Commit Graph

84 Commits

Author SHA1 Message Date
JP Abgrall
012c2ea565 dumpstate: collect xtables based iface stats, update iptables info.
The newer kernels now have /proc/net/xt_qtaguid/iface_stat_fmt.
Add the extra iptables output and remove ip6tables for nat which doesn't
exist.

Change-Id: I819c707b337a707ca0acd87d9ab38cd68ca0f36c
2012-05-16 20:49:29 -07:00
JP Abgrall
3e03d3fb6a Ignore SIGPIPE is some of the tools used via bugreport
adb bugreport > b & sleep 5; kill $?
will show that a bunch of tools will SIGPIPE when trying to output data
which is normal.
We don't have a way on linux (bsd yes), to set NOSIGPIPE on the file desc
passed down via fork/exec.

Bug: 6447319
Change-Id: I25b30a823addcff89d252f162d0a07035d4fdd3f
2012-05-11 14:14:09 -07:00
Mathias Agopian
64a1e08b86 SF doesn't need more than a few binder threads
Change-Id: Ic4659fb81f9990cc7caf84a496a8ae659a1d16a9
2012-04-19 17:32:03 -07:00
Jeff Sharkey
4287cb4595 Add sdcard_r group to dumpstate.
Bug: 6321962
Change-Id: I318cd88493396f3d8adb5d4d0fc7a12ee40ba737
2012-04-11 12:27:48 -07:00
Nick Kralevich
d51820e8de dumpstate: don't follow symlinks when creating /data/anr/traces.txt
Make Android more robust against symlink attacks when /data/anr
is world-writable.

Bug: 5614000
Change-Id: I9a7e4c4ec9aa4300ac30a968db0dcd276f364ab6
2012-04-06 09:53:45 -07:00
Nick Kralevich
c7f1fe2680 Ensure that /data/anr/traces.txt is world-writable
The umask changed for init. We have to force /data/anr to be world
readble and /data/anr/traces.txt to be world writable so dalvik
processes can write to it.

Hopefully this is a short term change while we investigate tightening
up these permissions.

Bug: 6300296
Change-Id: Iacb4c9f1bc69d2ac679697f9cf9a52694f888489
2012-04-06 09:46:10 -07:00
Colin Cross
f45fa6b285 move dumpstate and dumpsys from frameworks/base to frameworks/native
Change-Id: I8a5318022ce5cd3e7c8055f21fe5da74639aa6c0
2012-03-26 12:39:26 -07:00
Kenny Root
a87de87dcd Move keystore to system/security repo
Move keystore to system/security at revision
a91203b08350b2fc7efda5b1eab39e7541476b3a

Change-Id: I7dbd625b864e9c63489b08e9fd28dfb22da81072
2012-02-15 15:55:21 -08:00
Glenn Kasten
4a9730ff86 Merge "Fix build warnings" 2012-02-13 16:43:43 -08:00
Dianne Hackborn
a94f129a7b Some hardening of isolated processes by restricting access to services.
Services now must explicitly opt in to being accessed by isolated
processes.  Currently only the activity manager and surface flinger
allow this.  Activity manager is needed so that we can actually
bring up the process; SurfaceFlinger is needed to be able to get the
display information for creating the Configuration.  The SurfaceFlinger
should be safe because the app doesn't have access to the window
manager so can't actually get a surface to do anything with.

The activity manager now protects most of its entry points against
isolated processes.

Change-Id: I0dad8cb2c873575c4c7659c3c2a7eda8e98f46b0
2012-02-09 18:06:01 -08:00
Glenn Kasten
6c76095496 Fix build warnings
Change-Id: Ia5b8da2cfed7ae02c9e8e03e8bae22b2a68684a0
2012-01-11 07:41:08 -08:00
Steve Block
e6f43ddce7 Rename (IF_)LOGE(_IF) to (IF_)ALOGE(_IF) DO NOT MERGE
See https://android-git.corp.google.com/g/#/c/157220

Bug: 5449033
Change-Id: Ic9c19d30693bd56755f55906127cd6bd7126096c
2012-01-08 13:19:13 +00:00
Steve Block
32397c1cd3 Rename (IF_)LOGW(_IF) to (IF_)ALOGW(_IF) DO NOT MERGE
See https://android-git.corp.google.com/g/157065

Bug: 5449033
Change-Id: I00a4b904f9449e6f93b7fd35eac28640d7929e69
2012-01-06 10:07:54 +00:00
Steve Block
a19954ab37 Rename (IF_)LOGI(_IF) to (IF_)ALOGI(_IF) DO NOT MERGE
See https://android-git.corp.google.com/g/156801

