diff options
32 files changed, 1237 insertions, 1586 deletions
@@ -202,6 +202,7 @@ LOCAL_SRC_FILES += \ core/java/android/os/IUpdateLock.aidl \ core/java/android/os/IUserManager.aidl \ core/java/android/os/IVibratorService.aidl \ + core/java/android/security/IKeystoreService.aidl \ core/java/android/service/notification/INotificationListener.aidl \ core/java/android/service/notification/IStatusBarNotificationHolder.aidl \ core/java/android/service/notification/IConditionListener.aidl \ diff --git a/core/java/android/app/ActivityManagerNative.java b/core/java/android/app/ActivityManagerNative.java index 4e2ff0b..09d6c29 100644 --- a/core/java/android/app/ActivityManagerNative.java +++ b/core/java/android/app/ActivityManagerNative.java @@ -466,8 +466,9 @@ public abstract class ActivityManagerNative extends Binder implements IActivityM String resultData = data.readString(); Bundle resultExtras = data.readBundle(); boolean resultAbort = data.readInt() != 0; + int intentFlags = data.readInt(); if (who != null) { - finishReceiver(who, resultCode, resultData, resultExtras, resultAbort); + finishReceiver(who, resultCode, resultData, resultExtras, resultAbort, intentFlags); } reply.writeNoException(); return true; @@ -2329,6 +2330,15 @@ public abstract class ActivityManagerNative extends Binder implements IActivityM reply.writeNoException(); return true; } + + case NOTIFY_CLEARTEXT_NETWORK_TRANSACTION: { + data.enforceInterface(IActivityManager.descriptor); + final int uid = data.readInt(); + final byte[] firstPacket = data.createByteArray(); + notifyCleartextNetwork(uid, firstPacket); + reply.writeNoException(); + return true; + } } return super.onTransact(code, data, reply, flags); @@ -2807,7 +2817,8 @@ class ActivityManagerProxy implements IActivityManager data.recycle(); reply.recycle(); } - public void finishReceiver(IBinder who, int resultCode, String resultData, Bundle map, boolean abortBroadcast) throws RemoteException + public void finishReceiver(IBinder who, int resultCode, String resultData, Bundle map, + boolean abortBroadcast, int flags) throws RemoteException { Parcel data = Parcel.obtain(); Parcel reply = Parcel.obtain(); @@ -2817,6 +2828,7 @@ class ActivityManagerProxy implements IActivityManager data.writeString(resultData); data.writeBundle(map); data.writeInt(abortBroadcast ? 1 : 0); + data.writeInt(flags); mRemote.transact(FINISH_RECEIVER_TRANSACTION, data, reply, IBinder.FLAG_ONEWAY); reply.readException(); data.recycle(); @@ -5378,5 +5390,18 @@ class ActivityManagerProxy implements IActivityManager reply.recycle(); } + @Override + public void notifyCleartextNetwork(int uid, byte[] firstPacket) throws RemoteException { + Parcel data = Parcel.obtain(); + Parcel reply = Parcel.obtain(); + data.writeInterfaceToken(IActivityManager.descriptor); + data.writeInt(uid); + data.writeByteArray(firstPacket); + mRemote.transact(NOTIFY_CLEARTEXT_NETWORK_TRANSACTION, data, reply, 0); + reply.readException(); + data.recycle(); + reply.recycle(); + } + private IBinder mRemote; } diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java index 978366e..9d821e1 100644 --- a/core/java/android/app/ActivityThread.java +++ b/core/java/android/app/ActivityThread.java @@ -359,7 +359,7 @@ public final class ActivityThread { public ReceiverData(Intent intent, int resultCode, String resultData, Bundle resultExtras, boolean ordered, boolean sticky, IBinder token, int sendingUser) { super(resultCode, resultData, resultExtras, TYPE_COMPONENT, ordered, sticky, - token, sendingUser); + token, sendingUser, intent.getFlags()); this.intent = intent; } @@ -1061,8 +1061,7 @@ public final class ActivityThread { WindowManagerGlobal.getInstance().dumpGfxInfo(fd); } - @Override - public void dumpDbInfo(FileDescriptor fd, String[] args) { + private void dumpDatabaseInfo(FileDescriptor fd, String[] args) { PrintWriter pw = new FastPrintWriter(new FileOutputStream(fd)); PrintWriterPrinter printer = new PrintWriterPrinter(pw); SQLiteDebug.dump(printer, args); @@ -1070,6 +1069,22 @@ public final class ActivityThread { } @Override + public void dumpDbInfo(final FileDescriptor fd, final String[] args) { + if (mSystemThread) { + // Ensure this invocation is asynchronous to prevent + // writer waiting due to buffer cannot be consumed. + AsyncTask.THREAD_POOL_EXECUTOR.execute(new Runnable() { + @Override + public void run() { + dumpDatabaseInfo(fd, args); + } + }); + } else { + dumpDatabaseInfo(fd, args); + } + } + + @Override public void unstableProviderDied(IBinder provider) { sendMessage(H.UNSTABLE_PROVIDER_DIED, provider); } @@ -1153,9 +1168,17 @@ public final class ActivityThread { sendMessage(H.BACKGROUND_VISIBLE_BEHIND_CHANGED, token, visible ? 1 : 0); } + @Override public void scheduleEnterAnimationComplete(IBinder token) { sendMessage(H.ENTER_ANIMATION_COMPLETE, token); } + + @Override + public void notifyCleartextNetwork(byte[] firstPacket) { + if (StrictMode.vmCleartextNetworkEnabled()) { + StrictMode.onCleartextNetworkDetected(firstPacket); + } + } } private class H extends Handler { diff --git a/core/java/android/app/ApplicationThreadNative.java b/core/java/android/app/ApplicationThreadNative.java index 0123e16..b2bfc13 100644 --- a/core/java/android/app/ApplicationThreadNative.java +++ b/core/java/android/app/ApplicationThreadNative.java @@ -667,6 +667,15 @@ public abstract class ApplicationThreadNative extends Binder reply.writeNoException(); return true; } + + case NOTIFY_CLEARTEXT_NETWORK_TRANSACTION: + { + data.enforceInterface(IApplicationThread.descriptor); + final byte[] firstPacket = data.createByteArray(); + notifyCleartextNetwork(firstPacket); + reply.writeNoException(); + return true; + } } return super.onTransact(code, data, reply, flags); @@ -1346,4 +1355,13 @@ class ApplicationThreadProxy implements IApplicationThread { mRemote.transact(ENTER_ANIMATION_COMPLETE_TRANSACTION, data, null, IBinder.FLAG_ONEWAY); data.recycle(); } + + @Override + public void notifyCleartextNetwork(byte[] firstPacket) throws RemoteException { + Parcel data = Parcel.obtain(); + data.writeInterfaceToken(IApplicationThread.descriptor); + data.writeByteArray(firstPacket); + mRemote.transact(NOTIFY_CLEARTEXT_NETWORK_TRANSACTION, data, null, IBinder.FLAG_ONEWAY); + data.recycle(); + } } diff --git a/core/java/android/app/IActivityManager.java b/core/java/android/app/IActivityManager.java index be26f30..de47147 100644 --- a/core/java/android/app/IActivityManager.java +++ b/core/java/android/app/IActivityManager.java @@ -106,7 +106,8 @@ public interface IActivityManager extends IInterface { String resultData, Bundle map, String requiredPermission, int appOp, boolean serialized, boolean sticky, int userId) throws RemoteException; public void unbroadcastIntent(IApplicationThread caller, Intent intent, int userId) throws RemoteException; - public void finishReceiver(IBinder who, int resultCode, String resultData, Bundle map, boolean abortBroadcast) throws RemoteException; + public void finishReceiver(IBinder who, int resultCode, String resultData, Bundle map, + boolean abortBroadcast, int flags) throws RemoteException; public void attachApplication(IApplicationThread app) throws RemoteException; public void activityResumed(IBinder token) throws RemoteException; public void activityIdle(IBinder token, Configuration config, @@ -463,6 +464,8 @@ public interface IActivityManager extends IInterface { public void notifyLaunchTaskBehindComplete(IBinder token) throws RemoteException; public void notifyEnterAnimationComplete(IBinder token) throws RemoteException; + public void notifyCleartextNetwork(int uid, byte[] firstPacket) throws RemoteException; + /* * Private non-Binder interfaces */ @@ -781,4 +784,7 @@ public interface IActivityManager extends IInterface { int BOOT_ANIMATION_COMPLETE_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+237; int GET_TASK_DESCRIPTION_ICON_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+238; int LAUNCH_ASSIST_INTENT_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+239; + + // Start of M transactions + int NOTIFY_CLEARTEXT_NETWORK_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+280; } diff --git a/core/java/android/app/IApplicationThread.java b/core/java/android/app/IApplicationThread.java index f53075c..7ff207f 100644 --- a/core/java/android/app/IApplicationThread.java +++ b/core/java/android/app/IApplicationThread.java @@ -146,6 +146,7 @@ public interface IApplicationThread extends IInterface { void scheduleCancelVisibleBehind(IBinder token) throws RemoteException; void scheduleBackgroundVisibleBehindChanged(IBinder token, boolean enabled) throws RemoteException; void scheduleEnterAnimationComplete(IBinder token) throws RemoteException; + void notifyCleartextNetwork(byte[] firstPacket) throws RemoteException; String descriptor = "android.app.IApplicationThread"; @@ -203,4 +204,5 @@ public interface IApplicationThread extends IInterface { int CANCEL_VISIBLE_BEHIND_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+52; int BACKGROUND_VISIBLE_BEHIND_CHANGED_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+53; int ENTER_ANIMATION_COMPLETE_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+54; + int NOTIFY_CLEARTEXT_NETWORK_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+55; } diff --git a/core/java/android/app/LoadedApk.java b/core/java/android/app/LoadedApk.java index aa98e97..973196c 100644 --- a/core/java/android/app/LoadedApk.java +++ b/core/java/android/app/LoadedApk.java @@ -796,7 +796,7 @@ public final class LoadedApk { if (extras != null) { extras.setAllowFds(false); } - mgr.finishReceiver(this, resultCode, data, extras, false); + mgr.finishReceiver(this, resultCode, data, extras, false, intent.getFlags()); } catch (RemoteException e) { Slog.w(ActivityThread.TAG, "Couldn't finish broadcast to unregistered receiver"); } @@ -821,8 +821,8 @@ public final class LoadedApk { public Args(Intent intent, int resultCode, String resultData, Bundle resultExtras, boolean ordered, boolean sticky, int sendingUser) { super(resultCode, resultData, resultExtras, - mRegistered ? TYPE_REGISTERED : TYPE_UNREGISTERED, - ordered, sticky, mIIntentReceiver.asBinder(), sendingUser); + mRegistered ? TYPE_REGISTERED : TYPE_UNREGISTERED, ordered, + sticky, mIIntentReceiver.asBinder(), sendingUser, intent.getFlags()); mCurIntent = intent; mOrdered = ordered; } diff --git a/core/java/android/content/BroadcastReceiver.java b/core/java/android/content/BroadcastReceiver.java index 9a32fdf..af74e73 100644 --- a/core/java/android/content/BroadcastReceiver.java +++ b/core/java/android/content/BroadcastReceiver.java @@ -238,6 +238,7 @@ public abstract class BroadcastReceiver { final boolean mInitialStickyHint; final IBinder mToken; final int mSendingUser; + final int mFlags; int mResultCode; String mResultData; @@ -246,8 +247,8 @@ public abstract class BroadcastReceiver { boolean mFinished; /** @hide */ - public PendingResult(int resultCode, String resultData, Bundle resultExtras, - int type, boolean ordered, boolean sticky, IBinder token, int userId) { + public PendingResult(int resultCode, String resultData, Bundle resultExtras, int type, + boolean ordered, boolean sticky, IBinder token, int userId, int flags) { mResultCode = resultCode; mResultData = resultData; mResultExtras = resultExtras; @@ -256,6 +257,7 @@ public abstract class BroadcastReceiver { mInitialStickyHint = sticky; mToken = token; mSendingUser = userId; + mFlags = flags; } /** @@ -417,11 +419,11 @@ public abstract class BroadcastReceiver { } if (mOrderedHint) { am.finishReceiver(mToken, mResultCode, mResultData, mResultExtras, - mAbortBroadcast); + mAbortBroadcast, mFlags); } else { // This broadcast was sent to a component; it is not ordered, // but we still need to tell the activity manager we are done. - am.finishReceiver(mToken, 0, null, null, false); + am.finishReceiver(mToken, 0, null, null, false, mFlags); } } catch (RemoteException ex) { } diff --git a/core/java/android/os/INetworkManagementService.aidl b/core/java/android/os/INetworkManagementService.aidl index 16250c7..07649e7 100644 --- a/core/java/android/os/INetworkManagementService.aidl +++ b/core/java/android/os/INetworkManagementService.aidl @@ -284,6 +284,8 @@ interface INetworkManagementService */ void setUidNetworkRules(int uid, boolean rejectOnQuotaInterfaces); + void setUidCleartextNetworkPolicy(int uid, int policy); + /** * Return status of bandwidth control module. */ diff --git a/core/java/android/os/StrictMode.java b/core/java/android/os/StrictMode.java index 6db5f67..5018711 100644 --- a/core/java/android/os/StrictMode.java +++ b/core/java/android/os/StrictMode.java @@ -32,14 +32,17 @@ import android.util.Slog; import android.view.IWindowManager; import com.android.internal.os.RuntimeInit; - import com.android.internal.util.FastPrintWriter; +import com.android.internal.util.HexDump; + import dalvik.system.BlockGuard; import dalvik.system.CloseGuard; import dalvik.system.VMDebug; import java.io.PrintWriter; import java.io.StringWriter; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -137,6 +140,13 @@ public final class StrictMode { */ public static final String VISUAL_PROPERTY = "persist.sys.strictmode.visual"; + /** + * Temporary property used to include {@link #DETECT_VM_CLEARTEXT_NETWORK} + * in {@link VmPolicy.Builder#detectAll()}. Apps can still always opt-into + * detection using {@link VmPolicy.Builder#detectCleartextNetwork()}. + */ + private static final String CLEARTEXT_PROPERTY = "persist.sys.strictmode.nonssl"; + // Only log a duplicate stack trace to the logs every second. private static final long MIN_LOG_INTERVAL_MS = 1000; @@ -150,7 +160,7 @@ public final class StrictMode { // of the Looper. private static final int MAX_OFFENSES_PER_LOOP = 10; - // Thread-policy: + // Byte 1: Thread-policy /** * @hide @@ -177,83 +187,91 @@ public final class StrictMode { private static final int ALL_THREAD_DETECT_BITS = DETECT_DISK_WRITE | DETECT_DISK_READ | DETECT_NETWORK | DETECT_CUSTOM; - // Process-policy: + // Byte 2: Process-policy /** * Note, a "VM_" bit, not thread. * @hide */ - public static final int DETECT_VM_CURSOR_LEAKS = 0x200; // for VmPolicy + public static final int DETECT_VM_CURSOR_LEAKS = 0x01 << 8; // for VmPolicy /** * Note, a "VM_" bit, not thread. * @hide */ - public static final int DETECT_VM_CLOSABLE_LEAKS = 0x400; // for VmPolicy + public static final int DETECT_VM_CLOSABLE_LEAKS = 0x02 << 8; // for VmPolicy /** * Note, a "VM_" bit, not thread. * @hide */ - public static final int DETECT_VM_ACTIVITY_LEAKS = 0x800; // for VmPolicy + public static final int DETECT_VM_ACTIVITY_LEAKS = 0x04 << 8; // for VmPolicy + + /** + * @hide + */ + private static final int DETECT_VM_INSTANCE_LEAKS = 0x08 << 8; // for VmPolicy /** * @hide */ - private static final int DETECT_VM_INSTANCE_LEAKS = 0x1000; // for VmPolicy + public static final int DETECT_VM_REGISTRATION_LEAKS = 0x10 << 8; // for VmPolicy /** * @hide */ - public static final int DETECT_VM_REGISTRATION_LEAKS = 0x2000; // for VmPolicy + private static final int DETECT_VM_FILE_URI_EXPOSURE = 0x20 << 8; // for VmPolicy /** * @hide */ - private static final int DETECT_VM_FILE_URI_EXPOSURE = 0x4000; // for VmPolicy + private static final int DETECT_VM_CLEARTEXT_NETWORK = 0x40 << 8; // for VmPolicy private static final int ALL_VM_DETECT_BITS = DETECT_VM_CURSOR_LEAKS | DETECT_VM_CLOSABLE_LEAKS | DETECT_VM_ACTIVITY_LEAKS | DETECT_VM_INSTANCE_LEAKS | - DETECT_VM_REGISTRATION_LEAKS | DETECT_VM_FILE_URI_EXPOSURE; + DETECT_VM_REGISTRATION_LEAKS | DETECT_VM_FILE_URI_EXPOSURE | + DETECT_VM_CLEARTEXT_NETWORK; + + // Byte 3: Penalty /** * @hide */ - public static final int PENALTY_LOG = 0x10; // normal android.util.Log + public static final int PENALTY_LOG = 0x01 << 16; // normal android.util.Log // Used for both process and thread policy: /** * @hide */ - public static final int PENALTY_DIALOG = 0x20; + public static final int PENALTY_DIALOG = 0x02 << 16; /** * Death on any detected violation. * * @hide */ - public static final int PENALTY_DEATH = 0x40; + public static final int PENALTY_DEATH = 0x04 << 16; /** * Death just for detected network usage. * * @hide */ - public static final int PENALTY_DEATH_ON_NETWORK = 0x200; + public static final int PENALTY_DEATH_ON_NETWORK = 0x08 << 16; /** * Flash the screen during violations. * * @hide */ - public static final int PENALTY_FLASH = 0x800; + public static final int PENALTY_FLASH = 0x10 << 16; /** * @hide */ - public static final int PENALTY_DROPBOX = 0x80; + public static final int PENALTY_DROPBOX = 0x20 << 16; /** * Non-public penalty mode which overrides all the other penalty @@ -266,7 +284,14 @@ public final class StrictMode { * * @hide */ - public static final int PENALTY_GATHER = 0x100; + public static final int PENALTY_GATHER = 0x40 << 