| 87f794f0bf8b53d6c983968f398c4bde4cb6a014 |
|
03-Jun-2015 |
dcashman <dcashman@google.com> |
Make keysetmgrservice gurantees explicit.
Add exceptions/checks for keysetmgrservice interractions which *should* never
happen, but would result in NPE or invalid metadata. Also handle mismatches
between package and keyset metadata in packages.xml.
Bug: 20128916
Change-Id: Ia0f63f78d232d9d8d9fbe4cd8e6cc3406e5192a7
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 465ef5c43940e31ff4479175e51793c63a0e05ab |
|
12-Jun-2015 |
dcashman <dcashman@google.com> |
Don't use upgrade-key-sets check when scanning during boot.
Apps may specify upgrade-key-sets which are different than their current signing
keys to prevent a future upgrade with the current set of keys. Every package is
re-scanned on boot, however, so the existing application would violate its own
recorded upgrade-key-sets. Change the key verification check to ignore
upgrade-key-sets on boot. Also default to the same-sig checks if the
upgrade-key-set meta-data has been corrupted.
Bug: 21785716
Change-Id: I5c0c1e2017ec780a745a74488620bfe95b052269
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 79d37cbcddf4b35dbaa345916fe405d081973866 |
|
27-Apr-2015 |
dcashman <dcashman@google.com> |
Remove static modifier from KeySetManagerService issuedIds.
There is no notion of shared issuedIds across instances of KeySetManagerService,
of which there should only ever be one on the system. This is particularly
troublesome for unit tests which rely on a clean slate for each
KeySetManagerService invocation.
Bug: 19530120
Change-Id: I41fbd5424650a74426c5aa1128ddfa6a230dcfa3
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 8a33121ad905c78c01ba44d5bf8a314ab2c7348b |
|
24-Apr-2015 |
dcashman <dcashman@google.com> |
Remove line wrapping for publickey encoding.
This adds unnecessary whitespace in packages.xml and is contrary to the approach
taken by certs. Remove it.
Change-Id: I217bb94af97c3b38dab1fd806ffe7b7600fa6fdd
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 8c04facdf5e76fb34c55cfe3dc9a0216322b91b8 |
|
23-Mar-2015 |
dcashman <dcashman@google.com> |
Refactor KeySet code.
Eliminate dependency in packagesetting keyset metadata on other packages by
introducing reference counts for KeySets and public keys. This also allows
keysets to retain their id across reboots by eliminating the need to remove
all keyset data after scanning all packages on boot, which also should
drastically reduce the number of calls to ArraySet.removeAll().
Bug: 19617481
Change-Id: I6cc65f30e431b8e4ebe49047a9219a0d983f2774
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| ddbc48cdee409d882b8bbb2bf626843c378b4925 |
|
05-Mar-2015 |
Andreas Gampe <agampe@google.com> |
am 0fcfae88: am ecc20aaf: am 63ab6eb2: Merge "Frameworks/base: Use ArraySet more explicitly"
* commit '0fcfae88f2737b004cae83a77d590046e2b08ef3':
Frameworks/base: Use ArraySet more explicitly
|
| 0888276a1c6cd4077770844615848674de21dab3 |
|
05-Mar-2015 |
Andreas Gampe <agampe@google.com> |
Frameworks/base: Use ArraySet more explicitly
In KeySetManagerService, use ArraySet more explicitly. Avoid for-each
loops.
Collections API methods on ArraySet are not very efficient. Iterators
incur two object allocations: a helper and the actual iterator object.
During boot, about 4.5K such calls are made. Using the ArraySet more
explicitly like an ArrayList/array avoids the overhead.
Bug: 19617481
Change-Id: I25df334fa1d4be3210667fb1404e3c43f2585049
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 08c7116ab9cd04ad6dd3c04aa1017237e7f409ac |
|
28-Feb-2015 |
John Spurlock <jspurlock@google.com> |
Remove unused imports in frameworks/base.
Change-Id: I031443de83f93eb57a98863001826671b18f3b17
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 6441bc7e5366610771b587a8cb6ff04c2861b7a5 |
|
04-Sep-2014 |
Christopher Tate <ctate@google.com> |
Fix crash in KeySet dump
This was unfortunately DOSing some important parts of the Package
Manager's dumpsys output.
Change-Id: I228f23e8e26820b40a8d8772cd5f5b04ee8317d9
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 9d2f441f9bb2c8dcac1150e2cba1d15a86a4efb1 |
|
09-Jun-2014 |
dcashman <dcashman@google.com> |
Initial KeySet API.
Previously submitted but reverted due to doc-compilation bug.
Bug: 6967056
Change-Id: I9bd7ef299a4c92c4b327f5b5d7e951f0753b4c8a
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 5de7377feca5242fe7127e2d4dc7792d4886d365 |
|
12-Jul-2014 |
dcashman <dcashman@google.com> |
Revert "Initial KeySet API."
This reverts commit 9a643fe02bc960e266484547dda5572b094a4c72.
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 405912bce074e9e59a246e2357a108e50dffabf8 |
|
09-Jun-2014 |
dcashman <dcashman@google.com> |
Initial KeySet API.
Bug: 6967056
Change-Id: I47a01bd5dc25591cc70f58f38920ad0a021094ae
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| d79fdf1c62671abac376c71aca8fa19484a1ecf2 |
|
21-Jun-2014 |
dcashman <dcashman@google.com> |
Remove KeySetManagerService lock.
The KeySetManagerService is a part of the PackageManagerService, which is
responsible for maintaining the association between packages, keysets and
public keys. This information is a critical component of the
PackageManagerService data, and should require the holding of the
PackageManagerService's lock. Remove the existing KeySetManagerService lock
and require the mPackages lock to be held instead.
Bug: 6967056
Change-Id: I803f8388e42469d30562b40212cf497320851268
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 989eb371bf8f572fed1e65c6d8aeeb2548be89a7 |
|
17-Jun-2014 |
dcashman <dcashman@google.com> |
Change key-set/public-key manifest relationship.
Separate definition of public keys and keysets in the manifest to better
represent their relationship. The 'key-set' tags should have nested additional
'public-key' tags that indicate which of the defined 'public-key' tags are
associated with them. The first use of a given 'public-key' name should define
its value; subsequent uses may refer to it only by name. 'key-set' and
'public-key' names may not intersect.
Also, change 'keys' tag to 'key-sets' to avoid issues with previous keysets
implementation.
Bug: 6967056
Change-Id: I7534e4a42326e97b67b55509187c0d3c21a2bb32
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|
| 55b1078e2a1b56daa85edfd5000a5844d3c7914b |
|
09-Apr-2014 |
dcashman <dcashman@google.com> |
Initial work for key rotation.
Introduces the upgrade-keyset tag to AndroidManifest.xml. This specifies a
KeySet by which an apk must be signed in order to update the app. Multiple
upgrade KeySets may be specified, in which case one of them must be used to
sign the updating apk. If no upgrade-keyset is specified, the current logic
involving signatures is used.
Current Key Rotation Design Decisions:
-Apps using a shared user id may not rotate keys.
-All acceptable upgrade keysets must be specified, including the key signing
the app. This enables key rotation in one update, but also 'locks' an app if
an incorrect upgrade keyset is specified.
-Minimal changes to existing KeySet code.
Bug: 6967056
Change-Id: Ib9bb693d4e9ea1aec375291ecdc182554890d29c
/frameworks/base/services/core/java/com/android/server/pm/KeySetManagerService.java
|