Bug: 5449033
Change-Id: Ib08fe86d23db91ee153e9f91a99a35c42b9208ea
2012-01-04 20:05:49 +00:00
Jeff Brown
baa44b89ec Remove the simulator target from all makefiles.
Bug: 5010576

Change-Id: I04d722f258951a3078fe07899f5bbe8aac02a8e8
2011-07-11 22:12:16 -07:00
Jeff Brown
a816cc4e68 Remove more simulator support code.
Bug: 5010576

Change-Id: Ie6c8665306bf4e822693b76f25c3a0f05c12d42d
2011-07-11 13:33:22 -07:00
Jeff Brown
e16986cae2 Eliminate single-process mode.
Bug: 5010576

Change-Id: Id450dc83efed4897d1e4ff451530fed14457aace
2011-07-08 19:54:07 -07:00
Brian Carlstrom
e0cd5dc3dc Revert "Add keychain user with special keystore access permissions"
This reverts commit 8c2a1a90a81f04573bfa578eab32f5fd4a30eafb.

Conflicts:

	cmds/keystore/keystore.c

Bug:4970237
Change-Id: I626023d695becfada47e5f319b18e0889b766563
2011-06-30 22:59:13 -07:00
Chia-chi Yeh
6904f14b89 KeyStore: fix test-keystore
Change-Id: I1dcbd5c3cc7569c397d2480cda76288a9e28cd5c
2011-06-27 10:38:10 -07:00
Chia-chi Yeh
91a465b73a KeyStore: allow system user to get secrets from keystore.
Change-Id: I9cb41344c17fb33e6614a45d46368a9c43e3dce7
2011-06-26 18:24:19 -07:00
Brian Carlstrom
ce4b51d3bd Reinitialize KeyStore::mMasterKey after unlock (and add test-keystore)
Bug: 4599735

Change-Id: Iee38a2e2929c45b6405214c9012819da09b273af
2011-06-23 02:10:23 -07:00
Brian Carlstrom
804f499fda KeyStore.reset changes
restore keystore reset behavior of removing master key.
otherwise after reboot keystore has is LOCKED and not UNINITIALIZED
	cmds/keystore/keystore.cpp

when removing password, reset the keystore, so it doesn't remain
locked with a now bogus password.

	core/java/com/android/internal/widget/LockPatternUtils.java

Change-Id: If5e0bb50b42599e9ca27a8b91d6cec12528419a1
2011-06-02 16:24:45 -07:00
Brian Carlstrom
0137377289 Integrating keystore with keyguard (Part 1 of 4)
Summary:

frameworks/base
  keystore rewrite
  keyguard integration with keystore on keyguard entry or keyguard change
  KeyStore API simplification

packages/apps/Settings
  Removed com.android.credentials.SET_PASSWORD intent support
  Added keyguard requirement for keystore use

packages/apps/CertInstaller
  Tracking KeyStore API changes
  Fix for NPE in CertInstaller when certificate lacks basic constraints

packages/apps/KeyChain
  Tracking KeyStore API changes

Details:

frameworks/base

   Move keystore from C to C++ while rewriting password
   implementation. Removed global variables. Added many comments.

	cmds/keystore/Android.mk
	cmds/keystore/keystore.h
	cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
	cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp

   Changed saveLockPattern and saveLockPassword to notify the keystore
   on changes so that the keystore master key can be reencrypted when
   the keyguard changes.

	core/java/com/android/internal/widget/LockPatternUtils.java

   Changed unlock screens to pass values for keystore unlock or initialization

	policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
	policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java

   KeyStore API changes
   - renamed test() to state(), which now return a State enum
   - made APIs with byte[] key arguments private
   - added new KeyStore.isEmpty used to determine if a keyguard is required

	keystore/java/android/security/KeyStore.java

   In addition to tracking KeyStore API changes, added new testIsEmpty
   and improved some existing tests to validate expect values.

	keystore/tests/src/android/security/KeyStoreTest.java

packages/apps/Settings

    Removing com.android.credentials.SET_PASSWORD intent with the
    removal of the ability to set an explicit keystore password now
    that the keyguard value is used. Changed to ensure keyguard is
    enabled for keystore install or unlock. Cleaned up interwoven
    dialog handing into discrete dialog helper classes.