16; + + /** + * Death when cleartext network traffic is detected. + * + * @hide + */ + public static final int PENALTY_DEATH_ON_CLEARTEXT_NETWORK = 0x80 << 16; /** * Mask of all the penalty bits valid for thread policies. @@ -275,13 +300,18 @@ public final class StrictMode { PENALTY_LOG | PENALTY_DIALOG | PENALTY_DEATH | PENALTY_DROPBOX | PENALTY_GATHER | PENALTY_DEATH_ON_NETWORK | PENALTY_FLASH; - /** * Mask of all the penalty bits valid for VM policies. */ - private static final int VM_PENALTY_MASK = - PENALTY_LOG | PENALTY_DEATH | PENALTY_DROPBOX; + private static final int VM_PENALTY_MASK = PENALTY_LOG | PENALTY_DEATH | PENALTY_DROPBOX + | PENALTY_DEATH_ON_CLEARTEXT_NETWORK; + /** {@hide} */ + public static final int NETWORK_POLICY_ACCEPT = 0; + /** {@hide} */ + public static final int NETWORK_POLICY_LOG = 1; + /** {@hide} */ + public static final int NETWORK_POLICY_REJECT = 2; // TODO: wrap in some ImmutableHashMap thing. // Note: must be before static initialization of sVmPolicy. @@ -636,9 +666,17 @@ public final class StrictMode { * but will likely expand in future releases. */ public Builder detectAll() { - return enable(DETECT_VM_ACTIVITY_LEAKS | DETECT_VM_CURSOR_LEAKS + int flags = DETECT_VM_ACTIVITY_LEAKS | DETECT_VM_CURSOR_LEAKS | DETECT_VM_CLOSABLE_LEAKS | DETECT_VM_REGISTRATION_LEAKS - | DETECT_VM_FILE_URI_EXPOSURE); + | DETECT_VM_FILE_URI_EXPOSURE; + + // TODO: always add DETECT_VM_CLEARTEXT_NETWORK once we have facility + // for apps to mark sockets that should be ignored + if (SystemProperties.getBoolean(CLEARTEXT_PROPERTY, false)) { + flags |= DETECT_VM_CLEARTEXT_NETWORK; + } + + return enable(flags); } /** @@ -686,15 +724,49 @@ public final class StrictMode { } /** - * Crashes the whole process on violation. This penalty runs at - * the end of all enabled penalties so yo you'll still get - * your logging or other violations before the process dies. + * Detect any network traffic from the calling app which is not + * wrapped in SSL/TLS. This can help you detect places that your app + * is inadvertently sending cleartext data across the network. + * <p> + * Using {@link #penaltyDeath()} or + * {@link #penaltyDeathOnCleartextNetwork()} will block further + * traffic on that socket to prevent accidental data leakage, in + * addition to crashing your process. + * <p> + * Using {@link #penaltyDropBox()} will log the raw contents of the + * packet that triggered the violation. + * <p> + * This inspects both IPv4/IPv6 and TCP/UDP network traffic, but it + * may be subject to false positives, such as when STARTTLS + * protocols or HTTP proxies are used. + * + * @hide + */ + public Builder detectCleartextNetwork() { + return enable(DETECT_VM_CLEARTEXT_NETWORK); + } + + /** + * Crashes the whole process on violation. This penalty runs at the + * end of all enabled penalties so you'll still get your logging or + * other violations before the process dies. */ public Builder penaltyDeath() { return enable(PENALTY_DEATH); } /** + * Crashes the whole process when cleartext network traffic is + * detected. + * + * @see #detectCleartextNetwork() + * @hide + */ + public Builder penaltyDeathOnCleartextNetwork() { + return enable(PENALTY_DEATH_ON_CLEARTEXT_NETWORK); + } + + /** * Log detected violations to the system log. */ public Builder penaltyLog() { @@ -1422,7 +1494,7 @@ public final class StrictMode { } private static class AndroidCloseGuardReporter implements CloseGuard.Reporter { - public void report (String message, Throwable allocationSite) { + public void report(String message, Throwable allocationSite) { onVmPolicyViolation(message, allocationSite); } } @@ -1508,6 +1580,27 @@ public final class StrictMode { sIsIdlerRegistered = true; } } + + int networkPolicy = NETWORK_POLICY_ACCEPT; + if ((sVmPolicyMask & DETECT_VM_CLEARTEXT_NETWORK) != 0) { + if ((sVmPolicyMask & PENALTY_DEATH) != 0 + || (sVmPolicyMask & PENALTY_DEATH_ON_CLEARTEXT_NETWORK) != 0) { + networkPolicy = NETWORK_POLICY_REJECT; + } else { + networkPolicy = NETWORK_POLICY_LOG; + } + } + + final INetworkManagementService netd = INetworkManagementService.Stub.asInterface( + ServiceManager.getService(Context.NETWORKMANAGEMENT_SERVICE)); + if (netd != null) { + try { + netd.setUidCleartextNetworkPolicy(android.os.Process.myUid(), networkPolicy); + } catch (RemoteException ignored) { + } + } else if (networkPolicy != NETWORK_POLICY_ACCEPT) { + Log.w(TAG, "Dropping requested network policy due to missing service!"); + } } } @@ -1570,6 +1663,13 @@ public final class StrictMode { /** * @hide */ + public static boolean vmCleartextNetworkEnabled() { + return (sVmPolicyMask & DETECT_VM_CLEARTEXT_NETWORK) != 0; + } + + /** + * @hide + */ public static void onSqliteObjectLeaked(String message, Throwable originStack) { onVmPolicyViolation(message, originStack); } @@ -1600,7 +1700,39 @@ public final class StrictMode { */ public static void onFileUriExposed(String location) { final String message = "file:// Uri exposed through " + location; - onVmPolicyViolation(message, new Throwable(message)); + onVmPolicyViolation(null, new Throwable(message)); + } + + /** + * @hide + */ + public static void onCleartextNetworkDetected(byte[] firstPacket) { + byte[] rawAddr = null; + if (firstPacket != null) { + if (firstPacket.length >= 20 && (firstPacket[0] & 0xf0) == 0x40) { + // IPv4 + rawAddr = new byte[4]; + System.arraycopy(firstPacket, 16, rawAddr, 0, 4); + } else if (firstPacket.length >= 40 && (firstPacket[0] & 0xf0) == 0x60) { + // IPv6 + rawAddr = new byte[16]; + System.arraycopy(firstPacket, 24, rawAddr, 0, 16); + } + } + + final int uid = android.os.Process.myUid(); + String msg = "Detected cleartext network traffic from UID " + uid; + if (rawAddr != null) { + try { + msg = "Detected cleartext network traffic from UID " + uid + " to " + + InetAddress.getByAddress(rawAddr); + } catch (UnknownHostException ignored) { + } + } + + final boolean forceDeath = (sVmPolicyMask & PENALTY_DEATH_ON_CLEARTEXT_NETWORK) != 0; + onVmPolicyViolation(HexDump.dumpHexString(firstPacket).trim(), new Throwable(msg), + forceDeath); } // Map from VM violation fingerprint to uptime millis. @@ -1610,10 +1742,18 @@ public final class StrictMode { * @hide */ public static void onVmPolicyViolation(String message, Throwable originStack) { + onVmPolicyViolation(message, originStack, false); + } + + /** + * @hide + */ + public static void onVmPolicyViolation(String message, Throwable originStack, + boolean forceDeath) { final boolean penaltyDropbox = (sVmPolicyMask & PENALTY_DROPBOX) != 0; - final boolean penaltyDeath = (sVmPolicyMask & PENALTY_DEATH) != 0; + final boolean penaltyDeath = ((sVmPolicyMask & PENALTY_DEATH) != 0) || forceDeath; final boolean penaltyLog = (sVmPolicyMask & PENALTY_LOG) != 0; - final ViolationInfo info = new ViolationInfo(originStack, sVmPolicyMask); + final ViolationInfo info = new ViolationInfo(message, originStack, sVmPolicyMask); // Erase stuff not relevant for process-wide violations info.numAnimationsRunning = 0; @@ -2057,6 +2197,8 @@ public final class StrictMode { * @hide */ public static class ViolationInfo { + public String message; + /** * Stack and other stuff info. */ @@ -2118,10 +2260,15 @@ public final class StrictMode { policy = 0; } + public ViolationInfo(Throwable tr, int policy) { + this(null, tr, policy); + } + /** * Create an instance of ViolationInfo initialized from an exception. */ - public ViolationInfo(Throwable tr, int policy) { + public ViolationInfo(String message, Throwable tr, int policy) { + this.message = message; crashInfo = new ApplicationErrorReport.CrashInfo(tr); violationUptimeMillis = SystemClock.uptimeMillis(); this.policy = policy; @@ -2184,6 +2331,7 @@ public final class StrictMode { * and the gathering penalty should be removed. */ public ViolationInfo(Parcel in, boolean unsetGatheringBit) { + message = in.readString(); crashInfo = new ApplicationErrorReport.CrashInfo(in); int rawPolicy = in.readInt(); if (unsetGatheringBit) { @@ -2204,6 +2352,7 @@ public final class StrictMode { * Save a ViolationInfo instance to a parcel. */ public void writeToParcel(Parcel dest, int flags) { + dest.writeString(message); crashInfo.writeToParcel(dest, flags); int start = dest.dataPosition(); dest.writeInt(policy); diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl new file mode 100644 index 0000000..bf51ed1 --- /dev/null +++ b/core/java/android/security/IKeystoreService.aidl @@ -0,0 +1,55 @@ +/** + * Copyright (c) 2015, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security; + +import android.security.KeystoreArguments; + +/** + * This must be kept manually in sync with system/security/keystore until AIDL + * can generate both Java and C++ bindings. + * + * @hide + */ +interface IKeystoreService { + int test(); + byte[] get(String name); + int insert(String name, in byte[] item, int uid, int flags); + int del(String name, int uid); + int exist(String name, int uid); + String[] saw(String namePrefix, int uid); + int reset(); + int password(String password); + int lock(); + int unlock(String password); + int zero(); + int generate(String name, int uid, int keyType, int keySize, int flags, + in KeystoreArguments args); + int import_key(String name, in byte[] data, int uid, int flags); + byte[] sign(String name, in byte[] data); + int verify(String name, in byte[] data, in byte[] signature); + byte[] get_pubkey(String name); + int del_key(String name, int uid); + int grant(String name, int granteeUid); + int ungrant(String name, int granteeUid); + long getmtime(String name); + int duplicate(String srcKey, int srcUid, String destKey, int destUid); + int is_hardware_backed(String string); + int clear_uid(long uid); + int reset_uid(int uid); + int sync_uid(int sourceUid, int targetUid); + int password_uid(String password, int uid); +} diff --git a/core/java/android/security/IKeystoreService.java b/core/java/android/security/IKeystoreService.java deleted file mode 100644 index 7e9aba0..0000000 --- a/core/java/android/security/IKeystoreService.java +++ /dev/null @@ -1,662 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security; - -import android.os.Binder; -import android.os.IBinder; -import android.os.IInterface; -import android.os.Parcel; -import android.os.RemoteException; - -/** - * This must be kept manually in sync with system/security/keystore until AIDL - * can generate both Java and C++ bindings. - * - * @hide - */ -public interface IKeystoreService extends IInterface { - public static abstract class Stub extends Binder implements IKeystoreService { - private static class Proxy implements IKeystoreService { - private final IBinder mRemote; - - Proxy(IBinder remote) { - mRemote = remote; - } - - public IBinder asBinder() { - return mRemote; - } - - public String getInterfaceDescriptor() { - return DESCRIPTOR; - } - - public int test() throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - mRemote.transact(Stub.TRANSACTION_test, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public byte[] get(String name) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - byte[] _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - mRemote.transact(Stub.TRANSACTION_get, _data, _reply, 0); - _reply.readException(); - _result = _reply.createByteArray(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int insert(String name, byte[] item, int uid, int flags) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeByteArray(item); - _data.writeInt(uid); - _data.writeInt(flags); - mRemote.transact(Stub.TRANSACTION_insert, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int del(String name, int uid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeInt(uid); - mRemote.transact(Stub.TRANSACTION_del, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int exist(String name, int uid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeInt(uid); - mRemote.transact(Stub.TRANSACTION_exist, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public String[] saw(String name, int uid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - String[] _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeInt(uid); - mRemote.transact(Stub.TRANSACTION_saw, _data, _reply, 0); - _reply.readException(); - int size = _reply.readInt(); - _result = new String[size]; - for (int i = 0; i < size; i++) { - _result[i] = _reply.readString(); - } - int _ret = _reply.readInt(); - if (_ret != 1) { - return null; - } - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - @Override - public int reset() throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - mRemote.transact(Stub.TRANSACTION_reset, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int password(String password) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(password); - mRemote.transact(Stub.TRANSACTION_password, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int lock() throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - mRemote.transact(Stub.TRANSACTION_lock, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int unlock(String password) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(password); - mRemote.transact(Stub.TRANSACTION_unlock, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - @Override - public int zero() throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - mRemote.transact(Stub.TRANSACTION_zero, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int generate(String name, int uid, int keyType, int keySize, int flags, - byte[][] args) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeInt(uid); - _data.writeInt(keyType); - _data.writeInt(keySize); - _data.writeInt(flags); - if (args == null) { - _data.writeInt(0); - } else { - _data.writeInt(args.length); - for (int i = 0; i < args.length; i++) { - _data.writeByteArray(args[i]); - } - } - mRemote.transact(Stub.TRANSACTION_generate, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int import_key(String name, byte[] data, int uid, int flags) - throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeByteArray(data); - _data.writeInt(uid); - _data.writeInt(flags); - mRemote.transact(Stub.TRANSACTION_import, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public byte[] sign(String name, byte[] data) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - byte[] _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeByteArray(data); - mRemote.transact(Stub.TRANSACTION_sign, _data, _reply, 0); - _reply.readException(); - _result = _reply.createByteArray(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int verify(String name, byte[] data, byte[] signature) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeByteArray(data); - _data.writeByteArray(signature); - mRemote.transact(Stub.TRANSACTION_verify, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public byte[] get_pubkey(String name) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - byte[] _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - mRemote.transact(Stub.TRANSACTION_get_pubkey, _data, _reply, 0); - _reply.readException(); - _result = _reply.createByteArray(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int del_key(String name, int uid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeInt(uid); - mRemote.transact(Stub.TRANSACTION_del_key, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int grant(String name, int granteeUid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeInt(granteeUid); - mRemote.transact(Stub.TRANSACTION_grant, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int ungrant(String name, int granteeUid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - _data.writeInt(granteeUid); - mRemote.transact(Stub.TRANSACTION_ungrant, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - @Override - public long getmtime(String name) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - long _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(name); - mRemote.transact(Stub.TRANSACTION_getmtime, _data, _reply, 0); - _reply.readException(); - _result = _reply.readLong(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - @Override - public int duplicate(String srcKey, int srcUid, String destKey, int destUid) - throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(srcKey); - _data.writeInt(srcUid); - _data.writeString(destKey); - _data.writeInt(destUid); - mRemote.transact(Stub.TRANSACTION_duplicate, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - @Override - public int is_hardware_backed(String keyType) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(keyType); - mRemote.transact(Stub.TRANSACTION_is_hardware_backed, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - @Override - public int clear_uid(long uid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeLong(uid); - mRemote.transact(Stub.TRANSACTION_clear_uid, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int