device.\n\nSome Pixel devices had a wrong brand value provisioned into keymaster.\nDue to this misprovisioning those devices fail device ID attestation because it includes a check for the correct brand value.\nThis is now solved by re-trying Device ID attestation if we are running on a potentially misprovisioned device, allowing for the known incorrect brand value.\n\nBug: 69471841\nTest: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement\nChange-Id: Ia0da5478d6092c1927d26600a6893ae8ce53da51\n" }, { "commit": "3f821a8e17f97a6f0b3ae408b2e7f2bfde666df4", "tree": "cd98ab403b574e89d95e3208e7ab59b715ad7c88", "parents": [ "5cd354c89cd3a48aa306e7f8fcaafb4417fa0a40" ], "author": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Thu Aug 16 12:46:12 2018 +0100" }, "committer": { "name": "Eva Bertels", "email": "evabertels@google.com", "time": "Fri Aug 24 11:39:20 2018 +0000" }, "message": "Added check for misprovisioned Pixel 2 device.\n\nSome Pixel devices had a wrong brand value provisioned into keymaster.\nDue to this misprovisioning those devices fail device ID attestation because it includes a check for the correct brand value.\nThis is now solved by re-trying Device ID attestation if we are running on a potentially misprovisioned device, allowing for the known incorrect brand value.\n\nBug: 69471841\nTest: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement\nChange-Id: If715ebdd4ab6d7fcfffab60b40fd2dc8fa1fda44\nMerged-In: Ia0da5478d6092c1927d26600a6893ae8ce53da51\n" }, { "commit": "29779732e63c894afc0ec0339af1d20cc761f9a4", "tree": "60e8e49fbde30c0fa98bd29addef93dc2e45ae8d", "parents": [ "559898ef333563d929d36a503211c3cae3a37a1a", "e2a6ad99ae03deb36271f76dd506e42b5af780bf" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Fri Aug 17 03:16:13 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Aug 17 03:16:13 2018 -0700" }, "message": "Merge \"Add @UnsupportedAppUsage annotations\" am: d9381f5e56\nam: e2a6ad99ae\n\nChange-Id: I3a0236e8388f7f5448a10873a3e0f0ca502fa625\n" }, { "commit": "e2a6ad99ae03deb36271f76dd506e42b5af780bf", "tree": "4b188212428c5dc261851fe48db305eab88dea59", "parents": [ "7aa98ce2b05cda26b0843531ca77991a7ba0ae88", "d9381f5e56f5d9b7ce10c72c50795dcb1c38a8a2" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Fri Aug 17 02:13:11 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Aug 17 02:13:11 2018 -0700" }, "message": "Merge \"Add @UnsupportedAppUsage annotations\"\nam: d9381f5e56\n\nChange-Id: I3940d669bb1f4fedc8a7fbbcdb8de2ef954674a8\n" }, { "commit": "4dbdcf43ad0dfa91371ac06517317e0ea0b45b56", "tree": "bf224c82a42e0228aae034faba6fae5f947394a7", "parents": [ "43f3f60ec01a1d658cbff9386a7fbf8a839894b9" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Aug 16 18:49:37 2018 +0100" }, "committer": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Aug 16 18:49:37 2018 +0100" }, "message": "Add @UnsupportedAppUsage annotations\n\nFor packages:\n android.security.net.config\n android.security.keystore\n android.security.keymaster\n android.security\n\nThis is an automatically generated CL. See go/UnsupportedAppUsage\nfor more details.\n\nExempted-From-Owner-Approval: Mechanical changes to the codebase\nwhich have been approved by Android API council and announced on\nandroid-eng@\n\nBug: 110868826\nTest: m\nChange-Id: Ifed4da56531195f64fd53d84f14b4e8298843b2c\nMerged-In: I7762dd647bede8abc9be2c538af3a3a99a25a73e\n" }, { "commit": "e420f8b5fb9451412767a4920bd02219e5423f43", "tree": "18428ef8a42208fb9b8911e9c84e829bad906f59", "parents": [ "1e14f9f92a35e61c24ec53410740e588e4ba8b39" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Aug 16 18:40:47 2018 +0100" }, "committer": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Thu Aug 16 18:40:47 2018 +0100" }, "message": "Add @UnsupportedAppUsage annotations\n\nFor packages:\n android.security.net.config\n android.security.keystore\n android.security.keymaster\n android.security\n\nThis is an automatically generated CL. See go/UnsupportedAppUsage\nfor more details.\n\nExempted-From-Owner-Approval: Mechanical changes to the codebase\nwhich have been approved by Android API council and announced on\nandroid-eng@\n\nBug: 110868826\nTest: m\nChange-Id: I7762dd647bede8abc9be2c538af3a3a99a25a73e\n" }, { "commit": "dbb6114d96bef853beef1109bda1af623513bdec", "tree": "56894aba2b888ddfefe8667120e2d57b92760a91", "parents": [ "eaa77a20e861c89d3930c4803280eed474edd618", "0e43e2ef9675cdcc7126869725ac17148a4bd30b" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Wed Aug 15 12:10:17 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 15 12:10:17 2018 -0700" }, "message": "Merge \"Fix symmetric key generation in strongbox\" into pi-dev\nam: 0e43e2ef96\n\nChange-Id: