Commit Graph

325 Commits

Author SHA1 Message Date
Dianne Hackborn
a94f129a7b Some hardening of isolated processes by restricting access to services.
Services now must explicitly opt in to being accessed by isolated
processes.  Currently only the activity manager and surface flinger
allow this.  Activity manager is needed so that we can actually
bring up the process; SurfaceFlinger is needed to be able to get the
display information for creating the Configuration.  The SurfaceFlinger
should be safe because the app doesn't have access to the window
manager so can't actually get a surface to do anything with.

The activity manager now protects most of its entry points against
isolated processes.

Change-Id: I0dad8cb2c873575c4c7659c3c2a7eda8e98f46b0
2012-02-09 18:06:01 -08:00
Glenn Kasten
6c76095496 Fix build warnings
Change-Id: Ia5b8da2cfed7ae02c9e8e03e8bae22b2a68684a0
2012-01-11 07:41:08 -08:00
Steve Block
e6f43ddce7 Rename (IF_)LOGE(_IF) to (IF_)ALOGE(_IF) DO NOT MERGE
See https://android-git.corp.google.com/g/#/c/157220

Bug: 5449033
Change-Id: Ic9c19d30693bd56755f55906127cd6bd7126096c
2012-01-08 13:19:13 +00:00
Steve Block
32397c1cd3 Rename (IF_)LOGW(_IF) to (IF_)ALOGW(_IF) DO NOT MERGE
See https://android-git.corp.google.com/g/157065

Bug: 5449033
Change-Id: I00a4b904f9449e6f93b7fd35eac28640d7929e69
2012-01-06 10:07:54 +00:00
Steve Block
a19954ab37 Rename (IF_)LOGI(_IF) to (IF_)ALOGI(_IF) DO NOT MERGE
See https://android-git.corp.google.com/g/156801

Bug: 5449033
Change-Id: Ib08fe86d23db91ee153e9f91a99a35c42b9208ea
2012-01-04 20:05:49 +00:00
Jeff Brown
baa44b89ec Remove the simulator target from all makefiles.
Bug: 5010576

Change-Id: I04d722f258951a3078fe07899f5bbe8aac02a8e8
2011-07-11 22:12:16 -07:00
Jeff Brown
a816cc4e68 Remove more simulator support code.
Bug: 5010576

Change-Id: Ie6c8665306bf4e822693b76f25c3a0f05c12d42d
2011-07-11 13:33:22 -07:00
Jeff Brown
e16986cae2 Eliminate single-process mode.
Bug: 5010576

Change-Id: Id450dc83efed4897d1e4ff451530fed14457aace
2011-07-08 19:54:07 -07:00
Brian Carlstrom
e0cd5dc3dc Revert "Add keychain user with special keystore access permissions"
This reverts commit 8c2a1a90a81f04573bfa578eab32f5fd4a30eafb.

Conflicts:

	cmds/keystore/keystore.c

Bug:4970237
Change-Id: I626023d695becfada47e5f319b18e0889b766563
2011-06-30 22:59:13 -07:00
Chia-chi Yeh
6904f14b89 KeyStore: fix test-keystore
Change-Id: I1dcbd5c3cc7569c397d2480cda76288a9e28cd5c
2011-06-27 10:38:10 -07:00
Chia-chi Yeh
91a465b73a KeyStore: allow system user to get secrets from keystore.
Change-Id: I9cb41344c17fb33e6614a45d46368a9c43e3dce7
2011-06-26 18:24:19 -07:00
Brian Carlstrom
ce4b51d3bd Reinitialize KeyStore::mMasterKey after unlock (and add test-keystore)
Bug: 4599735

Change-Id: Iee38a2e2929c45b6405214c9012819da09b273af
2011-06-23 02:10:23 -07:00
Brian Carlstrom
804f499fda KeyStore.reset changes
restore keystore reset behavior of removing master key.
otherwise after reboot keystore has is LOCKED and not UNINITIALIZED
	cmds/keystore/keystore.cpp

when removing password, reset the keystore, so it doesn't remain
locked with a now bogus password.

