GitLab

System should be able to call these methods with any targetUid.

(cherry picked from commit 01771ae9)

Bug: 20752184
Change-Id: Ieaeb2fa44b979970640abbd91c1d8a84f7c62b1f

Bug: 20717652
Change-Id: I2397e5cd906d45515a0b2a5591705f458c1aceb0
(cherry picked from commit 2764f867)

Also document that SoftKeymasterDevice should not be freed.

Change-Id: I027f137b0ffd474bb4b429691fe87eef6338b723
(cherry picked from commit 47a79ffa)

(cherry picked from commit 6b541163)

Bug: 20702036
Change-Id: I4caa9f7a6e6e2b05f63b12180a5af65d3a5c0bac

Auth tokens will now be checked on begin and then used for all
subsequent calls for that operation, this means that things like
auth timeouts will only be checked on begin, and operation that starts
at timeout - .00001 will now be able to be used to completion.

One exception to this is keys that use per operation authorization.
Begin for these operations must succeed so that the application gets a
handle to authorize. For those keys if the application calls update
before authorizing the operation the call will fail. For these keys
begin will return OP_AUTH_NEEDED so let the caller know more work is
needed before using the operation.

(cherry picked from commit aebbfc2b)

Change-Id: I3da4f93a076c0ed2d8630ca8cd1608e9bad2c2ff

* commit 'a680a0ca':
  keystore-engine: comment out unused args

* commit '57a72ec8':
  keystore-engine: comment out unused args

* commit '3ad91aa7':
  keystore-engine: comment out unused args

This fixes the build when -Werror -Wunused-parameter is enabled in the
compiler options.

Change-Id: I4581492c23885de8d31d2e66483ee281c0045c58

* commit '8e6b64cb':
  Add test for AuthTokenTable.Clear.

* commit 'ef76546c':
  Add test for AuthTokenTable.Clear.

* commit '28befb5e':
  Add test for AuthTokenTable.Clear.

Also fix tests broken by the change from 32 to 64-bit timestamps.

Change-Id: I5a80c6795880fe7231b1d311db7f3e0869913947

* commit 'c598fab3':
  Flush the auth token table on resetUid

* commit 'd914f657':
  Flush the auth token table on resetUid

* commit '7a4dd551':
  Flush the auth token table on resetUid

* commit 'b362ae3d':
  Support KM_LONG_REP

* commit 'bb9c9dbc':
  Support KM_LONG_REP

* commit '9484bb01':
  Support KM_LONG_REP

This prevents old stale auth tokens from sticking around after clearing.

Change-Id: I92e48b6d8cdba92cbc70f718cb45a4d96bd12900

Change-Id: I37814bcb03dc8918e27226ec43230fa4218723d0

* commit 'a1581c4e':
  Refactor permission and state checking

* commit '83ee2e7a':
  Refactor permission and state checking

* commit 'f1b8f6bf':
  Refactor permission and state checking

Move the permission checking code to checkBinderPermission and
checkBinderPermissionOrSelf target to simplify permission checking code
and clean up keystore methods. Also adds
checkBinderPermissionAndKeystoreState as a helper method to check the
permission and the unlock state of the keystore.

Change-Id: I77c94af1593d2a7fd100c79a6364583067ffa559

* commit '38beb106':
  Fix addAuthToken api

* commit 'a11517f6':
  Fix addAuthToken api

* commit '00300a11':
  Fix addAuthToken api

A binder token is not written thus cannot be read

Change-Id: Id44acf3e7001f2b027041ef8c7c324e687ab0fcd

* commit '8c6319b6':
  Store the key characteristics for operations

* commit 'cf0de02b':
  Store the key characteristics for operations

* commit '368a1f93':
  Store the key characteristics for operations

Instead of storing the key blob and parsing the characteristics out,
which some implementations might not support, instead call get
characteristics on begin and store that result for subsequent auth
calls.

Change-Id: I75e39ee28cc440e4ed411b2daaa2744085e1aa12