I154ab21e8f0d804225f993d187e2aad66a5cdeac\n" }, { "commit": "0e43e2ef9675cdcc7126869725ac17148a4bd30b", "tree": "71c5d319c6c42af90c11f032781fb339f30a71fb", "parents": [ "2e2dcda172a4523be095c21b07be78b6b211143c", "6064a17fa40fc73888a445958c660d942c557d8e" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Wed Aug 15 18:53:16 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Aug 15 18:53:16 2018 +0000" }, "message": "Merge \"Fix symmetric key generation in strongbox\" into pi-dev" }, { "commit": "cb71d0b2fceda8f7db3a7860d500adfd50d3e50d", "tree": "13c71c92ff47b4b56520a6f779a1d31aebf9ca94", "parents": [ "48f928720f68e17576f4491fcb0688fea8bc6cab", "7aa04ef24d6f3be7ebc7a45fb7107de2e15c68e5" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Wed Aug 15 16:10:30 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Aug 15 16:10:30 2018 +0000" }, "message": "Merge \"Fix symmetric key generation in strongbox\"" }, { "commit": "8f299037474ce5e754c18f29f76b4c7d623479c0", "tree": "86636852a4ed1e2d44099a180f36ce61f11216a6", "parents": [ "58519002a2c2239ab63ef95487921e256ce5bcf5", "e377a769bd12321b4d94a05fc1ffb6cb03cb42d9" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 18:08:20 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 01 18:08:20 2018 -0700" }, "message": "Merge \"Code reformatting for upcoming annotations.\" am: 60c8cfdd0f am: 02763a1c3e am: 842e882507\nam: e377a769bd\n\nChange-Id: I67465690c2addbbfbe53472e5b45783821990567\n" }, { "commit": "842e88250752f6492e02930f1a106a88e89fd165", "tree": "f9eab363b0c65502ead9e2293e35d08516025cb6", "parents": [ "9f0aff0d989d25ee8248296bc3f413b97bf57e0b", "02763a1c3ee13389598bfd00f895845b32cb3a93" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 16:35:28 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 01 16:35:28 2018 -0700" }, "message": "Merge \"Code reformatting for upcoming annotations.\" am: 60c8cfdd0f\nam: 02763a1c3e\n\nChange-Id: Icdbef4bd0e71876a3ddb296ca38a243209f2eaf9\n" }, { "commit": "02763a1c3ee13389598bfd00f895845b32cb3a93", "tree": "caa7dd0704a799664e9b09f53e1bd43e3a3ffde6", "parents": [ "582d18c02b706199324b38b449860e281249df4e", "60c8cfdd0ff09070ac8d121416a8df90e6c037d7" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 16:01:52 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 01 16:01:52 2018 -0700" }, "message": "Merge \"Code reformatting for upcoming annotations.\"\nam: 60c8cfdd0f\n\nChange-Id: I4fcf520f53dddd6e70edf0d59fd13ae218c336a5\n" }, { "commit": "efb481646ef5c786f4a92118ba4248a0ef3c515e", "tree": "e35381b97f7bfa1057d50410036578ef6c2cbf35", "parents": [ "b6b8516ba0f44f2d234b825cc4d568c304e9f719" ], "author": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 10:24:49 2018 +0100" }, "committer": { "name": "Mathew Inwood", "email": "mathewi@google.com", "time": "Wed Aug 01 10:24:49 2018 +0100" }, "message": "Code reformatting for upcoming annotations.\n\n@UnsupportedAppUsage annotations are added automatically, but this does\nnot work when there are multiple definitions on the same line.\n\nTest: m\nBug: 110868826\nChange-Id: I2c26c136cdfa557e45cf1ee0b39dab9c17abde56\n" }, { "commit": "6064a17fa40fc73888a445958c660d942c557d8e", "tree": "f57504f32d0fa4daed51d15cb5d755e392ad4fd0", "parents": [ "999d9e1bf026e92699b1c20da1286498d2424f2d" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Tue Jun 05 18:47:23 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Tue Jul 31 18:19:03 2018 +0000" }, "message": "Fix symmetric key generation in strongbox\n\nThe strongbox flag was not passed to keystore by\nAndroidKeyStoreKeyGeneratorSpi. As a result keys, that were supposed to\nbe generated in strongbox would silently be generated in TEE.\n\nTest: There is no reliable way to test this other than instrumenting or\n debugging the strongbox implementation. This was done by the\n author of this patch.\nBug: 109769728\nChange-Id: I8a08838440030fab7b774762c3d6af0d3b6a4ad8\nMerged-In: I8a08838440030fab7b774762c3d6af0d3b6a4ad8\n" }, { "commit": "7aa04ef24d6f3be7ebc7a45fb7107de2e15c68e5", "tree": "0234d0a82df4359543a5a94e7eec1a0c063d73a5", "parents": [ "bd49376225b0db80f6a49aa18e9c147695742784" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Tue Jun 05 18:47:23 2018 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Tue Jul 31 15:48:17 2018 +0000" }, "message": "Fix symmetric key generation in strongbox\n\nThe strongbox flag was not passed to keystore by\nAndroidKeyStoreKeyGeneratorSpi. As a result keys, that were supposed to\nbe generated in strongbox would silently be generated in TEE.\n\nTest: There is no reliable way to test this other than instrumenting or\n debugging the strongbox implementation. This was done by the\n author of this patch.