reset_uid(int uid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeInt(uid); - mRemote.transact(Stub.TRANSACTION_reset_uid, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int sync_uid(int srcUid, int dstUid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeInt(srcUid); - _data.writeInt(dstUid); - mRemote.transact(Stub.TRANSACTION_sync_uid, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - - public int password_uid(String password, int uid) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - int _result; - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeString(password); - _data.writeInt(uid); - mRemote.transact(Stub.TRANSACTION_password_uid, _data, _reply, 0); - _reply.readException(); - _result = _reply.readInt(); - } finally { - _reply.recycle(); - _data.recycle(); - } - return _result; - } - } - - private static final String DESCRIPTOR = "android.security.keystore"; - - static final int TRANSACTION_test = IBinder.FIRST_CALL_TRANSACTION + 0; - static final int TRANSACTION_get = IBinder.FIRST_CALL_TRANSACTION + 1; - static final int TRANSACTION_insert = IBinder.FIRST_CALL_TRANSACTION + 2; - static final int TRANSACTION_del = IBinder.FIRST_CALL_TRANSACTION + 3; - static final int TRANSACTION_exist = IBinder.FIRST_CALL_TRANSACTION + 4; - static final int TRANSACTION_saw = IBinder.FIRST_CALL_TRANSACTION + 5; - static final int TRANSACTION_reset = IBinder.FIRST_CALL_TRANSACTION + 6; - static final int TRANSACTION_password = IBinder.FIRST_CALL_TRANSACTION + 7; - static final int TRANSACTION_lock = IBinder.FIRST_CALL_TRANSACTION + 8; - static final int TRANSACTION_unlock = IBinder.FIRST_CALL_TRANSACTION + 9; - static final int TRANSACTION_zero = IBinder.FIRST_CALL_TRANSACTION + 10; - static final int TRANSACTION_generate = IBinder.FIRST_CALL_TRANSACTION + 11; - static final int TRANSACTION_import = IBinder.FIRST_CALL_TRANSACTION + 12; - static final int TRANSACTION_sign = IBinder.FIRST_CALL_TRANSACTION + 13; - static final int TRANSACTION_verify = IBinder.FIRST_CALL_TRANSACTION + 14; - static final int TRANSACTION_get_pubkey = IBinder.FIRST_CALL_TRANSACTION + 15; - static final int TRANSACTION_del_key = IBinder.FIRST_CALL_TRANSACTION + 16; - static final int TRANSACTION_grant = IBinder.FIRST_CALL_TRANSACTION + 17; - static final int TRANSACTION_ungrant = IBinder.FIRST_CALL_TRANSACTION + 18; - static final int TRANSACTION_getmtime = IBinder.FIRST_CALL_TRANSACTION + 19; - static final int TRANSACTION_duplicate = IBinder.FIRST_CALL_TRANSACTION + 20; - static final int TRANSACTION_is_hardware_backed = IBinder.FIRST_CALL_TRANSACTION + 21; - static final int TRANSACTION_clear_uid = IBinder.FIRST_CALL_TRANSACTION + 22; - static final int TRANSACTION_reset_uid = IBinder.FIRST_CALL_TRANSACTION + 23; - static final int TRANSACTION_sync_uid = IBinder.FIRST_CALL_TRANSACTION + 24; - static final int TRANSACTION_password_uid = IBinder.FIRST_CALL_TRANSACTION + 25; - - /** - * Cast an IBinder object into an IKeystoreService interface, generating - * a proxy if needed. - */ - public static IKeystoreService asInterface(IBinder obj) { - if (obj == null) { - return null; - } - IInterface iin = obj.queryLocalInterface(DESCRIPTOR); - if (iin != null && iin instanceof IKeystoreService) { - return (IKeystoreService) iin; - } - return new IKeystoreService.Stub.Proxy(obj); - } - - /** Construct the stub at attach it to the interface. */ - public Stub() { - attachInterface(this, DESCRIPTOR); - } - - public IBinder asBinder() { - return this; - } - - @Override - public boolean onTransact(int code, Parcel data, Parcel reply, int flags) - throws RemoteException { - switch (code) { - case INTERFACE_TRANSACTION: { - reply.writeString(DESCRIPTOR); - return true; - } - case TRANSACTION_test: { - data.enforceInterface(DESCRIPTOR); - int resultCode = test(); - reply.writeNoException(); - reply.writeInt(resultCode); - return true; - } - } - return super.onTransact(code, data, reply, flags); - } - } - - public int test() throws RemoteException; - - public byte[] get(String name) throws RemoteException; - - public int insert(String name, byte[] item, int uid, int flags) throws RemoteException; - - public int del(String name, int uid) throws RemoteException; - - public int exist(String name, int uid) throws RemoteException; - - public String[] saw(String name, int uid) throws RemoteException; - - public int reset() throws RemoteException; - - public int password(String password) throws RemoteException; - - public int lock() throws RemoteException; - - public int unlock(String password) throws RemoteException; - - public int zero() throws RemoteException; - - public int generate(String name, int uid, int keyType, int keySize, int flags, byte[][] args) - throws RemoteException; - - public int import_key(String name, byte[] data, int uid, int flags) throws RemoteException; - - public byte[] sign(String name, byte[] data) throws RemoteException; - - public int verify(String name, byte[] data, byte[] signature) throws RemoteException; - - public byte[] get_pubkey(String name) throws RemoteException; - - public int del_key(String name, int uid) throws RemoteException; - - public int grant(String name, int granteeUid) throws RemoteException; - - public int ungrant(String name, int granteeUid) throws RemoteException; - - public long getmtime(String name) throws RemoteException; - - public int duplicate(String srcKey, int srcUid, String destKey, int destUid) - throws RemoteException; - - public int is_hardware_backed(String string) throws RemoteException; - - public int clear_uid(long uid) throws RemoteException; - - public int reset_uid(int uid) throws RemoteException; - - public int sync_uid(int sourceUid, int targetUid) throws RemoteException; - - public int password_uid(String password, int uid) throws RemoteException; -} diff --git a/core/java/android/security/KeystoreArguments.aidl b/core/java/android/security/KeystoreArguments.aidl new file mode 100644 index 0000000..d636414 --- /dev/null +++ b/core/java/android/security/KeystoreArguments.aidl @@ -0,0 +1,20 @@ +/** + * Copyright (c) 2015, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security; + +/* @hide */ +parcelable KeystoreArguments; diff --git a/core/java/android/security/KeystoreArguments.java b/core/java/android/security/KeystoreArguments.java new file mode 100644 index 0000000..16054e5 --- /dev/null +++ b/core/java/android/security/KeystoreArguments.java @@ -0,0 +1,76 @@ +/** + * Copyright (c) 2015, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security; + +import android.os.Parcel; +import android.os.Parcelable; + +/** + * Class for handling the additional arguments to some keystore binder calls. + * This must be kept in sync with the deserialization code in system/security/keystore. + * @hide + */ +public class KeystoreArguments implements Parcelable { + public byte[][] args; + + public static final Parcelable.Creator<KeystoreArguments> CREATOR = new + Parcelable.Creator<KeystoreArguments>() { + public KeystoreArguments createFromParcel(Parcel in) { + return new KeystoreArguments(in); + } + public KeystoreArguments[] newArray(int size) { + return new KeystoreArguments[size]; + } + }; + + public KeystoreArguments() { + args = null; + } + + public KeystoreArguments(byte[][] args) { + this.args = args; + } + + private KeystoreArguments(Parcel in) { + readFromParcel(in); + } + + @Override + public void writeToParcel(Parcel out, int flags) { + if (args == null) { + out.writeInt(0); + } else { + out.writeInt(args.length); + for (byte[] arg : args) { + out.writeByteArray(arg); + } + } + } + + private void readFromParcel(Parcel in) { + int length = in.readInt(); + args = new byte[length][]; + for (int i = 0; i < length; i++) { + args[i] = in.createByteArray(); + } + } + + @Override + public int describeContents() { + return 0; + } +} diff --git a/core/tests/coretests/src/android/net/http/HttpResponseCacheTest.java b/core/tests/coretests/src/android/net/http/HttpResponseCacheTest.java deleted file mode 100644 index 9015a6f..0000000 --- a/core/tests/coretests/src/android/net/http/HttpResponseCacheTest.java +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (C) 2011 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.net.http; - -import com.google.mockwebserver.MockResponse; -import com.google.mockwebserver.MockWebServer; -import java.io.File; -import java.net.CacheRequest; -import java.net.CacheResponse; -import java.net.ResponseCache; -import java.net.URI; -import java.net.URLConnection; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import junit.framework.TestCase; - -public final class HttpResponseCacheTest extends TestCase { - - private File cacheDir; - private MockWebServer server = new MockWebServer(); - - @Override public void setUp() throws Exception { - super.setUp(); - String tmp = System.getProperty("java.io.tmpdir"); - cacheDir = new File(tmp, "HttpCache-" + UUID.randomUUID()); - } - - @Override protected void tearDown() throws Exception { - ResponseCache.setDefault(null); - server.shutdown(); - super.tearDown(); - } - - public void testInstall() throws Exception { - HttpResponseCache installed = HttpResponseCache.install(cacheDir, 10 * 1024 * 1024); - assertNotNull(installed); - assertSame(installed, ResponseCache.getDefault()); - assertSame(installed, HttpResponseCache.getDefault()); - } - - public void testSecondEquivalentInstallDoesNothing() throws Exception { - HttpResponseCache first = HttpResponseCache.install(cacheDir, 10 * 1024 * 1024); - HttpResponseCache another = HttpResponseCache.install(cacheDir, 10 * 1024 * 1024); - assertSame(first, another); - } - - public void testInstallClosesPreviouslyInstalled() throws Exception { - HttpResponseCache first = HttpResponseCache.install(cacheDir, 10 * 1024 * 1024); - HttpResponseCache another = HttpResponseCache.install(cacheDir, 8 * 1024 * 1024); - assertNotSame(first, another); - try { - first.flush(); - fail(); - } catch (IllegalStateException expected) { - } - } - - public void testGetInstalledWithWrongTypeInstalled() { - ResponseCache.setDefault(new ResponseCache() { - @Override public CacheResponse get(URI uri, String requestMethod, - Map<String, List<String>> requestHeaders) { - return null; - } - @Override public CacheRequest put(URI uri, URLConnection connection) { - return null; - } - }); - assertNull(HttpResponseCache.getInstalled()); - } - - public void testCloseCloses() throws Exception { - HttpResponseCache cache = HttpResponseCache.install(cacheDir, 10 * 1024 * 1024); - cache.close(); - try { - cache.flush(); - fail(); - } catch (IllegalStateException expected) { - } - } - - public void testCloseUninstalls() throws Exception { - HttpResponseCache cache = HttpResponseCache.install(cacheDir, 10 * 1024 * 1024); - cache.close(); - assertNull(ResponseCache.getDefault()); - } - - public void testDeleteUninstalls() throws Exception { - HttpResponseCache cache = HttpResponseCache.install(cacheDir, 10 * 1024 * 1024); - cache.delete(); - assertNull(ResponseCache.getDefault()); - } - - /** - * Make sure that statistics tracking are wired all the way through the - * wrapper class. http://code.google.com/p/android/issues/detail?id=25418 - */ - public void testStatisticsTracking() throws Exception { - HttpResponseCache cache = HttpResponseCache.install(cacheDir, 10 * 1024 * 1024); - - server.enqueue(new MockResponse() - .addHeader("Cache-Control: max-age=60") - .setBody("A")); - server.play(); - - URLConnection c1 = server.getUrl("/").openConnection(); - assertEquals('A', c1.getInputStream().read()); - assertEquals(1, cache.getRequestCount()); - assertEquals(1, cache.getNetworkCount()); - assertEquals(0, cache.getHitCount()); - - URLConnection c2 = server.getUrl("/").openConnection(); - assertEquals('A', c2.getInputStream().read()); - - URLConnection c3 = server.getUrl("/").openConnection(); - assertEquals('A', c3.getInputStream().read()); - assertEquals(3, cache.getRequestCount()); - assertEquals(1, cache.getNetworkCount()); - assertEquals(2, cache.getHitCount()); - } -} diff --git a/keystore/java/android/security/AndroidKeyPairGenerator.java b/keystore/java/android/security/AndroidKeyPairGenerator.java index a0ffb5f..9d9a173 100644 --- a/keystore/java/android/security/AndroidKeyPairGenerator.java +++ b/keystore/java/android/security/AndroidKeyPairGenerator.java @@ -50,10 +50,50 @@ import java.security.spec.X509EncodedKeySpec; * * {@hide} */ -public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { +public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { + + public static class RSA extends AndroidKeyPairGenerator { + public RSA() { + super("RSA"); + } + } + + public static class EC extends AndroidKeyPairGenerator { + public EC() { + super("EC"); + } + } + + /* + * These must be kept in sync with system/security/keystore/defaults.h + */ + + /* EC */ + private static final int EC_DEFAULT_KEY_SIZE = 256; + private static final int EC_MIN_KEY_SIZE = 192; + private static final int EC_MAX_KEY_SIZE = 521; + + /* RSA */ + private static final int RSA_DEFAULT_KEY_SIZE = 2048; + private static final int RSA_MIN_KEY_SIZE = 512; + private static final int RSA_MAX_KEY_SIZE = 8192; + + private final String mAlgorithm; + private android.security.KeyStore mKeyStore; private KeyPairGeneratorSpec mSpec; + private String mKeyAlgorithm; + private int mKeyType; + private int mKeySize; + + protected AndroidKeyPairGenerator(String algorithm) { + mAlgorithm = algorithm; + } + + public String getAlgorithm() { + return mAlgorithm; + } /** * Generate a KeyPair which is backed by the Android keystore service. You @@ -88,12 +128,11 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { Credentials.deleteAllTypesForAlias(mKeyStore, alias); - final int keyType = KeyStore.getKeyTypeForAlgorithm(mSpec.getKeyType()); - byte[][] args = getArgsForKeyType(keyType, mSpec.getAlgorithmParameterSpec()); + byte[][] args = getArgsForKeyType(mKeyType, mSpec.getAlgorithmParameterSpec()); final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; - if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, keyType, - mSpec.getKeySize(), mSpec.getFlags(), args)) { + if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, mKeyType, mKeySize, + mSpec.getFlags(), args)) { throw new IllegalStateException("could not generate key in keystore"); } @@ -109,7 +148,7 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { final PublicKey pubKey; try { - final KeyFactory keyFact = KeyFactory.getInstance(mSpec.getKeyType()); + final KeyFactory keyFact = KeyFactory.getInstance(mKeyAlgorithm); pubKey = keyFact.generatePublic(new X509EncodedKeySpec(pubKeyBytes)); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Can't instantiate key generator", e); @@ -117,18 +156,9 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { throw new IllegalStateException("keystore returned invalid key encoding", e); } - final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - certGen.setPublicKey(pubKey); - certGen.setSerialNumber(mSpec.getSerialNumber()); - certGen.setSubjectDN(mSpec.getSubjectDN()); - certGen.setIssuerDN(mSpec.getSubjectDN()); - certGen.setNotBefore(mSpec.getStartDate()); - certGen.setNotAfter(mSpec.getEndDate()); - certGen.setSignatureAlgorithm(getDefaultSignatureAlgorithmForKeyType(mSpec.getKeyType())); - final X509Certificate cert; try { - cert = certGen.generate(privKey); + cert = generateCertificate(privKey, pubKey); } catch (Exception e) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); throw new IllegalStateException("Can't generate certificate", e); @@ -151,13 +181,78 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { return new KeyPair(pubKey, privKey); } - private static String getDefaultSignatureAlgorithmForKeyType(String keyType) { - if ("RSA".equalsIgnoreCase(keyType)) { + @SuppressWarnings("deprecation") + private X509Certificate generateCertificate(PrivateKey privateKey, PublicKey publicKey) + throws Exception { + final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); + certGen.setPublicKey(publicKey); + certGen.setSerialNumber(mSpec.getSerialNumber()); + certGen.setSubjectDN(mSpec.getSubjectDN()); + certGen.setIssuerDN(mSpec.getSubjectDN()); + certGen.setNotBefore(mSpec.getStartDate()); + certGen.setNotAfter(mSpec.getEndDate()); + certGen.setSignatureAlgorithm(getDefaultSignatureAlgorithmForKeyAlgorithm(mKeyAlgorithm)); + return certGen.generate(privateKey); + } + + private String getKeyAlgorithm(KeyPairGeneratorSpec spec) { + String result = spec.getKeyType(); + if (result != null) { + return result; + } + return getAlgorithm(); + } + + private static int getDefaultKeySize(int keyType) { + if (keyType == NativeCrypto.EVP_PKEY_EC) { + return EC_DEFAULT_KEY_SIZE; + } else if (keyType == NativeCrypto.EVP_PKEY_RSA) { + return RSA_DEFAULT_KEY_SIZE; + } + return -1; + } + + private