)]}' { "log": [ { "commit": "23c438d711c15541312dbb5a83548967874f9ccb", "tree": "83b5160da7a62def6f3d014964fc53042926d83d", "parents": [ "78252a23d6d38e4b1c938fef3d7b1dc6b7dfbe05" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Nov 23 17:20:52 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Nov 23 17:59:36 2017 +0000" }, "message": "KeyChain: Provide public \u0026 private keys\n\nIn order for the DevicePolicyManager to provide key generation\nfunctionality, it has to return both the private and public keys\nin form of a KeyPair.\n\nSince the KeyChainService will perform the key generation on behalf\nof the DevicePolicyManager (so that KeyChain will be the owner of\nthe generated keys outright), the DevicePolicyManager needs a way\nto get both the private and public key representations from KeyChain.\n\nA getKeyPair method is added that gets the private and public\nkey pair associated with a given alias from Keystore.\nThe getPrivateKey now delegates to the getKeyPair method and returns\nonly the private key.\n\nTested using existing CTS tests.\n\nBug: 63388672\nTest: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement\nChange-Id: I06b8511acd2049a0053ec8893de6de7429f7c92e\n" }, { "commit": "5c0a517dffc67aac4c8b6df1b3324f1ff0311704", "tree": "308257396bbcb792a63aae1ecc18a1ab462a9ac0", "parents": [ "a9a65af6ac4414b2df2a17bb2d3d5fb9254450c3", "7039f416c3db02bafc43dda0fc6db87b6ace2745" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Tue Nov 14 13:43:03 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Nov 14 13:43:03 2017 +0000" }, "message": "Merge \"KeyChain: Adding methods for user-visibility.\"" }, { "commit": "7039f416c3db02bafc43dda0fc6db87b6ace2745", "tree": "e32cadf31e53155c2a3451eaa4c6e549d4681d1e", "parents": [ "2b267dfbe967661879b54c638e1f72ab85c5b2f5" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Wed Nov 08 01:03:30 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Nov 09 20:51:35 2017 +0000" }, "message": "KeyChain: Adding methods for user-visibility.\n\nAdd to the KeyChain aidl two methods for getting and setting whether\na key can be selectable by the user or not.\n\nSee\nhttps://googleplex-android-review.git.corp.google.com/#/c/platform/packages/apps/KeyChain/+/3199414/\n\nTest: To be determined.\nBug: 65624467\nChange-Id: Ib31a11ca432a5d29fdb8ed5349598dbff4bcb516\n" }, { "commit": "efc4311a3fb84cacc98f0afe669c69f9d5196bd3", "tree": "7084786efb494627bfb7446704e49072a62d8b13", "parents": [ "843f07e2d31e64b57357bbfc106b5c3a28315332" ], "author": { "name": "Dmitry Dementyev", "email": "dementyev@google.com", "time": "Fri Oct 27 23:10:28 2017 -0700" }, "committer": { "name": "Dmitry Dementyev", "email": "dementyev@google.com", "time": "Tue Nov 07 10:21:08 2017 -0800" }, "message": "Get rid of manually created IKeystoreService.\n\nJava/aidl side changes necessary to generate IKeystoreService.cpp\nGenerated C++ service currently doesn\u0027t support null parameters, so lots\nof parameters were updated to pass default value instead of null.\n\nTest: cts-tradefed run cts -m CtsKeystoreTestCases\nBug: 68389643\n\nChange-Id: Ifaf2ab48b2bcd7b081e4b336aa279fa8ba4fbbbf\n" }, { "commit": "5596642a1035bcc120071d715336b965a51040fa", "tree": "9c16ea5cf15093e46ba18884173de6b5fc664302", "parents": [ "ce7416809a6953ad2d421977de2aae81cc0549f8" ], "author": { "name": "Kevin Chyn", "email": "kchyn@google.com", "time": "Mon Oct 23 16:08:47 2017 -0700" }, "committer": { "name": "Kevin Chyn", "email": "kchyn@google.com", "time": "Tue Oct 24 02:29:15 2017 +0000" }, "message": "Check FEATURE_FINGERPRINT before trying to getSystemService\n\nFixes: 65838275\n\nTest: Tested on Ryu/Walleye, the stack trace is not seen anymore\nChange-Id: I7b12fdca81d5f2523dea5a981fcf1daa69254eb4\n" }, { "commit": "d07d3384279c0c07c5c6747ea8d0c5684264c9d0", "tree": "a0cac335651521d9d60d6381087fd05c93715b85", "parents": [ "9f5e99159056da901aefc4ac4ff26aa382a23765" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Sep 01 14:45:16 2017 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Fri Sep 01 14:45:16 2017 -0700" }, "message": "Fix use of auth-bound keys after screen lock removal\n\nWhen an auth-bound key is used after the screen lock has been removed by\nthe user, KeyStore.begin retruns UNINITIALIZED.\n\nThis patch adds handling for this error code, indicating that the key\nthat was to be used was permanently invalidated.\n\nBug: 65200397\nTest: CtsVerifier ScreenLockBoundKeysTest:\n 1. Run test\n 2. with CtsVerifier in the background remove the screen lock\n through the settings dialog\n 3. Select VtsVerifier in \u0027recents\u0027\n 4. Run test again\n\nChange-Id: If68ba0eb2f9c04655fe8c9eea28c4491eae8e92f\n" }, { "commit": "735aa14f4ea01f0fc9d38f5cad2f17ddfc6285b3", "tree": "321b6f3162008b6df00e4e3228859bbd4ad20508", "parents": [ "7745a7975f23577db755cb03f50df038f21d00a3", "1ed1ee3c7040259ca13a8017c7bdb4d42d092f94" ], "author": { "name": "Cindy Kuang", "email": "ckuang@google.com", "time": "Wed Aug 16 17:24:05 2017 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Aug 16 17:24:05 2017 +0000" }, "message": "Merge \"docs: corrected code example mistakes\" into oc-dev am: 5714da6e93\nam: 1ed1ee3c70\n\nChange-Id: I979b54f30b9a09c2160b3d2087c619ba979a868e\n" }, { "commit": "2b1a5b8fd9efc41451f933fff27f615961f2d6d1", "tree": "85d278260f6a51cf75972355922f00148071d03c", "parents": [ "744976e2985a07f602c02721db8969a638d51c82" ], "author": { "name": "Cindy Kuang", "email": "ckuang@google.com", "time": "Wed Aug 09 14:18:02 2017 -0700" }, "committer": { "name": "Cindy Kuang", "email": "ckuang@google.com", "time": "Fri Aug 11 10:49:04 2017 -0700" }, "message": "docs: corrected code example mistakes\n\nTest: make ds-docs\n\nBug: 10808505\nChange-Id: I9ee4efab9f0cbac00213179d06a6f0919cb82756\n" }, { "commit": "6396ccb82e368a5f4ca06c5e47f287930608cc3e", "tree": "a0e2e50638e1e34e74569cd6b45b7706250df074", "parents": [ "001956c626c8c2c8c02c6065ea0964dd505e5406" ], "author": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Thu Jun 08 17:53:34 2017 -0700" }, "committer": { "name": "Janis Danisevskis", "email": "jdanis@google.com", "time": "Sun Jul 23 09:39:04 2017 -0700" }, "message": "Refurbish granting mechanism\n\nKeystore stores key blobs in with filenames that include the symbolic\nname and the uid of the owner. This behaviour should have been\ncompletely opaque to the user keystore. However, the granting mechanism,\nby which an app can allow another app to use one of its keys, leaked the\ninternal structure in that the grantee had to specify the key name with\nthe granter\u0027s uid prefix in order to use the granted key. This in turn\ncollided with prefix handling in other parts of the framework.\n\nThis patch refurbishes the granting mechanism such that keystore can\nchoose a name for the grant. It uses the original symbolic key name as\nprefix and appends _KEYSTOREGRANT_\u003cgrant_no\u003e where the grant_no is\nchosen as first free slot starting from 0. Each uid has its own grant_no\nspace.\n\nThis changes the grant call such that it now returns a string, which is\nthe alias name of the newly created grant. The string is empty if the\ngrant operation failed.\n\nAs before apps can still mask granted keys by importing a key with the\nexact same name including the added suffix. But everybody deserves the\nright to shoot themselves in the foot if they really want to.\n\nBug: 37264540\nBug: 62237038\nTest: run cts-dev --module CtsDevicePolicyManagerTestCases --test\n com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement\n\t because it grants a key\nMerged-In: I047512ba345c25e6e691e78f7a37fc3f97b95d32\nChange-Id: I047512ba345c25e6e691e78f7a37fc3f97b95d32\n" }, { "commit": "7eeab2cdd99f84ecef12ebbb92e0731b26508da1", "tree": "07400ff228dba5e9cb51c6d9cf0bcb66bcd91f85", "parents": [ "7cf5f74f3fda19901d8c572f8c47981eda96e091" ], "author": { "name": "phweiss", "email": "phweiss@google.com", "time": "Wed Apr 19 20:15:06 2017 +0200" }, "committer": { "name": "phweiss", "email": "phweiss@google.com", "time": "Tue May 09 15:35:30 2017 +0200" }, "message": "Implement CACert queries in SecurityController\n\nCherry-pick note:\ntestCACertLoader() was flaky, so this cherry-pick contains\ntwo attempted fixes and a CL that disables the test. The original commit\nmessages of the squashed CLs are below.\nMerged-In: I3b9cc3d85c9f49d0a892613b63d1fba184ab647e\n\nImplement CACert queries in SecurityController\n\nQueries are run (on a AsyncTask) when user is switched and when\nACTION_TRUST_STORE_CHANGED is broadcasted. Otherwise, the result is cached\nin the SecurityController.