\nBug: 109769728\nChange-Id: I8a08838440030fab7b774762c3d6af0d3b6a4ad8\n" }, { "commit": "607a995691dcda1475042ddcd4e4cba708c791be", "tree": "1d944e1c9c1b893e5bd8fd336114384075435d63", "parents": [ "309adbff03ea6e0dedd232375a9f0583a7a80049" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Jul 09 17:58:26 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Tue Jul 17 12:58:13 2018 +0100" }, "message": "DPM: Propagate StrongBox-related exception\n\nWhen the caller attempts to generate a key via DevicePolicyManager\n(using DevicePolicyManager.generateKeyPair), and specifies that\nStrongBox should be used, throw the right exception indicating\nStrongBox unavailability - the same one that is thrown if the same\nparameters were passed to the KeyStore\u0027s key generation method.\n\nThis is achieved by catching the StrongBoxUnavailableException in\nKeyChain, returning an error code indicating this particular failure\nto the DevicePolicyManagerService, which then propagates it by\nthrowing a service-specific exception with a value indicating\nStrongBox unavailability.\nThe DevicePolicyManager then raises StrongBoxUnavailableException.\n\nPrior to this change the exception propagated from KeyChain would be\na generic failure so the caller would simply get a null result.\n\nBug: 110882855\nBug: 111183576\nBug: 111322478\nTest: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement\nChange-Id: I9abe3f449b48eb5a960fafbc15c59b9b4ce7a966\n" }, { "commit": "84c8b0fe47608b2f2dd7cfbca82dd2ba447e0eb0", "tree": "86336bb98cd3f6cd7a65e7e56720788508b08b92", "parents": [ "6a7aac4afed3a09396943f3797e7dcf000ba3621", "e323fcbe98cdbd7a395177381f0bec6fe8dd99a2" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Tue Jul 03 12:07:59 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Jul 03 12:07:59 2018 -0700" }, "message": "Merge \"Correctly preserve key generation parameters\" into pi-dev am: 6f7cfb0627\nam: e323fcbe98\n\nChange-Id: I8cdbb82cd6fee604775764519dc8bf835a9c3738\n" }, { "commit": "5a5c6e0e44fbccbf5608c1955debf1650890f5a6", "tree": "70d9eebea919172b9898bcdf0fe4e594d28d36ed", "parents": [ "143c65d520b197a271d6de282fc7759d8009ce44" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jun 28 11:20:44 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jun 28 17:20:01 2018 +0100" }, "message": "Correctly preserve key generation parameters\n\nDue to an oversight, some of the key generation parameters that are set\nin KeyGenParameterSpec were not preserved when parceling the object\n(they should have been added to ParcelableKeyGenParameterSpec but were\nnot).\n\nThis means these parameters will be ignored when generating keys using\nthe DevicePolicyManager.generateKeyPair method, leading to an\ninconsistent key generation behaviour between the DevicePolicyManager\nand KeyStore.\n\nIn particular, this would prevent callers from using StrongBox when\ngenerating keys for use in the KeyChain.\n\nFix the issue by simply persisting these parameters in\nParcelableKeyGenParameterSpec and making sure that the Builder copies\nthem too from the source KeyGenParameterSpec.\n\nLeft to do is put in place an automated measure to find out\ndiscrepancies between the two classes.\n\nBug: 110915980\nBug: 110882855\nBug: 109953656\nTest: atest KeystoreTests\nChange-Id: Ic64bd2921b6dfc97ea34ecba55f532312963ffcb\n" }, { "commit": "23164924a9beabe95caaf3539b29148822e42c30", "tree": "a68588d60813609e2c03df3342c4ec24fd6d22c4", "parents": [ "ac05a1b791ad0761db7721f654604830c9c29cdf", "bd3440cac92847119605f914678466b5de77f502" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Wed Jun 27 22:43:43 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Jun 27 22:43:43 2018 -0700" }, "message": "Merge \"Correct the keystore alias used for secure imports\" into pi-dev am: 143c65d520\nam: bd3440cac9\n\nChange-Id: I84b68a7caa793c776140cdd2bd79b5b76c63ddd3\n" }, { "commit": "fe6d4769a86b1ab4cf9b5b20ea08f4e3ccd00ec6", "tree": "218fbe063b4984d9cdac0cb9c15ed1904f685d5f", "parents": [ "0eb2be3a679b146e068cf99e2dbf45b4181c0bfa" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Sat Jun 23 15:38:02 2018 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Jun 26 12:35:03 2018 +0000" }, "message": "Correct the keystore alias used for secure imports\n\nAn Android-O timeframe refactor removed all use of keystore \"skey\"\naliases. Creating one not only partially reverses that refactor, but\nit also results in a key alias which cannot be deleted in some cases,\ncausing AndroidKeyStoreTest failures during the second run of CTS.