static void checkValidKeySize(String keyAlgorithm, int keyType, int keySize) + throws InvalidAlgorithmParameterException { + if (keyType == NativeCrypto.EVP_PKEY_EC) { + if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { + throw new InvalidAlgorithmParameterException("EC keys must be >= " + + EC_MIN_KEY_SIZE + " and <= " + EC_MAX_KEY_SIZE); + } + } else if (keyType == NativeCrypto.EVP_PKEY_RSA) { + if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { + throw new InvalidAlgorithmParameterException("RSA keys must be >= " + + RSA_MIN_KEY_SIZE + " and <= " + RSA_MAX_KEY_SIZE); + } + } else { + throw new InvalidAlgorithmParameterException( + "Unsupported key algorithm: " + keyAlgorithm); + } + } + + private static void checkCorrectParametersSpec(int keyType, int keySize, + AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException { + if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) { + if (spec instanceof RSAKeyGenParameterSpec) { + RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec; + if (keySize != -1 && keySize != rsaSpec.getKeysize()) { + throw new InvalidAlgorithmParameterException("RSA key size must match: " + + keySize + " vs " + rsaSpec.getKeysize()); + } + } else { + throw new InvalidAlgorithmParameterException( + "RSA may only use RSAKeyGenParameterSpec"); + } + } + } + + private static String getDefaultSignatureAlgorithmForKeyAlgorithm(String algorithm) { + if ("RSA".equalsIgnoreCase(algorithm)) { return "sha256WithRSA"; - } else if ("EC".equalsIgnoreCase(keyType)) { + } else if ("EC".equalsIgnoreCase(algorithm)) { return "sha256WithECDSA"; } else { - throw new IllegalArgumentException("Unsupported key type " + keyType); + throw new IllegalArgumentException("Unsupported key type " + algorithm); } } @@ -190,7 +285,26 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { } KeyPairGeneratorSpec spec = (KeyPairGeneratorSpec) params; + String keyAlgorithm = getKeyAlgorithm(spec); + int keyType = KeyStore.getKeyTypeForAlgorithm(keyAlgorithm); + if (keyType == -1) { + throw new InvalidAlgorithmParameterException( + "Unsupported key algorithm: " + keyAlgorithm); + } + int keySize = spec.getKeySize(); + if (keySize == -1) { + keySize = getDefaultKeySize(keyType); + if (keySize == -1) { + throw new InvalidAlgorithmParameterException( + "Unsupported key algorithm: " + keyAlgorithm); + } + } + checkCorrectParametersSpec(keyType, keySize, spec.getAlgorithmParameterSpec()); + checkValidKeySize(keyAlgorithm, keyType, keySize); + mKeyAlgorithm = keyAlgorithm; + mKeyType = keyType; + mKeySize = keySize; mSpec = spec; mKeyStore = android.security.KeyStore.getInstance(); } diff --git a/keystore/java/android/security/AndroidKeyStoreProvider.java b/keystore/java/android/security/AndroidKeyStoreProvider.java index b17e450..9081e92 100644 --- a/keystore/java/android/security/AndroidKeyStoreProvider.java +++ b/keystore/java/android/security/AndroidKeyStoreProvider.java @@ -33,6 +33,7 @@ public class AndroidKeyStoreProvider extends Provider { put("KeyStore." + AndroidKeyStore.NAME, AndroidKeyStore.class.getName()); // java.security.KeyPairGenerator - put("KeyPairGenerator.RSA", AndroidKeyPairGenerator.class.getName()); + put("KeyPairGenerator.EC", AndroidKeyPairGenerator.EC.class.getName()); + put("KeyPairGenerator.RSA", AndroidKeyPairGenerator.RSA.class.getName()); } } diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 607817a..dfa41e8 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -242,7 +242,7 @@ public final class KeyChain { * @param response Callback to invoke when the request completes; * must not be null * @param keyTypes The acceptable types of asymmetric keys such as - * "RSA" or "DSA", or a null array. + * "EC" or "RSA", or a null array. * @param issuers The acceptable certificate issuers for the * certificate matching the private key, or null. * @param host The host name of the server requesting the @@ -263,7 +263,7 @@ public final class KeyChain { * * keyTypes would allow the list to be filtered and typically * will be set correctly by the server. In practice today, - * most all users will want only RSA, rarely DSA, and usually + * most all users will want only RSA or EC, and usually * only a small number of certs will be available. * * issuers is typically not useful. Some servers historically diff --git a/keystore/java/android/security/KeyPairGeneratorSpec.java b/keystore/java/android/security/KeyPairGeneratorSpec.java index 6b67f43..cc097aa 100644 --- a/keystore/java/android/security/KeyPairGeneratorSpec.java +++ b/keystore/java/android/security/KeyPairGeneratorSpec.java @@ -16,8 +16,6 @@ package android.security; -import com.android.org.conscrypt.NativeCrypto; - import android.content.Context; import android.text.TextUtils; @@ -26,7 +24,6 @@ import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.RSAKeyGenParameterSpec; import java.util.Date; import javax.security.auth.x500.X500Principal; @@ -54,19 +51,6 @@ import javax.security.auth.x500.X500Principal; * certificate signed by a real Certificate Authority. */ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { - /* - * These must be kept in sync with system/security/keystore/defaults.h - */ - - /* EC */ - private static final int EC_DEFAULT_KEY_SIZE = 256; - private static final int EC_MIN_KEY_SIZE = 192; - private static final int EC_MAX_KEY_SIZE = 521; - - /* RSA */ - private static final int RSA_DEFAULT_KEY_SIZE = 2048; - private static final int RSA_MIN_KEY_SIZE = 512; - private static final int RSA_MAX_KEY_SIZE = 8192; private final Context mContext; @@ -108,7 +92,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * @param context Android context for the activity * @param keyStoreAlias name to use for the generated key in the Android * keystore - * @param keyType key algorithm to use (RSA, DSA, EC) + * @param keyType key algorithm to use (EC, RSA) * @param keySize size of key to generate * @param spec the underlying key type parameters * @param subjectDN X.509 v3 Subject Distinguished Name @@ -139,13 +123,6 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { throw new IllegalArgumentException("endDate < startDate"); } - final int keyTypeInt = KeyStore.getKeyTypeForAlgorithm(keyType); - if (keySize == -1) { - keySize = getDefaultKeySizeForType(keyTypeInt); - } - checkCorrectParametersSpec(keyTypeInt, keySize, spec); - checkValidKeySize(keyTypeInt, keySize); - mContext = context; mKeystoreAlias = keyStoreAlias; mKeyType = keyType; @@ -158,46 +135,6 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { mFlags = flags; } - private static int getDefaultKeySizeForType(int keyType) { - if (keyType == NativeCrypto.EVP_PKEY_EC) { - return EC_DEFAULT_KEY_SIZE; - } else if (keyType == NativeCrypto.EVP_PKEY_RSA) { - return RSA_DEFAULT_KEY_SIZE; - } - throw new IllegalArgumentException("Invalid key type " + keyType); - } - - private static void checkValidKeySize(int keyType, int keySize) { - if (keyType == NativeCrypto.EVP_PKEY_EC) { - if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { - throw new IllegalArgumentException("EC keys must be >= " + EC_MIN_KEY_SIZE - + " and <= " + EC_MAX_KEY_SIZE); - } - } else if (keyType == NativeCrypto.EVP_PKEY_RSA) { - if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { - throw new IllegalArgumentException("RSA keys must be >= " + RSA_MIN_KEY_SIZE - + " and <= " + RSA_MAX_KEY_SIZE); - } - } else { - throw new IllegalArgumentException("Invalid key type " + keyType); - } - } - - private static void checkCorrectParametersSpec(int keyType, int keySize, - AlgorithmParameterSpec spec) { - if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) { - if (spec instanceof RSAKeyGenParameterSpec) { - RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec; - if (keySize != -1 && keySize != rsaSpec.getKeysize()) { - throw new IllegalArgumentException("RSA key size must match: " + keySize - + " vs " + rsaSpec.getKeysize()); - } - } else { - throw new IllegalArgumentException("RSA may only use RSAKeyGenParameterSpec"); - } - } - } - /** * Gets the Android context used for operations with this instance. */ @@ -214,8 +151,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { } /** - * Returns the key type (e.g., "RSA", "DSA", "EC") specified by this - * parameter. + * Returns the key type (e.g., "EC", "RSA") specified by this parameter. */ public String getKeyType() { return mKeyType; @@ -311,7 +247,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { private String mKeystoreAlias; - private String mKeyType = "RSA"; + private String mKeyType; private int mKeySize = -1; @@ -354,15 +290,13 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { } /** - * Sets the key type (e.g., RSA, DSA, EC) of the keypair to be created. + * Sets the key type (e.g., EC, RSA) of the keypair to be created. */ public Builder setKeyType(String keyType) throws NoSuchAlgorithmException { if (keyType == null) { throw new NullPointerException("keyType == null"); } else { - try { - KeyStore.getKeyTypeForAlgorithm(keyType); - } catch (IllegalArgumentException e) { + if (KeyStore.getKeyTypeForAlgorithm(keyType) == -1) { throw new NoSuchAlgorithmException("Unsupported key type: " + keyType); } } @@ -384,9 +318,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { } /** - * Sets the underlying key type's parameters. This is required for DSA - * where you must set this to an instance of - * {@link java.security.spec.DSAParameterSpec}. + * Sets the algorithm-specific key generation parameters. For example, for RSA keys + * this may be an instance of {@link java.security.spec.RSAKeyGenParameterSpec}. */ public Builder setAlgorithmParameterSpec(AlgorithmParameterSpec spec) { if (spec == null) { diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 1dbdbfb..e753a7c 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -68,13 +68,13 @@ public class KeyStore { return new KeyStore(keystore); } - static int getKeyTypeForAlgorithm(String keyType) throws IllegalArgumentException { + static int getKeyTypeForAlgorithm(String keyType) { if ("RSA".equalsIgnoreCase(keyType)) { return NativeCrypto.EVP_PKEY_RSA; } else if ("EC".equalsIgnoreCase(keyType)) { return NativeCrypto.EVP_PKEY_EC; } else { - throw new IllegalArgumentException("Unsupported key type: " + keyType); + return -1; } } @@ -205,7 +205,8 @@ public class KeyStore { public boolean generate(String key, int uid, int keyType, int keySize, int flags, byte[][] args) { try { - return mBinder.generate(key, uid, keyType, keySize, flags, args) == NO_ERROR; + return mBinder.generate(key, uid, keyType, keySize, flags, + new KeystoreArguments(args)) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; diff --git a/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java b/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java index ea6c43d..95d14b7 100644 --- a/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java +++ b/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java @@ -27,12 +27,9 @@ import java.security.SecureRandom; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPublicKey; import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; import java.security.spec.RSAKeyGenParameterSpec; import java.text.SimpleDateFormat; import java.util.Date; @@ -155,167 +152,6 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { NOW_PLUS_10_YEARS); } - public void testKeyPairGenerator_GenerateKeyPair_DSA_Unencrypted_Success() throws Exception { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setKeyType("DSA") - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - - final KeyPair pair = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "DSA", 1024, null, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - - public void testKeyPairGenerator_GenerateKeyPair_DSA_2048_Unencrypted_Success() - throws Exception { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setKeyType("DSA") - .setKeySize(2048) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - - final KeyPair pair = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "DSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - - public void testKeyPairGenerator_GenerateKeyPair_DSA_SpecifiedParams_Unencrypted_Success() - throws Exception { - /* - * generated using: openssl dsaparam -C 2048 - */ - BigInteger p = new BigInteger(1, new byte[] { - (byte) 0xC0, (byte) 0x3D, (byte) 0x86, (byte) 0x09, (byte) 0xCA, (byte) 0x8C, - (byte) 0x37, (byte) 0xCA, (byte) 0xCC, (byte) 0x4A, (byte) 0x81, (byte) 0xBD, - (byte) 0xD8, (byte) 0x50, (byte) 0x77, (byte) 0xCD, (byte) 0xDD, (byte) 0x32, - (byte) 0x0B, (byte) 0x43, (byte) 0xBF, (byte) 0x42, (byte) 0x06, (byte) 0x5A, - (byte) 0x3D, (byte) 0x18, (byte) 0x50, (byte) 0x47, (byte) 0x79, (byte) 0xE1, - (byte) 0x5B, (byte) 0x86, (byte) 0x03, (byte) 0xB9, (byte) 0x28, (byte) 0x9C, - (byte) 0x18, (byte) 0xA9, (byte) 0xF5, (byte) 0xD6, (byte) 0xF4, (byte) 0x94, - (byte) 0x5B, (byte) 0x87, (byte) 0x58, (byte) 0xCA, (byte) 0xB2, (byte) 0x1E, - (byte) 0xFC, (byte) 0xED, (byte) 0x37, (byte) 0xC3, (byte) 0x49, (byte) 0xAC, - (byte) 0xFA, (byte) 0x46, (byte) 0xDB, (byte) 0x7A, (byte) 0x50, (byte) 0x96, - (byte) 0xCF, (byte) 0x52, (byte) 0xD7, (byte) 0x4E, (byte) 0xEB, (byte) 0x26, - (byte) 0x41, (byte) 0xA2, (byte) 0x6F, (byte) 0x99, (byte) 0x80, (byte) 0x9F, - (byte) 0x0F, (byte) 0x0A, (byte) 0xA8, (byte) 0x0D, (byte) 0xAC, (byte) 0xAB, - (byte) 0xEF, (byte) 0x7D, (byte) 0xE7, (byte) 0x4C, (byte) 0xF1, (byte) 0x88, - (byte) 0x44, (byte) 0xC9, (byte) 0x17, (byte) 0xD0, (byte) 0xBB, (byte) 0xE2, - (byte) 0x01, (byte) 0x8C, (byte) 0xC1, (byte) 0x02, (byte) 0x1D, (byte) 0x3C, - (byte) 0x15, (byte) 0xB7, (byte) 0x41, (byte) 0x30, (byte) 0xD8, (byte) 0x11, - (byte) 0xBD, (byte) 0x6A, (byte) 0x2A, (byte) 0x0D, (byte) 0x36, (byte) 0x44, - (byte) 0x9C, (byte) 0x3F, (byte) 0x32, (byte) 0xE2, (byte) 0x1C, (byte) 0xFB, - (byte) 0xE3, (byte) 0xFF, (byte) 0xCC, (byte) 0x1A, (byte) 0x72, (byte) 0x38, - (byte) 0x37, (byte) 0x69, (byte) 0x5E, (byte) 0x35, (byte) 0x73, (byte) 0xE1, - (byte) 0x1E, (byte) 0x74, (byte) 0x35, (byte) 0x44, (byte) 0x07, (byte) 0xB5, - (byte) 0x2F, (byte) 0x0B, (byte) 0x60, (byte) 0xF4, (byte) 0xA9, (byte) 0xE0, - (byte) 0x81, (byte) 0xB2, (byte) 0xCD, (byte) 0x8B, (byte) 0x82, (byte) 0x76, - (byte) 0x7F, (byte) 0xD4, (byte) 0x17, (byte) 0x32, (byte) 0x86, (byte) 0x98, - (byte) 0x7C, (byte) 0x85, (byte) 0x66, (byte) 0xF6, (byte) 0x77, (byte) 0xED, - (byte) 0x8B, (byte) 0x1A, (byte) 0x52, (byte) 0x16, (byte) 0xDA, (byte) 0x1C, - (byte) 0xA7, (byte) 0x16, (byte) 0x79, (byte) 0x20, (byte) 0x1C, (byte) 0x99, - (byte) 0x5F, (byte) 0x12, (byte) 0x66, (byte) 0x15, (byte) 0x9F, (byte) 0xE5, - (byte) 0x73, (byte) 0xA9, (byte) 0x61, (byte) 0xBA, (byte) 0xA7, (byte) 0x23, - (byte) 0x93, (byte) 0x77, (byte) 0xB5, (byte) 0xF6, (byte) 0xEC, (byte) 0x13, - (byte) 0xBF, (byte) 0x95, (byte) 0x60, (byte) 0x78, (byte) 0x84, (byte) 0xE3, - (byte) 0x44, (byte) 0xEC, (byte) 0x74, (byte) 0xC2, (byte) 0xCB, (byte) 0xD4, - (byte) 0x70, (byte) 0xC5, (byte) 0x7B, (byte) 0xF8, (byte) 0x07, (byte) 0x3B, - (byte) 0xEB, (byte) 0x9F, (byte) 0xC9, (byte) 0x7D, (byte) 0xE0, (byte) 0xA5, - (byte) 0xBA, (byte) 0x68, (byte) 0x7B, (byte) 0xF4, (byte) 0x70, (byte) 0x40, - (byte) 0xAE, (byte) 0xE9, (byte) 0x65, (byte) 0xEE, (byte) 0x5B, (byte) 0x71, - (byte) 0x36, (byte) 0x0B, (byte) 0xB0, (byte) 0xA2, (byte) 0x98, (byte) 0x7D, - (byte) 0xE3, (byte) 0x24, (byte) 0x95, (byte) 0x2B, (byte) 0xC2, (byte) 0x0A, - (byte) 0x78, (byte) 0x3D, (byte) 0xCC, (byte) 0x3A, (byte) 0xEE, (byte) 0xED, - (byte) 0x48, (byte) 0xEB, (byte) 0xA3, (byte) 0x78, (byte) 0xA8, (byte) 0x9D, - (byte) 0x0A, (byte) 0x8F, (byte) 0x9E, (byte) 0x59, (byte) 0x2C, (byte) 0x44, - (byte) 0xB5, (byte) 0xF9, (byte) 0x53, (byte) 0x43, - }); - - BigInteger q = new BigInteger(1, new byte[] { - (byte) 0xA1, (byte) 0x9B, (byte) 0x1D, (byte) 0xC0, (byte) 0xE3, (byte) 0xF6, - (byte) 0x4A, (byte) 0x35, (byte) 0xE1, (byte) 0x8A, (byte) 0x43, (byte) 0xC2, - (byte) 0x9C, (byte) 0xF9, (byte) 0x52, (byte) 0x8F, (byte) 0x94, (byte) 0xA1, - (byte) 0x12, (byte) 0x11, (byte) 0xDB, (byte) 0x9A, (byte) 0xB6, (byte) 0x35, - (byte) 0x56, (byte) 0x26, (byte) 0x60, (byte) 0x89, (byte) 0x11, (byte) 0xAC, - (byte) 0xA8, (byte) 0xE5, - }); - - BigInteger g = new BigInteger(1, new byte[] { - (byte) 0xA1, (byte) 0x5C, (byte) 0x57, (byte) 0x15, (byte) 0xC3, (byte) 0xD9, - (byte) 0xD7, (byte) 0x41, (byte) 0x89, (byte) 0xD6, (byte) 0xB8, (byte) 0x7B, - (byte) 0xF3, (byte) 0xE0, (byte) 0xB3, (byte) 0xC5, (byte) 0xD1, (byte) 0xAA, - (byte) 0xF9, (byte) 0x55, (byte) 0x48, (byte) 0xF1, (byte) 0xDA, (byte) 0xE8, - (byte) 0x6F, (byte) 0x51, (byte) 0x05, (byte) 0xB2, (byte) 0xC9, (byte) 0x64, - (byte) 0xDA, (byte) 0x5F, (byte) 0xD4, (byte) 0xAA, (byte) 0xFD, (byte) 0x67, - (byte) 0xE0, (byte) 0x10, (byte) 0x2C, (byte) 0x1F, (byte) 0x03, (byte) 0x10, - (byte) 0xD4, (byte) 