Merge "keystore2: rename MonotonicRawTime to BootTime" into main
diff --git a/fsverity_init/Android.bp b/fsverity_init/Android.bp
index d9bff3b..5588493 100644
--- a/fsverity_init/Android.bp
+++ b/fsverity_init/Android.bp
@@ -22,12 +22,17 @@
"libkeyutils",
"liblog",
],
- cflags: ["-Werror", "-Wall", "-Wextra"],
+ cflags: [
+ "-Werror",
+ "-Wall",
+ "-Wextra",
+ ],
}
aconfig_declarations {
name: "aconfig_fsverity_init",
package: "android.security.flag",
+ container: "system",
srcs: ["flags.aconfig"],
}
diff --git a/fsverity_init/flags.aconfig b/fsverity_init/flags.aconfig
index 20640d7..495c71c 100644
--- a/fsverity_init/flags.aconfig
+++ b/fsverity_init/flags.aconfig
@@ -1,4 +1,5 @@
package: "android.security.flag"
+container: "system"
flag {
name: "deprecate_fsverity_init"
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index ad151ad..7cb7c37 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -158,6 +158,7 @@
aconfig_declarations {
name: "keystore2_flags",
package: "android.security.keystore2",
+ container: "system",
srcs: ["aconfig/flags.aconfig"],
}
diff --git a/keystore2/aconfig/flags.aconfig b/keystore2/aconfig/flags.aconfig
index 133c4ab..b67bc6c 100644
--- a/keystore2/aconfig/flags.aconfig
+++ b/keystore2/aconfig/flags.aconfig
@@ -1,4 +1,5 @@
package: "android.security.keystore2"
+container: "system"
flag {
name: "wal_db_journalmode_v3"
diff --git a/keystore2/aidl/android/security/maintenance/IKeystoreMaintenance.aidl b/keystore2/aidl/android/security/maintenance/IKeystoreMaintenance.aidl
index e612db9..abea958 100644
--- a/keystore2/aidl/android/security/maintenance/IKeystoreMaintenance.aidl
+++ b/keystore2/aidl/android/security/maintenance/IKeystoreMaintenance.aidl
@@ -151,7 +151,8 @@
* (addition of a fingerprint, for example), authentication-bound keys may be invalidated.
* This method allows the platform to find out which apps would be affected (for a given user)
* when a given user secure ID is removed.
- * Callers require 'ChangeUser' permission.
+ * Callers require the `android.permission.MANAGE_USERS` Android permission
+ * (not SELinux policy).
*
* @param userId The affected user.
* @param sid The user secure ID - identifier of the authentication method.
diff --git a/keystore2/selinux/src/concurrency_test.rs b/keystore2/selinux/src/concurrency_test.rs
index a5d2df2..fa97f3a 100644
--- a/keystore2/selinux/src/concurrency_test.rs
+++ b/keystore2/selinux/src/concurrency_test.rs
@@ -69,7 +69,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("keystore2_selinux_concurrency_test")
- .with_min_level(log::Level::Debug),
+ .with_max_level(log::LevelFilter::Debug),
);
let cpus = num_cpus::get();
diff --git a/keystore2/selinux/src/lib.rs b/keystore2/selinux/src/lib.rs
index 32fdb59..695e029 100644
--- a/keystore2/selinux/src/lib.rs
+++ b/keystore2/selinux/src/lib.rs
@@ -720,7 +720,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("keystore_selinux_tests")
- .with_min_level(log::Level::Debug),
+ .with_max_level(log::LevelFilter::Debug),
);
let scontext = Context::new("u:r:shell:s0")?;
let backend = KeystoreKeyBackend::new()?;
diff --git a/keystore2/src/error.rs b/keystore2/src/error.rs
index b4c57fb..f0d0d27 100644
--- a/keystore2/src/error.rs
+++ b/keystore2/src/error.rs
@@ -352,7 +352,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("keystore_error_tests")
- .with_min_level(log::Level::Debug),
+ .with_max_level(log::LevelFilter::Debug),
);
// All Error::Rc(x) get mapped on a service specific error
// code of x.