\n\nBug: 80228327\nTest: CTS tests ImportWrappedKeyTest and AndroidKeyStoreTest, in that order\nChange-Id: I348ba421f29cdf6c65fc98be3a25d19938d559c1\n" }, { "commit": "4a1cccc93809920adeb0f25eaf69c9de7ec7c7d6", "tree": "68194f37c71b19edbaa5fdfe1c7c767084d14817", "parents": [ "70b447a378d0233dfc76cf208e5959c6070f1ed0" ], "author": { "name": "Irina Dumitrescu", "email": "irinaid@google.com", "time": "Fri Jun 08 19:36:34 2018 +0100" }, "committer": { "name": "Irina Dumitrescu", "email": "irinaid@google.com", "time": "Tue Jun 12 14:32:29 2018 +0100" }, "message": "Add Keystore get option that supresses caught exceptions warnings.\n\nThis is useful when the caught exceptions are not informative and they\nact as a red herring in the adb logs.\n\nBug:109791294\nTest: call this method in the VpnSettings and manually navigate to\nadding a new VPN by searching for VPN in settings and then pressing \u0027+\u0027.\n\nChange-Id: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab\n" }, { "commit": "d530579816f59705a6f110e2235d70f75495b764", "tree": "05efb0ed3a2a9884497398faf6c6a0e9f7b8b4d9", "parents": [ "a6acf6f0dcae282770e719ca4b37c9716396ef58", "6779fecdccf711b4d08f528825e3e5ae31db88c5" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Tue Jun 05 06:46:20 2018 -0700" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Jun 05 06:46:20 2018 -0700" }, "message": "Merge \"Improve KeyChain documentation\" into pi-dev am: 843a0cabbf\nam: 6779fecdcc\n\nChange-Id: I25447edd4c22c7df4375f88b904d1300555a3836\n" }, { "commit": "e701dc17994e17468d7e4370e455e7b179d50e00", "tree": "48a3bdc181225f25f29a44775fdfb8767756f070", "parents": [ "22e64ec6116c16b550c51ecafaea31510db97b55" ], "author": { "name": "Aurimas Liutikas", "email": "aurimas@google.com", "time": "Fri Jun 01 16:04:37 2018 -0700" }, "committer": { "name": "Aurimas Liutikas", "email": "aurimas@google.com", "time": "Mon Jun 04 10:15:22 2018 -0700" }, "message": "Fix broken links in @see tags in framework docs.\n\ndoclava was accidentally suppressing all these broken links\nin @see tags. This CL fixes issues so we can start enfocing\nchecks for broken @see links.\n\nTest: make docs\nChange-Id: If7830ece85f8d1f27c991eae282230814726e115\nExempt-From-Owner-Approval: Fixing @see javadoc link issues that are currently completely broken\n" }, { "commit": "0bc50f944204c33ef0839134bcdd76a9e4badbe9", "tree": "96aa407396768bdbf86aa1b6e1255066de6449b9", "parents": [ "f225af4f6c7143fcfac837d87c9991ea91e55a5a" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Fri Jun 01 16:03:39 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Jun 04 17:12:41 2018 +0100" }, "message": "Improve KeyChain documentation\n\nImprove the choosePrivateKeyAlias documentation by:\n(1) removing reference to host+port when a URI is being passed in.\n(2) Clearing up the language about what a DPC can do.\n\nTest: N/A\nBug: 81522642\nChange-Id: I12fbf675536ea5d843dd2eec4f0379daad764bb6\n" }, { "commit": "4b9fee53319e4f679af51681c8a90777f302bdfc", "tree": "841407fd51d07227a40d0ed262fa8a8d5c41990f", "parents": [ "9e04425f9e4ba5e24ca9b2b53bf535baa80bc66d" ], "author": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Thu Apr 12 03:09:44 2018 -0700" }, "committer": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Fri May 18 18:25:33 2018 +0000" }, "message": "Make ImportWrappedKey work with real hardware:\n Get unwrapping params from WrappedKeyEntry\n\nAdd @hide API for StrongBox-backed imported keys (as opposed to wrapped or generated)\nEnable 3DES conditionally based on a system property.\n\nBug: b/79986479\nBug: b/79986680\nTest: CTS\nChange-Id: If6beedc203337027576ecd3555d11ed2874f9768\n" }, { "commit": "cd0eb716c52b20fbc051d1da79a8fe1b91c1f4c3", "tree": "7b6b3b9a071026b5cbac8f1c03f21e7ac96b5b1c", "parents": [ "8785209fd7e7172cb096350b4007d5d9f8ef3208" ], "author": { "name": "Mike Harris", "email": "mwharris@google.com", "time": "Thu Apr 26 15:20:10 2018 -0700" }, "committer": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Mon Apr 30 09:27:31 2018 +0000" }, "message": "Use the @Nullable annotations for choosePrivateKeyAlias.\n\nBoth the code and docstring support this, but the parameters weren\u0027t\nannotated.\n\nTest: it builds locally\n\nChange-Id: I16beddcd74a86047ce9aaf37007d96f3e8e0d4e0\nMerged-In: I16beddcd74a86047ce9aaf37007d96f3e8e0d4e0\nFix: 78868934\n(cherry picked from commit b7c5eddc53c3872b661222ae30270d95cfe63b4e)\n" }, { "commit": "ec6268c5146ab3257172552234bc0fe6534940a4", "tree": "b3c04a5fadb572b7020849883d25d4b070639a3a", "parents": [ "637422b2bf7ca08dde6fdfce1fba7daa4965ff2c", "52dcedca37a08bcd01f8d060e269d4eb3745831f" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Fri Apr 13 10:07:36 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Apr 13 10:07:36 2018 +0000" }, "message": "Merge \"AttestationUtils: Request MEID explicitly\" into pi-dev" }, { "commit": "52dcedca37a08bcd01f8d060e269d4eb3745831f", "tree": "24e18558d2e884c6402fb618517bf9bbbad4f47f", "parents": [ "0b5dd8e56040e2cd3dc95abfebe7fdb71cc7f0bc" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Apr 12 14:06:59 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Apr 12 17:20:35 2018 +0100" }, "message": "AttestationUtils: Request MEID explicitly\n\nRather than rely on getDeviceId to provide the MEID, explicitly use\ngetMeid to get it.