	core/java/com/android/internal/widget/LockPatternUtils.java

Change-Id: If5e0bb50b42599e9ca27a8b91d6cec12528419a1
2011-06-02 16:24:45 -07:00
Brian Carlstrom
0137377289 Integrating keystore with keyguard (Part 1 of 4)
Summary:

frameworks/base
  keystore rewrite
  keyguard integration with keystore on keyguard entry or keyguard change
  KeyStore API simplification

packages/apps/Settings
  Removed com.android.credentials.SET_PASSWORD intent support
  Added keyguard requirement for keystore use

packages/apps/CertInstaller
  Tracking KeyStore API changes
  Fix for NPE in CertInstaller when certificate lacks basic constraints

packages/apps/KeyChain
  Tracking KeyStore API changes

Details:

frameworks/base

   Move keystore from C to C++ while rewriting password
   implementation. Removed global variables. Added many comments.

	cmds/keystore/Android.mk
	cmds/keystore/keystore.h
	cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
	cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp

   Changed saveLockPattern and saveLockPassword to notify the keystore
   on changes so that the keystore master key can be reencrypted when
   the keyguard changes.

	core/java/com/android/internal/widget/LockPatternUtils.java

   Changed unlock screens to pass values for keystore unlock or initialization

	policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
	policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java

   KeyStore API changes
   - renamed test() to state(), which now return a State enum
   - made APIs with byte[] key arguments private
   - added new KeyStore.isEmpty used to determine if a keyguard is required

	keystore/java/android/security/KeyStore.java

   In addition to tracking KeyStore API changes, added new testIsEmpty
   and improved some existing tests to validate expect values.

	keystore/tests/src/android/security/KeyStoreTest.java

packages/apps/Settings

    Removing com.android.credentials.SET_PASSWORD intent with the
    removal of the ability to set an explicit keystore password now
    that the keyguard value is used. Changed to ensure keyguard is
    enabled for keystore install or unlock. Cleaned up interwoven
    dialog handing into discrete dialog helper classes.

	AndroidManifest.xml
	src/com/android/settings/CredentialStorage.java

    Remove layout for entering new password

	res/layout/credentials_dialog.xml

    Remove enable credentials checkbox

	res/xml/security_settings_misc.xml
	src/com/android/settings/SecuritySettings.java

    Added ability to specify minimum quality key to ChooseLockGeneric
    Activity. Used by CredentialStorage, but could also be used by
    CryptKeeperSettings. Changed ChooseLockGeneric to understand
    minimum quality for keystore in addition to DPM and device
    encryption.

	src/com/android/settings/ChooseLockGeneric.java

    Changed to use getActivePasswordQuality from
    getKeyguardStoredPasswordQuality based on experience in
    CredentialStorage. Removed bogus class javadoc.

	src/com/android/settings/CryptKeeperSettings.java

    Tracking KeyStore API changes

	src/com/android/settings/vpn/VpnSettings.java
	src/com/android/settings/wifi/WifiSettings.java

   Removing now unused string resources

	res/values-af/strings.xml
	res/values-am/strings.xml
	res/values-ar/strings.xml
	res/values-bg/strings.xml
	res/values-ca/strings.xml
	res/values-cs/strings.xml
	res/values-da/strings.xml
	res/values-de/strings.xml
	res/values-el/strings.xml
	res/values-en-rGB/strings.xml
	res/values-es-rUS/strings.xml
	res/values-es/strings.xml
	res/values-fa/strings.xml
	res/values-fi/strings.xml
	res/values-fr/strings.xml
	res/values-hr/strings.xml
	res/values-hu/strings.xml
	res/values-in/strings.xml
	res/values-it/strings.xml
	res/values-iw/strings.xml
	res/values-ja/strings.xml
	res/values-ko/strings.xml
	res/values-lt/strings.xml
	res/values-lv/strings.xml
	res/values-ms/strings.xml
	res/values-nb/strings.xml
	res/values-nl/strings.xml
	res/values-pl/strings.xml
	res/values-pt-rPT/strings.xml
	res/values-pt/strings.xml
	res/values-rm/strings.xml
	res/values-ro/strings.xml
	res/values-ru/strings.xml
	res/values-sk/strings.xml
	res/values-sl/strings.xml
	res/values-sr/strings.xml
	res/values-sv/strings.xml
	res/values-sw/strings.xml
	res/values-th/strings.xml
	res/values-tl/strings.xml
	res/values-tr/strings.xml
	res/values-uk/strings.xml
	res/values-vi/strings.xml
	res/values-zh-rCN/strings.xml
	res/values-zh-rTW/strings.xml
	res/values-zu/strings.xml
	res/values/strings.xml