\n\nBug: 37535489\nTest: runtest --path frameworks/base/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java\nChange-Id: I3b9cc3d85c9f49d0a892613b63d1fba184ab647e\n\nIncrease timeout for flaky testCACertLoader()\n\nBug: 37535489\nBug: 38045871\nTest: runtest --path frameworks/base/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java\nChange-Id: I5778082973af7c6d4d719b83e334fec552b0a89e\n\nFix flaky SecurityControllerTest.testCaCertLoader\n\nFixes: 38108698\nTest: runtest -c .statusbar.policy.SecurityControllerTest systemui\nChange-Id: I6029a09984b72599622f0df57187a20aba4dab30\n\nDisable flaky test\n\nTest: treehugger\nBug: 38118260\nChange-Id: I05c6504acee6a787e1cc5071bed0118388963212\n\n(cherry picked from commit e375fc441cc889890d1cff5bc771039bb65f08ef)\n" }, { "commit": "e375fc441cc889890d1cff5bc771039bb65f08ef", "tree": "3723d89aebe8f973f72a57717c6ed25772d16ea9", "parents": [ "83abc4f26d470ed032d91c65c66eff71a2499f53" ], "author": { "name": "phweiss", "email": "phweiss@google.com", "time": "Wed Apr 19 20:15:06 2017 +0200" }, "committer": { "name": "phweiss", "email": "phweiss@google.com", "time": "Fri May 05 19:03:29 2017 +0200" }, "message": "Implement CACert queries in SecurityController\n\nQueries are run (on a AsyncTask) when user is switched and when\nACTION_TRUST_STORE_CHANGED is broadcasted. Otherwise, the result is cached\nin the SecurityController.\n\nBug: 37535489\nTest: runtest --path frameworks/base/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java\n\nChange-Id: I3b9cc3d85c9f49d0a892613b63d1fba184ab647e\n" }, { "commit": "237f4b369bfd8021882007d103b9921fca789263", "tree": "ae8c83b2076af2a15ad7dc51ce37aabde19734e8", "parents": [ "c4a169cfb452ac4e8c7fb4ac153f66892ee0b16e" ], "author": { "name": "Bartosz Fabianowski", "email": "bartfab@google.com", "time": "Mon Apr 24 13:57:46 2017 +0200" }, "committer": { "name": "Bartosz Fabianowski", "email": "bartfab@google.com", "time": "Wed Apr 26 17:40:44 2017 +0200" }, "message": "Add device ID attestation method to keymaster\n\nDevice ID attestation consists of three steps:\n* Generate a temporary key\n* Attest the key and desired device IDs\n* Delete the temporary key\n\nRather than being spread over three keymaster APIs, these operations\nshould happen automatically in a single keymaster method.\n\nBug: 34734938\nTest: GTS com.google.android.gts.security.DeviceIdAttestationHostTest\n\nChange-Id: Ifabb5163b9e4d12cb309a6b0ca8e5f2f92d212f4\n" }, { "commit": "a00c7c0a9983e30e4dcbc4f7ae847a26d9ea614f", "tree": "147c433a2c9ee6dc9caaa01198700c805ca6dedd", "parents": [ "5313eee98a2e7bcac48105888bdfb25d61dce2ce", "0f3f60b576aedc78524d50da3dadada2201e63c2" ], "author": { "name": "Jeff Sharkey", "email": "jsharkey@google.com", "time": "Tue Apr 25 22:10:56 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Apr 25 22:11:01 2017 +0000" }, "message": "Merge \"Fix some issues found by new doclava linter.\" into oc-dev" }, { "commit": "0f3f60b576aedc78524d50da3dadada2201e63c2", "tree": "10687f8ec2be4c125de12c100effc0c796a4b529", "parents": [ "30e06bb668f2e4b024c4ebc2a131de91c96de5eb" ], "author": { "name": "Jeff Sharkey", "email": "jsharkey@android.com", "time": "Mon Apr 24 18:06:20 2017 -0600" }, "committer": { "name": "Jeff Sharkey", "email": "jsharkey@android.com", "time": "Tue Apr 25 13:12:45 2017 -0600" }, "message": "Fix some issues found by new doclava linter.\n\nAdd missing API annotations for permissions and SdkConstants, and\ninvoke doclava with new \"-android\" flag.\n\nTest: make -j32 offline-sdk-docs\nBug: 37526420\nChange-Id: I970bb2655eb568fd25004636f134c794663a6c33\n" }, { "commit": "12b644d275b121dd952a4a564fa65b9c18c9b22c", "tree": "70b21b6b53191591312ca0ade265e0d59aeed6da", "parents": [ "274442e33433b74f4c6abca936cf3a1b3e0705bd" ], "author": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Fri Apr 21 19:21:42 2017 +0100" }, "committer": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Mon Apr 24 20:04:50 2017 +0100" }, "message": "Introduce KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION\n\nThis flag is used by system server to mark keys used during the\nsynthetic password auth flow. keys marked with this flag will not\nbe super encrypted because super encryption requires knowledge of\nthe synthetic password, causing a chicken-and-egg problem.\n\nBug: 35849499\nBug: 34600579\nTest: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testResetPasswordWithToken\n\nChange-Id: I474822f2e026f24ce6f6de1aa58b5012922f7b13\n" }, { "commit": "910e081216ac530432ac9d0aab10d5e5e4c73ab8", "tree": "d3c1c65d39a11fc3b446bf1534773ae8c46c6263", "parents": [ "faf37babb0bc0962c01750b222fc03bd197b0b62" ], "author": { "name": "Jeff Sharkey", "email": "jsharkey@android.com", "time": "Fri Apr 21 16:29:27 2017 -0600" }, "committer": { "name": "Jeff Sharkey", "email": "jsharkey@android.com", "time": "Fri Apr 21 16:35:08 2017 -0600" }, "message": "More auto-doc work.\n\nAdd support for AnyThread, CallSuper, and UiThread.\n\nAnother related CL started documenting @RequiresPermission, so remove\nduplicated information in existing APIs.\n\nSuppress auto-doc on a handful of classes that are already\nwell-documented.\n\nTest: make -j32 offline-sdk-docs\nBug: 37526420\nChange-Id: I791437dccec0f11d5349a23b982ba098cb551af8\n" }, { "commit": "8b651bf7d54f23549c8a7baa27dbed38a35465e4", "tree": "0a8bc7769b65d7505baff93dded2de577b965622", "parents": [ "b261269bcf2178a22ce3b4275cd3d89f8ac4a240" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu Mar 23 09:26:09 2017 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu Mar 23 09:26:09 2017 -0700" }, "message": "Fix ACTION_STORAGE_CHANGED doc\n\nThe deprecation note was not quite correct.\n\nChange-Id: I15231881bbf1ee1ee4d342bff74280d7e9807ac0\nFixes: 36493384\nTest: builds\n" }, { "commit": "ad60c0615facbcccb1a2b4e87584e8e3980c4f4e", "tree": "20ad9f32f97a96d667e361eb5c34f12d2d9240ad", "parents": [ "6099e75df2c12f5b4b9e73cf3f8acdbaea4b3146" ], "author": { "name": "Bartosz Fabianowski", "email": "bartfab@google.com", "time": "Mon Mar 20 13:59:51 2017 +0100" }, "committer": { "name": "Bartosz Fabianowski", "email": "bartfab@google.com", "time": "Mon Mar 20 14:00:25 2017 +0100" }, "message": "Add manufacturer and model to device ID attestation\n\nDiscussions have shown that in addition to brand, device and product,\nwe should also allow devices to attest their manufacturer and model.\n\nBug: 36433192\nTest: GTS com.google.android.gts.security.DeviceIdAttestationHostTest\n\nChange-Id: Idd48929d6a0c9fe6656c6d2656e2c3f6f370a21e\n" }, { "commit": "05dc9f764c9d399add8b7495e680f66d098c55eb", "tree": "9ef2b8247c040c633438baffc7dd38e9f819339d", "parents": [ "f063264d3a1393608501f9c07180a1f3cfbb8b7f" ], "author": { "name": "Bartosz Fabianowski", "email": "bartfab@google.com", "time": "Wed Feb 22 23:41:14 2017 +0100" }, "committer": { "name": "Bartosz Fabianowski", "email": "bartfab@google.com", "time": "Fri Mar 03 19:42:51 2017 +0100" }, "message": "Add API for checking which CA certs were installed by the DO/PO\n\nWith this API, the system can determine whether a CA cert was\ninstalled by the user or the user\u0027s DO/PO.\n\nBug: 32692748\nTest: unit tests (see DevicePolicyManagerTest.java for invocation)\nTest: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases\n\nChange-Id: I3bcae5ac18ec2b110154184fc515df804fd73da6\n" }, { "commit": "66925ecc64e909a1ec2b650d10a4e8647f9c5f14", "tree": "198e0da88f56fcbe0760b9ec931ac446dffdf852", "parents": [ "77f53170030c8a5c6af00d215967a6f455511649" ], "author": { "name": "Frank Salim", "email": "franksalim@google.com", "time": "Wed Jan 25 22:22:41 2017 +0000" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Mar 02 11:16:09 2017 -0700" }, "message": "Revert \"Add new key purpose Wrap Key to KeyProperties.java and\"\n\nThis reverts commit eb30e64f3fac192404a6ae3c162a0770201a7dc2.\n\nReason for revert: Remove partial support for wrapped key import\n\nTest: CTS tested\nChange-Id: I8008494860534257fa983e1a5169d0ed034621f7\n" }, { "commit": "a7aaae881cb3168641e3117a0de6db15b63b5a44", "tree": "22d8ca0bc254cc0096665a953831f790e68e51c1", "parents": [ "d92eee2344cbe4eba957a2f6d227dd3361d804d5", "abaa0695c5361b36a7a2cdbe87c77bf60be20af7" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Tue Feb 28 22:09:02 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Feb 28 22:09:06 2017 +0000" }, "message": "Merge \"Delete ParcelableString, add StringParceledListSlice\"" }, { "commit": "abaa0695c5361b36a7a2cdbe87c77bf60be20af7", "tree": "d4df278a80bfdd1b25373072946426981bbfe884", "parents": [ "c98c16ded8738054242b2576a74e145f834b6efa" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Feb 20 20:54:22 2017 +0000" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Feb 28 18:07:08 2017 +0000" }, "message": "Delete ParcelableString, add StringParceledListSlice\n\nBoth inherit from package private BaseParceledListSlice.