\n\nFor MEID attestation to work, the right identifier needs to be passed in\nfor attestation by Keymaster.\nAttestationUtils currently gets this identifier by calling getDeviceId.\nThis would only yield the MEID if the device does not have an IMEI\nprovisioned, which means it\u0027ll get the IMEI for devices that have both\n(like Pixel 2).\n\nAccording to bartfab@ that is the correct way (see b/77584730#13).\n\nBug: 77584730\nBug: 73284024\nTest: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java\nChange-Id: I98f6c2e2a9835bf2fd681cfb4ff74fc3984c3a8e\n" }, { "commit": "9b5853d304702f1c76025ed80483276ce377f98f", "tree": "aeea93761e0e9390470edfc130587de16e8be62f", "parents": [ "10fb6582eb9c0e84938af9a2be0017e35eb59c5e" ], "author": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Tue Apr 10 10:33:42 2018 -0700" }, "committer": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Wed Apr 11 19:23:30 2018 +0000" }, "message": "keystore: Add documentation for user presence required.\n\nTest: make -j50 docs\nBug: 77600728\nChange-Id: I6334bc0fc7a7d4faced6b03522c350ce74303443\nSigned-off-by: Allen Webb \u003callenwebb@google.com\u003e\n" }, { "commit": "13e230f5d6a757f1a7ecd53d6254ac3e2826163d", "tree": "a845c7dfaa5c4aebf14a08aed628781433497185", "parents": [ "1c5ee613be6ac28877468d89272ad76bf03440c9" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Apr 10 17:21:39 2018 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Apr 10 18:15:22 2018 -0600" }, "message": "Mark CTS-tested APIs as @TestApi\n\nBug: 77596526\nTest: Keystore CTS\nChange-Id: Ic4280db3d9ff093138f0a361ac6a52ca69187cca\n" }, { "commit": "1c5ee613be6ac28877468d89272ad76bf03440c9", "tree": "257878e6ec396df4e95bd7b1770b39ec9fc3d579", "parents": [ "26f00b9d87dd49bbb69c3cfc87fe1a243c2d4c78" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Tue Apr 10 08:43:53 2018 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Apr 10 17:05:39 2018 -0600" }, "message": "Allow CTS tests to access more from KeyProtection\n\nAdd @TestApi to allow CTS tests to use that call.\nEncryption and decryption are reversed in some documentation.\n\nTest: CtsKeystoreTestCases\nBug: 77596526\nChange-Id: Ifaf8b3fa0e231eef256451a2514219fff1b16699\n" }, { "commit": "aa5c335a60f8316e2935bf2281c4f985b607d586", "tree": "65f0c67c0d763f533f7c6a1e3f4ce57d39249c19", "parents": [ "93a10eb1d2535f2ab9c3edfa10bb31e439a825e9", "be10891cab6ef8942cdeb6fd36920804199161a5" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Thu Apr 05 00:58:18 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Apr 05 00:58:18 2018 +0000" }, "message": "Merge \"keystore: Change superclass of UserPresenceUnavailableException.\" into pi-dev" }, { "commit": "084f9aee9a54a86680feed7cafd56a06ba6f24f8", "tree": "9f094fc4b33c4e2132786a15025725915ab45ce0", "parents": [ "6d24a1c8bef4c70ac1e646ffb21299ad7fe4a22b", "6f8fa9ac83e8690728400ca78e7b969d01fceb62" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Apr 02 21:40:34 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Apr 02 21:40:34 2018 +0000" }, "message": "Merge \"\"Unlocked device required\" javadoc clarification\" into pi-dev" }, { "commit": "840c29eb0be73a875c883863cf1421ca789f7041", "tree": "0746509d6debe27d2d3704105e47d58599dc8fbb", "parents": [ "540f74786135b5c99170a518ef246ecfd0588739", "3c1830bd7f85f35fe216b8bc5bc7f515b8f6d777" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Apr 02 20:36:34 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Apr 02 20:36:34 2018 +0000" }, "message": "Merge \"Rename trustedUserPresenceRequired.\" into pi-dev" }, { "commit": "6f8fa9ac83e8690728400ca78e7b969d01fceb62", "tree": "c3a6cc2ff0b058f42e78bcba518b54e880b83c12", "parents": [ "50228a647183c9315312f8f36ba849f8b1e6d3d0" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Mon Apr 02 12:40:58 2018 -0700" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Mon Apr 02 12:40:58 2018 -0700" }, "message": "\"Unlocked device required\" javadoc clarification\n\nWording changes on the public API functions for these keys.\n\nTest: CTS\nBug: 67752510\nChange-Id: Iaf620e8c0e06d436d09f50d308268653bec196ce\n" }, { "commit": "3c1830bd7f85f35fe216b8bc5bc7f515b8f6d777", "tree": "ec912d970d6eabc3731e190e15c5fccfc321d869", "parents": [ "78e805684b427d3ba903a3ee5d12d3ea47be68b9" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Mar 27 16:10:37 2018 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Mon Apr 02 13:03:14 2018 -0600" }, "message": "Rename trustedUserPresenceRequired.