0x4B, (byte) 0x20, (byte) 0x82, (byte) 0x2B, (byte) 0x04, - (byte) 0xF9, (byte) 0x09, (byte) 0xAE, (byte) 0x28, (byte) 0x3D, (byte) 0x9B, - (byte) 0xFF, (byte) 0x87, (byte) 0x76, (byte) 0xCD, (byte) 0xF0, (byte) 0x11, - (byte) 0xB7, (byte) 0xEA, (byte) 0xE6, (byte) 0xCD, (byte) 0x60, (byte) 0xD3, - (byte) 0x8C, (byte) 0x74, (byte) 0xD3, (byte) 0x45, (byte) 0x63, (byte) 0x69, - (byte) 0x3F, (byte) 0x1D, (byte) 0x31, (byte) 0x25, (byte) 0x49, (byte) 0x97, - (byte) 0x4B, (byte) 0x73, (byte) 0x34, (byte) 0x12, (byte) 0x73, (byte) 0x27, - (byte) 0x4C, (byte) 0xDA, (byte) 0xF3, (byte) 0x08, (byte) 0xA8, (byte) 0xA9, - (byte) 0x27, (byte) 0xE4, (byte) 0xB8, (byte) 0xD6, (byte) 0xB5, (byte) 0xC4, - (byte) 0x18, (byte) 0xED, (byte) 0xBD, (byte) 0x6F, (byte) 0xA2, (byte) 0x36, - (byte) 0xA2, (byte) 0x9C, (byte) 0x27, (byte) 0x62, (byte) 0x7F, (byte) 0x93, - (byte) 0xD7, (byte) 0x52, (byte) 0xA9, (byte) 0x76, (byte) 0x55, (byte) 0x99, - (byte) 0x00, (byte) 0x5B, (byte) 0xC2, (byte) 0xB9, (byte) 0x18, (byte) 0xAC, - (byte) 0x6B, (byte) 0x83, (byte) 0x0D, (byte) 0xA1, (byte) 0xC5, (byte) 0x01, - (byte) 0x1A, (byte) 0xE5, (byte) 0x4D, (byte) 0x2F, (byte) 0xCF, (byte) 0x5D, - (byte) 0xB2, (byte) 0xE7, (byte) 0xC7, (byte) 0xCB, (byte) 0x2C, (byte) 0xFF, - (byte) 0x51, (byte) 0x1B, (byte) 0x9D, (byte) 0xA4, (byte) 0x05, (byte) 0xEB, - (byte) 0x17, (byte) 0xD8, (byte) 0x97, (byte) 0x9D, (byte) 0x0C, (byte) 0x59, - (byte) 0x92, (byte) 0x8A, (byte) 0x03, (byte) 0x34, (byte) 0xFD, (byte) 0x16, - (byte) 0x0F, (byte) 0x2A, (byte) 0xF9, (byte) 0x7D, (byte) 0xC3, (byte) 0x41, - (byte) 0x0D, (byte) 0x06, (byte) 0x5A, (byte) 0x4B, (byte) 0x34, (byte) 0xD5, - (byte) 0xF5, (byte) 0x09, (byte) 0x1C, (byte) 0xCE, (byte) 0xA7, (byte) 0x19, - (byte) 0x6D, (byte) 0x04, (byte) 0x53, (byte) 0x71, (byte) 0xCC, (byte) 0x84, - (byte) 0xA0, (byte) 0xB2, (byte) 0xA0, (byte) 0x68, (byte) 0xA3, (byte) 0x40, - (byte) 0xC0, (byte) 0x67, (byte) 0x38, (byte) 0x96, (byte) 0x73, (byte) 0x2E, - (byte) 0x8E, (byte) 0x2A, (byte) 0x9D, (byte) 0x56, (byte) 0xE9, (byte) 0xAC, - (byte) 0xC7, (byte) 0xEC, (byte) 0x84, (byte) 0x7F, (byte) 0xFC, (byte) 0xE0, - (byte) 0x69, (byte) 0x03, (byte) 0x8B, (byte) 0x48, (byte) 0x64, (byte) 0x76, - (byte) 0x85, (byte) 0xA5, (byte) 0x10, (byte) 0xD9, (byte) 0x31, (byte) 0xC3, - (byte) 0x8B, (byte) 0x07, (byte) 0x48, (byte) 0x62, (byte) 0xF6, (byte) 0x68, - (byte) 0xF2, (byte) 0x96, (byte) 0xB2, (byte) 0x18, (byte) 0x5B, (byte) 0xFF, - (byte) 0x6D, (byte) 0xD1, (byte) 0x6B, (byte) 0xF5, (byte) 0xFD, (byte) 0x81, - (byte) 0xF1, (byte) 0xFD, (byte) 0x04, (byte) 0xF0, (byte) 0x9F, (byte) 0xB7, - (byte) 0x08, (byte) 0x95, (byte) 0x57, (byte) 0x48, (byte) 0x07, (byte) 0x00, - (byte) 0x52, (byte) 0xEC, (byte) 0x75, (byte) 0x91, (byte) 0x02, (byte) 0x11, - (byte) 0xA3, (byte) 0x64, (byte) 0x26, (byte) 0xCA, - }); - - AlgorithmParameterSpec spec = new DSAParameterSpec(p, q, g); - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setKeyType("DSA") - .setKeySize(2048) - .setAlgorithmParameterSpec(spec) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - - final KeyPair pair = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "DSA", 2048, spec, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - public void testKeyPairGenerator_GenerateKeyPair_EC_Unencrypted_Success() throws Exception { mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) .setAlias(TEST_ALIAS_1) @@ -469,17 +305,7 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { assertNotNull("The PublicKey for the KeyPair should be not null", pubKey); assertEquals(keyType, pubKey.getAlgorithm()); - if ("DSA".equalsIgnoreCase(keyType)) { - DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey; - DSAParams actualParams = dsaPubKey.getParams(); - assertEquals(keySize, (actualParams.getP().bitLength() + 7) & ~7); - if (spec != null) { - DSAParameterSpec expectedParams = (DSAParameterSpec) spec; - assertEquals(expectedParams.getP(), actualParams.getP()); - assertEquals(expectedParams.getQ(), actualParams.getQ()); - assertEquals(expectedParams.getG(), actualParams.getG()); - } - } else if ("EC".equalsIgnoreCase(keyType)) { + if ("EC".equalsIgnoreCase(keyType)) { assertEquals("Curve should be what was specified during initialization", keySize, ((ECPublicKey) pubKey).getParams().getCurve().getField().getFieldSize()); } else if ("RSA".equalsIgnoreCase(keyType)) { diff --git a/keystore/tests/src/android/security/AndroidKeyStoreTest.java b/keystore/tests/src/android/security/AndroidKeyStoreTest.java index 6597d3f..9775e64 100644 --- a/keystore/tests/src/android/security/AndroidKeyStoreTest.java +++ b/keystore/tests/src/android/security/AndroidKeyStoreTest.java @@ -20,7 +20,6 @@ import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; import com.android.org.conscrypt.NativeCrypto; import com.android.org.conscrypt.OpenSSLEngine; -import com.android.org.conscrypt.OpenSSLKeyHolder; import android.test.AndroidTestCase; @@ -41,8 +40,6 @@ import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.DSAPublicKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPrivateKey; @@ -722,368 +719,6 @@ public class AndroidKeyStoreTest extends AndroidTestCase { (byte) 0x7e, (byte) 0xde, (byte) 0xb2 }; - /* - * The keys and certificates below are generated with: - * - * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem - * openssl dsaparam -out dsaparam.pem 1024 - * openssl req -newkey dsa:dsaparam.pem -keyout userkey.pem -nodes -days 3650 -out userkey.req - * mkdir -p demoCA/newcerts - * touch demoCA/index.txt - * echo "01" > demoCA/serial - * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 - */ - - /** - * Generated from above and converted with: - * - * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_DSA_CA_1 = new byte[] { - (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x8a, (byte) 0x30, (byte) 0x82, - (byte) 0x01, (byte) 0xf3, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, - (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0x87, (byte) 0xc0, - (byte) 0x68, (byte) 0x7f, (byte) 0x42, (byte) 0x92, (byte) 0x0b, (byte) 0x7a, - (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, - (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x5e, (byte) 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, - (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, - (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, - (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, - (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, - (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, - (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, - (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, - (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, - (byte) 0x74, (byte) 0x64, (byte) 0x31, (byte) 0x17, (byte) 0x30, (byte) 0x15, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, - (byte) 0x0e, (byte) 0x63, (byte) 0x61, (byte) 0x2e, (byte) 0x65, (byte) 0x78, - (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, - (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x1e, (byte) 0x17, - (byte) 0x0d, (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, - (byte) 0x37, (byte) 0x32, (byte) 0x33, (byte) 0x33, (byte) 0x31, (byte) 0x32, - (byte) 0x39, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x33, - (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x35, (byte) 0x32, (byte) 0x33, - (byte) 0x33, (byte) 0x31, (byte) 0x32, (byte) 0x39, (byte) 0x5a, (byte) 0x30, - (byte) 0x5e, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, - (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, - (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, - (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, - (byte) 0x21, (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, - (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, - (byte) 0x20, (byte) 0x57, (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, - (byte) 0x74, (byte) 0x73, (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, - (byte) 0x20, (byte) 0x4c, (byte) 0x74, (byte) 0x64, (byte) 0x31, (byte) 0x17, - (byte) 0x30, (byte) 0x15, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x03, (byte) 0x0c, (byte) 0x0e, (byte) 0x63, (byte) 0x61, (byte) 0x2e, - (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, - (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, - (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, - (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, - (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, - (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, - (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa4, (byte) 0xc7, - (byte) 0x06, (byte) 0xba, (byte) 0xdf, (byte) 0x2b, (byte) 0xee, (byte) 0xd2, - (byte) 0xb9, (byte) 0xe4, (byte) 0x52, (byte) 0x21, (byte) 0x68, (byte) 0x2b, - (byte) 0x83, (byte) 0xdf, (byte) 0xe3, (byte) 0x9c, (byte) 0x08, (byte) 0x73, - (byte) 0xdd, (byte) 0x90, (byte) 0xea, (byte) 0x97, (byte) 0x0c, (byte) 0x96, - (byte) 0x20, (byte) 0xb1, (byte) 0xee, (byte) 0x11, (byte) 0xd5, (byte) 0xd4, - (byte) 0x7c, (byte) 0x44, (byte) 0x96, (byte) 0x2e, (byte) 0x6e, (byte) 0xa2, - (byte) 0xb2, (byte) 0xa3, (byte) 0x4b, (byte) 0x0f, (byte) 0x32, (byte) 0x90, - (byte) 0xaf, (byte) 0x5c, (byte) 0x6f, (byte) 0x00, (byte) 0x88, (byte) 0x45, - (byte) 0x4e, (byte) 0x9b, (byte) 0x26, (byte) 0xc1, (byte) 0x94, (byte) 0x3c, - (byte) 0xfe, (byte) 0x10, (byte) 0xbd, (byte) 0xda, (byte) 0xf2, (byte) 0x8d, - (byte) 0x03, (byte) 0x52, (byte) 0x32, (byte) 0x11, (byte) 0xff, (byte) 0xf6, - (byte) 0xf9, (byte) 0x6e, (byte) 0x8f, (byte) 0x0f, (byte) 0xc8, (byte) 0x0a, - (byte) 0x48, (byte) 0x39, (byte) 0x33, (byte) 0xb9, (byte) 0x0c, (byte) 0xb3, - (byte) 0x2b, (byte) 0xab, (byte) 0x7d, (byte) 0x79, (byte) 0x6f, (byte) 0x57, - (byte) 0x5b, (byte) 0xb8, (byte) 0x84, (byte) 0xb6, (byte) 0xcc, (byte) 0xe8, - (byte) 0x30, (byte) 0x78, (byte) 0xff, (byte) 0x92, (byte) 0xe5, (byte) 0x43, - (byte) 0x2e, (byte) 0xef, (byte) 0x66, (byte) 0x98, (byte) 0xb4, (byte) 0xfe, - (byte) 0xa2, (byte) 0x40, (byte) 0xf2, (byte) 0x1f, (byte) 0xd0, (byte) 0x86, - (byte) 0x16, (byte) 0xc8, (byte) 0x45, (byte) 0xc4, (byte) 0x52, (byte) 0xcb, - (byte) 0x31, (byte) 0x5c, (byte) 0x9f, (byte) 0x32, (byte) 0x3b, (byte) 0xf7, - (byte) 0x19, (byte) 0x08, (byte) 0xc7, (byte) 0x00, (byte) 0x21, (byte) 0x7d, - (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, - (byte) 0x50, (byte) 0x30, (byte) 0x4e, (byte) 0x30, (byte) 0x1d, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, - (byte) 0x04, (byte) 0x14, (byte) 0x47, (byte) 0x82, (byte) 0xa3, (byte) 0xf1, - (byte) 0xc2, (byte) 0x7e, (byte) 0x3a, (byte) 0xde, (byte) 0x4f, (byte) 0x30, - (byte) 0x4c, (byte) 0x7f, (byte) 0x72, (byte) 0x81, (byte) 0x15, (byte) 0x32, - (byte) 0xda, (byte) 0x7f, (byte) 0x58, (byte) 0x18, (byte) 0x30, (byte) 0x1f, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, - (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x47, - (byte) 0x82, (byte) 0xa3, (byte) 0xf1, (byte) 0xc2, (byte) 0x7e, (byte) 0x3a, - (byte) 0xde, (byte) 0x4f, (byte) 0x30, (byte) 0x4c, (byte) 0x7f, (byte) 0x72, - (byte) 0x81, (byte) 0x15, (byte) 0x32, (byte) 0xda, (byte) 0x7f, (byte) 0x58, - (byte) 0x18, (byte) 0x30, (byte) 0x0c, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05, (byte) 0x30, (byte) 0x03, - (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, (byte) 0x0d, (byte) 0x06, - (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, - (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, - (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x08, (byte) 0x7f, - (byte) 0x6a, (byte) 0x48, (byte) 0x90, (byte) 0x7b, (byte) 0x9b, (byte) 0x72, - (byte) 0x13, (byte) 0xa7, (byte) 0xef, (byte) 0x6b, (byte) 0x0b, (byte) 0x59, - (byte) 0xe5, (byte) 0x49, (byte) 0x72, (byte) 0x3a, (byte) 0xc8, (byte) 0x84, - (byte) 0xcc, (byte) 0x23, (byte) 0x18, (byte) 0x4c, (byte) 0xec, (byte) 0xc7, - (byte) 0xef, (byte) 0xcb, (byte) 0xa7, (byte) 0xbe, (byte) 0xe4, (byte) 0xef, - (byte) 0x8f, (byte) 0xc6, (byte) 0x06, (byte) 0x8c, (byte) 0xc0, (byte) 0xe4, - (byte) 0x2f, (byte) 0x2a, (byte) 0xc0, (byte) 0x35, (byte) 0x7d, (byte) 0x5e, - (byte) 0x19, (byte) 0x29, (byte) 0x8c, (byte) 0xb9, (byte) 0xf1, (byte) 0x1e, - (byte) 0xaf, (byte) 0x82, (byte) 0xd8, (byte) 0xe3, (byte) 0x88, (byte) 0xe1, - (byte) 0x31, (byte) 0xc8, (byte) 0x82, (byte) 0x1f, (byte) 0x83, (byte) 0xa9, - (byte) 0xde, (byte) 0xfe, (byte) 0x4b, (byte) 0xe2, (byte) 0x78, (byte) 0x64, - (byte) 0xed, (byte) 0xa4, (byte) 0x7b, (byte) 0xee, (byte) 0x8d, (byte) 0x71, - (byte) 0x1b, (byte) 0x44, (byte) 0xe6, (byte) 0xb7, (byte) 0xe8, (byte) 0xc5, - (byte) 0x9a, (byte) 0x93, (byte) 0x92, (byte) 0x6f, (byte) 0x6f, (byte) 0xdb, - (byte) 0xbd, (byte) 0xd7, (byte) 0x03, (byte) 0x85, (byte) 0xa9, (byte) 0x5f, - (byte) 0x53, (byte) 0x5f, (byte) 0x5d, (byte) 0x30, (byte) 0xc6, (byte) 0xd9, - (byte) 0xce, (byte) 0x34, (byte) 0xa8, (byte) 0xbe, (byte) 0x31, (byte) 0x47, - (byte) 0x1c, (byte) 0xa4, (byte) 0x7f, (byte) 0xc0, (byte) 0x2c, (byte) 0xbc, - (byte) 0xfe, (byte) 0x1a, (byte) 0x31, (byte) 0xd8, (byte) 0x77, (byte) 0x4d, - (byte) 0xfc, (byte) 0x45, (byte) 0x84, (byte) 0xfc, (byte) 0x45, (byte) 0x12, - (byte) 0xab, (byte) 0x50, (byte) 0xe4, (byte) 0x45, (byte) 0xe5, (byte) 0x11 - }; - - /** - * Generated from above and converted with: openssl pkcs8 -topk8 -outform d - * -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_DSA_KEY_1 = new byte[] { - (byte) 0x30, (byte) 0x82, (byte) 0x01, (byte) 0x4c, (byte) 0x02, (byte) 0x01, - (byte) 0x00, (byte) 0x30, (byte) 0x82, (byte) 0x01, (byte) 0x2c, (byte) 0x06, - (byte) 0x07, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x38, - (byte) 0x04, (byte) 0x01, (byte) 0x30, (byte) 0x82, (byte) 0x01, (byte) 0x1f, - (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xb3, (byte) 0x23, - (byte) 0xf7, (byte) 0x86, (byte) 0xbd, (byte) 0x3b, (byte) 0x86, (byte) 0xcc, - (byte) 0xc3, (byte) 0x91, (byte) 0xc0, (byte) 0x30, (byte) 0x32, (byte) 0x02, - (byte) 0x47, (byte) 0x35, (byte) 0x01, (byte) 0xef, (byte) 0xee, (byte) 0x98, - (byte) 0x13, (byte) 0x56, (byte) 0x49, (byte) 0x47, (byte) 0xb5, (byte) 0x20, - (byte) 0xa8, (byte) 0x60, (byte) 0xcb, (byte) 0xc0, (byte) 0xd5, (byte) 0x77, - (byte) 0xc1, (byte) 0x69, (byte) 0xcd, (byte) 0x18, (byte) 0x34, (byte) 0x92, - (byte) 0xf2, (byte) 0x6a, (byte) 0x2a, (byte) 0x10, (byte) 0x59, (byte) 0x1c, - (byte) 0x91, (byte) 0x20, (byte) 0x51, (byte) 0xca, (byte) 0x37, (byte) 0xb2, - (byte) 0x87, (byte) 0xa6, (byte) 0x8a, (byte) 0x02, (byte) 0xfd, (byte) 0x45, - (byte) 0x46, (byte) 0xf9, (byte) 0x76, (byte) 0xb1, (byte) 0x35, (byte) 0x38, - (byte) 0x8d, (byte) 0xff, (byte) 0x4c, (byte) 0x5d, (byte) 0x75, (byte) 0x8f, - (byte) 0x66, (byte) 0x15, (byte) 0x7d, (byte) 0x7b, (byte) 0xda, (byte) 0xdb, - (byte) 0x57, (byte) 0x39, (byte) 0xff, (byte) 0x91, (byte) 0x3f, (byte) 0xdd, - (byte) 0xe2, (byte) 0xb4, (byte) 0x22, (byte) 0x60, (byte) 0x4c, (byte) 0x32, - (byte) 0x3b, (byte) 0x9d, (byte) 0x34, (byte) 0x9f, (byte) 0xb9, (byte) 0x5d, - (byte) 0x75, (byte) 0xb9, (byte) 0xd3, (byte) 0x7f, (byte) 0x11, (byte) 0xba, - (byte) 0xb7, (byte) 0xc8, (byte) 0x32, (byte) 0xc6, (byte) 0xce, (byte) 0x71, - (byte) 0x91, (byte) 0xd3, (byte) 0x32, (byte) 0xaf, (byte) 0x4d, (byte) 0x7e, - (byte) 0x7c, (byte) 0x15, (byte) 0xf7, (byte) 0x71, (byte) 0x2c, (byte) 0x52, - (byte) 0x65, (byte) 0x4d, (byte) 0xa9, (byte) 0x81, (byte) 0x25, (byte) 0x35, - (byte) 0xce, (byte) 0x0b, (byte) 0x5b, (byte) 0x56, (byte) 0xfe, (byte) 0xf1, - (byte) 0x02, (byte) 0x15, (byte) 0x00, (byte) 0xeb, (byte) 0x4e, (byte) 0x7f, - (byte) 0x7a, (byte) 0x31, (byte) 0xb3, (byte) 0x7d, (byte) 0x8d, (byte) 0xb2, - (byte) 0xf7, (byte) 0xaf, (byte) 0xad, (byte) 0xb1, (byte) 0x42, (byte) 0x92, - (byte) 0xf3, (byte) 0x6c, (byte) 0xe4, (byte) 0xed, (byte) 0x8b, (byte) 0x02, - (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x81, (byte) 0xc8, (byte) 0x36, - (byte) 0x48, (byte) 0xdb, (byte) 0x71, (byte) 0x2b, (byte) 0x91, (byte) 0xce, - (byte) 0x6d, (byte) 0xbc, (byte) 0xb8, (byte) 0xf9, (byte) 0xcb, (byte) 0x50, - (byte) 0x91, (byte) 0x10, (byte) 0x8a, (byte) 0xf8, (byte) 0x37, (byte) 0x50, - (byte) 0xda, (byte) 0x4f, (byte) 0xc8, (byte) 0x4d, (byte) 0x73, (byte) 0xcb, - (byte) 0x4d, (byte) 0xb0, (byte) 0x19, (byte) 0x54, (byte) 0x5a, (byte) 0xf3, - (byte) 0x6c, (byte) 0xc9, (byte) 0xd8, (byte) 0x96, (byte) 0xd9, (byte) 0xb0, - (byte) 0x54, (byte) 0x7e, (byte) 0x7d, (byte) 0xe2, (byte) 0x58, (byte) 0x0e, - (byte) 0x5f, (byte) 0xc0, (byte) 0xce, (byte) 0xb9, (byte) 0x5c, (byte) 0xe3, - (byte) 0xd3, (byte) 0xdf, (byte) 0xcf, (byte) 0x45, (byte) 0x74, (byte) 0xfb, - (byte) 0xe6, (byte) 0x20, (byte) 0xe7, (byte) 0xfc, (byte) 0x0f, (byte) 0xca, - (byte) 0xdb, (byte) 0xc0, (byte) 0x0b, (byte) 0xe1, (byte) 0x5a, (byte) 0x16, - (byte) 0x1d, (byte) 