\n\nThis is still bad, but it\u0027s not as bad. The existing code that uses\nthis can just do Foo.bar().getList() now instead of having to marshal\nto and from an oddball type at either end as well.\n\nIn the longer term ParceledListSlice\u003c\u003e should be eliminated, but it\u0027s\nnot clear how far into the future that is going to happen.\n\nTest: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java\nTest: runtest -x core/tests/coretests/src/android/content/pm/ParceledListSliceTest.java\nChange-Id: Ie69b96b5215d6e04990f6d31345772cdfee21d78\n" }, { "commit": "3e7cf168a547982676f18d3308b83381abc95f06", "tree": "fe117bb7181058d1350a72b2a1079819b7f7aea0", "parents": [ "c98c16ded8738054242b2576a74e145f834b6efa" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Sat Feb 25 01:28:25 2017 +0000" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Sat Feb 25 01:32:54 2017 +0000" }, "message": "Make IKeyChainAliasCallback oneway\n\nSo it can be sent from devicepolicymanager (system_server) to keychain\n(a system_app) without waiting on the response and having to do\neverything in a background thread.\n\nSide-effect: the regular keychain \u003d\u003e app callback is slightly more\nefficient now too. in case anyone particularly needs blazing fast\nprivate key user selections.\n\nFix: 35675253\nTest: cts-tradefed run cts --abi\u003darm64-v8a --skip-device-info --module CtsDevicePolicyManagerTestCases --test \u0027com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement\u0027 \u003c/dev/null 2\u003e\u00261\nChange-Id: I6e9d96ca3c42e6489d879d8cfb0507eb94838bf1\n" }, { "commit": "2c92e9daa4c787e8678c25d4a2d3f3ae2362dd4d", "tree": "e2c105b49fe8c00066c5ad3ff8f1820b537c93c6", "parents": [ "02761acc674ae9b13d5bbda493ac794ecc4c1c6e", "7c3b65e9b184c975b77b2c202e0d675a6770bd2d" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Tue Feb 14 15:58:28 2017 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Feb 14 15:58:31 2017 +0000" }, "message": "Merge \"Reject HMAC keys smaller than 64 bits.\"" }, { "commit": "7f5c91c6bce6a8ff2414549219a321a98a98ab31", "tree": "ad73588c43eed6d0f29b368b8e3faa3f00562258", "parents": [ "f9a55d42d2e2adbf5895d04e4790debb145508ed" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Wed Feb 08 21:27:02 2017 +0000" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Feb 14 13:29:31 2017 +0000" }, "message": "MonitoringCertTask no longer relies on software.device_admin\n\nAdded a test to validate that it still works the way it should before\nand after the change.\n\nBug: 33258404\nBug: 35196414\nFix: 35129745\nTest: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java\nTest: also manual, instructions:\nTest: (1) Disable software.device_admin from tablet_core_hardware, rebuild.\nTest: (2) Install CA cert. Notification should appear.\nTest: (3) Reboot. Notification should still be there.\nChange-Id: Id992725c1844a2fffbde4d8acaba531e99f853ad\n" }, { "commit": "59ced28f0f722d2517afc65d755ebb388902f76b", "tree": "dd9fd9a52c6558c73222620d96d8021cb429b843", "parents": [ "451911ea3a324a153a30daa42e30987071fc16ed" ], "author": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Mon Jan 30 23:39:12 2017 +0000" }, "committer": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Thu Feb 02 17:53:32 2017 +0000" }, "message": "Add hidden KeyProtection API to specify SID\n\nAllows the caller to specify which SID the given key\nshould be bound to, overriding the default rule of\nbinding to the current root/fingerprint SID.\n\nThis is a prerequsite for introducing synthetic password\nbased authentication flow.\n\nTest: cts-tradefed run cts -m CtsKeystoreTestCases\nBug: 33126414\nChange-Id: Ide03c0f4fd33ecca7a169ea763c3d4d0b173d1dd\n" }, { "commit": "92e8cfd21dbe4800b2ed6f18316b07136af1791f", "tree": "fbd65a82c97973365f9f6cd81e48555895f5af48", "parents": [ "9d3d90a22f0f64af71fb970e9a5ce75ac799fe3e" ], "author": { "name": "Bartosz Fabianowski", "email": "bartfab@google.com", "time": "Mon Jan 23 17:40:47 2017 +0100" }, "committer": { "name": "Bartosz Fabianowski", "email": "bartfab@google.com", "time": "Wed Jan 25 04:47:15 2017 +0100" }, "message": "Add device id attestation\n\nThis adds a new public API for attesting the device\u0027s hardware ids\n(e.g. serial number and IMEI).\n\nBug: 34597337\nTest: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest\n\nChange-Id: I2e9c1b4f8eb24afa4a09c71c137ce33a6b87eb27\n" }, { "commit": "eb30e64f3fac192404a6ae3c162a0770201a7dc2", "tree": "4c788e9a0f0307eaeeec2e1ab1f8c610de97f5a5", "parents": [ "a9da39cb645243e334505cd072488593521ea42c" ], "author": { "name": "Crystal Qin", "email": "crystalyq@google.com", "time": "Tue Jan 03 15:45:23 2017 -0800" }, "committer": { "name": "Crystal Qin", "email": "crystalyq@google.com", "time": "Thu Jan 19 21:02:10 2017 -0800" }, "message": "Add new key purpose Wrap Key to KeyProperties.java and\nKeymasterDefs.java.\n\nTest: There will be a CTS test CL submitted together.\nChange-Id: Ic60c3efc451cd7cbb04689b3d7bf9d607fae6c1f\n" }, { "commit": "7c3b65e9b184c975b77b2c202e0d675a6770bd2d", "tree": "dc6f29eae3147e7361862f106264a83784add22b", "parents": [ "38b17ad26b2e69081637d6a2836ed2f149462c6b" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Nov 22 06:53:02 2016 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Jan 17 05:05:56 2017 -0700" }, "message": "Reject HMAC keys smaller than 64 bits.\n\nTest: CTS test has been updated to verify this.\nChange-Id: I6389d9fa2ff75d08a2223c789e5437190c4b82c6\n" }, { "commit": "dea66146038a28e9c7da2ad04a6119cfd83de2f8", "tree": "e3b8f683d3f5e5722a11b94a96a5a160d945d1c5", "parents": [ "ebd8b62cfe53192c967dc4a9822d5668d3bec8a0" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Wed Nov 16 06:01:06 2016 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Wed Nov 16 06:06:36 2016 -0700" }, "message": "Test for null context in getPrivateKey\n\nIn N, passing a null context to getPrivateKey provoked a\nNullPointerException, which is validated by a CTS test. In commit\n28d68b1 this behavior was changed (inadvertently, I believe) causing\ngetPrivateKey to wrap the NPE in a KeyChainException. This CL restores\nthe previous behavior, fixing the test and avoiding breaking any apps\nthat were catching the NPE.\n\nTest: Fixing broken test\nChange-Id: Icb0c75b03efc478b7310998cf3e7108a2c419107\n" }, { "commit": "0a17db1cc5942ea000ca87bb72853de57a15ec64", "tree": "7a0b51064dc654901bd69857c2f3a14fe8d5871a", "parents": [ "9d710882602a8a0ad661cf10ce2cb421f3255ee2" ], "author": { "name": "Jeff Sharkey", "email": "jsharkey@android.com", "time": "Fri Nov 04 11:23:46 2016 -0600" }, "committer": { "name": "Jeff Sharkey", "email": "jsharkey@android.com", "time": "Mon Nov 07 17:03:37 2016 -0700" }, "message": "Detect non-oneway calls leaving system_server.\n\nTo protect system stability, any Binder calls leaving the\nsystem_server must carefully be performed using FLAG_ONEWAY (or\nthe \u0027oneway\u0027 verb in AIDL) which prevents the call from blocking\nindefinitely on the remote process.\n\nIn this CL, the system_server uses the new Binder.setWarnOnBlocking()\nmethod to enable detection by default for all remote Binder\ninterfaces. It can also use Binder.allowBlocking() to allow\nblocking calls on certain remote interfaces that have been\ndetermined to be safe.\n\nThis CL adds the \u0027oneway\u0027 verb to several interfaces and methods\nwhere it should have been added, and marks a handful of system\nContentProviders as being safe to call into. Also, we assume that\nany services obtained from ServiceManager are part of the core\nOS, and are okay to make blocking calls to.