packages/apps/CertInstaller

  Tracking KeyStore API changes
	src/com/android/certinstaller/CertInstaller.java

  Fix for NPE in CertInstaller when certificate lacks basic constraints
	src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

  Tracking KeyStore API changes
	src/com/android/keychain/KeyChainActivity.java
	src/com/android/keychain/KeyChainService.java
	support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
	support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
	tests/src/com/android/keychain/tests/KeyChainServiceTest.java

Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
2011-06-01 14:29:59 -07:00
Jeff Brown
95e24e04e0 Support wrapping app processes to inject debug instrumentation.
Bug: 4437846

Change-Id: I4552501c693716b14714afb5c5248edaca9547ab
2011-05-24 12:01:25 -07:00
Elliott Hughes
ca1feb405e Replace a custom AndroidRuntime::findClass with a more targeted fix.
This seems simpler and more contained, and I think the comment explaining
why hoop-jumping is necessary is a bit clearer now.

Change-Id: Ief4afd7cbb42188ed835fce23e497520bdb753a8
2011-04-13 16:43:15 -07:00
Brian Carlstrom
4d51522f5f Add keychain user with special keystore access permissions
Change-Id: I02fe5171add62c5cd9f57b01bc137f3bc1cb3a69
2011-04-08 14:06:39 -07:00
Chia-chi Yeh
ae17a37d2d KeyStore: Update the parameters of generating master keys.
To improve the security, the parameters to generate the master key has
been changed. Special cares has been taken to prevent from permanent
damages of the existing data during the transition process.

Change-Id: I0c93f3de28a9fcd314932675ccfb65a7f11fa3ff
2010-10-01 01:42:55 +08:00
Chia-chi Yeh
857edec1a2 KeyStore: Initialize IV correctly.
Change-Id: Idbf207dfcc11b92e606cbf4fd3732ed7a8aa3416
2010-09-30 17:28:01 +08:00
Chia-chi Yeh
1c2eccfac3 KeyStore: Fix the return value when send() or recv() has an error.
Change-Id: I20a63c76bd29b1a9f8959a6c4fe5a5b8a9a971b4
2010-09-30 15:17:58 +08:00
Mathias Agopian
a1e6bc864f added BinderService<> template to help creating native binder services
Change-Id: Id980899d2647b56479f8a27c89eaa949f9209dfe
2010-07-14 18:43:19 -07:00
Mathias Agopian
81bac09fa6 move native services under services/
moved surfaceflinger, audioflinger, cameraservice

all native services should now reside in this location.

Change-Id: Iee42b83dd2a94c3bf5107ab0895fe2dfcd5337a8
2010-07-14 17:59:35 -07:00
Chia-chi Yeh
6efed6c20e keystore: rephrase the comment to make the usage more clear.
Change-Id: I529ca7ed443060089c95fe96dd230288be4b6c96
2010-03-17 16:31:20 +08:00
Chia-chi Yeh
5bf4691382 Merge "keystore: add AID_ROOT into the user table." 2010-03-08 17:50:56 -08:00
Chia-chi Yeh
e3bc023471 keystore: add AID_ROOT into the user table.
Change-Id: I4b9cf24d75ca79583d7913bbb2c33745a2316cde
2010-03-09 09:44:07 +08:00
Chia-chi Yeh
0755483539 keystore: allow '\0's in keys and add guards for cplusplus.
Change-Id: I0af6ed7c5d51ce4ca39cb837e475942800cf6e2d
2010-03-08 17:21:35 +08:00
Marco Nelissen
4cb8ae291e Fix simulator build. 2010-02-11 14:41:20 -08:00
Chia-chi Yeh
b78679e18d keystore: compute the padding in an intuitive way. 2009-12-30 10:38:39 +08:00
Chia-chi Yeh
ced66258e1 keystore: Add paddings before checksumming.
Also fix a file descriptor leak when file system is nearly full.