	AndroidManifest.xml
	src/com/android/settings/CredentialStorage.java

    Remove layout for entering new password

	res/layout/credentials_dialog.xml

    Remove enable credentials checkbox

	res/xml/security_settings_misc.xml
	src/com/android/settings/SecuritySettings.java

    Added ability to specify minimum quality key to ChooseLockGeneric
    Activity. Used by CredentialStorage, but could also be used by
    CryptKeeperSettings. Changed ChooseLockGeneric to understand
    minimum quality for keystore in addition to DPM and device
    encryption.

	src/com/android/settings/ChooseLockGeneric.java

    Changed to use getActivePasswordQuality from
    getKeyguardStoredPasswordQuality based on experience in
    CredentialStorage. Removed bogus class javadoc.

	src/com/android/settings/CryptKeeperSettings.java

    Tracking KeyStore API changes

	src/com/android/settings/vpn/VpnSettings.java
	src/com/android/settings/wifi/WifiSettings.java

   Removing now unused string resources

	res/values-af/strings.xml
	res/values-am/strings.xml
	res/values-ar/strings.xml
	res/values-bg/strings.xml
	res/values-ca/strings.xml
	res/values-cs/strings.xml
	res/values-da/strings.xml
	res/values-de/strings.xml
	res/values-el/strings.xml
	res/values-en-rGB/strings.xml
	res/values-es-rUS/strings.xml
	res/values-es/strings.xml
	res/values-fa/strings.xml
	res/values-fi/strings.xml
	res/values-fr/strings.xml
	res/values-hr/strings.xml
	res/values-hu/strings.xml
	res/values-in/strings.xml
	res/values-it/strings.xml
	res/values-iw/strings.xml
	res/values-ja/strings.xml
	res/values-ko/strings.xml
	res/values-lt/strings.xml
	res/values-lv/strings.xml
	res/values-ms/strings.xml
	res/values-nb/strings.xml
	res/values-nl/strings.xml
	res/values-pl/strings.xml
	res/values-pt-rPT/strings.xml
	res/values-pt/strings.xml
	res/values-rm/strings.xml
	res/values-ro/strings.xml
	res/values-ru/strings.xml
	res/values-sk/strings.xml
	res/values-sl/strings.xml
	res/values-sr/strings.xml
	res/values-sv/strings.xml
	res/values-sw/strings.xml
	res/values-th/strings.xml
	res/values-tl/strings.xml
	res/values-tr/strings.xml
	res/values-uk/strings.xml
	res/values-vi/strings.xml
	res/values-zh-rCN/strings.xml
	res/values-zh-rTW/strings.xml
	res/values-zu/strings.xml
	res/values/strings.xml

packages/apps/CertInstaller

  Tracking KeyStore API changes
	src/com/android/certinstaller/CertInstaller.java

  Fix for NPE in CertInstaller when certificate lacks basic constraints
	src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

  Tracking KeyStore API changes
	src/com/android/keychain/KeyChainActivity.java
	src/com/android/keychain/KeyChainService.java
	support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
	support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
	tests/src/com/android/keychain/tests/KeyChainServiceTest.java

Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
2011-06-01 14:29:59 -07:00
Jeff Brown
95e24e04e0 Support wrapping app processes to inject debug instrumentation.
Bug: 4437846

Change-Id: I4552501c693716b14714afb5c5248edaca9547ab
2011-05-24 12:01:25 -07:00
Elliott Hughes
ca1feb405e Replace a custom AndroidRuntime::findClass with a more targeted fix.
This seems simpler and more contained, and I think the comment explaining
why hoop-jumping is necessary is a bit clearer now.

Change-Id: Ief4afd7cbb42188ed835fce23e497520bdb753a8
2011-04-13 16:43:15 -07:00
Brian Carlstrom
4d51522f5f Add keychain user with special keystore access permissions
Change-Id: I02fe5171add62c5cd9f57b01bc137f3bc1cb3a69
2011-04-08 14:06:39 -07:00
Chia-chi Yeh
ae17a37d2d KeyStore: Update the parameters of generating master keys.
To improve the security, the parameters to generate the master key has
been changed. Special cares has been taken to prevent from permanent
damages of the existing data during the transition process.

