GitLab

* commit '7a4dd551':
  Flush the auth token table on resetUid

* commit '9484bb01':
  Support KM_LONG_REP

This prevents old stale auth tokens from sticking around after clearing.

Change-Id: I92e48b6d8cdba92cbc70f718cb45a4d96bd12900

Change-Id: I37814bcb03dc8918e27226ec43230fa4218723d0

* commit 'f1b8f6bf':
  Refactor permission and state checking

Move the permission checking code to checkBinderPermission and
checkBinderPermissionOrSelf target to simplify permission checking code
and clean up keystore methods. Also adds
checkBinderPermissionAndKeystoreState as a helper method to check the
permission and the unlock state of the keystore.

Change-Id: I77c94af1593d2a7fd100c79a6364583067ffa559

* commit '00300a11':
  Fix addAuthToken api

A binder token is not written thus cannot be read

Change-Id: Id44acf3e7001f2b027041ef8c7c324e687ab0fcd

* commit '368a1f93':
  Store the key characteristics for operations

Instead of storing the key blob and parsing the characteristics out,
which some implementations might not support, instead call get
characteristics on begin and store that result for subsequent auth
calls.

Change-Id: I75e39ee28cc440e4ed411b2daaa2744085e1aa12

* commit 'c1e78258':
  Add auth token fetching

* commit '8c195ad7':
  Implement addAuthToken

Auth tokens are now fetched from the table in begin update and finish if
needed. Begin will not fail on a missing/expired auth token since some
authorization requires a valid operation handle.

This doesn't yet do any enforcement of the token beyond what the auth
token table does, that should happen in the keymaster auth code when it
is done.

This also includes the key in the operation map since authorization
works based off that and not the handle.

Change-Id: I62a395b74a925b819f4cde75ae3bfab8b8928cd1

Change-Id: I7f7647d9a36ea453ec6d62fc84087ca8f76e53dd

* commit '96cf1b1e':
  Include operation handle in OperationResult

* commit '41efb6a5':
  Add authorization binder methods

* commit '1cee95d5':
  Allow entropy to be provided to some operations

* commit 'fbea2209':
  Remove uses of libcxx.mk.

generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.

Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134

This is a no-op.

Change-Id: Ifc0d51d594011069ab80e6fc21603e10e720a5d2

* commit 'dbbc4082':

* commit '59ede656':

* commit '3f798528':

am 32630db1: am 481042fc: am 4a16cd72: Merge "Build keystore in 32 bit on platforms that require it."

* commit '32630db1':

* commit 'db39d382':

* commit '69be6ebb':

am 0d0110ff: am 78c75ec5: am a6247469: Merge "keystore: allow system to clear keys even while encrypted" into lmp-dev

* commit '0d0110ff':

* commit 'fc14d612':

* commit 'c9851e2b':