Bug: 2339184
2009-12-22 17:26:42 +08:00
Chia-chi Yeh
4424dd7dd5 keystore: remove old implementation and test.
The new tests will be implemented in java.
2009-09-24 13:35:26 +08:00
Chia-chi Yeh
1cdc2a4b81 keystore: rename scan() to saw(). 2009-09-22 02:57:52 +08:00
Chia-chi Yeh
c5dbc5e98a keystore: exclude builds for simulator. 2009-09-22 00:43:13 +08:00
Chia-chi Yeh
dd2a71eebc keystore: enable delete(), scan(), exist() when keystore is locked.
Also check end-of-file explicitly.
2009-09-21 11:36:33 +08:00
Chia-chi Yeh
2f3b2a5aa6 keystore: switch to multi-user version. 2009-09-18 17:23:53 +08:00
Chia-chi Yeh
4cff21f21b keystore: add multi-user support.
Change-Id: I60268261110934a1d60efa341ff530f94415724f
2009-09-18 11:49:55 +08:00
Hung-ying Tyan
408c5f2c98 Fix a minor bug in is_alnum_string()...
and remove some verbose logging
2009-09-17 12:17:29 +08:00
Hung-ying Tyan
b2de5bd4da Add tests and misc fixes on keystore.
* Refactor netkeystore.c to make client and server code testable.
* Add a client test for setting new passwd and changing passwd.
* Exclude "." and ".." from reset_keystore().
* Change ServerCommand.executeCommand() to accept variable length of
  arguments and add convert() to marshalling the args to bytes.
* Keystore.java is revised accordingly.
2009-09-11 19:30:13 +08:00
Chung-yih Wang
2a58b6dbf0 Replace the delimiter whitespace with '\0'.
+ Use '\0' as the delimiter.
+ Allow whitespace character for keystore password.

In previous implementation, we use space as the delimiter. That
will stop user from using passphrase with whitespace character.
2009-09-09 15:00:43 +08:00
repo sync
74c332f184 Fix network order for marshalling in keystore interface.
This will fix the endian issue for heterogeneous architectures in keystore marshalling interface.
2009-08-10 16:13:00 +08:00
Android (Google) Code Review
5e2ae8dca5 am b86bad94: Merge change 9438 into donut
Merge commit 'b86bad9493a331a09dd765bc6e725c0aec969ff6'

* commit 'b86bad9493a331a09dd765bc6e725c0aec969ff6':
  Change some log.i to log.d.
2009-07-31 20:18:23 -07:00
Android (Google) Code Review
23c95b3b32 Merge change 9438 into donut
* changes:
  Change some log.i to log.d.
2009-07-31 20:15:15 -07:00
Hung-ying Tyan
6cdee58010 Change some log.i to log.d. 2009-08-01 10:11:46 +08:00
Chung-yih Wang
c7ceaf245e am f4692640: Add unit tests for netkeystore.
Merge commit 'f4692640a8c40b8bbba1f00841c2f8fbe7b28d7a'

* commit 'f4692640a8c40b8bbba1f00841c2f8fbe7b28d7a':
  Add unit tests for netkeystore.
2009-07-30 16:05:39 -07:00
Chung-yih Wang
ccf407f7ac Add unit tests for netkeystore.
+ some boundary checks.
2009-07-30 16:37:48 +08:00
Chung-yih Wang
9b29df2bc7 am 75b68163: Add memcpy and strcpy boundary check.
Merge commit '75b681639d3945d22d4ab90856a65a05405d2538'