Change-Id: I0c93f3de28a9fcd314932675ccfb65a7f11fa3ff
2010-10-01 01:42:55 +08:00
Chia-chi Yeh
857edec1a2 KeyStore: Initialize IV correctly.
Change-Id: Idbf207dfcc11b92e606cbf4fd3732ed7a8aa3416
2010-09-30 17:28:01 +08:00
Chia-chi Yeh
1c2eccfac3 KeyStore: Fix the return value when send() or recv() has an error.
Change-Id: I20a63c76bd29b1a9f8959a6c4fe5a5b8a9a971b4
2010-09-30 15:17:58 +08:00
Mathias Agopian
a1e6bc864f added BinderService<> template to help creating native binder services
Change-Id: Id980899d2647b56479f8a27c89eaa949f9209dfe
2010-07-14 18:43:19 -07:00
Mathias Agopian
81bac09fa6 move native services under services/
moved surfaceflinger, audioflinger, cameraservice

all native services should now reside in this location.

Change-Id: Iee42b83dd2a94c3bf5107ab0895fe2dfcd5337a8
2010-07-14 17:59:35 -07:00
Chia-chi Yeh
6efed6c20e keystore: rephrase the comment to make the usage more clear.
Change-Id: I529ca7ed443060089c95fe96dd230288be4b6c96
2010-03-17 16:31:20 +08:00
Chia-chi Yeh
5bf4691382 Merge "keystore: add AID_ROOT into the user table." 2010-03-08 17:50:56 -08:00
Chia-chi Yeh
e3bc023471 keystore: add AID_ROOT into the user table.
Change-Id: I4b9cf24d75ca79583d7913bbb2c33745a2316cde
2010-03-09 09:44:07 +08:00
Chia-chi Yeh
0755483539 keystore: allow '\0's in keys and add guards for cplusplus.
Change-Id: I0af6ed7c5d51ce4ca39cb837e475942800cf6e2d
2010-03-08 17:21:35 +08:00
Marco Nelissen
4cb8ae291e Fix simulator build. 2010-02-11 14:41:20 -08:00
Chia-chi Yeh
b78679e18d keystore: compute the padding in an intuitive way. 2009-12-30 10:38:39 +08:00
Chia-chi Yeh
ced66258e1 keystore: Add paddings before checksumming.
Also fix a file descriptor leak when file system is nearly full.

Bug: 2339184
2009-12-22 17:26:42 +08:00
Chia-chi Yeh
4424dd7dd5 keystore: remove old implementation and test.
The new tests will be implemented in java.
2009-09-24 13:35:26 +08:00
Chia-chi Yeh
1cdc2a4b81 keystore: rename scan() to saw(). 2009-09-22 02:57:52 +08:00
Chia-chi Yeh
c5dbc5e98a keystore: exclude builds for simulator. 2009-09-22 00:43:13 +08:00
Chia-chi Yeh
dd2a71eebc keystore: enable delete(), scan(), exist() when keystore is locked.
Also check end-of-file explicitly.
2009-09-21 11:36:33 +08:00
Chia-chi Yeh
2f3b2a5aa6 keystore: switch to multi-user version. 2009-09-18 17:23:53 +08:00
Chia-chi Yeh
4cff21f21b keystore: add multi-user support.
Change-Id: I60268261110934a1d60efa341ff530f94415724f
2009-09-18 11:49:55 +08:00
Hung-ying Tyan
408c5f2c98 Fix a minor bug in is_alnum_string()...
and remove some verbose logging
2009-09-17 12:17:29 +08:00
Hung-ying Tyan
b2de5bd4da Add tests and misc fixes on keystore.
* Refactor netkeystore.c to make client and server code testable.
* Add a client test for setting new passwd and changing passwd.
* Exclude "." and ".." from reset_keystore().
* Change ServerCommand.executeCommand() to accept variable length of
  arguments and add convert() to marshalling the args to bytes.
* Keystore.java is revised accordingly.
2009-09-11 19:30:13 +08:00
Chung-yih Wang
2a58b6dbf0 Replace the delimiter whitespace with '\0'.
+ Use '\0' as the delimiter.
+ Allow whitespace character for keystore password.

In previous implementation, we use space as the delimiter. That
will stop user from using passphrase with whitespace character.
2009-09-09 15:00:43 +08:00
repo sync
74c332f184 Fix network order for marshalling in keystore interface.
This will fix the endian issue for heterogeneous architectures in keystore marshalling interface.
2009-08-10 16:13:00 +08:00
Android (Google) Code Review
5e2ae8dca5 am b86bad94: Merge change 9438 into donut
Merge commit 'b86bad9493a331a09dd765bc6e725c0aec969ff6'

* commit 'b86bad9493a331a09dd765bc6e725c0aec969ff6':
  Change some log.i to log.d.
2009-07-31 20:18:23 -07:00
Android (Google) Code Review
23c95b3b32 Merge change 9438 into donut
* changes:
  Change some log.i to log.d.
2009-07-31 20:15:15 -07:00