87f794f0bf8b53d6c983968f398c4bde4cb6a014 |
|
03-Jun-2015 |
dcashman <dcashman@google.com> |
Make keysetmgrservice gurantees explicit. Add exceptions/checks for keysetmgrservice interractions which *should* never happen, but would result in NPE or invalid metadata. Also handle mismatches between package and keyset metadata in packages.xml. Bug: 20128916 Change-Id: Ia0f63f78d232d9d8d9fbe4cd8e6cc3406e5192a7
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
465ef5c43940e31ff4479175e51793c63a0e05ab |
|
12-Jun-2015 |
dcashman <dcashman@google.com> |
Don't use upgrade-key-sets check when scanning during boot. Apps may specify upgrade-key-sets which are different than their current signing keys to prevent a future upgrade with the current set of keys. Every package is re-scanned on boot, however, so the existing application would violate its own recorded upgrade-key-sets. Change the key verification check to ignore upgrade-key-sets on boot. Also default to the same-sig checks if the upgrade-key-set meta-data has been corrupted. Bug: 21785716 Change-Id: I5c0c1e2017ec780a745a74488620bfe95b052269
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
79d37cbcddf4b35dbaa345916fe405d081973866 |
|
27-Apr-2015 |
dcashman <dcashman@google.com> |
Remove static modifier from KeySetManagerService issuedIds. There is no notion of shared issuedIds across instances of KeySetManagerService, of which there should only ever be one on the system. This is particularly troublesome for unit tests which rely on a clean slate for each KeySetManagerService invocation. Bug: 19530120 Change-Id: I41fbd5424650a74426c5aa1128ddfa6a230dcfa3
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
8a33121ad905c78c01ba44d5bf8a314ab2c7348b |
|
24-Apr-2015 |
dcashman <dcashman@google.com> |
Remove line wrapping for publickey encoding. This adds unnecessary whitespace in packages.xml and is contrary to the approach taken by certs. Remove it. Change-Id: I217bb94af97c3b38dab1fd806ffe7b7600fa6fdd
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
8c04facdf5e76fb34c55cfe3dc9a0216322b91b8 |
|
23-Mar-2015 |
dcashman <dcashman@google.com> |
Refactor KeySet code. Eliminate dependency in packagesetting keyset metadata on other packages by introducing reference counts for KeySets and public keys. This also allows keysets to retain their id across reboots by eliminating the need to remove all keyset data after scanning all packages on boot, which also should drastically reduce the number of calls to ArraySet.removeAll(). Bug: 19617481 Change-Id: I6cc65f30e431b8e4ebe49047a9219a0d983f2774
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
ddbc48cdee409d882b8bbb2bf626843c378b4925 |
|
05-Mar-2015 |
Andreas Gampe <agampe@google.com> |
am 0fcfae88: am ecc20aaf: am 63ab6eb2: Merge "Frameworks/base: Use ArraySet more explicitly" * commit '0fcfae88f2737b004cae83a77d590046e2b08ef3': Frameworks/base: Use ArraySet more explicitly
|
0888276a1c6cd4077770844615848674de21dab3 |
|
05-Mar-2015 |
Andreas Gampe <agampe@google.com> |
Frameworks/base: Use ArraySet more explicitly In KeySetManagerService, use ArraySet more explicitly. Avoid for-each loops. Collections API methods on ArraySet are not very efficient. Iterators incur two object allocations: a helper and the actual iterator object. During boot, about 4.5K such calls are made. Using the ArraySet more explicitly like an ArrayList/array avoids the overhead. Bug: 19617481 Change-Id: I25df334fa1d4be3210667fb1404e3c43f2585049
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
08c7116ab9cd04ad6dd3c04aa1017237e7f409ac |
|
28-Feb-2015 |
John Spurlock <jspurlock@google.com> |
Remove unused imports in frameworks/base. Change-Id: I031443de83f93eb57a98863001826671b18f3b17
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
6441bc7e5366610771b587a8cb6ff04c2861b7a5 |
|
04-Sep-2014 |
Christopher Tate <ctate@google.com> |
Fix crash in KeySet dump This was unfortunately DOSing some important parts of the Package Manager's dumpsys output. Change-Id: I228f23e8e26820b40a8d8772cd5f5b04ee8317d9
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
9d2f441f9bb2c8dcac1150e2cba1d15a86a4efb1 |
|
09-Jun-2014 |
dcashman <dcashman@google.com> |
Initial KeySet API. Previously submitted but reverted due to doc-compilation bug. Bug: 6967056 Change-Id: I9bd7ef299a4c92c4b327f5b5d7e951f0753b4c8a
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
5de7377feca5242fe7127e2d4dc7792d4886d365 |
|
12-Jul-2014 |
dcashman <dcashman@google.com> |
Revert "Initial KeySet API." This reverts commit 9a643fe02bc960e266484547dda5572b094a4c72.
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
405912bce074e9e59a246e2357a108e50dffabf8 |
|
09-Jun-2014 |
dcashman <dcashman@google.com> |
Initial KeySet API. Bug: 6967056 Change-Id: I47a01bd5dc25591cc70f58f38920ad0a021094ae
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
d79fdf1c62671abac376c71aca8fa19484a1ecf2 |
|
21-Jun-2014 |
dcashman <dcashman@google.com> |
Remove KeySetManagerService lock. The KeySetManagerService is a part of the PackageManagerService, which is responsible for maintaining the association between packages, keysets and public keys. This information is a critical component of the PackageManagerService data, and should require the holding of the PackageManagerService's lock. Remove the existing KeySetManagerService lock and require the mPackages lock to be held instead. Bug: 6967056 Change-Id: I803f8388e42469d30562b40212cf497320851268
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
989eb371bf8f572fed1e65c6d8aeeb2548be89a7 |
|
17-Jun-2014 |
dcashman <dcashman@google.com> |
Change key-set/public-key manifest relationship. Separate definition of public keys and keysets in the manifest to better represent their relationship. The 'key-set' tags should have nested additional 'public-key' tags that indicate which of the defined 'public-key' tags are associated with them. The first use of a given 'public-key' name should define its value; subsequent uses may refer to it only by name. 'key-set' and 'public-key' names may not intersect. Also, change 'keys' tag to 'key-sets' to avoid issues with previous keysets implementation. Bug: 6967056 Change-Id: I7534e4a42326e97b67b55509187c0d3c21a2bb32
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
55b1078e2a1b56daa85edfd5000a5844d3c7914b |
|
09-Apr-2014 |
dcashman <dcashman@google.com> |
Initial work for key rotation. Introduces the upgrade-keyset tag to AndroidManifest.xml. This specifies a KeySet by which an apk must be signed in order to update the app. Multiple upgrade KeySets may be specified, in which case one of them must be used to sign the updating apk. If no upgrade-keyset is specified, the current logic involving signatures is used. Current Key Rotation Design Decisions: -Apps using a shared user id may not rotate keys. -All acceptable upgrade keysets must be specified, including the key signing the app. This enables key rotation in one update, but also 'locks' an app if an incorrect upgrade keyset is specified. -Minimal changes to existing KeySet code. Bug: 6967056 Change-Id: Ib9bb693d4e9ea1aec375291ecdc182554890d29c
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|