\n\nTest: builds, boots, runs with minimal logs triggered\nBug: 32715088\nChange-Id: Ide476e120cb40436a94b7faf7615c943d691f4c0\n" }, { "commit": "7f99db4e634619144c09f309ed11519e6336b075", "tree": "23d54b88a435880c6992c06c46575ef787e45f46", "parents": [ "1a1c99bdf19056cd05999e13cfb2d520cb3dcb15", "8f75adc624c70dfd597b7fc3aab993a7d5815f4c" ], "author": { "name": "Tucker Sylvestro", "email": "tuckeris@google.com", "time": "Thu Oct 06 16:20:19 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Oct 06 16:20:19 2016 +0000" }, "message": "Add the onDeviceOffBody API method to KeyStore am: b32aae2a46\nam: 8f75adc624\n\nChange-Id: Ib8d7bc19a167999894b90b45e7eb1cadb2a85d24\n" }, { "commit": "8f75adc624c70dfd597b7fc3aab993a7d5815f4c", "tree": "f0254eed5c074f872a47e2a3312596c92efb7c26", "parents": [ "67c1ee6ed40bd6ccf899db32e9977a636e040c65", "b32aae2a46bc3678e11c7f0ca88e01a192829490" ], "author": { "name": "Tucker Sylvestro", "email": "tuckeris@google.com", "time": "Thu Oct 06 16:13:48 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Thu Oct 06 16:13:48 2016 +0000" }, "message": "Add the onDeviceOffBody API method to KeyStore\nam: b32aae2a46\n\nChange-Id: Idbf7f1d505b1d446a3d648dcf1b0f334a629110a\n" }, { "commit": "c8d45456bddec043a1b3db6f047e59f0fee8d562", "tree": "9a86ca440f50dd9661dc6c338385c22e196a1a80", "parents": [ "9fbfa5dcbd0e466a1d472ee64d93ead9f361870d", "f4ac9198497ce3bb10862167772f18ad729f6e24" ], "author": { "name": "Kevin Hufnagle", "email": "khufnagle@google.com", "time": "Tue Sep 27 02:06:09 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Sep 27 02:06:09 2016 +0000" }, "message": "docs: Fixed broken link to Android KeyStore facility am: c0c4ac5e35 am: 507a5c03da\nam: f4ac919849\n\nChange-Id: I20e5abdffd9ac4fd8b4164ef56c1b3bafb58ad2b\n" }, { "commit": "f4ac9198497ce3bb10862167772f18ad729f6e24", "tree": "a6af0e516cf0b5a5aa0ab6c44c4c680c2910fd7f", "parents": [ "723ef5d67c5373fba3dc0a25308024fbdb971a7b", "507a5c03da5dd807f85902e6610c9b13ad75ab90" ], "author": { "name": "Kevin Hufnagle", "email": "khufnagle@google.com", "time": "Mon Sep 26 23:47:39 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Mon Sep 26 23:47:39 2016 +0000" }, "message": "docs: Fixed broken link to Android KeyStore facility am: c0c4ac5e35\nam: 507a5c03da\n\nChange-Id: Iec80ad1c7127efb7e257be0625988ef1b2588b0f\n" }, { "commit": "b32aae2a46bc3678e11c7f0ca88e01a192829490", "tree": "6be59826cbf0cba7ae3acca5bd42e3a6ec84e26a", "parents": [ "1c49ec372b408401ed420431376603927cbcf621" ], "author": { "name": "Tucker Sylvestro", "email": "tuckeris@google.com", "time": "Thu Jun 23 17:23:33 2016 -0400" }, "committer": { "name": "Tucker Sylvestro", "email": "tuckeris@google.com", "time": "Fri Sep 23 15:11:42 2016 -0400" }, "message": "Add the onDeviceOffBody API method to KeyStore\n\nThis is necessary for allowing the KeyStore to lock keys that remain\nauthorized as long as the device is on-body.\n\nBug 28911985\n\nChange-Id: If50bc84d5a1cb23f9b01b1950c3676d1519cc4f5\n" }, { "commit": "c0c4ac5e3533597f6ae9012e1a6417d5a20a3664", "tree": "8626d97d40af3e5bd3b66017247a86c2abb72f2d", "parents": [ "8279621b829c656b3e2b1c9fbd14822646cab410" ], "author": { "name": "Kevin Hufnagle", "email": "khufnagle@google.com", "time": "Mon Sep 19 11:31:08 2016 -0700" }, "committer": { "name": "Kevin Hufnagle", "email": "khufnagle@google.com", "time": "Mon Sep 19 11:31:08 2016 -0700" }, "message": "docs: Fixed broken link to Android KeyStore facility\n\nBug: 13663279\nChange-Id: I859b3c9a35f9e6c63cb0c29260f4aa1aa33ab15c\n" }, { "commit": "8910bf2ca0a10d13f6b63301f157567ccefc36eb", "tree": "9892f9bf3ae12f5aa51425cb0fc4a56c8be5faf5", "parents": [ "4bb1cc1facc95aa89059c5aa42cf4227f4b3cc9b", "f38514ccd666be39410bfff734ef6318979c3f05" ], "author": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Tue Aug 23 22:29:15 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Aug 23 22:29:15 2016 +0000" }, "message": "Merge \"Handle null packageName in PendingIntentRecord\" into nyc-mr1-dev am: 6acd5e7361 am: 2f6eecbed0\nam: f38514ccd6\n\nChange-Id: I1071a92b4ff74a57bf94c9b6aad9df4fb3852072\n" }, { "commit": "c378aabddad75b0c3a2e18afe0c8a649e864dc93", "tree": "89e9d6bc48e04dd47d866a9c89e4b0b732a62e18", "parents": [ "2f6eecbed00c9bd91ead475626bebb089355e37e", "da23618043667e9cee680688b7413f65b400516e" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Aug 23 16:09:41 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Aug 23 16:09:41 2016 +0000" }, "message": "Documentation warning against short-lived Contexts\nam: da23618043\n\nChange-Id: Ie6e4c05d8d9a273f0f529c2be79f3df4a856fedb\n" }, { "commit": "4f7d56a7061ac5513b2d4373180fbb6b519ed65e", "tree": "b23cc92526602aee92fd12eb602075eae0d39dfc", "parents": [ "901ec3d0531df6c85770682b371dcca11dd762e8", "f04a663d6a06404d000274d551f5e43fca02d88b" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Aug 23 16:06:39 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Aug 23 16:06:39 2016 +0000" }, "message": "Force application context for KeyChain bindings\nam: f04a663d6a\n\nChange-Id: I16c31a9c31527a79addbd2b44003f8fe56cb652f\n" }, { "commit": "da23618043667e9cee680688b7413f65b400516e", "tree": "fb234ca3e4f157ba5d46e4b73dd36ba445fadd09", "parents": [ "ab6e7c3502e191abb956f9f17959b627e230b0db" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Fri Aug 12 12:46:28 2016 +0100" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Aug 23 12:47:54 2016 +0000" }, "message": "Documentation warning against short-lived Contexts\n\nIt\u0027s better to use an Application Context rather than hoping the\nactivity won\u0027t be destroyed in another thread (because it will).\n\nChange-Id: I9bf842d0d7dbedcc509a4a314d23a9a6cfca4d48\nFix: 29873669\n" }, { "commit": "e5d71c4cfa21652c21698ba3584fca11c4a75e65", "tree": "9f6a0e8a585a15bba8605cb4f1c9f7663445cbcc", "parents": [ "6715c6abbd1e994b6a08948907dab17b5bd2beb8", "9e8b4ad9c90f30f8f1d2d57484feca851b439d65" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Aug 09 19:38:00 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Aug 09 19:38:00 2016 +0000" }, "message": "Fix @link tags in keystore doc am: 3f0526ea09\nam: 9e8b4ad9c9\n\nChange-Id: Iadb16bd13d4bb525805dd0266aea046c4c472309\n" }, { "commit": "3f0526ea095a880d5ee1e5e55fd2712ff6ffbecc", "tree": "f0311b51db323e3820c4cb95708d6807f5d084ae", "parents": [ "997ccdc071c9fe45af972827ca61e4cdf426f9e5" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Jul 21 10:02:16 2016 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Aug 02 16:45:06 2016 +0000" }, "message": "Fix @link tags in keystore doc\n\nBug: 30258412\nChange-Id: I370a53ebad29ff0471e4b7776cd76b2530efe760\n(cherry picked from commit 9739d48a2101e49b0936096d69c29006f9acdeb5)\n" }, { "commit": "1c23ed9601d4b93c2d56243e40ba2e51d3f917b5", "tree": "e07d5ba932326b83045cc11d356b8d0a930f8819", "parents": [ "37f0905daf1f800a747af10f4322c2e63f53dc61", "9739d48a2101e49b0936096d69c29006f9acdeb5" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Aug 01 23:49:52 2016 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Aug 01 23:49:53 2016 +0000" }, "message": "Merge \"Fix @link tags in keystore doc\"" }, { "commit": "28d68b14566f1f7f5ceb7cff2b1b31212f83ed1e", "tree": "f8b4155c6b9da174ba0b684f5cfb64e6ea684471", "parents": [ "e828bb26b4e50b10efe6c7d64309e7d0c72e0d66" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Fri Jul 22 16:32:32 2016 +0100" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Wed Jul 27 11:11:13 2016 +0100" }, "message": "Unbind from KeyChainService before RPCing to keystore\n\nThis leaves the binder connection open for far too long, which keeps\nthe keychain app alive longer than necessary.\n\nBug: 29873669\nChange-Id: I037c2b91400202ba6a474819867df16b6342ec0d\n" }, { "commit": "bea9e036f546f34c2066d3aaa9e8173a2720ab99", "tree": "66672e5f43aec7c8cae845c792cacefcd503c3be", "parents": [ "12dfccc8c333b09b76464a7c1d260ef4132807a4", "dbf01c12d0b9f3fe3b3262529a97e4fe294f5eb8" ], "author": { "name": "TreeHugger Robot", "email": "treehugger-gerrit@google.com", "time": "Mon Jul 25 23:08:56 2016 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Jul 25 23:08:57 2016 +0000" }, "message": "Merge \"Fix incorrect @link in ACTION_STORAGE_CHANGED comment\"" }, { "commit": "dbf01c12d0b9f3fe3b3262529a97e4fe294f5eb8", "tree": "fe1901e3dd5450a2ee51d41681eb691db5de1e1d", "parents": [ "23f440d30f2a77e3df54a82674979106e136be6f" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Mon Jul 25 14:54:39 2016 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Mon Jul 25 14:54:39 2016 -0700" }, "message": "Fix incorrect @link in ACTION_STORAGE_CHANGED comment\n\nChange-Id: Ibfca8651a55e32e9caed96b04e5a40dc6ebc3019\n" }, { "commit": "f04a663d6a06404d000274d551f5e43fca02d88b", "tree": "018a43b51fd3953e2a1ca2310409cc2176eb6589", "parents": [ "dd756c26e2a081365e9a57685419cdb6526c8a8a" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Jul 25 16:09:22 2016 +0100" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Jul 25 17:35:12 2016 +0000" }, "message": "Force application context for KeyChain bindings\n\nBug: 29873669\nChange-Id: I68c11ab19a169498045bbc23bc8fe6a2f46be031\n(cherry picked from commit 43e235c0d55fce8ff845c0249a414a1b2daa5b10)\n" }, { "commit": "43e235c0d55fce8ff845c0249a414a1b2daa5b10", "tree": "707fb5c6f57652d2e44f5f1f746880ff764b3b35", "parents": [ "840212616aede950ca3f3bd0c9d4f6e0a644939a" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Jul 25 16:09:22 2016 +0100" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Jul 25 16:09:22 2016 +0100" }, "message": "Force application context for KeyChain bindings\n\nBug: 29873669\nChange-Id: I68c11ab19a169498045bbc23bc8fe6a2f46be031\n" }, { "commit": "9739d48a2101e49b0936096d69c29006f9acdeb5", "tree": "c5f47940deb8b2e33e9b926d298f08be571c841f", "parents": [ "49f187249d8c14e89c7389827b6e0c46e28bd2a9" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Jul 21 10:02:16 2016 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Jul 21 10:11:09 2016 -0600" }, "message": "Fix @link tags in keystore doc\n\nBug: 30258412\nChange-Id: I370a53ebad29ff0471e4b7776cd76b2530efe760\n" }, { "commit": "cde8c47be613ce78b2282afbc3e94da418072447", "tree": "d58ec43c5bd54b6bf0b2ca14a71c7e800f58d687", "parents": [ "f7de5eeeac88441df5782736fafe0a4c6c063e7f", "4beff1fc13762bed8181ed967b2dfee83da04c47" ], "author": { "name": "ewol", "email": "ewol@google.com", "time": "Tue Jul 19 18:01:29 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Jul 19 18:01:29 2016 +0000" }, "message": "Merge \\\\\"Fix a broken case of AndroidKeyStoreProvider error logging\\\\\" into nyc-mr1-dev am: 45b8216d33\nam: 4beff1fc13\n\nChange-Id: I0e547655e9a10572be341db50976c66ae493d021\n" }, { "commit": "292d291fa774de46f07573016ff457e86cf749e2", "tree": "a0af99e7104a9933c6397aab0d5543455bd49cd9", "parents": [ "a0967ebbdf8a846c85381f0849c3475eebba6701" ], "author": { "name": "Erik Wolsheimer", "email": "ewol@google.com", "time": "Fri Jul 15 11:18:29 2016 -0700" }, "committer": { "name": "Erik Wolsheimer", "email": "ewol@google.com", "time": "Fri Jul 15 11:22:25 2016 -0700" }, "message": "Fix a broken case of AndroidKeyStoreProvider error logging\n\nBUG: 30117950\nChange-Id: Ib9985493a08d721021d777e0e4a4d67511f190a5\n" }, { "commit": "721afae8f1deb2e064d0f973ec3304a07b3e9739", "tree": "7c14c7b2002d64c8db9cb0362641af501b79f886", "parents": [ "ec6f6c863f7ad42506debc138c19926b58aed79b" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Jul 08 11:06:09 2016 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Jul 08 11:06:09 2016 -0700" }, "message": "Mention target API limits for ACTION_STORAGE_CHANGED\n\nBug: 28450538\nChange-Id: I9c69f9d0bdda5b69aec2dc3014a612d84082dc64\n" }, { "commit": "4de59ef3238c4bf4b8c994b83be2c703ffad2a5b", "tree": "4a66736e782345c88a1d516e5b434852900c2fb9", "parents": [ "b657b9b7febd38e309bef943dcfc55dbb7b30c2c" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Mon May 02 13:17:31 2016 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu Jun 30 09:23:15 2016 -0700" }, "message": "Deprecate ACTION_STORAGE_CHANGED\n\nACTION_STORAGE_CHANGED is too noisy and fires on too many events. It has\nbeen split into ACTION_KEYCHAIN_CHANGED for\naddition/modification/removal of user certificates and keys,\nACTION_TRUST_STORE_CHANGED for changes the the user added and system CA\nstores on the device and ACTION_KEY_ACCESS_CHANGED for changes to key\ngrants.\n\nACTION_STORAGE_CHANGED will only be sent to applications targeting N\nand below. Applications targeting future releases should use the new\nbroadcasts.\n\nBug:28450538\nChange-Id: I34ff838e9858db65f7308ca2b0f7d652c48fae17\n" }, { "commit": "d04aaa323c3a788d26f18fc66e0a59b47e525b38", "tree": "e514dff2a79b0c0ed41022bc2c006040ecb0f79d", "parents": [ "d5f7bf8032da639ee0286a6d121503fa2dfc4a4c" ], "author": { "name": "Amith Yamasani", "email": "yamasani@google.com", "time": "Mon Jun 13 12:09:36 2016 -0700" }, "committer": { "name": "Amith Yamasani", "email": "yamasani@google.com", "time": "Wed Jun 15 11:32:16 2016 -0700" }, "message": "More thorough cleansing of expired users\n\nIf any /data/system_[c|d]e folders were not erased\nwhen the user was removed (maybe due to a reboot),\nmake sure they\u0027re cleaned up on restart as well\nas when the userId is recycled later.\n\nMark the users\u0027 system folders with the correct\nserial number for later verification.\n\nAccountManager shouldn\u0027t be querying accounts of\npartially created/destroyed users.\n\nChange-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb\nFixes: 29285673\n" }, { "commit": "26e8d553e52055955db83061c5799ba4439ebe1b", "tree": "9897e80f04565b6c6edf91f5783183d74cfdaec1", "parents": [ "5e018c04a6d1018b214fb4a727ca3182768301f2" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Jun 14 17:27:10 2016 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Jun 14 17:29:54 2016 -0600" }, "message": "Update semantics of on-body Keystore API.\n\nArchitectural changes from the Wear team have required changes to the\nsemantics of the Keystore on-body feature. Although no devices will\nactually implement this feature until the release of new Wear devices\nwith the necessary sensors, we need to get the API documentation right\nnow.\n\nBug: 29369151\nChange-Id: I857e00928f994a1337313123eae7e00534c53c3c\n" }, { "commit": "5e018c04a6d1018b214fb4a727ca3182768301f2", "tree": "6c7a2267632f185d030e011c159777b7eaa6bc60", "parents": [ "166b0abf13af62ba577b898d4c5ad806f691604a" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Jun 14 16:59:14 2016 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Jun 14 17:00:25 2016 -0600" }, "message": "Unbreak Javadoc on getAttestationChallenge()\n\nBug: 28844154\nChange-Id: I8402a39f366291cd2b5d646536cd2c2bab8556d2\n" }, { "commit": "682c24e22811d4ee17ae1cd61bf255c3f7e722b7", "tree": "14ae11892022b653871ede366b09277254704f5a", "parents": [ "65136ac6a4f6fb2423a0768b451782dcd0e960d5" ], "author": { "name": "Trevor Johns", "email": "trevorjohns@google.com", "time": "Tue Apr 12 10:13:47 2016 -0700" }, "committer": { "name": "Trevor Johns", "email": "trevorjohns@google.com", "time": "Tue Apr 19 02:03:59 2016 -0700" }, "message": "Resolve merge conflicts of a5060ee to nyc-dev\n\nThis undoes the automerger skip which occured in\ncommit e740c84dc32180214a7fd157105d6c18d30408ee and\nreplays it as a standard (NOT -s ours) merge.\n\nChange-Id: If5a47be26f73d6a0735c425cd66310a3e2a89086\n" }, { "commit": "b43659170824dd8d753d9249fe6ccfd37c6221ae", "tree": "c9b45209e1828431ae5cbe3043fb6b522db65a24", "parents": [ "6b69b122025631290380f4350f7bd0074bad10dd" ], "author": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Wed Mar 23 12:13:22 2016 +0000" }, "committer": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Wed Mar 30 11:57:58 2016 +0100" }, "message": "Add DevicePolicyManager API to install a client cert chain.\n\nWhen installing a keypair the caller will have the option to specify a\ncertificate chain which will later be returned to whoever requests access\nto the keypair via KeyChain.\n\nBug: 18239590\nChange-Id: Id21ef026e31537db38d891cb9b712dd4fe7159c7\n" }, { "commit": "f78cae3cb4278ba69d5e2de0f2887836d726b412", "tree": "db1e562960c2d842767ad24bdfb1ab5767059b8a", "parents": [ "c1a72b6b74c08b0b304998838d1e792884a6354c" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Mar 23 08:52:25 2016 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Mar 23 14:29:33 2016 -0700" }, "message": "Use canonical name for SHA1withECDSA\n\nThe Standard Names documentation says that \"ECDSA\" should not be used\ndue to its ambiguity. Bouncycastle has switched from \"ECDSA\" to\n\"SHA1withECDSA\" so therefore we should switch this \"workaround\" Provider\nto use the same name to keep it functioning correctly.\n\n(cherry picked from commit 8a6c191094b3d1f74dbb71a7f262496377596ba8)\n\nBug: 27753949\nChange-Id: I5acfca9d89c85bf005902a2f06cb5d7b1ef9dff2\n" }, { "commit": "7854d58392738338a71506ceb81dad2b5a4656e7", "tree": "62732b1866c87412f996172de8fefd6c38ef85b6", "parents": [ "1ca7c808447737fb38330a013dae5ab21deea9b9", "21bcbc54dd6b1f029f4973bef27c20e55d057432" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Thu Mar 03 19:11:35 2016 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Mar 03 19:11:37 2016 +0000" }, "message": "Merge \"Guard against null component when binding KeyChain\" into nyc-dev" }, { "commit": "21bcbc54dd6b1f029f4973bef27c20e55d057432", "tree": "c72ebd2bd73bd8f895604d010e4f3ddd254bd4d6", "parents": [ "42d8b7d7abe4ecab049e020c3836dae97660dd4d" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Feb 29 18:55:35 2016 +0000" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Thu Mar 03 18:57:32 2016 +0000" }, "message": "Guard against null component when binding KeyChain\n\nIf keychain is removed from a device, there will be no sensible\nresolution and client apps will bind to whatever is available.\n\nDoesn\u0027t affect system apps which are forcibly prevented from wildcard\nbinding.\n\nBug: 27475655\nChange-Id: Ide1aab3778e12f0b9a96662deb297a76d2f4997f\n" }, { "commit": "e4487ea288e9fea837995d9bc4608c8a4a253ec8", "tree": "dca512b8025bfdc8d858ceec8964ebb040b34055", "parents": [ "42d8b7d7abe4ecab049e020c3836dae97660dd4d" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Feb 29 17:43:54 2016 +0000" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Mar 01 18:56:14 2016 +0000" }, "message": "More sensible return code for Credentials.deleteAll\n\nWas: result \u003d True iff nDeleted !