\n\nThe existing name is misleading, because it can be read as requiring\nthat a trusted user be present, rather than the intended meaning of\nrequiring trusted proof of user presence. Since this is all about\nTEE/SE-based keys, the \"trusted\" part is implied, so the simple\n\"userPresenceRequired\" name makes more sense.\n\nBug: 77151288\nTest: Keystore CTS tests\nChange-Id: If8b533b9f34a1875eaf35cdd1bb8f3709da9761b\n" }, { "commit": "50228a647183c9315312f8f36ba849f8b1e6d3d0", "tree": "a8d176ad21064b96cf4ba6f00abc38faded35b05", "parents": [ "ea31cbea935a20d9d290453c2ba2f8b8670e45ca", "b631503200c8de47bbd83a71f17c798f5c2f1582" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Apr 02 18:45:35 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Apr 02 18:45:35 2018 +0000" }, "message": "Merge \"Revise secure key import API after review\" into pi-dev" }, { "commit": "f5f6bb2d888ada9b4bb3a92b106f4b1416968ea7", "tree": "85a711efe72b59f1b429702d0a63451cd4774476", "parents": [ "77fcc0da3b95b5a191fa65751aa86bc696260df7" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Fri Mar 30 14:03:15 2018 -0700" }, "committer": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Mar 30 21:37:48 2018 +0000" }, "message": "Remove getCurrentUser call to find an alternative\n\nThe call the framework uses to get the current user ID requires the\nINTERACT_ACROSS_USERS permission, which not a lot of apps will have.\nFind a better way to do that.\n\nBug: 76430246\n\nTest: CtsKeystoreTestCases\nChange-Id: I8a0637d351fff9cfbf40e02946325f90466b68c5\n" }, { "commit": "1e0a9b0b1b706e4ef31522cdbc7d3d5232e6c382", "tree": "f52a975589283f52c50799e4ea3d61edfe8c6245", "parents": [ "4ced90cb12c915db0cac0bbea25a1b8a43d93164", "9e8749058039b92fbed6ecf5a78eb9bf0c45c0e8" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Fri Mar 30 18:54:39 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Mar 30 18:54:39 2018 +0000" }, "message": "Merge \"Enable \"Unlocked device required\" API\" into pi-dev" }, { "commit": "b631503200c8de47bbd83a71f17c798f5c2f1582", "tree": "1999d958dd37941c66ed99972244e64afb1142bc", "parents": [ "3d8fa52f59dcfae93e8ecc7a669fd3757e87c63f" ], "author": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Thu Mar 15 17:33:16 2018 -0700" }, "committer": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Fri Mar 30 10:25:22 2018 -0700" }, "message": "Revise secure key import API after review\n\n• WrappedKeyEntry: add doc (based on IKeymasterDevice.hal comments)\n• StrongBoxUnavailableException: add public ctors, match superclass\n• SecureKeyImportUnavailableException: new first class exception\n• ORIGIN_SECURELY_IMPORTED: elaborated on properties\n\nTest: make doc \u0026 review output\nBug: b/74218267\nChange-Id: Ice9adc60ede618870e57bb58ca66fd0218cd2bf7\n" }, { "commit": "be10891cab6ef8942cdeb6fd36920804199161a5", "tree": "edcf91ceffed8bffc6ee06886d5f85872d2682b7", "parents": [ "912853be102cc854f77d25f0946f4e6435b100b9" ], "author": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Thu Mar 29 09:50:45 2018 -0700" }, "committer": { "name": "Allen Webb", "email": "allenwebb@google.com", "time": "Fri Mar 30 10:02:46 2018 -0700" }, "message": "keystore: Change superclass of UserPresenceUnavailableException.\n\nAlso add additional comments to isTrustedUserPresenceRequired().\n\nTest: m -j KeystoreTests \u0026\u0026 adb install -r\nout/target/product/${TARGET_PRODUCT}/data/app/KeystoreTests/KeystoreTests.apk\n adb shell am instrument\n\nBug: 73392697\nBug: 76462141\nChange-Id: Iabcc331adda53e2a5cad5ead6002dfbc29188da2\nSigned-off-by: Allen Webb \u003callenwebb@google.com\u003e\n" }, { "commit": "0186b42f2ae7e2c7b3e88043c2d1cb255f09514e", "tree": "500b6e1233f875e8f93f98759f3130234d637832", "parents": [ "69196f6fadf2445c2b9c06c17162d0cd3dfaeb5a", "9272dab49efa9c70ab92879c3e79a76fc8364d34" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Mar 30 14:21:19 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Mar 30 14:21:19 2018 +0000" }, "message": "Merge changes from topics \"niap-asym-write-pi-dev\", \"niap-asym-write-api-pi-dev\" into pi-dev\n\n* changes:\n Restore \"Add \"Unlocked device required\" parameter to keys\"\n Add \"Unlocked device required\" key API\n" }, { "commit": "9e8749058039b92fbed6ecf5a78eb9bf0c45c0e8", "tree": "3359c0d9694c908007e45d67ca5648df657d973e", "parents": [ "9272dab49efa9c70ab92879c3e79a76fc8364d34" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Mon Mar 26 11:40:13 2018 -0700" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Mar 29 10:25:33 2018 -0700" }, "message": "Enable \"Unlocked device required\" API\n\nRemove the @hide annotations so the SDP asymmetric-write functionality\nis included in the public API.