* commit '75b681639d3945d22d4ab90856a65a05405d2538':
  Add memcpy and strcpy boundary check.
2009-07-24 12:52:33 -07:00
Chung-yih Wang
11e9f3dd26 Add memcpy and strcpy boundary check. 2009-07-24 11:24:31 +08:00
Android (Google) Code Review
795e8f42c9 am 0d039ba3: Merge change 7508 into donut
Merge commit '0d039ba328a59fc81280fbecf68aad2d2cba7234'

* commit '0d039ba328a59fc81280fbecf68aad2d2cba7234':
  keystore: Fix a compile warning.
2009-07-16 17:53:40 -07:00
Chia-chi Yeh
23c7adc5e9 keystore: Fix a compile warning. 2009-07-16 14:45:11 +08:00
Android (Google) Code Review
29f5a900db am 3383df38: Merge change 6198 into donut
Merge commit '3383df385e208807b1dc5f2956f82a7f75f65fd8'

* commit '3383df385e208807b1dc5f2956f82a7f75f65fd8':
  keystore: Provide a generic getter for native components.
2009-07-06 11:22:25 -07:00
Chung-yih Wang
e439029f8a am 699ca3f2: Add password field for WiFi configuration.
Merge commit '699ca3f2518360ea3250ff5a0e5d39e122c64a91'

* commit '699ca3f2518360ea3250ff5a0e5d39e122c64a91':
  Add password field for WiFi configuration.
2009-07-06 11:22:18 -07:00
Android (Google) Code Review
2659e77bd2 am 24ad29c6: Merge change 6177 into donut
Merge commit '24ad29c6dbbf62096bcb41ddb2fa3975720ee625'

* commit '24ad29c6dbbf62096bcb41ddb2fa3975720ee625':
  Two small checks in keymgmt.
2009-07-06 11:21:59 -07:00
Android (Google) Code Review
dea9f55274 Merge change 6198 into donut
* changes:
  keystore: Provide a generic getter for native components.
2009-07-06 00:04:54 -07:00
Chia-chi Yeh
5d0ca76229 keystore: Provide a generic getter for native components. 2009-07-06 14:33:09 +08:00
Chung-yih Wang
6ac03019e6 Add password field for WiFi configuration.
1. the certtool.h is modified for avoiding the side effect,
   for saving the configuration with wpa_supplicant.
2. put the loadLibrary back in CertTool.java
3. Fix incorrect JNI declarations.
2009-07-05 11:06:01 +08:00
Android (Google) Code Review
4c6ee740ad am 7de4bd9b: Merge change 6045 into donut
Merge commit '7de4bd9b40d80fd68fc746efd645e3df7442acea'

* commit '7de4bd9b40d80fd68fc746efd645e3df7442acea':
  Remove the null-termination for Java string compatibility.
2009-07-03 09:08:36 -07:00
Android (Google) Code Review
b35262e025 am d45dcbec: Merge change 5615 into donut
Merge commit 'd45dcbec856710f9478ffc5689e7cdf95d757ab8'

* commit 'd45dcbec856710f9478ffc5689e7cdf95d757ab8':
  Implement the generic mini-keystore for security.
2009-07-03 08:58:31 -07:00
Chung-yih Wang
37b49519cc Two small checks in keymgmt.
1. Enforce the state check in listkey().
2. Enforce the password length check.
2009-07-03 12:14:36 +08:00
Chung-yih Wang
7bd460b120 Remove the null-termination for Java string compatibility.
1. Also change the keyname delimiter in CertTool.java.
2. Return NOTFOUND if the result.len==0 in the listKeys().
3. Define the keystore states in the class Keystore.
2009-07-02 23:08:39 +08:00
Chung-yih Wang
c186c66a29 Implement the generic mini-keystore for security.
1. We will progressively migrate to this implementation.
2. For richc to have a quick review on the keymgmt part.
3. Add remove_key and make sure all functions are working.
4. Add permission check for get operation.
5. Return the retry count if unlock failed.
6. Add the reset operation for keystore reset.
7. Add the putfile shell command for putting the key value from file.
8. Fix the boundary issue during parsing command.
9. Use the ' ' as delimiter and reset the reply structure for each request.
10. Add change password retry count check.
11. Extract the read_marshal/write_marshal for certtool.h.
12. Remove the old implementation.
2009-07-02 14:08:20 +08:00
Android (Google) Code Review
b08e0936d7 am 9fbeb7da: Merge change 4337 into donut
Merge commit '9fbeb7da1318bf5b65588a759332d74540306c06'

