Commits · 2567e491a1780b42a7e829352efdab18ab685f3d · halo / system_security

16 Oct, 2015 2 commits

Merge "Wrap incomplete keymaster1 implementations with sw keymaster." · 2567e491
Shawn Willden authored 9 years ago

2567e491

Wrap incomplete keymaster1 implementations with sw keymaster. · 76193b0a

Shawn Willden authored 9 years ago

SoftKeymasteDevice can provide software digesting and padding for
keymaster1 implementations that don't provide all of the required
digests.  This CL modifies keymaster to check for such keymaster1
implementations and add a SoftKeymasterDevice wrapper.

The SoftKeymasterDevice work necessary to make this function would have
required adding an implementation of the keymaster0 API import_keypair
in terms of keymaster1 API calls (import_key).  Rather than do that, I
instead implemented the relevant keystore function directly on the
keymaster1 API.  This approach is cleaner than adding the same code into
the translation layer, and allows removal of the last vestiges of
keymaster0 API usage from keystore.

Bug: 24873723
Change-Id: Ie4c7bba7943a549f35df3086dccea001edb5bb2b

76193b0a

10 Oct, 2015 1 commit
- Merge "keystore: log pid and uid when auditing SE Linux denial" · 75ddca24
  Nick Kralevich authored 9 years ago
  
  75ddca24
05 Oct, 2015 1 commit

keystore: log pid and uid when auditing SE Linux denial · e46b855e

William Roberts authored 9 years ago


When debugging SE Linux rules, the pid and uid of the source context are
helpful in determining what was involved in generating the policy violation.
This information was absent from the keystore logs.

To remedy this, we add pid and uid to the logs:

avc:  denied  { exist } for pid=571 uid=1000 ...

Change-Id: Ic22128720aa8ac225f26896f9e710783c8ab4f70
Signed-off-by: William Roberts <william.c.roberts@intel.com>

e46b855e

03 Sep, 2015 1 commit
- am db441ea6: Merge "Prepare for BoringSSL update." · 6d11e68e
  Kenny Root authored 9 years ago
```
* commit 'db441ea6':
  Prepare for BoringSSL update.
```
  6d11e68e
02 Sep, 2015 2 commits

Merge "Prepare for BoringSSL update." · db441ea6
Kenny Root authored 9 years ago

db441ea6

Prepare for BoringSSL update. · 9eb9295d

Adam Langley authored 9 years ago

This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.

Change-Id: I3d09b5644661353723803bcbda937d34455849a5

9eb9295d

21 Aug, 2015 2 commits
- am aae1bbf4: Merge "bundle init.rc contents with its service" · 833c0b83
  Tom Cherry authored 9 years ago
```
* commit 'aae1bbf4':
  bundle init.rc contents with its service
```
  833c0b83
- Merge "bundle init.rc contents with its service" · aae1bbf4
  Tom Cherry authored 9 years ago
  
  aae1bbf4
20 Aug, 2015 1 commit
- bundle init.rc contents with its service · ad29971f
  Tom Cherry authored 9 years ago
```
Bug: 23186545
Change-Id: If471bcc8333d546cde055bbcfc541a26fc21d90f
```
  ad29971f
14 Aug, 2015 4 commits

am 2ac5cb65: (-s ours) Merge "Fix pessimizing move." · 03d6a347
Stephen Hines authored 9 years ago
```
* commit '2ac5cb65':
  Fix pessimizing move.
```
03d6a347
Merge "Fix pessimizing move." · 2ac5cb65
Stephen Hines authored 9 years ago

2ac5cb65

Fix pessimizing move. · c7f2a016

Stephen Hines authored 9 years ago

The std::move() here is unnecessary, and prohibits the compiler from
performing copy elision.

Change-Id: Ibdf515c4c0b0c07ff966c696e671a0526be1528e

c7f2a016

Fix pessimizing move. · 8533cf8d

Dan Albert authored 9 years ago

Using std::move here prevents the compiler from performing copy
elision.

Change-Id: I21ad9dfec4fe36dd935403c9fd0af5e20e131036
(cherry picked from commit 17ee05c5)

8533cf8d

13 Aug, 2015 2 commits

am : am : (-s ours) am : am : am : am... · 1ffa74c1

Chad Brubaker authored 9 years ago

am cbfdeefe: am 8a2c33b6: (-s ours) am 48d998cd: am aca71139: am 738d1e9d: am 1b8885ba: am 0d593526: Properly check for Blob max length

* commit 'cbfdeefe':
  Properly check for Blob max length

1ffa74c1

am : (-s ours) am : am : am : am : am... · cbfdeefe

Chad Brubaker authored 9 years ago

am 8a2c33b6: (-s ours) am 48d998cd: am aca71139: am 738d1e9d: am 1b8885ba: am 0d593526: Properly check for Blob max length