\u003d 0\nNow: result \u003d True iff nDeleted \u003d\u003d nExisted\n\nThe most common reason you\u0027d want to delete all credentials under an\nalias is to be sure they no longer exist. The new contract gives a\nway to do this without multiple IPCs to the same service.\n\nBug: 27335182\nChange-Id: I8762b9b4fcc48037387dd805dbd0dbbe141d5b24\n" }, { "commit": "c38eae5229a820966008ae1885af90cd27c265e7", "tree": "ed92f88bf2ce4e330e16805ae9f31105c760229f", "parents": [ "f5725e6501f1d326e2b7ab3e9cee5ef4058858df" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Mon Feb 22 23:28:34 2016 +0000" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Mon Feb 22 20:38:00 2016 -0700" }, "message": "Revert \"Revert \"Add option to allow key validity after fingerprint enrollment.\"\"\n\nThis reverts commit 512c132f49fc6e8e4fc119f4cf167d33b2393509.\n\nChange-Id: Iac381dfebcfe42f0468569eb2395ebeb97a95887\n" }, { "commit": "512c132f49fc6e8e4fc119f4cf167d33b2393509", "tree": "cca39e8c48ecd981704b010f60e0f1ded698920e", "parents": [ "ada0fc1b05902b11401094b15480377d1b6c5a35" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Mon Feb 22 22:59:34 2016 +0000" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Mon Feb 22 22:59:34 2016 +0000" }, "message": "Revert \"Add option to allow key validity after fingerprint enrollment.\"\n\nThis reverts commit ada0fc1b05902b11401094b15480377d1b6c5a35.\n\nChange-Id: I934b6e6af49ab680af726c544f0193dfcb80054e\n" }, { "commit": "ada0fc1b05902b11401094b15480377d1b6c5a35", "tree": "52dd4df1415d51b57ae6f57fb7edbb1a2d92f41d", "parents": [ "0f900c02d9aafa9a98ff39ea7d661c1cdfbddcdb" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Fri Jan 29 08:32:07 2016 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Feb 18 15:13:50 2016 -0700" }, "message": "Add option to allow key validity after fingerprint enrollment.\n\nBug: 21563854\nChange-Id: I4f601e59fbfcd601e6a80ddcbc7b83ced6cc18c8\n" }, { "commit": "adef49640d6339e6b4a6ad736c5815e35d9b8803", "tree": "d81f38b7d0964e32e9c94b3ded4c57c01712adbd", "parents": [ "4dbf436cacf3278d607d4692a8596f35771b8567" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Fri Jan 29 07:07:16 2016 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Feb 18 05:50:21 2016 -0700" }, "message": "Add support for extending key validity while on body.\n\nBug: 21563854\nChange-Id: I3b622d2af77ec4ac3ba42407fc391112c153ef0f\n" }, { "commit": "8d8c7477746c357d54f586fc92e8d422a4fc6441", "tree": "4f045715493d846d7b08b393c13fee3c312fa689", "parents": [ "d1bbdeb86e5b6b83465440947dffc89de46a3f93" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Feb 02 08:27:39 2016 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Mon Feb 08 19:29:54 2016 +0000" }, "message": "Add attestation API to Android KeyStore.\n\nBug: 22914603\nChange-Id: I7c6162dc7a390aa48a2542494780959b01c23bd4\n" }, { "commit": "bd0d4265bb1d4a136874f9212cf26f819c5c6b20", "tree": "0ac270b48d374aae09ef82ec5bee1657bf3ae28f", "parents": [ "e35bde5291ed986dfe4d202a600a19154dae04ed", "b21416e2875973706d8b922428225194d9625875" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Fri Feb 05 22:37:31 2016 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Fri Feb 05 22:37:31 2016 +0000" }, "message": "Merge \"Fix typo in KeyInfo Javadoc.\" am: e8fbc20e12\nam: b21416e287\n\n* commit \u0027b21416e2875973706d8b922428225194d9625875\u0027:\n Fix typo in KeyInfo Javadoc.\n" }, { "commit": "d9dded5a46bb26f621d9da9334dd982217645e93", "tree": "77bd465a9e85a6e6815115ddb912d5da9e9e1bc7", "parents": [ "31312ecfd2b701c6b9fdc34156e8a12df3022c25" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Fri Feb 05 14:18:19 2016 -0800" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Fri Feb 05 14:18:19 2016 -0800" }, "message": "Fix typo in KeyInfo Javadoc.\n\nChange-Id: I801005a93aee71b93b3d6cf3f7c38361493ff203\n" }, { "commit": "9498e8a8d2deb7b0a2e964d5d3c5d3b8747610e9", "tree": "698b310de6f10eda346e1700444dabc5dfda4d88", "parents": [ "9e892f53dd489c824b6a39c45028f838123daa85" ], "author": { "name": "Neil Fuller", "email": "nfuller@google.com", "time": "Mon Nov 30 09:51:33 2015 +0000" }, "committer": { "name": "Neil Fuller", "email": "nfuller@google.com", "time": "Fri Jan 15 16:14:57 2016 +0000" }, "message": "Fix @code escapes\n\nThe body of {@code} must not be HTML escaped. This is one of\nseveral changes that fix the source in conjunction with a\ndoclava fix.\n\nBug: 25757239\n(cherry-picked from commit 71fbb81b14958b80fe55738607740c6630e4e9da)\n\nChange-Id: I19dafddc6501be6fee362c396ac5bbdc934ae39d\n" }, { "commit": "3a435f03906778677b846baa7ebedadd3119e892", "tree": "807910c15ddf77dccd9bc713112725169284833a", "parents": [ "026688070c8002911dc0a8f1fb487bf5bfed52d4" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Dec 21 12:06:04 2015 +0000" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Dec 21 12:09:20 2015 +0000" }, "message": "Return null on getPrivateKey failure not exception\n\nAccording to documentation:\n\nReturns the {@code PrivateKey} for the requested alias, or null if\nthere is no result.\n\n@throws KeyChainException if the alias was valid but there was some\nproblem accessing it.\n\n@throws IllegalStateException if called from the main thread.\n\nIn this case the alias doesn\u0027t exist or isn\u0027t visible to the caller so\nthey should get null back instead of KeyChainException.\n\nChange-Id: Ied5603ac6aefbcef79050f24c2aa7ee8f386be0b\n" }, { "commit": "fbc65644b9bda216699f5f1f883d6dfa2668e545", "tree": "cdbcaef4248f442402dcc74faebc4ab2b8c91cc9", "parents": [ "f12288bda135ddf66073adce45e92ea8cc5d7450" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Mon Aug 03 16:21:22 2015 +0100" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Dec 08 16:40:56 2015 +0000" }, "message": "DevicePolicy API to remove an installed KeyPair\n\nThe keypair is specified by alias and removed via a call to the\nKeyChainService, which will have installed the pair in the first place.\n\nBug: 22541933\nChange-Id: I37317e7c22e89816156e6e9a7abf4c5a59e8440a\n" }, { "commit": "71fbb81b14958b80fe55738607740c6630e4e9da", "tree": "1f1be8961057d82b54b99637b8e6b423ff621575", "parents": [ "355a74f2842b44b0ae07c5f982c50761d47d9ca0" ], "author": { "name": "Neil Fuller", "email": "nfuller@google.com", "time": "Mon Nov 30 09:51:33 2015 +0000" }, "committer": { "name": "Neil Fuller", "email": "nfuller@google.com", "time": "Wed Dec 02 14:24:11 2015 +0000" }, "message": "Fix @code escapes\n\nThe body of {@code} must not be HTML escaped. This is one of\nseveral changes that fix the source in conjunction with a\ndoclava fix.\n\nBug: 25757239\nChange-Id: Ib38a0fa2dd2a3d68e467f78a812071e763d7e881\n" }, { "commit": "7b0b9a1351df7fdcd9ea5d72fe5041186e3789fc", "tree": "d1c2c78464623ac5ab0ceb40e5af74d306de3a1d", "parents": [ "fe341d43509e53d5fee56743c2b02e3e5337e4aa", "0540e1b127e03ecc97c32719ac79769d69c16aec" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Nov 25 19:23:55 2015 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Wed Nov 25 19:23:55 2015 +0000" }, "message": "Merge \"Custom engineUpdate/engineDoFinal(ByteBuffer, ByteBuffer).\" am: e766e399c5 am: 4bc1904119\nam: 0540e1b127\n\n* commit \u00270540e1b127e03ecc97c32719ac79769d69c16aec\u0027:\n Custom engineUpdate/engineDoFinal(ByteBuffer, ByteBuffer).\n" }, { "commit": "d976c5a4ee0d093592a93ada6e5118dec6892e9b", "tree": "f78d7de5352cdd2f3fae5e5d1242484e156cbef9", "parents": [ "9a83f115ade900a816f0fa2beae2cdd6f54bfc54" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Nov 24 17:22:27 2015 -0800" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Nov 24 17:22:27 2015 -0800" }, "message": "Custom engineUpdate/engineDoFinal(ByteBuffer, ByteBuffer).\n\nThis makes Android Keystore\u0027s Cipher implementation use a custom\nimplementation of engineUpdate(ByteBuffer, ByteBuffer) and\nengineDoFinal(ByteBuffer, ByteBuffer). The implementation is\nexplicitly designed around the fact that Android Keystore transmits\ninput and receives output via Binder and thus there\u0027s no need to\nattempt any optimizations to avoid copying input and output.\n\nBug: 25863382\nChange-Id: I311072891f02f5e7a283628b51b8d6058b55231c\n" }, { "commit": "8f49178b8fe5c0c9d1594052b39d7f24c966cf7d", "tree": "5ae94d6e4186efcaf67e198d8813d1a180960ea6", "parents": [ "39d554b7aab31bd772ffa2a17fa4212b7fb60f7a", "00245ffce4d08fbb6aeaeba62b8a30ce234862fa" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Nov 17 23:14:38 2015 +0000" }, "committer": { "name": "android-build-merger", "email": "android-build-merger@google.com", "time": "Tue Nov 17 23:14:38 2015 +0000" }, "message": "Merge \"Insert Android Keystore JCA Provider at the correct position.