Merge "Extend app request refresh rate" into main
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
index 9c05a3a..83ddfc5 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -109,13 +109,29 @@
}
}
+ // For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need
+ // to distinguish between Curve 25519 and other EC algorithms, so we use a different constant
+ // with a value that is outside the range of the enum used for KeyMint algorithms.
+ private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200;
+ private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1;
+
/**
- * XDH represents Curve 25519 providers.
+ * XDH represents Curve 25519 agreement key provider.
*/
public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi {
// XDH is treated as EC.
public XDH() {
- super(KeymasterDefs.KM_ALGORITHM_EC);
+ super(ALGORITHM_XDH);
+ }
+ }
+
+ /**
+ * ED25519 represents Curve 25519 signing key provider.
+ */
+ public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi {
+ // ED25519 is treated as EC.
+ public ED25519() {
+ super(ALGORITHM_ED25519);
}
}
@@ -241,7 +257,9 @@
KeyGenParameterSpec spec;
boolean encryptionAtRestRequired = false;
- int keymasterAlgorithm = mOriginalKeymasterAlgorithm;
+ int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
+ || mOriginalKeymasterAlgorithm == ALGORITHM_ED25519)
+ ? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm;
if (params instanceof KeyGenParameterSpec) {
spec = (KeyGenParameterSpec) params;
} else if (params instanceof KeyPairGeneratorSpec) {
@@ -610,6 +628,15 @@
if (algSpecificSpec instanceof ECGenParameterSpec) {
ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
mEcCurveName = ecSpec.getName();
+ if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH
+ && !mEcCurveName.equalsIgnoreCase("x25519")) {
+ throw new InvalidAlgorithmParameterException("XDH algorithm only supports"
+ + " x25519 curve.");
+ } else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519
+ && !mEcCurveName.equalsIgnoreCase("ed25519")) {
+ throw new InvalidAlgorithmParameterException("Ed25519 algorithm only"
+ + " supports ed25519 curve.");
+ }
final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get(
mEcCurveName.toLowerCase(Locale.US));
if (ecSpecKeySizeBits == null) {
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index 11278e8..d204f13 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
@@ -86,11 +86,14 @@
put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC");
put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$RSA");
put("KeyPairGenerator.XDH", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$XDH");
+ put("KeyPairGenerator.ED25519", PACKAGE_NAME
+ + ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519");
// java.security.KeyFactory
putKeyFactoryImpl("EC");
putKeyFactoryImpl("RSA");
putKeyFactoryImpl("XDH");
+ putKeyFactoryImpl("ED25519");
// javax.crypto.KeyGenerator
put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES");
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 74902f7..374a17a 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -135,6 +135,7 @@
import static com.android.internal.protolog.ProtoLogGroup.WM_DEBUG_CONFIGURATION;
import static com.android.internal.util.FrameworkStatsLog.UNSAFE_INTENT_EVENT_REPORTED__EVENT_TYPE__INTERNAL_NON_EXPORTED_COMPONENT_MATCH;
import static com.android.internal.util.FrameworkStatsLog.UNSAFE_INTENT_EVENT_REPORTED__EVENT_TYPE__NEW_MUTABLE_IMPLICIT_PENDING_INTENT_RETRIEVED;
+import static com.android.sdksandbox.flags.Flags.sdkSandboxInstrumentationInfo;
import static com.android.server.am.ActivityManagerDebugConfig.DEBUG_ALL;
import static com.android.server.am.ActivityManagerDebugConfig.DEBUG_ALLOWLISTS;
import static com.android.server.am.ActivityManagerDebugConfig.DEBUG_BACKGROUND_CHECK;
@@ -16141,10 +16142,22 @@
}
final ApplicationInfo sdkSandboxInfo;
+ final String processName;
try {
- sdkSandboxInfo =
- sandboxManagerLocal.getSdkSandboxApplicationInfoForInstrumentation(
- sdkSandboxClientAppInfo, isSdkInSandbox);
+ if (sdkSandboxInstrumentationInfo()) {
+ sdkSandboxInfo =
+ sandboxManagerLocal.getSdkSandboxApplicationInfoForInstrumentation(
+ sdkSandboxClientAppInfo, isSdkInSandbox);
+ processName = sdkSandboxInfo.processName;
+ } else {
+ final PackageManager pm = mContext.getPackageManager();
+ sdkSandboxInfo =
+ pm.getApplicationInfoAsUser(pm.getSdkSandboxPackageName(), 0, userId);
+ processName =
+ sandboxManagerLocal.getSdkSandboxProcessNameForInstrumentation(
+ sdkSandboxClientAppInfo);
+ sdkSandboxInfo.uid = Process.toSdkSandboxUid(sdkSandboxClientAppInfo.uid);
+ }
} catch (NameNotFoundException e) {
reportStartInstrumentationFailureLocked(
watcher, className, "Can't find SdkSandbox package");
@@ -16153,7 +16166,7 @@
ActiveInstrumentation activeInstr = new ActiveInstrumentation(this);
activeInstr.mClass = className;
- activeInstr.mTargetProcesses = new String[]{sdkSandboxInfo.processName};
+ activeInstr.mTargetProcesses = new String[]{processName};
activeInstr.mTargetInfo = sdkSandboxInfo;
activeInstr.mIsSdkInSandbox = isSdkInSandbox;
activeInstr.mProfileFile = profileFile;
@@ -16196,7 +16209,7 @@
ProcessRecord app = addAppLocked(
sdkSandboxInfo,
- sdkSandboxInfo.processName,
+ processName,
/* isolated= */ false,
/* isSdkSandbox= */ true,
sdkSandboxInfo.uid,
diff --git a/services/core/java/com/android/server/pm/AppsFilterBase.java b/services/core/java/com/android/server/pm/AppsFilterBase.java
index a5bc2c3..98b7c96 100644
--- a/services/core/java/com/android/server/pm/AppsFilterBase.java
+++ b/services/core/java/com/android/server/pm/AppsFilterBase.java
@@ -24,6 +24,7 @@
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.content.pm.Flags;
import android.content.pm.SigningDetails;
import android.os.Binder;
import android.os.Handler;
@@ -318,6 +319,11 @@
existingSettings.untrackedStorage());
}
+ private static boolean isQueryableBySdkSandbox(int callingUid, int targetUid) {
+ return Flags.allowSdkSandboxQueryIntentActivities()
+ && targetUid == Process.getAppUidForSdkSandboxUid(callingUid);
+ }
+
/**
* See
* {@link AppsFilterSnapshot#shouldFilterApplication(PackageDataSnapshot, int, Object,
@@ -338,9 +344,11 @@
} else if (Process.isSdkSandboxUid(callingAppId)) {
final int targetAppId = targetPkgSetting.getAppId();
final int targetUid = UserHandle.getUid(userId, targetAppId);
- // we only allow sdk sandbox processes access to forcequeryable packages
+ // we only allow sdk sandbox processes access to forcequeryable packages or
+ // if the target app is the sandbox's client app
return !isForceQueryable(targetPkgSetting.getAppId())
- && !isImplicitlyQueryable(callingUid, targetUid);
+ && !isImplicitlyQueryable(callingUid, targetUid)
+ && !isQueryableBySdkSandbox(callingUid, targetUid);
}
// use cache
if (mCacheReady && mCacheEnabled) {