* commit '8a2c33b6':
  Properly check for Blob max length

cbfdeefe

12 Aug, 2015 8 commits
- am 48d998cd: am aca71139: am 738d1e9d: am 1b8885ba: am 0d593526: Properly check for Blob max length · 8a2c33b6
  Chad Brubaker authored 9 years ago
```
* commit '48d998cd':
  Properly check for Blob max length
```
  8a2c33b6
- am aca71139: am 738d1e9d: am 1b8885ba: am 0d593526: Properly check for Blob max length · 48d998cd
  Chad Brubaker authored 9 years ago
```
* commit 'aca71139':
  Properly check for Blob max length
```
  48d998cd
- am 738d1e9d: am 1b8885ba: am 0d593526: Properly check for Blob max length · aca71139
  Chad Brubaker authored 9 years ago
```
* commit '738d1e9d':
  Properly check for Blob max length
```
  aca71139
- am 1b8885ba: am 0d593526: Properly check for Blob max length · 738d1e9d
  Chad Brubaker authored 9 years ago
```
* commit '1b8885ba':
  Properly check for Blob max length
```
  738d1e9d
- am 0d593526: Properly check for Blob max length · 1b8885ba
  Chad Brubaker authored 9 years ago
```
* commit '0d593526':
  Properly check for Blob max length
```
  1b8885ba
- am 54b1e9ad: Properly check for Blob max length · b426dec9
  Chad Brubaker authored 9 years ago
```
* commit '54b1e9ad':
  Properly check for Blob max length
```
  b426dec9
- Properly check for Blob max length · 0d593526
  Chad Brubaker authored 9 years ago
```
sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE

Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
```
  0d593526
- Properly check for Blob max length · 54b1e9ad
  Chad Brubaker authored 9 years ago
```
sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE

Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
```
  54b1e9ad
05 Aug, 2015 3 commits

am : am : (-s ours) am : am : am : am... · 40ea4974

Chad Brubaker authored 9 years ago

am 4174f017: am c761a1ed: (-s ours) am 63bc525c: am 853b8d79: am fd1ad379: am 1c73457a: am b124c9e8: Fix unchecked length in Blob creation

* commit '4174f017':
  Fix unchecked length in Blob creation

40ea4974

am : (-s ours) am : am : am : am : am... · 4174f017

Chad Brubaker authored 9 years ago

am c761a1ed: (-s ours) am 63bc525c: am 853b8d79: am fd1ad379: am 1c73457a: am b124c9e8: Fix unchecked length in Blob creation

* commit 'c761a1ed':
  Fix unchecked length in Blob creation

4174f017

am : am : am : am : am : Fix unchecked... · c761a1ed

Chad Brubaker authored 9 years ago

am 63bc525c: am 853b8d79: am fd1ad379: am 1c73457a: am b124c9e8: Fix unchecked length in Blob creation

* commit '63bc525c':
  Fix unchecked length in Blob creation

c761a1ed

03 Aug, 2015 4 commits
- am 853b8d79: am fd1ad379: am 1c73457a: am b124c9e8: Fix unchecked length in Blob creation · 63bc525c
  Chad Brubaker authored 9 years ago
```
* commit '853b8d79':
  Fix unchecked length in Blob creation
```
  63bc525c
- am fd1ad379: am 1c73457a: am b124c9e8: Fix unchecked length in Blob creation · 853b8d79
  Chad Brubaker authored 9 years ago
```
* commit 'fd1ad379':
  Fix unchecked length in Blob creation
```
  853b8d79
- am 1c73457a: am b124c9e8: Fix unchecked length in Blob creation · fd1ad379
  Chad Brubaker authored 9 years ago
```
* commit '1c73457a':
  Fix unchecked length in Blob creation
```
  fd1ad379
- am b124c9e8: Fix unchecked length in Blob creation · 1c73457a
  Chad Brubaker authored 9 years ago
```
* commit 'b124c9e8':
  Fix unchecked length in Blob creation
```
  1c73457a
30 Jul, 2015 1 commit
- am 803f37f5: Fix unchecked length in Blob creation · 37fe0d07
  Chad Brubaker authored 9 years ago
```
* commit '803f37f5':
  Fix unchecked length in Blob creation
```
  37fe0d07
29 Jul, 2015 3 commits

Fix unchecked length in Blob creation · b124c9e8

Chad Brubaker authored 9 years ago

Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.

Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf

b124c9e8

Fix unchecked length in Blob creation · 803f37f5

Chad Brubaker authored 9 years ago

Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.

Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf

803f37f5

am 2de8b758: Add all digests and padding modes to legacy keys · ddf0fd86
Shawn Willden authored 9 years ago
```
* commit '2de8b758':
  Add all digests and padding modes to legacy keys
```
ddf0fd86

27 Jul, 2015 1 commit
- Add all digests and padding modes to legacy keys · 2de8b758
  Shawn Willden authored 9 years ago
```
Bug: 22556114
Change-Id: I44fda03305ddd50cb4ba3c6f6b24cfd9c2af9659
```
  2de8b758
23 Jul, 2015 1 commit
- am a9a17eec: Mark 0 length files as corrupt · 26020aa2
  Chad Brubaker authored 9 years ago
```
* commit 'a9a17eec':
  Mark 0 length files as corrupt
```
  26020aa2
17 Jul, 2015 1 commit

Mark 0 length files as corrupt · a9a17eec

Chad Brubaker authored 9 years ago

Files created by keystore should never be 0 length however a vendor ran
into such a case when testing their keymaster and a side effect of how
keystore parses files leads to these keys being considered encrypted and
ulitmately undeletable.

Now mark 0 length files as corrupt in readKey and when deleting a key if
the key fails to read in because it was corrupt simply rm the file since
it is not possible to feed the key blob to keymaster's delete method.

Bug: 22561219
Change-Id: Ie8c1ffe97d1d89c202cdab7a6b4b5efc914cbbff

a9a17eec

02 Jul, 2015 1 commit
- am 06114e6a: Fix erroneous reporting of all tokens as timed out. · a56597ac
  Shawn Willden authored 9 years ago
```
* commit '06114e6a':
  Fix erroneous reporting of all tokens as timed out.
```
  a56597ac
01 Jul, 2015 1 commit
- Fix erroneous reporting of all tokens as timed out. · 06114e6a
  Shawn Willden authored 9 years ago
```
Bug: 22205545
Change-Id: I170e798b327020ff741031ec05e875c685a49e9d
```
  06114e6a