0xb3, (byte) 0x2e, (byte) 0xe5, (byte) 0x5f, (byte) 0x89, - (byte) 0x17, (byte) 0x73, (byte) 0x50, (byte) 0xd1, (byte) 0x4a, (byte) 0x60, - (byte) 0xb7, (byte) 0xaa, (byte) 0xf0, (byte) 0xc7, (byte) 0xc5, (byte) 0x03, - (byte) 0x4e, (byte) 0x36, (byte) 0x51, (byte) 0x9e, (byte) 0x2f, (byte) 0xfa, - (byte) 0xf3, (byte) 0xd6, (byte) 0x58, (byte) 0x14, (byte) 0x02, (byte) 0xb4, - (byte) 0x41, (byte) 0xd6, (byte) 0x72, (byte) 0x6f, (byte) 0x58, (byte) 0x5b, - (byte) 0x2d, (byte) 0x23, (byte) 0xc0, (byte) 0x75, (byte) 0x4f, (byte) 0x39, - (byte) 0xa8, (byte) 0x6a, (byte) 0xdf, (byte) 0x79, (byte) 0x21, (byte) 0xf2, - (byte) 0x77, (byte) 0x91, (byte) 0x3f, (byte) 0x1c, (byte) 0x4d, (byte) 0x48, - (byte) 0x78, (byte) 0xcd, (byte) 0xed, (byte) 0x79, (byte) 0x23, (byte) 0x04, - (byte) 0x17, (byte) 0x02, (byte) 0x15, (byte) 0x00, (byte) 0xc7, (byte) 0xe7, - (byte) 0xe2, (byte) 0x6b, (byte) 0x14, (byte) 0xe6, (byte) 0x31, (byte) 0x12, - (byte) 0xb2, (byte) 0x1e, (byte) 0xd4, (byte) 0xf2, (byte) 0x9b, (byte) 0x2c, - (byte) 0xf6, (byte) 0x54, (byte) 0x4c, (byte) 0x12, (byte) 0xe8, (byte) 0x22 - }; - - /** - * Generated from above and converted with: openssl x509 -outform d -in - * usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_DSA_USER_1 = new byte[] { - (byte) 0x30, (byte) 0x82, (byte) 0x03, (byte) 0xca, (byte) 0x30, (byte) 0x82, - (byte) 0x03, (byte) 0x33, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, - (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, - (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, - (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, - (byte) 0x00, (byte) 0x30, (byte) 0x5e, (byte) 0x31, (byte) 0x0b, (byte) 0x30, - (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, - (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13, - (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d, - (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74, - (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x18, - (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x6e, - (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, (byte) 0x64, - (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, (byte) 0x50, - (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, (byte) 0x64, - (byte) 0x31, (byte) 0x17, (byte) 0x30, (byte) 0x15, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x0e, (byte) 0x63, - (byte) 0x61, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, - (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, - (byte) 0x6d, (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, - (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, (byte) 0x32, - (byte) 0x33, (byte) 0x33, (byte) 0x34, (byte) 0x32, (byte) 0x32, (byte) 0x5a, - (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, (byte) 0x38, - (byte) 0x32, (byte) 0x35, (byte) 0x32, (byte) 0x33, (byte) 0x33, (byte) 0x34, - (byte) 0x32, (byte) 0x32, (byte) 0x5a, (byte) 0x30, (byte) 0x62, (byte) 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, - (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, - (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, - (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, - (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, - (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, - (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, - (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, - (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, - (byte) 0x74, (byte) 0x64, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, - (byte) 0x12, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, (byte) 0x65, - (byte) 0x72, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, - (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, - (byte) 0x6d, (byte) 0x30, (byte) 0x82, (byte) 0x01, (byte) 0xb7, (byte) 0x30, - (byte) 0x82, (byte) 0x01, (byte) 0x2c, (byte) 0x06, (byte) 0x07, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x38, (byte) 0x04, (byte) 0x01, - (byte) 0x30, (byte) 0x82, (byte) 0x01, (byte) 0x1f, (byte) 0x02, (byte) 0x81, - (byte) 0x81, (byte) 0x00, (byte) 0xb3, (byte) 0x23, (byte) 0xf7, (byte) 0x86, - (byte) 0xbd, (byte) 0x3b, (byte) 0x86, (byte) 0xcc, (byte) 0xc3, (byte) 0x91, - (byte) 0xc0, (byte) 0x30, (byte) 0x32, (byte) 0x02, (byte) 0x47, (byte) 0x35, - (byte) 0x01, (byte) 0xef, (byte) 0xee, (byte) 0x98, (byte) 0x13, (byte) 0x56, - (byte) 0x49, (byte) 0x47, (byte) 0xb5, (byte) 0x20, (byte) 0xa8, (byte) 0x60, - (byte) 0xcb, (byte) 0xc0, (byte) 0xd5, (byte) 0x77, (byte) 0xc1, (byte) 0x69, - (byte) 0xcd, (byte) 0x18, (byte) 0x34, (byte) 0x92, (byte) 0xf2, (byte) 0x6a, - (byte) 0x2a, (byte) 0x10, (byte) 0x59, (byte) 0x1c, (byte) 0x91, (byte) 0x20, - (byte) 0x51, (byte) 0xca, (byte) 0x37, (byte) 0xb2, (byte) 0x87, (byte) 0xa6, - (byte) 0x8a, (byte) 0x02, (byte) 0xfd, (byte) 0x45, (byte) 0x46, (byte) 0xf9, - (byte) 0x76, (byte) 0xb1, (byte) 0x35, (byte) 0x38, (byte) 0x8d, (byte) 0xff, - (byte) 0x4c, (byte) 0x5d, (byte) 0x75, (byte) 0x8f, (byte) 0x66, (byte) 0x15, - (byte) 0x7d, (byte) 0x7b, (byte) 0xda, (byte) 0xdb, (byte) 0x57, (byte) 0x39, - (byte) 0xff, (byte) 0x91, (byte) 0x3f, (byte) 0xdd, (byte) 0xe2, (byte) 0xb4, - (byte) 0x22, (byte) 0x60, (byte) 0x4c, (byte) 0x32, (byte) 0x3b, (byte) 0x9d, - (byte) 0x34, (byte) 0x9f, (byte) 0xb9, (byte) 0x5d, (byte) 0x75, (byte) 0xb9, - (byte) 0xd3, (byte) 0x7f, (byte) 0x11, (byte) 0xba, (byte) 0xb7, (byte) 0xc8, - (byte) 0x32, (byte) 0xc6, (byte) 0xce, (byte) 0x71, (byte) 0x91, (byte) 0xd3, - (byte) 0x32, (byte) 0xaf, (byte) 0x4d, (byte) 0x7e, (byte) 0x7c, (byte) 0x15, - (byte) 0xf7, (byte) 0x71, (byte) 0x2c, (byte) 0x52, (byte) 0x65, (byte) 0x4d, - (byte) 0xa9, (byte) 0x81, (byte) 0x25, (byte) 0x35, (byte) 0xce, (byte) 0x0b, - (byte) 0x5b, (byte) 0x56, (byte) 0xfe, (byte) 0xf1, (byte) 0x02, (byte) 0x15, - (byte) 0x00, (byte) 0xeb, (byte) 0x4e, (byte) 0x7f, (byte) 0x7a, (byte) 0x31, - (byte) 0xb3, (byte) 0x7d, (byte) 0x8d, (byte) 0xb2, (byte) 0xf7, (byte) 0xaf, - (byte) 0xad, (byte) 0xb1, (byte) 0x42, (byte) 0x92, (byte) 0xf3, (byte) 0x6c, - (byte) 0xe4, (byte) 0xed, (byte) 0x8b, (byte) 0x02, (byte) 0x81, (byte) 0x81, - (byte) 0x00, (byte) 0x81, (byte) 0xc8, (byte) 0x36, (byte) 0x48, (byte) 0xdb, - (byte) 0x71, (byte) 0x2b, (byte) 0x91, (byte) 0xce, (byte) 0x6d, (byte) 0xbc, - (byte) 0xb8, (byte) 0xf9, (byte) 0xcb, (byte) 0x50, (byte) 0x91, (byte) 0x10, - (byte) 0x8a, (byte) 0xf8, (byte) 0x37, (byte) 0x50, (byte) 0xda, (byte) 0x4f, - (byte) 0xc8, (byte) 0x4d, (byte) 0x73, (byte) 0xcb, (byte) 0x4d, (byte) 0xb0, - (byte) 0x19, (byte) 0x54, (byte) 0x5a, (byte) 0xf3, (byte) 0x6c, (byte) 0xc9, - (byte) 0xd8, (byte) 0x96, (byte) 0xd9, (byte) 0xb0, (byte) 0x54, (byte) 0x7e, - (byte) 0x7d, (byte) 0xe2, (byte) 0x58, (byte) 0x0e, (byte) 0x5f, (byte) 0xc0, - (byte) 0xce, (byte) 0xb9, (byte) 0x5c, (byte) 0xe3, (byte) 0xd3, (byte) 0xdf, - (byte) 0xcf, (byte) 0x45, (byte) 0x74, (byte) 0xfb, (byte) 0xe6, (byte) 0x20, - (byte) 0xe7, (byte) 0xfc, (byte) 0x0f, (byte) 0xca, (byte) 0xdb, (byte) 0xc0, - (byte) 0x0b, (byte) 0xe1, (byte) 0x5a, (byte) 0x16, (byte) 0x1d, (byte) 0xb3, - (byte) 0x2e, (byte) 0xe5, (byte) 0x5f, (byte) 0x89, (byte) 0x17, (byte) 0x73, - (byte) 0x50, (byte) 0xd1, (byte) 0x4a, (byte) 0x60, (byte) 0xb7, (byte) 0xaa, - (byte) 0xf0, (byte) 0xc7, (byte) 0xc5, (byte) 0x03, (byte) 0x4e, (byte) 0x36, - (byte) 0x51, (byte) 0x9e, (byte) 0x2f, (byte) 0xfa, (byte) 0xf3, (byte) 0xd6, - (byte) 0x58, (byte) 0x14, (byte) 0x02, (byte) 0xb4, (byte) 0x41, (byte) 0xd6, - (byte) 0x72, (byte) 0x6f, (byte) 0x58, (byte) 0x5b, (byte) 0x2d, (byte) 0x23, - (byte) 0xc0, (byte) 0x75, (byte) 0x4f, (byte) 0x39, (byte) 0xa8, (byte) 0x6a, - (byte) 0xdf, (byte) 0x79, (byte) 0x21, (byte) 0xf2, (byte) 0x77, (byte) 0x91, - (byte) 0x3f, (byte) 0x1c, (byte) 0x4d, (byte) 0x48, (byte) 0x78, (byte) 0xcd, - (byte) 0xed, (byte) 0x79, (byte) 0x23, (byte) 0x03, (byte) 0x81, (byte) 0x84, - (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x1a, (byte) 0x50, - (byte) 0x9d, (byte) 0x3e, (byte) 0xa1, (byte) 0x6c, (byte) 0x99, (byte) 0x35, - (byte) 0x36, (byte) 0x26, (byte) 0x22, (byte) 0x6b, (byte) 0x47, (byte) 0x45, - (byte) 0x80, (byte) 0x5b, (byte) 0xd5, (byte) 0xc1, (byte) 0xc5, (byte) 0x70, - (byte) 0x75, (byte) 0x55, (byte) 0x66, (byte) 0x33, (byte) 0x1d, (byte) 0xae, - (byte) 0xd0, (byte) 0x01, (byte) 0x64, (byte) 0x8b, (byte) 0xae, (byte) 0x9d, - (byte) 0x66, (byte) 0x58, (byte) 0xf9, (byte) 0x42, (byte) 0x74, (byte) 0x3a, - (byte) 0x32, (byte) 0xc7, (byte) 0x7f, (byte) 0x25, (byte) 0x64, (byte) 0x7d, - (byte) 0x08, (byte) 0x26, (byte) 0xbf, (byte) 0x21, (byte) 0x3a, (byte) 0x84, - (byte) 0xcc, (byte) 0x2c, (byte) 0x66, (byte) 0x7d, (byte) 0xc7, (byte) 0xd6, - (byte) 0xb1, (byte) 0x69, (byte) 0x57, (byte) 0x67, (byte) 0x52, (byte) 0x73, - (byte) 0x3f, (byte) 0x79, (byte) 0x60, (byte) 0xaa, (byte) 0xf4, (byte) 0x8a, - (byte) 0x48, (byte) 0x42, (byte) 0x46, (byte) 0x41, (byte) 0xd0, (byte) 0x50, - (byte) 0x9b, (byte) 0xa2, (byte) 0x4e, (byte) 0xa5, (byte) 0x88, (byte) 0x10, - (byte) 0xf7, (byte) 0x61, (byte) 0xa2, (byte) 0xfa, (byte) 0x8d, (byte) 0xa6, - (byte) 0x13, (byte) 0x9e, (byte) 0x36, (byte) 0x86, (byte) 0x62, (byte) 0xf0, - (byte) 0x97, (byte) 0xef, (byte) 0x11, (byte) 0xc6, (byte) 0x35, (byte) 0xd3, - (byte) 0x79, (byte) 0x30, (byte) 0xde, (byte) 0xf2, (byte) 0x7f, (byte) 0x7a, - (byte) 0x3c, (byte) 0x03, (byte) 0xa3, (byte) 0xc5, (byte) 0xbc, (byte) 0xb1, - (byte) 0xbc, (byte) 0x2f, (byte) 0x10, (byte) 0xf4, (byte) 0x51, (byte) 0x89, - (byte) 0xe2, (byte) 0xaf, (byte) 0xf7, (byte) 0x61, (byte) 0x1a, (byte) 0xf0, - (byte) 0x87, (byte) 0x5e, (byte) 0xa5, (byte) 0x02, (byte) 0xd2, (byte) 0xe4, - (byte) 0xa3, (byte) 0x7b, (byte) 0x30, (byte) 0x79, (byte) 0x30, (byte) 0x09, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, - (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x2c, (byte) 0x06, - (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01, (byte) 0x86, - (byte) 0xf8, (byte) 0x42, (byte) 0x01, (byte) 0x0d, (byte) 0x04, (byte) 0x1f, - (byte) 0x16, (byte) 0x1d, (byte) 0x4f, (byte) 0x70, (byte) 0x65, (byte) 0x6e, - (byte) 0x53, (byte) 0x53, (byte) 0x4c, (byte) 0x20, (byte) 0x47, (byte) 0x65, - (byte) 0x6e, (byte) 0x65, (byte) 0x72, (byte) 0x61, (byte) 0x74, (byte) 0x65, - (byte) 0x64, (byte) 0x20, (byte) 0x43, (byte) 0x65, (byte) 0x72, (byte) 0x74, - (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, (byte) 0x74, - (byte) 0x65, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, - (byte) 0xd1, (byte) 0x6c, (byte) 0x36, (byte) 0x36, (byte) 0x61, (byte) 0x6c, - (byte) 0xf6, (byte) 0x90, (byte) 0x82, (byte) 0x82, (byte) 0x87, (byte) 0x93, - (byte) 0xbe, (byte) 0x99, (byte) 0x60, (byte) 0x1b, (byte) 0x03, (byte) 0x58, - (byte) 0x36, (byte) 0x63, (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, (byte) 0x30, - (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x47, (byte) 0x82, (byte) 0xa3, - (byte) 0xf1, (byte) 0xc2, (byte) 0x7e, (byte) 0x3a, (byte) 0xde, (byte) 0x4f, - (byte) 0x30, (byte) 0x4c, (byte) 0x7f, (byte) 0x72, (byte) 0x81, (byte) 0x15, - (byte) 0x32, (byte) 0xda, (byte) 0x7f, (byte) 0x58, (byte) 0x18, (byte) 0x30, - (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, - (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, - (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, - (byte) 0x81, (byte) 0xde, (byte) 0x20, (byte) 0xa1, (byte) 0xb2, (byte) 0x50, - (byte) 0x03, (byte) 0xcd, (byte) 0x90, (byte) 0x4f, (byte) 0x2b, (byte) 0x47, - (byte) 0x1d, (byte) 0xac, (byte) 0x6e, (byte) 0xb4, (byte) 0xc7, (byte) 0x14, - (byte) 0xc6, (byte) 0x4f, (byte) 0x45, (byte) 0xaf, (byte) 0x81, (byte) 0x5d, - (byte) 0x5a, (byte) 0x31, (byte) 0xff, (byte) 0x9c, (byte) 0x4d, (byte) 0xdc, - (byte) 0x9e, (byte) 0x36, (byte) 0x9f, (byte) 0x9b, (byte) 0xb1, (byte) 0xc9, - (byte) 0x50, (byte) 0xa3, (byte) 0xf6, (byte) 0x9c, (byte) 0x68, (byte) 0x6f, - (byte) 0x68, (byte) 0xd9, (byte) 0x56, (byte) 0x1b, (byte) 0xe5, (byte) 0x1b, - (byte) 0x41, (byte) 0xd4, (byte) 0xcc, (byte) 0xb6, (byte) 0x37, (byte) 0xd5, - (byte) 0x69, (byte) 0x6b, (byte) 0x39, (byte) 0xaf, (byte) 0xc6, (byte) 0xb8, - (byte) 0x39, (byte) 0x76, (byte) 0xe3, (byte) 0xf7, (byte) 0x97, (byte) 0x74, - (byte) 0x31, (byte) 0xc4, (byte) 0x2d, (byte) 0xb7, (byte) 0x9a, (byte) 0xa4, - (byte) 0xfa, (byte) 0x9f, (byte) 0xa8, (byte) 0xe3, (byte) 0x41, (byte) 0xda, - (byte) 0x2f, (byte) 0x0c, (byte) 0x9d, (byte) 0x83, (byte) 0xdc, (byte) 0x86, - (byte) 0x1f, (byte) 0x5c, (byte) 0x0f, (byte) 0x87, (byte) 0x05, (byte) 0xc9, - (byte) 0xb0, (byte) 0x63, (byte) 0xca, (byte) 0x9b, (byte) 0xdb, (byte) 0xe6, - (byte) 0x3c, (byte) 0xe9, (byte) 0x23, (byte) 0x9e, (byte) 0x23, (byte) 0x44, - (byte) 0x1d, (byte) 0x5b, (byte) 0x60, (byte) 0x66, (byte) 0xb6, (byte) 0x72, - (byte) 0x8c, (byte) 0x87, (byte) 0x86, (byte) 0xe8, (byte) 0xdb, (byte) 0x29, - (byte) 0x67, (byte) 0x9c, (byte) 0x33, (byte) 0x5c, (byte) 0x39, (byte) 0xf1, - (byte) 0xb5, (byte) 0x9b, (byte) 0xb8, (byte) 0xe1, (byte) 0x42, (byte) 0x51, - (byte) 0xed, (byte) 0x2c - }; - /** * The amount of time to allow before and after expected time for variance * in timing tests. @@ -1500,26 +1135,6 @@ public class AndroidKeyStoreTest extends AndroidTestCase { FAKE_RSA_CA_1); } - public void testKeyStore_GetEntry_DSA_NullParams_Unencrypted_Success() throws Exception { - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_DSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - FAKE_DSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_DSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - - Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Entry should exist", entry); - - assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); - - PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; - - assertPrivateKeyEntryEquals(keyEntry, "DSA", FAKE_DSA_KEY_1, FAKE_DSA_USER_1, FAKE_DSA_CA_1); - } - public void testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success() throws Exception { mKeyStore.load(null, null); @@ -1583,11 +1198,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { - if (expectedKey instanceof DSAPrivateKey) { - assertEquals("Returned PrivateKey should be what we inserted", - ((DSAPrivateKey) expectedKey).getParams(), - ((DSAPublicKey) keyEntry.getCertificate().getPublicKey()).getParams()); - } else if (expectedKey instanceof ECPrivateKey) { + if (expectedKey instanceof ECPrivateKey) { assertEquals("Returned PrivateKey should be what we inserted", ((ECPrivateKey) expectedKey).getParams().getCurve(), ((ECPublicKey) keyEntry.getCertificate().getPublicKey()).getParams().getCurve()); @@ -1871,33 +1482,6 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); } - public void testKeyStore_SetEntry_PrivateKeyEntry_DSA_Unencrypted_Success() throws Exception { - mKeyStore.load(null, null); - - KeyFactory keyFact = KeyFactory.getInstance("DSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_DSA_KEY_1)); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_DSA_USER_1)); - expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_DSA_CA_1)); - - PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expected, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "DSA", FAKE_DSA_KEY_1, FAKE_DSA_USER_1, FAKE_DSA_CA_1); - } - public void testKeyStore_SetEntry_PrivateKeyEntry_EC_Unencrypted_Success() throws Exception { mKeyStore.load(null, null); diff --git a/libs/androidfw/misc.cpp b/libs/androidfw/misc.cpp index 29686ef..a9b46d2 100644 --- a/libs/androidfw/misc.cpp +++ b/libs/androidfw/misc.cpp @@ -56,9 +56,11 @@ FileType getFileType(const char* fileName) return kFileTypeBlockDev; else if (S_ISFIFO(sb.st_mode)) return kFileTypeFifo; -#ifdef HAVE_SYMLINKS +#if defined(S_ISLNK) else if (S_ISLNK(sb.st_mode)) return kFileTypeSymlink; +#endif +#if defined(S_ISSOCK) else if (S_ISSOCK(sb.st_mode)) return kFileTypeSocket; #endif diff --git a/media/java/android/media/Image.java b/media/java/android/media/Image.java index 522e45d..0d6b91a 100644 --- a/media/java/android/media/Image.java +++ b/media/java/android/media/Image.java @@ -146,8 +146,10 @@ public abstract class Image implements AutoCloseable { * using coordinates in the largest-resolution plane. */ public void setCropRect(Rect cropRect) { - cropRect = new Rect(cropRect); // make a copy - cropRect.intersect(0, 0, getWidth(), getHeight()); + if (cropRect != null) { + cropRect = new Rect(cropRect); // make a copy + cropRect.intersect(0, 0, getWidth(), getHeight()); + } mCropRect = cropRect; } diff --git a/media/java/android/media/MediaCodec.java b/media/java/android/media/MediaCodec.java index 420510a..8985b52 100644 --- a/media/java/android/media/MediaCodec.java +++ b/media/java/android/media/MediaCodec.java @@ -1778,21 +1778,17 @@ final public class MediaCodec { mIsValid = true; mIsReadOnly = buffer.isReadOnly(); mBuffer = buffer.duplicate(); - if (cropRect != null) { - cropRect.offset(-xOffset, -yOffset); - } - super.setCropRect(cropRect); // save offsets and info mXOffset = xOffset; mYOffset = yOffset; mInfo = info; - // read media-info. the size of media info can be 80 or 156 depending on + // read media-info. the size of media info can be 80 or 156/160 depending on // whether it was created on a 32- or 64-bit process. See MediaImage - if (info.remaining() == 80 || info.remaining() == 156) { - boolean sizeIsLong = info.remaining() == 156; - int type = info.getInt(); + if (info.remaining() == 80 || info.remaining() == 156 || info.remaining() == 160) { + boolean sizeIsLong = info.remaining() != 80; + int type = readInt(info, info.remaining() == 160); if (type != TYPE_YUV) { throw new UnsupportedOperationException("unsupported type: " + type); } @@ -1833,6 +1829,12 @@ final public class MediaCodec { throw new UnsupportedOperationException( "unsupported info length: " + info.remaining()); } + + if (cropRect == null) { + cropRect = new Rect(0, 0, mWidth, mHeight); + } + cropRect.offset(-xOffset, -yOffset); + super.setCropRect(cropRect); } private class MediaPlane extends Plane { diff --git a/rs/java/android/renderscript/RenderScript.java b/rs/java/android/renderscript/RenderScript.java index 114042d..fb8ae5d 100644 --- a/rs/java/android/renderscript/RenderScript.java +++ b/rs/java/android/renderscript/RenderScript.java @@ -302,6 +302,46 @@ public class RenderScript { rsnContextResume(mContext); } + native long rsnClosureCreate(long con, long kernelID, long returnValue, + long[] fieldIDs, long[] values, int[] sizes, long[] depClosures, + long[] depFieldIDs); + synchronized long nClosureCreate(long kernelID, long returnValue, + long[] fieldIDs, long[] values, int[] sizes, long[] depClosures, + long[] depFieldIDs) { + validate(); + return rsnClosureCreate(mContext, kernelID, returnValue, fieldIDs, values, + sizes, depClosures, depFieldIDs); + } + + native void rsnClosureSetArg(long con, long closureID, int index, + long value, int size); + synchronized void nClosureSetArg(long closureID, int index, long value, + int size) { + validate(); + rsnClosureSetArg(mContext, closureID, index, value, size); + } + + native void rsnClosureSetGlobal(long con, long closureID, long fieldID, + long value, int size); + // Does this have to be synchronized? + synchronized void nClosureSetGlobal(long closureID, long fieldID, + long value, int size) { + validate(); // TODO: is this necessary? + rsnClosureSetGlobal(mContext, closureID, fieldID, value, size); + } + + native long rsnScriptGroup2Create(long con, long[] closures); + synchronized long nScriptGroup2Create(long[] closures) { + validate(); + return rsnScriptGroup2Create(mContext, closures); + } + + native void rsnScriptGroup2Execute(long con, long groupID); + synchronized void nScriptGroup2Execute(long groupID) { + validate(); + rsnScriptGroup2Execute(mContext, groupID); + } + native void rsnAssignName(long con, long obj, byte[] name); synchronized void nAssignName(long obj, byte[] name) { validate(); diff --git a/rs/java/android/renderscript/ScriptGroup2.java b/rs/java/android/renderscript/ScriptGroup2.java new file mode 100644 index 0000000..dcad787 --- /dev/null +++ b/rs/java/android/renderscript/ScriptGroup2.java @@ -0,0 +1,319 @@ +package android.renderscript; + +import android.util.Log; +import android.util.Pair; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + @hide Pending Android public API approval. + */ +/** + +****************************** +You have tried to change the API from what has been previously approved. + +To make these errors go away, you have two choices: + 1) You can add "@hide" javadoc comments to the methods, etc. listed in the + errors above. + + 2) You can update current.txt by executing the following command: + make update-api + +To submit the revised current.txt to the main Android repository, +you will need approval. +****************************** + + @hide Pending Android public API approval. + */ +public class ScriptGroup2 extends BaseObj { + + public static class Closure extends BaseObj { + private Allocation mReturnValue; + private Map<Script.FieldID, Object> mBindings; + + private Future mReturnFuture; + private Map<Script.FieldID, Future> mGlobalFuture; + + private static final String TAG = "Closure"; + + public Closure(long id, RenderScript rs) { + super(id, rs); + } + + public Closure(RenderScript rs, Script.KernelID kernelID, Type returnType, + Object[] args, Map<Script.FieldID, Object> globals) { + super(0, rs); + + mReturnValue = Allocation.createTyped(rs, returnType); + mBindings = new HashMap<Script.FieldID, Object>(); + mGlobalFuture = new HashMap<Script.FieldID, Future>(); + + int numValues = args.length + globals.size(); + + long[] fieldIDs = new long[numValues]; + long[] values = new long[numValues]; + int[] sizes = new int[numValues]; + long[] depClosures = new long[numValues]; + long[] depFieldIDs = new long[numValues]; + + int i; + for (i = 0; i < args.length; i++) { + Object obj = args[i]; + fieldIDs[i] = 0; + if (obj instanceof UnboundValue) { + UnboundValue unbound = (UnboundValue)obj; + unbound.addReference(this, i); + } else { + retrieveValueAndDependenceInfo(rs, i, args[i], values, sizes, + depClosures, depFieldIDs); + } + } + + for (Map.Entry<Script.FieldID, Object> entry : globals.entrySet()) { + Object obj = entry.getValue(); + Script.FieldID fieldID = entry.getKey(); + fieldIDs[i] = fieldID.getID(rs); + if (obj instanceof UnboundValue) { + UnboundValue unbound = (UnboundValue)obj; + unbound.addReference(this, fieldID); + } else { + retrieveValueAndDependenceInfo(rs, i, obj, values, + sizes, depClosures, depFieldIDs); + } + i++; + } + + long id = rs.nClosureCreate(kernelID.getID(rs), mReturnValue.getID(rs), + fieldIDs, values, sizes, depClosures, depFieldIDs); + + setID(id); + } + + private static void retrieveValueAndDependenceInfo(RenderScript rs, + int index, Object obj, long[] values, int[] sizes, long[] depClosures, + long[] depFieldIDs) { + + if (obj instanceof Future) { + Future f = (Future)obj; + obj = f.getValue(); + depClosures[index] = f.getClosure().getID(rs); + Script.FieldID fieldID = f.getFieldID(); + depFieldIDs[index] = fieldID != null ? fieldID.getID(rs) : 0; + } else { + depClosures[index] = 0; + depFieldIDs[index] = 0; + } + + ValueAndSize vs = new ValueAndSize(rs, obj); + values[index] = vs.value; + sizes[index] = vs.size; + } + + public Future getReturn() { + if (mReturnFuture == null) { + mReturnFuture = new Future(this, null, mReturnValue); + } + + return mReturnFuture; + } + + public Future getGlobal(Script.FieldID field) { + Future f = mGlobalFuture.get(field); + + if (f == null) { + f = new Future(this, field, mBindings.get(field)); + mGlobalFuture.put(field, f); + } + + return f; + } + + void setArg(int index, Object obj) { + ValueAndSize vs = new ValueAndSize(mRS, obj); + mRS.nClosureSetArg(getID(mRS), index, vs.value, vs.size); + } + + void setGlobal(Script.FieldID fieldID, Object obj) { + ValueAndSize vs = new ValueAndSize(mRS, obj); + mRS.nClosureSetGlobal(getID(mRS), fieldID.getID(mRS), vs.value, vs.size); + } + + private static final class ValueAndSize { + public ValueAndSize(RenderScript rs, Object obj) { + if (obj instanceof Allocation) { + value = ((Allocation)obj).getID(rs); + size = -1; + } else if (obj instanceof Boolean) { + value = ((Boolean)obj).booleanValue() ? 1 : 0; + size = 4; + } else if (obj instanceof Integer) { + value = ((Integer)obj).longValue(); + size = 4; + } else if (obj instanceof Long) { + value = ((Long)obj).longValue(); + size = 8; + } else if (obj instanceof Float) { + value = ((Float)obj).longValue(); + size = 4; + } else if (obj instanceof Double) { + value = ((Double)obj).longValue(); + size = 8; + } + } + + public long value; + public int size; + } + } + + public static class Future { + Closure mClosure; + Script.FieldID mFieldID; + Object mValue; + + Future(Closure closure, Script.FieldID fieldID, Object value) { + mClosure = closure; + mFieldID = fieldID; + mValue = value; + } + + Closure getClosure() { return mClosure; } + Script.FieldID getFieldID() { return mFieldID; } + Object getValue() { return mValue; } + } + + public static class UnboundValue { + // Either mFieldID or mArgIndex should be set but not both. + List<Pair<Closure, Script.FieldID>> mFieldID; + // -1 means unset. Legal values are 0 .. n-1, where n is the number of + // arguments for the referencing closure. + List<Pair<Closure, Integer>> mArgIndex; + + UnboundValue() { + mFieldID = new ArrayList<Pair<Closure, Script.FieldID>>(); + mArgIndex = new ArrayList<Pair<Closure, Integer>>(); + } + + void addReference(Closure closure, int index) { + mArgIndex.add(Pair.create(closure, Integer.valueOf(index))); + } + + void addReference(Closure closure, Script.FieldID fieldID) { + mFieldID.add(Pair.create(closure, fieldID)); + } + + void set(Object value) { + for (Pair<Closure, Integer> p : mArgIndex) { + Closure closure = p.first; + int index = p.second.intValue(); + closure.setArg(index, value); + } + for (Pair<Closure, Script.FieldID> p : mFieldID) { + Closure closure = p.first; + Script.FieldID fieldID = p.second; + closure.setGlobal(fieldID, value); + } + } + } + + List<Closure> mClosures; + List<UnboundValue> mInputs; + Future[] mOutputs; + + private static final String TAG = "ScriptGroup2"; + + public ScriptGroup2(long id, RenderScript rs) { + super(id, rs); + } + + ScriptGroup2(RenderScript rs, List<Closure> closures, + List<UnboundValue> inputs, Future[] outputs) { + super(0, rs); + mClosures = closures; + mInputs = inputs; + mOutputs = outputs; + + long[] closureIDs = new long[closures.size()]; + for (int i = 0; i < closureIDs.length; i++) { + closureIDs[i] = closures.get(i).getID(rs); + } + long id = rs.nScriptGroup2Create(closureIDs); + setID(id); + } + + // TODO: If this was reflected method, we could enforce the number of + // arguments. + public Object[] execute(Object... inputs) { + if (inputs.length < mInputs.size()) { + Log.e(TAG, this.toString() + " receives " + inputs.length + " inputs, " + + "less than expected " + mInputs.size()); + return null; + } + + if (inputs.length > mInputs.size()) { + Log.i(TAG, this.toString() + " receives " + inputs.length + " inputs, " + + "more than expected " + mInputs.size()); + } + + for (int i = 0; i < mInputs.size(); i++) { + Object obj = inputs[i]; + if (obj instanceof Future || obj instanceof UnboundValue) { + Log.e(TAG, this.toString() + ": input " + i + + " is a future or unbound value"); + return null; + } + UnboundValue unbound = mInputs.get(i); + unbound.set(obj); + } + + mRS.nScriptGroup2Execute(getID(mRS)); + + Object[] outputObjs = new Object[mOutputs.length]; + int i = 0; + for (Future f : mOutputs) { + outputObjs[i++] = f.getValue(); + } + return outputObjs; + } + + /** + @hide Pending Android public API approval. + */ + public static final class Builder { + RenderScript mRS; + List<Closure> mClosures; + List<UnboundValue> mInputs; + + private static final String TAG = "ScriptGroup2.Builder"; + + public Builder(RenderScript rs) { + mRS = rs; + mClosures = new ArrayList<Closure>(); + mInputs = new ArrayList<UnboundValue>(); + } + + public Closure addKernel(Script.KernelID k, Type returnType, Object[] args, + Map<Script.FieldID, Object> globalBindings) { + Closure c = new Closure(mRS, k, returnType, args, globalBindings); + mClosures.add(c); + return c; + } + + public UnboundValue addInput() { + UnboundValue unbound = new UnboundValue(); + mInputs.add(unbound); + return unbound; + } + + public ScriptGroup2 create(Future... outputs) { + // TODO: Save all script groups that have been created and return one that was + // saved and matches the outputs. + ScriptGroup2 ret = new ScriptGroup2(mRS, mClosures, mInputs, outputs); + return ret; + } + + } +} diff --git a/rs/jni/android_renderscript_RenderScript.cpp b/rs/jni/android_renderscript_RenderScript.cpp index 68a0b83..dced99a 100644 --- a/rs/jni/android_renderscript_RenderScript.cpp +++ b/rs/jni/android_renderscript_RenderScript.cpp @@ -193,6 +193,88 @@ nContextFinish(JNIEnv *_env, jobject _this, jlong con) rsContextFinish((RsContext)con); } +static jlong +nClosureCreate(JNIEnv *_env, jobject _this, jlong con, jlong kernelID, + jlong returnValue, jlongArray fieldIDArray, + jlongArray valueArray, jintArray sizeArray, + jlongArray depClosureArray, jlongArray depFieldIDArray) { + jlong* jFieldIDs = _env->GetLongArrayElements(fieldIDArray, nullptr); + jsize fieldIDs_length = _env->GetArrayLength(fieldIDArray); + RsScriptFieldID* fieldIDs = + (RsScriptFieldID*)alloca(sizeof(RsScriptFieldID) * fieldIDs_length); + for (int i = 0; i< fieldIDs_length; i++) { + fieldIDs[i] = (RsScriptFieldID)jFieldIDs[i]; + } + + jlong* jValues = _env->GetLongArrayElements(valueArray, nullptr); + jsize values_length = _env->GetArrayLength(valueArray); + uintptr_t* values = (uintptr_t*)alloca(sizeof(uintptr_t) * values_length); + for (int i = 0; i < values_length; i++) { + values[i] = (uintptr_t)jValues[i]; + } + + jint* sizes = _env->GetIntArrayElements(sizeArray, nullptr); + jsize sizes_length = _env->GetArrayLength(sizeArray); + + jlong* jDepClosures = + _env->GetLongArrayElements(depClosureArray, nullptr); + jsize depClosures_length = _env->GetArrayLength(depClosureArray); + RsClosure* depClosures = + (RsClosure*)alloca(sizeof(RsClosure) * depClosures_length); + for (int i = 0; i < depClosures_length; i++) { + depClosures[i] = (RsClosure)jDepClosures[i]; + } + + jlong* jDepFieldIDs = + _env->GetLongArrayElements(depFieldIDArray, nullptr); + jsize depFieldIDs_length = _env->GetArrayLength(depFieldIDArray); + RsScriptFieldID* depFieldIDs = + (RsScriptFieldID*)alloca(sizeof(RsScriptFieldID) * depFieldIDs_length); + for (int i = 0; i < depClosures_length; i++) { + depFieldIDs[i] = (RsClosure)jDepFieldIDs[i]; + } + + return (jlong)(uintptr_t)rsClosureCreate( + (RsContext)con, (RsScriptKernelID)kernelID, (RsAllocation)returnValue, + fieldIDs, (size_t)fieldIDs_length, values, (size_t)values_length, + (size_t*)sizes, (size_t)sizes_length, + depClosures, (size_t)depClosures_length, + depFieldIDs, (size_t)depFieldIDs_length); +} + +static void +nClosureSetArg(JNIEnv *_env, jobject _this, jlong con, jlong closureID, + jint index, jlong value, jint size) { + rsClosureSetArg((RsContext)con, (RsClosure)closureID, (uint32_t)index, + (uintptr_t)value, (size_t)size); +} + +static void +nClosureSetGlobal(JNIEnv *_env, jobject _this, jlong con, jlong closureID, + jlong fieldID, jlong value, jint size) { + rsClosureSetGlobal((RsContext)con, (RsClosure)closureID, + (RsScriptFieldID)fieldID, (uintptr_t)value, (size_t)size); +} + +static long +nScriptGroup2Create(JNIEnv *_env, jobject _this, jlong con, + jlongArray closureArray) { + jlong* jClosures = _env->GetLongArrayElements(closureArray, nullptr); + jsize numClosures = _env->GetArrayLength(closureArray); + RsClosure* closures = (RsClosure*)alloca(sizeof(RsClosure) * numClosures); + for (int i = 0; i < numClosures; i++) { + closures[i] = (RsClosure)jClosures[i]; + } + + return (jlong)(uintptr_t)rsScriptGroup2Create((RsContext)con, closures, + numClosures); +} + +static void +nScriptGroup2Execute(JNIEnv *_env, jobject _this, jlong con, jlong groupID) { + rsScriptGroupExecute((RsContext)con, (RsScriptGroup2)groupID); +} + static void nAssignName(JNIEnv *_env, jobject _this, jlong con, jlong obj, jbyteArray str) { @@ -1841,6 +1923,9 @@ static JNINativeMethod methods[] = { {"rsnContextPause", "(J)V", (void*)nContextPause }, {"rsnContextResume", "(J)V", (void*)nContextResume }, {"rsnContextSendMessage", "(JI[I)V", (void*)nContextSendMessage }, +{"rsnClosureCreate", "(JJJ[J[J[I[J[J)J", (void*)nClosureCreate }, +{"rsnClosureSetArg", "(JJIJI)V", (void*)nClosureSetArg }, +{"rsnClosureSetGlobal", "(JJJJI)V", (void*)nClosureSetGlobal }, {"rsnAssignName", "(JJ[B)V", (void*)nAssignName }, {"rsnGetName", "(JJ)Ljava/lang/String;", (void*)nGetName }, {"rsnObjDestroy", "(JJ)V", (void*)nObjDestroy }, @@ -1915,9 +2000,11 @@ static JNINativeMethod methods[] = { {"rsnScriptKernelIDCreate", "(JJII)J", (void*)nScriptKernelIDCreate }, {"rsnScriptFieldIDCreate", "(JJI)J", (void*)nScriptFieldIDCreate }, {"rsnScriptGroupCreate", "(J[J[J[J[J[J)J", (void*)nScriptGroupCreate }, +{"rsnScriptGroup2Create", "(J[J)J", (void*)nScriptGroup2Create }, {"rsnScriptGroupSetInput", "(JJJJ)V", (void*)nScriptGroupSetInput }, {"rsnScriptGroupSetOutput", "(JJJJ)V", (void*)nScriptGroupSetOutput }, {"rsnScriptGroupExecute", "(JJ)V", (void*)nScriptGroupExecute }, +{"rsnScriptGroup2Execute", "(JJ)V", (void*)nScriptGroup2Execute }, {"rsnProgramStoreCreate", "(JZZZZZZIII)J", (void*)nProgramStoreCreate }, diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java index 020c951..967ee31 100644 --- a/services/core/java/com/android/server/NetworkManagementService.java +++ b/services/core/java/com/android/server/NetworkManagementService.java @@ -24,9 +24,6 @@ import static android.net.NetworkStats.TAG_ALL; import static android.net.NetworkStats.TAG_NONE; import static android.net.NetworkStats.UID_ALL; import static android.net.TrafficStats.UID_TETHERING; -import static android.net.RouteInfo.RTN_THROW; -import static android.net.RouteInfo.RTN_UNICAST; -import static android.net.RouteInfo.RTN_UNREACHABLE; import static com.android.server.NetworkManagementService.NetdResponseCode.ClatdStatusResult; import static com.android.server.NetworkManagementService.NetdResponseCode.InterfaceGetCfgResult; import static com.android.server.NetworkManagementService.NetdResponseCode.InterfaceListResult; @@ -38,6 +35,7 @@ import static com.android.server.NetworkManagementService.NetdResponseCode.Tethe import static com.android.server.NetworkManagementService.NetdResponseCode.TtyListResult; import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED; +import android.app.ActivityManagerNative; import android.content.Context; import android.net.ConnectivityManager; import android.net.INetworkManagementEventObserver; @@ -61,6 +59,7 @@ import android.os.Process; import android.os.RemoteCallbackList; import android.os.RemoteException; import android.os.ServiceManager; +import android.os.StrictMode; import android.os.SystemClock; import android.os.SystemProperties; import android.telephony.DataConnectionRealTimeInfo; @@ -70,9 +69,12 @@ import android.telephony.TelephonyManager; import android.util.Log; import android.util.Slog; import android.util.SparseBooleanArray; +import android.util.SparseIntArray; +import com.android.internal.annotations.GuardedBy; import com.android.internal.app.IBatteryStats; import com.android.internal.net.NetworkStatsFactory; +import com.android.internal.util.HexDump; import com.android.internal.util.Preconditions; import com.android.server.NativeDaemonConnector.Command; import com.android.server.NativeDaemonConnector.SensitiveArg; @@ -87,8 +89,6 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.io.PrintWriter; -import java.net.Inet4Address; -import java.net.Inet6Address; import java.net.InetAddress; import java.net.InterfaceAddress; import java.net.NetworkInterface; @@ -145,6 +145,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub public static final int InterfaceAddressChange = 614; public static final int InterfaceDnsServerInfo = 615; public static final int RouteChange = 616; + public static final int StrictCleartext = 617; } static final int DAEMON_MSG_MOBILE_CONN_REAL_TIME_INFO = 1; @@ -174,12 +175,19 @@ public class NetworkManagementService extends INetworkManagementService.Stub private final NetworkStatsFactory mStatsFactory = new NetworkStatsFactory(); private Object mQuotaLock = new Object(); + /** Set of interfaces with active quotas. */ + @GuardedBy("mQuotaLock") private HashMap<String, Long> mActiveQuotas = Maps.newHashMap(); /** Set of interfaces with active alerts. */ + @GuardedBy("mQuotaLock") private HashMap<String, Long> mActiveAlerts = Maps.newHashMap(); /** Set of UIDs with active reject rules. */ + @GuardedBy("mQuotaLock") private SparseBooleanArray mUidRejectOnQuota = new SparseBooleanArray(); + /** Set of UIDs with cleartext penalties. */ + @GuardedBy("mQuotaLock") + private SparseIntArray mUidCleartextPolicy = new SparseIntArray(); private Object mIdleTimerLock = new Object(); /** Set of interfaces with active idle timers. */ @@ -198,6 +206,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub private volatile boolean mBandwidthControlEnabled; private volatile boolean mFirewallEnabled; + private volatile boolean mStrictEnabled; private boolean mMobileActivityFromRadio = false; private int mLastPowerStateFromRadio = DataConnectionRealTimeInfo.DC_POWER_STATE_LOW; @@ -495,11 +504,18 @@ public class NetworkManagementService extends INetworkManagementService.Stub } } + try { + mConnector.execute("strict", "enable"); + mStrictEnabled = true; + } catch (NativeDaemonConnectorException e) { + Log.wtf(TAG, "Failed strict enable", e); + } + // push any existing quota or UID rules synchronized (mQuotaLock) { int size = mActiveQuotas.size(); if (size > 0) { - Slog.d(TAG, "pushing " + size + " active quota rules"); + Slog.d(TAG, "Pushing " + size + " active quota rules"); final HashMap<String, Long> activeQuotas = mActiveQuotas; mActiveQuotas = Maps.newHashMap(); for (Map.Entry<String, Long> entry : activeQuotas.entrySet()) { @@ -509,7 +525,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub size = mActiveAlerts.size(); if (size > 0) { - Slog.d(TAG, "pushing " + size + " active alert rules"); + Slog.d(TAG, "Pushing " + size + " active alert rules"); final HashMap<String, Long> activeAlerts = mActiveAlerts; mActiveAlerts = Maps.newHashMap(); for (Map.Entry<String, Long> entry : activeAlerts.entrySet()) { @@ -519,13 +535,23 @@ public class NetworkManagementService extends INetworkManagementService.Stub size = mUidRejectOnQuota.size(); if (size > 0) { - Slog.d(TAG, "pushing " + size + " active uid rules"); + Slog.d(TAG, "Pushing " + size + " active UID rules"); final SparseBooleanArray uidRejectOnQuota = mUidRejectOnQuota; mUidRejectOnQuota = new SparseBooleanArray(); for (int i = 0; i < uidRejectOnQuota.size(); i++) { setUidNetworkRules(uidRejectOnQuota.keyAt(i), uidRejectOnQuota.valueAt(i)); } } + + size = mUidCleartextPolicy.size(); + if (size > 0) { + Slog.d(TAG, "Pushing " + size + " active UID cleartext policies"); + final SparseIntArray local = mUidCleartextPolicy; + mUidCleartextPolicy = new SparseIntArray(); + for (int i = 0; i < local.size(); i++) { + setUidCleartextNetworkPolicy(local.keyAt(i), local.valueAt(i)); + } + } } // TODO: Push any existing firewall state @@ -792,6 +818,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub } throw new IllegalStateException(errorMessage); // break; + case NetdResponseCode.StrictCleartext: + final int uid = Integer.parseInt(cooked[1]); + final byte[] firstPacket = HexDump.hexStringToByteArray(cooked[2]); + try { + ActivityManagerNative.getDefault().notifyCleartextNetwork(uid, firstPacket); + } catch (RemoteException ignored) { + } + break; default: break; } return false; @@ -1641,6 +1675,49 @@ public class NetworkManagementService extends INetworkManagementService.Stub } @Override + public void setUidCleartextNetworkPolicy(int uid, int policy) { + if (Binder.getCallingUid() != uid) { + mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); + } + + synchronized (mQuotaLock) { + final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT); + if (oldPolicy == policy) { + return; + } + + if (!mStrictEnabled) { + // Module isn't enabled yet; stash the requested policy away to + // apply later once the daemon is connected. + mUidCleartextPolicy.put(uid, policy); + return; + } + + final String policyString; + switch (policy) { + case StrictMode.NETWORK_POLICY_ACCEPT: + policyString = "accept"; + break; + case StrictMode.NETWORK_POLICY_LOG: + policyString = "log"; + break; + case StrictMode.NETWORK_POLICY_REJECT: + policyString = "reject"; + break; + default: + throw new IllegalArgumentException("Unknown policy " + policy); + } + + try { + mConnector.execute("strict", "set_uid_cleartext_policy", uid, policyString); + mUidCleartextPolicy.put(uid, policy); + } catch (NativeDaemonConnectorException e) { + throw e.rethrowAsParcelableException(); + } + } + } + + @Override public boolean isBandwidthControlEnabled() { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); return mBandwidthControlEnabled; diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java index f02a815..0540326 100755 --- a/services/core/java/com/android/server/am/ActiveServices.java +++ b/services/core/java/com/android/server/am/ActiveServices.java @@ -1322,6 +1322,7 @@ public final class ActiveServices { // We are now bringing the service up, so no longer in the // restarting state. if (mRestartingServices.remove(r)) { + r.resetRestartCounter(); clearRestartingIfNeededLocked(r); } diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index e3f7fb3..668d62b 100755..100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -399,16 +399,6 @@ public final class ActivityManagerService extends ActivityManagerNative return (isFg) ? mFgBroadcastQueue : mBgBroadcastQueue; } - BroadcastRecord broadcastRecordForReceiverLocked(IBinder receiver) { - for (BroadcastQueue queue : mBroadcastQueues) { - BroadcastRecord r = queue.getMatchingOrderedReceiver(receiver); - if (r != null) { - return r; - } - } - return null; - } - /** * Activity we have told the window manager to have key focus. */ @@ -1207,6 +1197,7 @@ public final class ActivityManagerService extends ActivityManagerNative static final int FINISH_BOOTING_MSG = 45; static final int START_USER_SWITCH_MSG = 46; static final int SEND_LOCALE_TO_MOUNT_DAEMON_MSG = 47; + static final int NOTIFY_CLEARTEXT_NETWORK_MSG = 50; static final int FIRST_ACTIVITY_STACK_MSG = 100; static final int FIRST_BROADCAST_QUEUE_MSG = 200; @@ -1912,6 +1903,23 @@ public final class ActivityManagerService extends ActivityManagerNative } break; } + case NOTIFY_CLEARTEXT_NETWORK_MSG: { + final int uid = msg.arg1; + final byte[] firstPacket = (byte[]) msg.obj; + + synchronized (mPidsSelfLocked) { + for (int i = 0; i < mPidsSelfLocked.size(); i++) { + final ProcessRecord p = mPidsSelfLocked.valueAt(i); + if (p.uid == uid) { + try { + p.thread.notifyCleartextNetwork(firstPacket); + } catch (RemoteException ignored) { + } + } + } + } + break; + } } } }; @@ -2313,7 +2321,7 @@ public final class ActivityManagerService extends ActivityManagerNative ConfigurationInfo.GL_ES_VERSION_UNDEFINED); mConfiguration.setToDefaults(); - mConfiguration.setLocale(Locale.getDefault()); + mConfiguration.locale = Locale.getDefault(); mConfigurationSeq = mConfiguration.seq = 1; mProcessCpuTracker.init(); @@ -6018,6 +6026,7 @@ public final class ActivityManagerService extends ActivityManagerNative // Take care of any services that are waiting for the process. mServices.processStartTimedOutLocked(app); app.kill("start timeout", true); + removeLruProcessLocked(app); if (mBackupTarget != null && mBackupTarget.app.pid == pid) { Slog.w(TAG, "Unattached app died before backup, skipping"); try { @@ -10115,6 +10124,11 @@ public final class ActivityManagerService extends ActivityManagerNative } @Override + public void notifyCleartextNetwork(int uid, byte[] firstPacket) { + mHandler.obtainMessage(NOTIFY_CLEARTEXT_NETWORK_MSG, uid, 0, firstPacket).sendToTarget(); + } + + @Override public boolean shutdown(int timeout) { if (checkCallingPermission(android.Manifest.permission.SHUTDOWN) != PackageManager.PERMISSION_GRANTED) { @@ -11736,8 +11750,12 @@ public final class ActivityManagerService extends ActivityManagerNative sb.append("\n"); if (info.crashInfo != null && info.crashInfo.stackTrace != null) { sb.append(info.crashInfo.stackTrace); + sb.append("\n"); + } + if (info.message != null) { + sb.append(info.message); + sb.append("\n"); } - sb.append("\n"); // Only buffer up to ~64k. Various logging bits truncate // things at 128k. @@ -15313,11 +15331,11 @@ public final class ActivityManagerService extends ActivityManagerNative synchronized(this) { ReceiverList rl = mRegisteredReceivers.get(receiver.asBinder()); if (rl != null) { - if (rl.curBroadcast != null) { - BroadcastRecord r = rl.curBroadcast; - final boolean doNext = finishReceiverLocked( - receiver.asBinder(), r.resultCode, r.resultData, - r.resultExtras, r.resultAbort); + final BroadcastRecord r = rl.curBroadcast; + if (r != null && r == r.queue.getMatchingOrderedReceiver(r)) { + final boolean doNext = r.queue.finishReceiverLocked( + r, r.resultCode, r.resultData, r.resultExtras, + r.resultAbort, false); if (doNext) { doTrim = true; r.queue.processNextBroadcast(false); @@ -15990,17 +16008,6 @@ public final class ActivityManagerService extends ActivityManagerNative } } - private final boolean finishReceiverLocked(IBinder receiver, int resultCode, - String resultData, Bundle resultExtras, boolean resultAbort) { - final BroadcastRecord r = broadcastRecordForReceiverLocked(receiver); - if (r == null) { - Slog.w(TAG, "finishReceiver called but not found on queue"); - return false; - } - - return r.queue.finishReceiverLocked(r, resultCode, resultData, resultExtras, resultAbort, false); - } - void backgroundServicesFinishedLocked(int userId) { for (BroadcastQueue queue : mBroadcastQueues) { queue.backgroundServicesFinishedLocked(userId); @@ -16008,7 +16015,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public void finishReceiver(IBinder who, int resultCode, String resultData, - Bundle resultExtras, boolean resultAbort) { + Bundle resultExtras, boolean resultAbort, int flags) { if (DEBUG_BROADCAST) Slog.v(TAG, "Finish receiver: " + who); // Refuse possible leaked file descriptors @@ -16022,7 +16029,9 @@ public final class ActivityManagerService extends ActivityManagerNative BroadcastRecord r; synchronized(this) { - r = broadcastRecordForReceiverLocked(who); + BroadcastQueue queue = (flags & Intent.FLAG_RECEIVER_FOREGROUND) != 0 + ? mFgBroadcastQueue : mBgBroadcastQueue; + r = queue.getMatchingOrderedReceiver(who); if (r != null) { doNext = r.queue.finishReceiverLocked(r, resultCode, resultData, resultExtras, resultAbort, true); @@ -16215,6 +16224,7 @@ public final class ActivityManagerService extends ActivityManagerNative Configuration ci; synchronized(this) { ci = new Configuration(mConfiguration); + ci.userSetLocale = false; } return ci; } diff --git a/services/core/jni/com_android_server_AlarmManagerService.cpp b/services/core/jni/com_android_server_AlarmManagerService.cpp index 3d981ab..3fd0f84 100644 --- a/services/core/jni/com_android_server_AlarmManagerService.cpp +++ b/services/core/jni/com_android_server_AlarmManagerService.cpp @@ -21,7 +21,9 @@ #include "jni.h" #include <utils/Log.h> #include <utils/misc.h> +#include <utils/String8.h> +#include <dirent.h> #include <fcntl.h> #include <stdio.h> #include <string.h> @@ -80,8 +82,8 @@ public: class AlarmImplTimerFd : public AlarmImpl { public: - AlarmImplTimerFd(int fds[N_ANDROID_TIMERFDS], int epollfd) : - AlarmImpl(fds, N_ANDROID_TIMERFDS), epollfd(epollfd) { } + AlarmImplTimerFd(int fds[N_ANDROID_TIMERFDS], int epollfd, int rtc_id) : + AlarmImpl(fds, N_ANDROID_TIMERFDS), epollfd(epollfd), rtc_id(rtc_id) { } ~AlarmImplTimerFd(); int set(int type, struct timespec *ts); @@ -90,6 +92,7 @@ public: private: int epollfd; + int rtc_id; }; AlarmImpl::AlarmImpl(int *fds_, size_t n_fds) : fds(new int[n_fds]), @@ -170,9 +173,16 @@ int AlarmImplTimerFd::setTime(struct timeval *tv) return -1; } - fd = open("/dev/rtc0", O_RDWR); + if (rtc_id < 0) { + ALOGV("Not setting RTC because wall clock RTC was not found"); + errno = ENODEV; + return -1; + } + + android::String8 rtc_dev = String8::format("/dev/rtc%d", rtc_id); + fd = open(rtc_dev.string(), O_RDWR); if (fd < 0) { - ALOGV("Unable to open RTC driver: %s\n", strerror(errno)); + ALOGV("Unable to open %s: %s\n", rtc_dev.string(), strerror(errno)); return res; } @@ -283,6 +293,66 @@ static jlong init_alarm_driver() return reinterpret_cast<jlong>(ret); } +static const char rtc_sysfs[] = "/sys/class/rtc"; + +static bool rtc_is_hctosys(unsigned int rtc_id) +{ + android::String8 hctosys_path = String8::format("%s/rtc%u/hctosys", + rtc_sysfs, rtc_id); + + FILE *file = fopen(hctosys_path.string(), "re"); + if (!file) { + ALOGE("failed to open %s: %s", hctosys_path.string(), strerror(errno)); + return false; + } + + unsigned int hctosys; + bool ret = false; + int err = fscanf(file, "%u", &hctosys); + if (err == EOF) + ALOGE("failed to read from %s: %s", hctosys_path.string(), + strerror(errno)); + else if (err == 0) + ALOGE("%s did not have expected contents", hctosys_path.string()); + else + ret = hctosys; + + fclose(file); + return ret; +} + +static int wall_clock_rtc() +{ + DIR *dir = opendir(rtc_sysfs); + if (!dir) { + ALOGE("failed to open %s: %s", rtc_sysfs, strerror(errno)); + return -1; + } + + struct dirent *dirent; + while (errno = 0, dirent = readdir(dir)) { + unsigned int rtc_id; + int matched = sscanf(dirent->d_name, "rtc%u", &rtc_id); + + if (matched < 0) + break; + else if (matched != 1) + continue; + + if (rtc_is_hctosys(rtc_id)) { + ALOGV("found wall clock RTC %u", rtc_id); + return rtc_id; + } + } + + if (errno == 0) + ALOGW("no wall clock RTC found"); + else + ALOGE("failed to enumerate RTCs: %s", strerror(errno)); + + return -1; +} + static jlong init_timerfd() { int epollfd; @@ -308,7 +378,7 @@ static jlong init_timerfd() } } - AlarmImpl *ret = new AlarmImplTimerFd(fds, epollfd); + AlarmImpl *ret = new AlarmImplTimerFd(fds, epollfd, wall_clock_rtc()); for (size_t i = 0; i < N_ANDROID_TIMERFDS; i++) { epoll_event event; |