diff --git a/keystore2/src/keystore2_main.rs b/keystore2/src/keystore2_main.rs
index 059d59d..178b36c 100644
--- a/keystore2/src/keystore2_main.rs
+++ b/keystore2/src/keystore2_main.rs
@@ -40,8 +40,8 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("keystore2")
- .with_min_level(log::Level::Debug)
- .with_log_id(android_logger::LogId::System)
+ .with_max_level(log::LevelFilter::Debug)
+ .with_log_buffer(android_logger::LogId::System)
.format(|buf, record| {
writeln!(
buf,
diff --git a/keystore2/src/maintenance.rs b/keystore2/src/maintenance.rs
index 4d8b8c1..3e34cff 100644
--- a/keystore2/src/maintenance.rs
+++ b/keystore2/src/maintenance.rs
@@ -24,7 +24,8 @@
use crate::permission::{KeyPerm, KeystorePerm};
use crate::super_key::{SuperKeyManager, UserState};
use crate::utils::{
- check_key_permission, check_keystore_permission, uid_to_android_user, watchdog as wd,
+ check_get_app_uids_affected_by_sid_permissions, check_key_permission,
+ check_keystore_permission, uid_to_android_user, watchdog as wd,
};
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
IKeyMintDevice::IKeyMintDevice, SecurityLevel::SecurityLevel,
@@ -292,8 +293,9 @@
secure_user_id: i64,
) -> Result<std::vec::Vec<i64>> {
// This method is intended to be called by Settings and discloses a list of apps
- // associated with a user, so it requires the ChangeUser permission.
- check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;
+ // associated with a user, so it requires the "android.permission.MANAGE_USERS"
+ // permission (to avoid leaking list of apps to unauthorized callers).
+ check_get_app_uids_affected_by_sid_permissions().context(ks_err!())?;
DB.with(|db| db.borrow_mut().get_app_uids_affected_by_sid(user_id, secure_user_id))
.context(ks_err!("Failed to get app UIDs affected by SID"))
}
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 174a22b..a3fd882 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs
@@ -129,6 +129,15 @@
check_android_permission("android.permission.REQUEST_UNIQUE_ID_ATTESTATION")
}
+/// This function checks whether the calling app has the Android permissions needed to manage
+/// users. Only callers that can manage users are allowed to get a list of apps affected
+/// by a user's SID changing.
+/// It throws an error if the permissions cannot be verified or if the caller doesn't
+/// have the right permissions. Otherwise it returns silently.
+pub fn check_get_app_uids_affected_by_sid_permissions() -> anyhow::Result<()> {
+ check_android_permission("android.permission.MANAGE_USERS")
+}
+
fn check_android_permission(permission: &str) -> anyhow::Result<()> {
let permission_controller: Strong<dyn IPermissionController::IPermissionController> =
binder::get_interface("permission")?;
diff --git a/keystore2/watchdog/src/lib.rs b/keystore2/watchdog/src/lib.rs
index 01043c5..fa4620a 100644
--- a/keystore2/watchdog/src/lib.rs
+++ b/keystore2/watchdog/src/lib.rs
@@ -335,7 +335,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("keystore2_watchdog_tests")
- .with_min_level(log::Level::Debug),
+ .with_max_level(log::LevelFilter::Debug),
);
let wd = Watchdog::new(Watchdog::NOISY_REPORT_TIMEOUT.checked_mul(3).unwrap());
diff --git a/ondevice-signing/Android.bp b/ondevice-signing/Android.bp
index f56cfab..6901b17 100644
--- a/ondevice-signing/Android.bp
+++ b/ondevice-signing/Android.bp
@@ -142,6 +142,8 @@
"libfsverity",
"liblogwrap",
"libprotobuf-cpp-lite",
+ "libstatspull",
+ "libstatssocket",
"libutils",
],
}
diff --git a/prng_seeder/src/main.rs b/prng_seeder/src/main.rs
index f8b0c63..cb7f38d 100644
--- a/prng_seeder/src/main.rs
+++ b/prng_seeder/src/main.rs
@@ -31,7 +31,7 @@
use anyhow::{ensure, Context, Result};
use clap::Parser;
-use log::{error, info, Level};
+use log::{error, info, LevelFilter};
use nix::sys::signal;
use tokio::{io::AsyncWriteExt, net::UnixListener as TokioUnixListener};
@@ -48,7 +48,9 @@
fn configure_logging() -> Result<()> {
ensure!(
logger::init(
- logger::Config::default().with_tag_on_device("prng_seeder").with_min_level(Level::Info)
+ logger::Config::default()
+ .with_tag_on_device("prng_seeder")
+ .with_max_level(LevelFilter::Info)
),
"log configuration failed"
);