20eaaa496d04a4391314103849647b3d60384fee |
|
09-May-2018 |
Dmitry Dementyev <dementyev@google.com> |
Check the return values after updating Recoverable KeyStore Database. Add exception/ logs for Database failures. Low impact updates (like setShouldCreateSnapshot) are skipped. Downgraded some Log.wtf logs to Log.e to prevent some unlikely Framework build crashes. Command to enable .wtf crash: adb shell settings put global wtf_is_fatal 1 Bug: 78366791 Test: apct Change-Id: I2e6fd22602024cedb9f16ca68175a1c614b915e9
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
924b550151cd0338fc8a9e9af29eb52279b6eb37 |
|
29-Mar-2018 |
Robert Berry <robertberry@google.com> |
Remove unused KeyChainSnapshot tables This will be persisted as an XML file instead. Bug: 73921897 Test: none, it's just removing unused consts Change-Id: Idaeb437d0a7258d03418932d4aba75189092b3fe
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
f34fc7e18c2a2ec5cff0bd9d96397311745fbef4 |
|
27-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Use rootAlias to index chosen cert and its version. Added new column to store active alias for given recovery agent. Added new table with chosen certififcate and cert list serial number indexed by recovery agent and root of trust. Bug: 76433465 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Iae8b84312805400bf1acd4db242efeb6d167c000
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
933dfc1cd6041d1e77d169be91818d5b31e36edc |
|
23-Mar-2018 |
Aseem Kumar <aseemk@google.com> |
Delete unimplemented APIs from RecoveryController. Bug: 74859770 Test: make update-api builds Change-Id: Ic547e0ee2ef13995389a71369ffa736a7d83b78a
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
e066a59436579f8d7961e97e4aef6e26e5e1c659 |
|
20-Mar-2018 |
Bo Zhu <bozhu@google.com> |
Minor changes to the API to align the choice of password hashing algorithm The password hashing algorithm has existing implementation in AOSP. Bug: 75024420 Test: None Change-Id: If1b07dadf21837af1cb2835df3f12c234894f57e
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
5dd87d8827fcfa22ee7a1973c8e73d7354752cf7 |
|
26-Feb-2018 |
Robert Berry <robertberry@google.com> |
Add columns for snapshot table Currently snapshots are held in memory, meaning they must be regenerated if a reboot occurs before a key sync. Also, when debugging, it is difficult to know what version of e.g. the server params was associated with a particular snapshot, as this can be mutated after the snapshot is generated. This change adds the required columns to the DB contract for storing snapshots. In subsequent CLs the update SQL will be added. Test: none, no functionality added Change-Id: Ica866b06950a5801e8a2c3641e79706bbbf48384
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
14d993dc2c0bbdee6a6ae0c270a92107c9f57a84 |
|
04-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Accept an XML file containing a list of THM certificates instead of the temporary solution using the raw public key Change-Id: I6f9543c39e328503db0f24a49901fff6e04fe8c5 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
7d8c78a2c88a4898a63b918ab8b974aecd7b165b |
|
13-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Refactor KeyStore Recovery Manager. 1) Parameters -> Params 2) Use byte[] for serivice parameters. 2) Move Exception into separate class. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I1b9a8748830f7deb9eeb57693f5a818a49a7aabe
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
ed89ea04e48f0c629c6511a2e41a9979da575881 |
|
11-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Big RecoverableKeyStoreLoader refactoring. The change is based on API review. 1) package and class names update 2) Builders for Parcelables. 3) Use Constant for RECOVER_KEYSTORE permission defined in android.Manifest. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I49f80acbb6dc0eb6d049e18e8cb0d1aa326dadb2
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
77183effbf21cbaa9dd81b31ba5c0e1a580619a3 |
|
06-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Update recovery snapshot version. There is exactly one snapshot per userId - recovery agent uid pair. Version is incremented when 1) User credential is updated 2) User unlockes phone and list of application keys was changes since last snapshot creation. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I6ab98fcbbb05e33958e6def644b40441cb52de6a
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
bdfdf53d08618ed34358b6ba66e1893bd35a4623 |
|
27-Dec-2017 |
Dmitry Dementyev <dementyev@google.com> |
Implement RecoverableKeyStore API to set/get recovery secret types. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: If29f22f24438a9d050fabebf970b9ae56b0df805
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
584b923fb7d92a735209ec30b2c5e7d4b8e673eb |
|
23-Dec-2017 |
Bo Zhu <bozhu@google.com> |
Write the integer given by setServerParameters() into SQLite DB Change-Id: Icd8b40154560c600757d51ed4620d39fc07e494c Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
5b81fa66e8efc2b8ed54973a5f1b1bbd6d7a7b3e |
|
21-Dec-2017 |
Bo Zhu <bozhu@google.com> |
Implement the DB table to store the recovery service's public key Change-Id: Ic80469dd0a199aa45d353ee07d712310047fd428 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
ad88471920085d87f377f4e00330f5f25e3ead80 |
|
20-Dec-2017 |
Dmitry Dementyev <dementyev@google.com> |
Implement API to store and retrieve recovery status. Currently recovery agents can set/get statuses only for their own keys. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I5cb70ce139ca29c066d46d0bd4d2967bd3c30843
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
b7c06ea06a7d18d02becb100958d47c9d96369b5 |
|
21-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add userId to RecoverableKeyStoreDb We need to store the userId (i.e., the uid of the *profile*, not the app), as well as the app uid. This is because when the screen is unlocked, the unlock is associated with a specific user profile, not a specific app. So at that point we need to look up all keys that are pending sync for that *user*, and upload them to the remote storage. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I6c456cca8974f5e1a15dfde6e9dd4e6bf4c16065
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
bc08840440d5121035244d8fd45a857becf3b7bb |
|
18-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add storage for platform key IDs to SQLite db Also fix UNIQUE constraint for keys table and add test. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I868cc4385b6557135ef1d40b39f23c0383453ca3
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|
76cf0831e030e42ffc0ffa24abd58350eea046e9 |
|
16-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add RecoverableKeyStoreDb Adds database for storing recoverable keys. They are indexed by the uid of the application that created them, and the alias of the key. This is the same alias that is used to get the key from AndroidKeyStore. The database stores the wrapped key, and the version of the platform key that did the wrapping. It also stores information about when the key was last synced. This is used to get the status of the key. e.g., if the platform key id is not the current platform key id, this is now an unsyncable key. If the last-synced time is not set, this is a valid key but one that has not yet been synced. etc., etc. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I4960452abcdd16c9f39a1f166a086a52dd2f05c0
/frameworks/base/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
|