\" am: 887d348d7e am: 5995579f5f\nam: 00245ffce4\n\n* commit \u002700245ffce4d08fbb6aeaeba62b8a30ce234862fa\u0027:\n Insert Android Keystore JCA Provider at the correct position.\n" }, { "commit": "8e028e6507ac3e112a3503aaf500eb07f69026bf", "tree": "07850a9e16a3e1c2de615015bdbf5166356748e2", "parents": [ "3c54ed00f390e0ce9c555eb517594628b362705f" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Fri Nov 13 17:36:45 2015 -0800" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Nov 16 10:11:50 2015 -0800" }, "message": "Insert Android Keystore JCA Provider at the correct position.\n\nSecurity.insertProviderAt uses 1-based positions whereas the\nAndroidKeyStoreProvider.install code was incorrectly passing in\n0-based positions, thus installing the AndroidKeyStoreBCWorkaround\nprovider one level higher than intended. This change fixes the issue\nin AndroidKeyStoreProvider.\n\nBug: 25399691\nChange-Id: I4a66bf37c0d151edb9a2349db9d91939064c0574\n" }, { "commit": "2cea8d4b7b15888d80d89cc04fb6d109e1e812dd", "tree": "04b01b411958a10afeb35dbd65337f4e1af78933", "parents": [ "733ca8ac78e7e6d24fe6f23f1d5a66a6d18c741a", "5bbf04803f050296a6deab10a3c7104743c4e38c" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Sep 10 22:37:50 2015 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Sep 10 22:37:50 2015 +0000" }, "message": "Merge \"Allow uid to be passed for more operations\"" }, { "commit": "3876b1be27e3aefde9a72eb2e4f856e94fc5f946", "tree": "5783b18f074f1971a83a615ef805f5483f6cfb90", "parents": [ "435acfc88917e3535462ea520b01d0868266acd2" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Sep 09 14:55:03 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Sep 10 15:35:06 2015 -0700" }, "message": "Support cross-UID access from AndroidKeyStore.\n\nThis is meant for exposing the pre-existing cross-UID access to keys\nbacked by the keystore service via higher-level JCA API. For example,\nthis lets system_server use Wi-Fi or VPN UID keys via JCA API.\n\nTo obtain a JCA AndroidKeyStore KeyStore for another UID, use the\nhidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).\n\nTo generate a key owned by another UID, invoke setUid(uid) on\nKeyGenParameterSpec.Builder.\n\nThis CL does not change the security policy, such as which UID can\naccess/modify which UIDs\u0027 keys. The policy is that only certain system\nUIDs are permitted to access keys of certain other system UIDs.\n\nBug: 23978113\nChange-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de\n" }, { "commit": "5bbf04803f050296a6deab10a3c7104743c4e38c", "tree": "b8671ab0d8c5cd02e2db75c38861c70e0a9a692e", "parents": [ "20a17f4a1f0ea06bc5215a6f04f983a8cf23be18" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Wed Sep 09 14:53:52 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu Sep 10 15:34:11 2015 -0700" }, "message": "Allow uid to be passed for more operations\n\nThis expands get, getmtime, exportKey, getKeyCharacteristcs and begin to\naccept a uid to run as. This is only for system to use keys owned by\nWifi and VPN, and not something that can be used to do operations as\nanother arbitrary application.\n\nBug: 23978113\nChange-Id: I06aa089859edc934a5415e3b184b917d6d171ae2\n" }, { "commit": "72245d7909763dd1ed4cf4082aa1042e0ea61f4d", "tree": "e5c5d1eec29b46e3d603f5d0f986843cddb60d58", "parents": [ "4dbb37ae95bdf60d230777c6a5e8d53b932e9d40" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Aug 11 06:41:13 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Aug 11 11:36:09 2015 -0700" }, "message": "Add more examples of generating/importing keys to Javadocs.\n\nBased on developer feedback, this updates Android Keystore Javadocs\nwith more examples of generating and importing keys of various\nalgorithms. This also clarifies that key use authorizations apply to\nsecret and private key and do no apply to public keys.\n\nBug: 23102874\nChange-Id: If0dc20fda4836fd23b9cd9c92490a04e71b19fc0\n" }, { "commit": "75e51ec0b14e9c5363ad86a69fd7a764290a5cfb", "tree": "b1d18feb041f43d16b00a478b99c38cf54932a7d", "parents": [ "730c0f6591b1c99699e9d0ecf36d696f7d87629f", "3ab1f04004c417397bfac8f061dc187b7b66109d" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Jul 30 19:57:22 2015 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Jul 30 19:57:22 2015 +0000" }, "message": "Merge \"Raw RSA Cipher relies on keymaster for padding and range checks.\" into mnc-dev" }, { "commit": "e4928a2912297751108c7045ce3343ec63edcc01", "tree": "abd65971cc8d06e43eebc57bf70232b45c30ea72", "parents": [ "350662197542d406df58aa65afddc9e23f9309d3" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Jul 21 13:38:48 2015 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Jul 28 13:00:56 2015 -0600" }, "message": "Keymaster digest/padding NONE no longer means ANY.\n\nThis adjusts the public API documentation to no longer say that\ndigest/padding NONE means any digest/padding. This also changes the\nimplementation of legacy key generation and import to explicitly\nlist which digests/paddings the generated/imported key is authorized\nfor. Previously, such keys were simply authorized for digest NONE and\npadding NONE.\n\nBug: 22556114\nChange-Id: Id02d9450a07de16ccb795b76b6de0006dd49dcca\n" }, { "commit": "3ab1f04004c417397bfac8f061dc187b7b66109d", "tree": "a917f7df99f577caf3a2908a105e21561c141bf0", "parents": [ "ada70be897fb7541129f1ab1f6faa94a80fca986" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jul 20 09:01:34 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jul 22 13:16:04 2015 -0700" }, "message": "Raw RSA Cipher relies on keymaster for padding and range checks.\n\nThis makes Android Keystore\u0027s RSA/ECB/NoPadding Cipher implementation\nrely on the underlying keystore/keymaster to left-pad the input (if\nnecessary) and to reject invalid input. Prior to this change the\nCipher implementation attempted to do it itself, but wasn\u0027t doing it\nright anyway.\n\nThis fixes a regression where Android Keystore\u0027s raw RSA Cipher\n(\"RSA/ECB/NoPadding\") refused to encrypt plaintexts of the same length\n(in bytes) as RSA modulus which were nevertheless numerically smaller\nthan the RSA modulus.\n\nBug: 22599805\nChange-Id: I591a8115a574eaf8f6075f29b50d93a87532c5eb\n" }, { "commit": "ada70be897fb7541129f1ab1f6faa94a80fca986", "tree": "4686db46b90b94925b7d73643a0616b0bba5354f", "parents": [ "ff21279e2cbe0bdd9c41350b7a204cabf9370377", "a95550f8016bbb0dba086dbd73eec63e6cdbbe98" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jul 22 15:24:27 2015 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Jul 22 15:24:27 2015 +0000" }, "message": "Merge \"Add KM_MIN_MAC_LENGTH tag to HMAC and AES-GCM keys.\" into mnc-dev" }, { "commit": "5d586dd585a6663290b68abce433a75b5760fc5d", "tree": "0bff9f52339afa0a937210feace90ec2556c0946", "parents": [ "23e19066de2caf1db1fa0759ac49a1118b59f7a5", "53d544a4b9964166f90f34b46f3866cafefb84e7" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Jul 21 19:50:47 2015 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Jul 21 19:50:50 2015 +0000" }, "message": "Merge \"KM module may consume less input than provided by finish time.\" into mnc-dev" }, { "commit": "a95550f8016bbb0dba086dbd73eec63e6cdbbe98", "tree": "e6912c5fdb0fc66d6a5fc7fe48d3e8c640270877", "parents": [ "f7592b234acde62f0f0a93dad77284f12ca9980a" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Jul 16 16:32:23 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Jul 16 16:52:51 2015 -0700" }, "message": "Add KM_MIN_MAC_LENGTH tag to HMAC and AES-GCM keys.\n\nThis makes Android Keystore add the KM_MIN_MAC_LENGTH tag to generated\nand imported HMAC and AES-GCM keys. This tag specifies the minimum\nlength of the MAC/authentication tag authorized to be used for the\nkey.\n\nFor HMAC keys the minimum MAC length is set to the length of the\ndigest associated with the key (HMAC keys are authorized for exactly\none digest). For AES keys the minimum authetication tag length is set\nto 96 bit. This is the minimum supported by Android Keystore\u0027s AES-GCM\nimplementation.\n\nBug: 22337277\nChange-Id: Ic6e47cf084734d1592788dc58088889f7fff74eb\n" }, { "commit": "53d544a4b9964166f90f34b46f3866cafefb84e7", "tree": "31072f3652496e693cc4791e49c4cdb713f8ba97", "parents": [ "b09b84cafde5ac31f5ef5c79f7a78db540824471" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jul 15 17:15:08 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Jul 16 14:18:49 2015 -0700" }, "message": "KM module may consume less input than provided by finish time.\n\nKeymaster1 HAL permits the implementation of \"update\" operation to\nleave some input unconsumed by the time \"finish\" operation neeeds to\nbe invoked. This needs to be treated as \"invalid input\" error rather\nthan a \"can\u0027t happen\" exception.