GitLab

Add ability for system UID to clear all entries for a different UID.

Bug: 3020069
Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4

Add an API to query the HAL to see what kind of storage it reports the
device is.

Change-Id: I37951e989ad724e2352df6e321f03f19e58b4fca

After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.

Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f

To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.

Bug: 8122243
Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f

Previously we redirected all calls from the wifi or vpn UIDs to the
system UID's namespace. This switches the paradigm to allow system to
write into wifi and vpn UID keystore spaces instead.

Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe

Most callers only care if the keystore is unlocked for use and not
whether it's in a specific state. Change this now so we can change the
states later.

Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87

During a failure, return a null value instead of an empty list.

Change-Id: I34763c90eb65b0ed6bbe2757310992541feeb1a8

This will allow explicit indication of which UID to put things under for
trusted UIDs (e.g., system UID) in a future change instead of putting
things only in the calling UID.

Change-Id: Ifc321a714d874a1142890138101ce4166906f413

Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259

This was left-over from previous changes and nothing really used it any
more.

Change-Id: Id7bb58ffbc3f5b7f337e9bdbe8d0be315105cb26

When an error condition happens, keystore might memcpy a NULL pointer
which would cause a SIGSEGV. Avoid trying to copy it in that case.

Bug: 8019596
Change-Id: Ifcfc75401c41595fc2c2f0172c718c8d3bb93020

Change-Id: I3d5e3d4114d40902a6cf25a4c8ffabea4cc7851f

Change-Id: I02729444a822bd2d3c9a6fd6e118079e2d8973e4

Change-Id: I19e91eb766fcc55e9a610421a67a7c8706fdaa46

Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY
while others were. Add them where necessary.

Additionally, some error cases were not logging any messages so things
would mysteriously fail if there was an underlying filesystem problem.

Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8

Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b

Example:
keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]'
from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}'

Change-Id: I8cd239880821724050d1716b78851807e0246ef2
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>

This allows you to check when a key was last modified.

Change-Id: I167844d9a50e26aadfc73a2252b937d2ef09f09d

The keymaster HAL implementations don't need the delete_keypair method,
but keystore currently throws an error when it's not implemented. This
causes problems with at least the OpenSSL software implementation.

Bug: 6985351
Change-Id: I3d7f7dce2a6d4aad38c20f555ab16aa45f1823b8

Bug: http://code.google.com/p/android/issues/detail?id=34577
Bug: 6837950

(cherry-picked from 0114bd9f)

Change-Id: I0c265fe73c1b2c430ffd196a21691264f8f3b555

Bug: http://code.google.com/p/android/issues/detail?id=34577
Bug: 6837950

Change-Id: Id441e341073558ab8b20144a7e7f4f7a92c6a19e

This is so that Face Unlock can be a valid option for a lockscreen.
Otherwise get a PERMISSION_DENIED when uid = 101000.

Change-Id: I0085b27dbd4d2f1988ba654acadd72c30f76a47e

Turn on the compiler flags -Wall -Wextra -Werror to make sure no
compiler warnings are added to the project.

Eliminate all unused arguments. Remove unused variables in code.

Change-Id: I0940ba897ac716b4a256f94fcd671f1ff5abc62c

Old key types were not distinguished by the keystore itself. This change
takes some of the reserved fields in the old format and changes it to a
version number and key type.

Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996

To allow efficient deletion by hardware keymaster modules, add a direct
delete_all call when keystore is reset. This will also probably fix
problems where the hardware keymaster gets more keys than keystore knows
about and fills up its storage.

Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2

Add hardware crypto capabilities to keystore. This allows hardware
escrow of private key material.

There is also an OpenSSL engine that connects to keystore to allow use
of the keystore keys from native code built into the platform.

This includes a software implementation of keymaster using OpenSSL
as the backend.  This is just as insecure as the previous solution,
but it's needed so devices without hardware support can continue
to operate in the new scheme without a lot of compatibility code.

Change-Id: I2bc67766e1f633ef1cbbd2874a65962074e84f4f

Add a libkeystore_client.so library for clients to use.

Add const-correctness to the keystore.cpp classes.

Increase maximum arguments for future work.

Change-Id: Ia22f8b893aea3115a7b4a0543ad392c17c8528f2

Move keystore from frameworks/base at commit
57ff581bd9b16a192a567f84d0e0a5c82d866343

Change-Id: I1e62488d63810f14e40ffb3d192925ff4eeb8906