\n\nTest: CtsKeystoreTestCases\n\nBug: 63928827\nChange-Id: I8f462b0ebe4d9a7b96b48fa1672dd2ab9140c505\n" }, { "commit": "9272dab49efa9c70ab92879c3e79a76fc8364d34", "tree": "9155709e2901fd9e5fe2a9ff2608765d87ce9b02", "parents": [ "36716eb4709503f2ef370c6f67273440cd91d18c" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Feb 23 18:04:20 2018 +0000" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Mar 29 10:24:18 2018 -0700" }, "message": "Restore \"Add \"Unlocked device required\" parameter to keys\"\n\nAdd a keymaster parameter for keys that should be inaccessible when\nthe device screen is locked. \"Locked\" here is a state where the device\ncan be used or accessed without any further trust factor such as a\nPIN, password, fingerprint, or trusted face or voice.\n\nThis parameter is added to the Java keystore interface for key\ncreation and import, as well as enums specified by and for the native\nkeystore process.\n\nThis reverts commit da82e2cb7193032867f86b996467bcd117545616.\n\nTest: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed\n\nBug: 67752510\n\nMerged-In: Ia162f1db81d050f64995d0360f714e79033ea8a5\nChange-Id: Ia162f1db81d050f64995d0360f714e79033ea8a5\n(cherry picked from d7c961ee914192e09ec10727da6d31a6b597bf51)\n" }, { "commit": "6169239b942fc2f6e8721b219f84b506c106fbe1", "tree": "9826db736692e5d9d870117d4b4be68e770c6fce", "parents": [ "3a5dabbb10861a5cea627936c56693550345b9a8" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Mar 26 16:43:14 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Mar 29 10:58:20 2018 +0100" }, "message": "Utilize verbose KeyChain errors\n\nAs KeyChain reports detailed error codes about failure to generate keys\nor attestation records for them, log these detailed errors and throw an\nexception if the hardware does not support Device ID attestation.\n\nBug: 72642093\nBug: 73448533\nTest: cts-tradefed run commandAndExit cts-dev -s 127.0.0.1:50487 -a x86_64 -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG\nChange-Id: Ib12efcf48c158373e1fc28cc51d67e70282d029e\n" }, { "commit": "36716eb4709503f2ef370c6f67273440cd91d18c", "tree": "26dd3eedac52c5fdcb27fda06bb8180eeacf4232", "parents": [ "ff23ffa8ff352b9c7178d19779783d7c231fabda" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Feb 23 18:04:20 2018 +0000" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Wed Mar 28 08:38:56 2018 -0700" }, "message": "Add \"Unlocked device required\" key API\n\nThis adds the API methods and values for keyguard-bound keys, but\ncontains none of the actual functionality.\n\nTest: CTS tests in CtsKeystoreTestCases\n\nBug: 67752510\n\nMerged-In: Iccd7dafd77258d903d11353e02ba3ab956050c40\nChange-Id: Iccd7dafd77258d903d11353e02ba3ab956050c40\n(cherry picked from commit fd75c7232aebc8690f004de3486b3b9a44f3e0b0)\n" }, { "commit": "56e9c026b33da783088c10a3d1162076a8e25cb6", "tree": "36bd56d58d0890d16be28c3877d59b40f78357b8", "parents": [ "cdaba41a6f36262ae37b3425b8da981d2266345b", "5437b81696e19e40be3f6f9cc95b8ef14fa93ae3" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Tue Mar 27 22:13:37 2018 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Mar 27 22:13:37 2018 +0000" }, "message": "Merge \"Refactor AddUserAuthArgs for extensibility\" into pi-dev" }, { "commit": "4b4a0539b662695570d7d1ddbf96db93fc987e8d", "tree": "597ff21c0806a55348875361c42ec2bdc4614734", "parents": [ "9cd3e43d86ea00fb93ef7561bb309e3a53f1a582" ], "author": { "name": "Dmitry Dementyev", "email": "dementyev@google.com", "time": "Fri Mar 23 17:46:52 2018 -0700" }, "committer": { "name": "Dmitry Dementyev", "email": "dementyev@google.com", "time": "Fri Mar 23 17:46:52 2018 -0700" }, "message": "Add missing @NonNull annotation to AndroidKeyStoreProvider method.\n\nBug: 73959762\nTest: none\nChange-Id: I2298c8fe0893032f374629a5af128474ba0f679c\n" }, { "commit": "5437b81696e19e40be3f6f9cc95b8ef14fa93ae3", "tree": "c3aa310e3b0f093d25b3260d15c456f207d35d58", "parents": [ "6b71daa0c2d9e01fdf3aa8ce09dbd96c4d2ab8ea" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Feb 23 18:04:20 2018 +0000" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Mar 22 16:10:40 2018 -0700" }, "message": "Refactor AddUserAuthArgs for extensibility\n\nCreate an interface that encapsulates the common arguments to\nAddUserAuthArgs, add that interface to KeyProtection and\nKeyGenParameterSpec, and refactor AddUserAuthArgs to accept an\ninstance of that interface.