* commit '9fbeb7da1318bf5b65588a759332d74540306c06':
  Change the keystore APIs.
2009-06-17 15:38:33 -07:00
Chung-yih Wang
4c40420cd2 Change the keystore APIs.
1. simplify the keypair selection in UI.
2. add the user certificate and key into the keystore for keygen feature.
2009-06-17 14:32:05 +08:00
Android (Google) Code Review
1c6ad98017 am db8a6ae6: Merge change 3709 into donut
Merge commit 'db8a6ae6bbd8cbb17fb79085ffb9d3fc539fe5c2'

* commit 'db8a6ae6bbd8cbb17fb79085ffb9d3fc539fe5c2':
  Provide the Keystore feature in the framework.
2009-06-11 07:57:37 -07:00
Chung-yih Wang
8fcbada742 Provide the Keystore feature in the framework.
-- added the keystore library for Java application.
-- changed the marshalling of the keystore function return.
2009-06-11 17:28:40 +08:00
Android (Google) Code Review
a0cfd25b43 am 54d63246: Merge change 3427 into donut
Merge commit '54d632468c0cd53087d17420d9d383bc29553d36'

* commit '54d632468c0cd53087d17420d9d383bc29553d36':
  First version of the keystore service.
2009-06-09 19:12:37 -07:00
Chung-yih Wang
a92d5dc0f6 First version of the keystore service.
The keystore service is protected by the user 'keystore'. Only keystore
user/group can access the key content. All users are able to do the
following commands from shell as well:
  listcerts
  listuserkeys
  installcert
  removecert
  installuserkey
  removeuserkey
2009-06-08 16:34:54 +08:00
Mathias Agopian
e0c322049a get rid of utils.h 2009-05-31 19:13:00 -07:00
Andy McFadden
19deced119 Fix sim-eng build. 2009-05-26 12:06:31 -07:00
Android (Google) Code Review
3a253bd4e4 am 9681a5e0: Merge change 2230 into donut
Merge commit '9681a5e06badbd817342e8f6be4ffbe9102c1e98'

* commit '9681a5e06badbd817342e8f6be4ffbe9102c1e98':
  runtime: Add CAP_SYS_NICE to the system server capabilities list so it
2009-05-22 11:26:04 -07:00
San Mehat
a00a0851c3 runtime: Add CAP_SYS_NICE to the system server capabilities list so it
can (eventually) move arbitrary threads into different cgroups

Signed-off-by: San Mehat <san@google.com>
2009-05-21 15:34:56 -07:00
Mathias Agopian
c5b2c0bf80 move libbinder's header files under includes/binder 2009-05-20 12:55:03 -07:00
Mathias Agopian
208059f67e checkpoint: split libutils into libutils + libbinder 2009-05-20 12:55:02 -07:00
The Android Open Source Project
edbf3b6af7 auto import from //depot/cupcake/@135843 2009-03-03 19:31:44 -08:00
The Android Open Source Project
d5193d9394 auto import from //depot/cupcake/@135843 2009-03-03 18:28:45 -08:00
The Android Open Source Project
8a7a67538a auto import from //branches/cupcake/...@126645 2009-01-15 16:12:10 -08:00
The Android Open Source Project
7c1b96a165 Initial Contribution 2008-10-21 07:00:00 -07:00