Skip to content

GitLab

Switch branch/tag
  1. 03 Jun, 2015 1 commit
    • Chad Brubaker's avatar
      Fix potential use-after-free in hw auth token handling. · 999f1b05
      Chad Brubaker authored 
      The operation map caches the hw_auth_token used to start the operation
but it was storing the pointer returned by the auth token table and not
the token itself leading to a potential use-after-free if the token was
removed from the table between the operation starting and completeting.

The operation table now stores the auth token itself instead of the
pointer provided by the auth table.

Change-Id: I80fd49655ed98e7879d2caa7f1ae077ff50e0e54
      999f1b05
  3. 28 May, 2015 1 commit
  5. 23 May, 2015 1 commit
  7. 19 May, 2015 1 commit
  9. 18 May, 2015 1 commit
    • Chad Brubaker's avatar
      Cleanup keystore API · e6c3bfa8
      Chad Brubaker authored 
      Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.

(cherry-picked from commit 94436163)

Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
      e6c3bfa8
  11. 13 May, 2015 2 commits
    • Chad Brubaker's avatar
      Add onUserAdded/Removed methods · c0f031a8
      Chad Brubaker authored 
      These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.

(cherry-picked from commit fd777e71)

Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
      c0f031a8
    • Chad Brubaker's avatar
      Refactor uids to user ids where appropriate · 72593ee8
      Chad Brubaker authored 
      UserState related methods previously took uid's while the state was
based on userId, with the new keystore methods taking userIds start
moving everything in that direction.

(cherry-picked from commit 4efce0dc)

Change-Id: I075e973e2403575ba67e8e7a8c331a6c6f7e88e4
      72593ee8
  13. 07 May, 2015 1 commit
    • Chad Brubaker's avatar
      Cleanup password change and removal logic. · 96d6d786
      Chad Brubaker authored 
      Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.

When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.

Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
      96d6d786
  15. 01 May, 2015 1 commit
  17. 30 Apr, 2015 3 commits
  19. 28 Apr, 2015 1 commit
    • Chad Brubaker's avatar
      Move auth token checking to begin · 0cf34a24
      Chad Brubaker authored 
      Auth tokens will now be checked on begin and then used for all
subsequent calls for that operation, this means that things like
auth timeouts will only be checked on begin, and operation that starts
at timeout - .00001 will now be able to be used to completion.

One exception to this is keys that use per operation authorization.
Begin for these operations must succeed so that the application gets a
handle to authorize. For those keys if the application calls update
before authorizing the operation the call will fail. For these keys
begin will return OP_AUTH_NEEDED so let the caller know more work is
needed before using the operation.

(cherry picked from commit aebbfc2b)

Change-Id: I3da4f93a076c0ed2d8630ca8cd1608e9bad2c2ff
      0cf34a24
  21. 18 Apr, 2015 5 commits
  23. 17 Apr, 2015 3 commits
  25. 16 Apr, 2015 12 commits
  27. 15 Apr, 2015 4 commits
  29. 14 Apr, 2015 1 commit
    • Chad Brubaker's avatar
      Refactor permission and state checking · 9489b790
      Chad Brubaker authored 
      Move the permission checking code to checkBinderPermission and
checkBinderPermissionOrSelf target to simplify permission checking code
and clean up keystore methods. Also adds
checkBinderPermissionAndKeystoreState as a helper method to check the
permission and the unlock state of the keystore.

Change-Id: I77c94af1593d2a7fd100c79a6364583067ffa559
      9489b790
  31. 13 Apr, 2015 2 commits