\n\nThis CL was confirmed to fix the issue by the vendor who encountered\nthe issue.\n\nBug: 22512100\nChange-Id: Ibb1a37d58f650d03605612559a154ce2416d147c\n" }, { "commit": "c58153b2d7418f44f2b0e397478be808e91decef", "tree": "281c3d80d1265fa344fffe460d4e45509fba0e3e", "parents": [ "532737df65330200dc55ae42d31140d19c4024be" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jul 08 09:31:23 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Jul 16 09:59:51 2015 -0700" }, "message": "HMAC keys are authorized for exactly one digest.\n\nThis is in preparation for enforcing the minimum length of MACs\nwhich in the case of HMAC keys generated or imported by Android\nKeystore will be set to the length of the digest for which the\nkey is authorized.\n\nBug: 22337277\nChange-Id: I0255d5ba184dabfb6b45d8f32ddadeb84ab7fc19\n" }, { "commit": "6f2eb6d7a642b842976f5eeac2733b6f7e128711", "tree": "5c9185214b6bd76b2461911be4e5d13c6fb83b87", "parents": [ "c021aaaf6bd085d7332a33232e8118bab50ecc1f" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jul 13 15:26:17 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jul 13 15:26:17 2015 -0700" }, "message": "Fix Android Keystore key factories to obey JCA contract.\n\nAndroid Keystore provider\u0027s KeyFactory and SecretKeyFactory\nimplementations were throwing UnsupportedOperationException instead of\nInvalidKeyException/InvalidKeySpecException from their\ntranslateKey/generateKey methods.\n\nBug: 22459811\nChange-Id: I6d5a5dc1bed724e858ad324d558b7480b9b848da\n" }, { "commit": "d25093d2fd151638a108a110484e579cc1dcaf54", "tree": "d146d9a6adeefb7d7d1044285b50aa3bd21f5178", "parents": [ "3aa1b1e5ec3a4e2074ea054b931cd68df45b43cf", "5c38e7918aea36ee8f516793d5641b05a8de710e" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jul 08 19:32:02 2015 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Jul 08 19:32:32 2015 +0000" }, "message": "Merge \"Reject AlgorithmParameters of wrong type.\" into mnc-dev" }, { "commit": "5c38e7918aea36ee8f516793d5641b05a8de710e", "tree": "155a7595bf30947878248930c949b41bf391f22b", "parents": [ "46c272d6bfc0dd5bbeeb536a9057fa18b754f9ba" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Jul 07 15:39:10 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Jul 07 15:39:10 2015 -0700" }, "message": "Reject AlgorithmParameters of wrong type.\n\nThis makes Android Keystore Cipher implementations reject rather than\nignore AlgorithmParameters of wrong algorithm type. The danger in not\ndoing so is that a Cipher will produce output that does not actually\ndepend on the provided AlgorithmParameters.\n\nBug: 22330716\nChange-Id: Ifa9de2c74f2fe4b738a3731c895059dddd075a13\n" }, { "commit": "024bce82292786f9b71da488f06a0bb35d029bbf", "tree": "313cdfb020a01b348aefe531f4cf058f44d4fde9", "parents": [ "a5c82a6b2adfbad7ac9009fa6feba3e02dad0c04", "ca7aaeaeee616d9d1d557ee2fb19dd14783be1f0" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Jul 07 18:54:32 2015 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Jul 07 18:54:33 2015 +0000" }, "message": "Merge \"Support loading AES keys with authorized digests.\" into mnc-dev" }, { "commit": "ca7aaeaeee616d9d1d557ee2fb19dd14783be1f0", "tree": "3c01cc34d321b2c4122856d80b98dd0cd394b0cd", "parents": [ "7fe86c4753e88058a7f1a1bf8d0302df9a64bd2e" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jul 06 14:09:01 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jul 06 14:09:01 2015 -0700" }, "message": "Support loading AES keys with authorized digests.\n\nDue to a bug, Android Keystore failed to load AES keys authorized for\nuse with one or more digests. This CL fixes this bug.\n\nBug: 22300737\nChange-Id: Ia49e27833dddb526565e4dc4977ed1e352e5836b\n" }, { "commit": "b6e628644a981b8077b3755b9def4550ff4a46a0", "tree": "ab842adc8ff4b36e6372f73d9627f4a6254eb7c9", "parents": [ "7fe86c4753e88058a7f1a1bf8d0302df9a64bd2e" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jul 06 10:31:07 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jul 06 11:27:16 2015 -0700" }, "message": "Avoid IllegalStateException when generating/importing keys.\n\nThis avoids IllegalStateException when generating/importing keys which\nrequire user authentication when the system is not configured to\ngenerate/import such keys (e.g., secure lock screen not set up).\n\nThe documentation states that before generating/importing such keys\napps should check (using public API) whether the system is in a\nsuitable state. However, some apps are not doing that and instead\ncatching the IllegalStateException thrown during key\ngeneration/import. This is a bad practice because this exception is an\nundocumented implementation detail and should thus not be depended\nupon.\n\nThis CL addresses this issue as follows:\n1. Key(Pair)Generator.init now throws a checked\n InvalidAlgorithmParameterException when the system is in a wrong\n state. Because in most uses of Key(Pair)Generator .init is\n immediately followed by .generate, this prevents .generate from\n encountering this state and does so using a checked exception\n which is part of public API.\n2. Key import rethrows the IllegalStateException as a checked\n KeyStoreException which is meant to be thrown if the key cannot be\n imported for any reason. Key(Pair)Generator.generate unfortunately\n cannot throw any checked exceptions and thus has to continue\n throwing unchecked exceptions.\n\nBug: 22262809\nChange-Id: Ic0f7b7a90e0ba63df9139c79b80a8649d2645d2a\n" }, { "commit": "a7bdb6c99b7ddb6e17f9c939c138686e0bfdbbc4", "tree": "99414df05a8522eea9496e99bdd20a13a9dcee63", "parents": [ "71e3d079d623b93ec8a66afa6a1281896c7cd2c6", "59e3baa8ab08c4da270023540ba15268c87e0d67" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Fri Jul 03 16:48:11 2015 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Jul 03 16:48:15 2015 +0000" }, "message": "Merge \"KeyChain: annotate with @WorkerThread\" into mnc-dev" }, { "commit": "59e3baa8ab08c4da270023540ba15268c87e0d67", "tree": "9c87f8fdec9055c17f9edbd1628ba9c7170dac1d", "parents": [ "fd70942147edec7eb512c72c3fd0f89a3d7fa646" ], "author": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Jun 30 10:48:06 2015 -0700" }, "committer": { "name": "Robin Lee", "email": "rgl@google.com", "time": "Tue Jun 30 13:08:46 2015 -0700" }, "message": "KeyChain: annotate with @WorkerThread\n\nSeveral methods need to be called off the main UI thread. This is\nthe first documentation of that requirement.\n\nBug: 19440165\nChange-Id: I0303011c0ded6ec1efa92119c1e02a8a39b14a59\n" }, { "commit": "fdbc02a433e87da7bc730bd2e773e6d1c84d4e99", "tree": "9235f3a2dd06e9eeb55643a66f8badca81246724", "parents": [ "82b3f67711246ad5beaf7702ce16e9d433406d1e" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jun 29 14:39:29 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jun 29 14:39:29 2015 -0700" }, "message": "Enforce IND-CPA requirement when generating asymmetric keys.\n\nThis enforces the randomized encryption requirement (IND-CPA), if\nrequested, when generating asymmetric key pairs. Whether randomized\nencryption is used depends on the encryption padding modes authorized\nfor the key pair. Thus, if randomized encryption is required, the\nKeyPairGenerator must reject attempts to generate keys authorized for\nencryption using non-compliant padding schemes.\n\nThis is similar to the existing check in AndroidKeyStoreImpl during\nasymmetric key import.\n\nBug: 22179911\nChange-Id: I3d85367259c17bd44198a736ace853d0d3567d5e\n" }, { "commit": "903d0fb98817dca284a640dbc853c7fcbbdc8313", "tree": "ff21d11dec3828c271cce69800591ad380e96aac", "parents": [ "0f61c7dcc40276788f58300d5d8ca85be2ce0e59" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Jun 25 17:13:30 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Jun 25 18:44:43 2015 -0700" }, "message": "Don\u0027t offer crypto ops for public keys of trusted cert entries.\n\nAndroid Keystore cannot offer crypto operations for public keys of\ntrusted certificate entries (entries without a private key). Prior to\nthis CL it accidentally tried to do so, causing crypto operations on\nthese keys to fail.\n\nThe fix is for Android Keystore to offer crypto operations only for\npublic keys for which there is a corresponding private key in the\nkeystore. Crypto operations on public keys from trusted certificate\nentries will be handled by other installed crypto providers. Those\nproviders don\u0027t need a private key to carry out these operations on\npublic keys.\n\nBug: 22091725\nBug: 21835320\nChange-Id: Ib7d92b067711e4c57128d0db72c08bf288a45ce1\n" } ], "next": "25d2270704e246d897596c991a36233cdc620790" }