\n\nTest: CTS Module CtsKeystoreTestCases\n\nBug: 74017618\n\nMerged-In: I591e34e5d08421ea1c022bbb6e955ee3c01eb435\nChange-Id: I591e34e5d08421ea1c022bbb6e955ee3c01eb435\n(cherry picked from commit df16c56fbf05908e03f3a95a8a3d981bbc2fdb91)\n" }, { "commit": "bbb7f65a23937eeeabcc4caac5a3ea53ad836749", "tree": "fefa23fa352d64bcfd70e1dc1e69cbadbb6e7bfb", "parents": [ "c5f5ad103fb9416cb63ec9f7c2397bb343cb2f44" ], "author": { "name": "David Zeuthen", "email": "zeuthen@google.com", "time": "Mon Feb 26 11:04:18 2018 -0500" }, "committer": { "name": "David Zeuthen", "email": "zeuthen@google.com", "time": "Mon Feb 26 11:08:00 2018 -0500" }, "message": "ConfirmationDialog: Pass accessibility options and implement isSupported().\n\nBug: 63928580\nTest: Manually tested.\nChange-Id: I6a06d10a4cb924c3e57c8e212ba4626cad00f4a1\n" }, { "commit": "da82e2cb7193032867f86b996467bcd117545616", "tree": "7585d5778078b208575e2a535454946794490cb9", "parents": [ "efc3f16be7870c84227b79f73f0ad7cab72a260f" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Thu Feb 22 23:36:34 2018 +0000" }, "committer": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Fri Feb 23 01:31:49 2018 +0000" }, "message": "Revert \"Add \"Unlocked device required\" parameter to keys\"\n\nThis reverts commit efc3f16be7870c84227b79f73f0ad7cab72a260f.\n\nReason for revert: Regression in creating auth-bound keys\n\nBug: 73773914\n\nBug: 67752510\n\nChange-Id: Ic3886ceb3c3c0c4274682ed9f5f2bfbf8fdd71b9\n" }, { "commit": "efc3f16be7870c84227b79f73f0ad7cab72a260f", "tree": "9bc781e0e7caf005e6037866954262fbb6f3152d", "parents": [ "5f76688c5a8eefd16bc51569263667e7f403f242" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Nov 16 15:36:43 2017 -0800" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Wed Feb 14 12:19:13 2018 -0800" }, "message": "Add \"Unlocked device required\" parameter to keys\n\nAdd a keymaster parameter for keys that should be inaccessible when\nthe device screen is locked. \"Locked\" here is a state where the device\ncan be used or accessed without any further trust factor such as a\nPIN, password, fingerprint, or trusted face or voice.\n\nThis parameter is added to the Java keystore interface for key\ncreation and import, as well as enums specified by and for the native\nkeystore process.\n\nTest: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed\n\nBug: 67752510\n\nChange-Id: I314b848f6971d1849a7a6347d52e41d9604639ae\n" }, { "commit": "a8e8b659d0a872c9221e70b94c094cb6bff0508a", "tree": "82e4bab84a85a3cb6153fe3512b185b2f4b603be", "parents": [ "f100eea32f6ca4cfb858a53820a0b93f91b24942" ], "author": { "name": "David Zeuthen", "email": "zeuthen@google.com", "time": "Wed Oct 25 14:25:55 2017 -0400" }, "committer": { "name": "David Zeuthen", "email": "zeuthen@google.com", "time": "Tue Jan 30 17:33:21 2018 -0500" }, "message": "Add Confirmation API.\n\nThis CL adds new Framework APIs that can be used for the secure\nconfirmations. This includes support for configuring a key such that\nit can only sign data returned by the confirmation APIs.\n\nBug: 63928580\nTest: Manually tested.\nChange-Id: I94c1fc532376bd555b3dc37fc4709469450cfde6\n" }, { "commit": "3a28570b285d9248206fc0ab8b30e3b2a51ae5b3", "tree": "9d63c735395cb8389297c8f41bcc400d92be7fc8", "parents": [ "55fff3a89d96d0d0f8b8cb161bb0dda170c21ccb" ], "author": { "name": "Brian Young", "email": "bcyoung@google.com", "time": "Mon Jan 29 23:56:59 2018 +0000" }, "committer": { "name": "Ian Pedowitz", "email": "ijpedowitz@google.com", "time": "Tue Jan 30 15:31:42 2018 +0000" }, "message": "Revert \"Add \"Unlocked device required\" parameter to keys\"\n\nThis reverts commit 55fff3a89d96d0d0f8b8cb161bb0dda170c21ccb.\n\nReason for revert: Build breakages on elfin, gce_x86_phone.\n\nBug: 67752510\n\nBug: 72679761\nChange-Id: Ia495e9cb158b64fcf015e37b170554a7ed6810a7\n" }, { "commit": "55fff3a89d96d0d0f8b8cb161bb0dda170c21ccb", "tree": "dbe7cbcb2d2af17be47e8f4dd69a07a672b456c1", "parents": [ "e2975162dca148be4be46b5bfbacdce7c74513ee" ], "author": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Thu Nov 16 15:36:43 2017 -0800" }, "committer": { "name": "Brian C. Young", "email": "bcyoung@google.com", "time": "Mon Jan 29 10:16:02 2018 -0800" }, "message": "Add \"Unlocked device required\" parameter to keys\n\nAdd a keymaster parameter for keys that should be inaccessible when\nthe device screen is locked. \"Locked\" here is a state where the device\ncan be used or accessed without any further trust factor such as a\nPIN, password, fingerprint, or trusted face or voice.\n\nThis parameter is added to the Java keystore interface for key\ncreation and import, as well as enums specified by and for the native\nkeystore process.\n\nTest: go/asym-write-test-plan\n\nBug: 67752510\n\nChange-Id: I8b88ff8fceeafe14e7613776c9cf5427752d9172\n" } ], "next": "4dadff8be0d8aebe41822eb2daeaaacd72631865" }