LG Electronics Inc. LG Android 6 devices (G5, V10, G4)

Transcription

LG Electronics Inc.
LG Android 6 devices (G5, V10, G4)
Guidance Documentation
Version 0.5
2016/04/06
LG Electronics Inc.
20 Yoido-dong, Youngdungpogu, Seoul 152-721, Korea
1.
DOCUMENT INTRODUCTION .......................................................................................................................4
1.1
1.2
EVALUATED DEVICES .....................................................................................................................................4
ACRONYMS.....................................................................................................................................................4
2.
EVALUATED CAPABILITIES .........................................................................................................................7
3.
SECURITY CONFIGURATION .......................................................................................................................9
3.1
3.2
COMMON CRITERIA MODE ............................................................................................................................. 9
COMMON CRITERIA RELATED SETTINGS ........................................................................................................9
4.
SECURE UPDATE PROCESS ........................................................................................................................ 26
5.
CRYPTOGRAPHIC APIS ............................................................................................................................... 27
5.1
5.2
5.3
5.4
5.5
5.6
5.7
FCS_CKM.2(1) - RSA ................................................................................................................................. 27
FCS_CKM.2(1) – ECDH ............................................................................................................................. 27
FCS_COP.1(1) - AES CBC.......................................................................................................................... 28
FCS_COP.1(2) - SHA .................................................................................................................................. 28
FCS_COP.1(3) – RSA(SIGNATURE ALGORITHMS) ...................................................................................... 29
FCS_COP.1(3) – ECDSA(SIGNATURE ALGORITHMS) ................................................................................. 30
FCS_COP.1(4) - HMAC .............................................................................................................................. 31
6.
VPN CONFIGURATION ................................................................................................................................. 32
7.
WI-FI CONFIGURATION ............................................................................................................................... 33
8.
BLUETOOTH CONFIGURATION ................................................................................................................ 34
9.
AUDIT LOGGING ............................................................................................................................................ 35
10.
10.1
10.2
DATA SEPARATION ................................................................................................................................... 51
WORK PROFILE INSTALLATION AND DATA SEPARATION .............................................................................. 51
HOW TO WIPE ENTERPRISE DATA (WORK PROFILE) ...................................................................................... 51
APPENDIX A GENERATING SECURE RANDOM DATA .............................................................................. 52
A.1 ANDROID API FOR GENERATING SECURE RANDOM DATA ................................................................................ 52
APPENDIX B SECURE KEY STORAGE ............................................................................................................ 53
B.1 KEY USAGE........................................................................................................................................................ 53
B.2 SYMMETRIC KEY GENERATION.......................................................................................................................... 53
B.3 SYMMETRIC KEY ENCRYPTION/DECRYPTION ...................................................................................................... 53
B.4 ASYMMETRIC KEY GENERATION ....................................................................................................................... 54
B.5 ASYMMETRIC KEY SIGN AND VERIFY ................................................................................................................ 54
B.6 KEY DESTRUCTION ............................................................................................................................................ 55
APPENDIX C CONFIGURATION OF FIPS VALIDATED CRYPTOGRAPHIC ENGINES ....................... 56
C.1 SETTING THE FIPS MODE .................................................................................................................................. 56
C.2 SDK FOR FIPSMODE APIS ................................................................................................................................ 56
APPENDIX D GUIDANCE FOR USING HTTPS/TLS APIS ........................................................................... 57
D.1 ANDROID APIS FOR TLS CONNECTION .............................................................................................................. 57
D.2 HOW TO SET CIPHER SUITES USING ANDROID API ............................................................................................. 57
D.3 HOW TO SET CLIENT CERTIFICATE...................................................................................................................... 58
APPENDIX E GUIDANCE FOR BLUETOOTH APIS ...................................................................................... 59
E.1 ANDROID APIS FOR BLUETOOTH ....................................................................................................................... 59
E.2 HOW TO ESTABLISH A SECURE CHANNEL FOR BLUETOOTH USING ANDROID API ............................................... 59
E.3 HOW TO INTERACT WITH THE BLE DEVICE VIA THE ANDROID BLE API ........................................................... 60
E.4 HOW TO ESTABLISH A PROFILE CONNECTION FOR BLUETOOTH USING ANDROID API ........................................ 61
Page 2 of 64
APPENDIX F GUIDANCE FOR ACCESS CONTROL TO SYSTEM SERVICES ........................................ 63
F.1 ACCESS CONTROL TO SYSTEM SERVICES ............................................................................................................. 63
Page 3 of 64
1. Document Introduction
This guide includes procedures for configuring Common Criteria on LG Android 6 devices (G5, V10, G4).
1.1 Evaluated Devices
The evaluated device is the LG Android 6 devices (G5, V10, G4). The following carrier models are supported:











LG G5 H820 (AT&T)
LG G5 VS987 (Verizon)
LG G5 LS992 (Sprint)
LG G5 H830 (T-Mobile)
LG V10 H900 (AT&T)
LG V10 VS990 (Verizon)
LG V10 H901 (T-Mobile)
LG G4 H810 (AT&T)
LG G4 VS986 (Verizon)
LG G4 LS991 (Sprint)
LG G4 H811 (T-Mobile)
The software identification for the evaluated devices is as follows:
Security software version, MDF v2.0 Release 2



To check your carrier details, go to Settings > About phone > Network
To check your current security software version, go to Settings > About phone > Software info
To check your current OS versions & Build number, go to Settings > About phone > Software info
Product
Carrier
Security Software Version
OS version
Build number
LG G5 H820
AT&T
MDF v2.0 Release 2
Android 6.0.1
MMB29M
LG G5 VS987
Verizon
MDF v2.0 Release 2
Android 6.0.1
MMB29M
LG G5 LS992
Sprint
MDF v2.0 Release 2
Android 6.0.1
MMB29M
LG G5 H830
T-Mobile
MDF v2.0 Release 2
Android 6.0.1
MMB29M
LG V10 H900
AT&T
MDF v2.0 Release 2
Android 6.0
MRA58K
LG V10 VS990
Verizon
MDF v2.0 Release 2
Android 6.0
MRA58K
LG V10 H901
T-Mobile
MDF v2.0 Release 2
Android 6.0
MRA58K
LG G4 H810
AT&T
MDF v2.0 Release 2
Android 6.0
MRA58K
LG G4 VS986
Verizon
MDF v2.0 Release 2
Android 6.0
MRA58K
LG G4 LS991
Sprint
MDF v2.0 Release 2
Android 6.0
MRA58K
LG G4 H811
T-Mobile
MDF v2.0 Release 2
Android 6.0
MRA58K
1.2 Acronyms
•
BYOD : Bring Your Own Device
•
CA : Certificate Authority
•
CAVP : Cryptographic Algorithm Validation Program
Page 4 of 64
•
CBC : Cipher Block Chaining
•
CCM : Counter with CBC-Message Authentication Code
•
CC Mode : Common Criteria Mode
•
CCTL : Common Criteria Testing Laboratory
•
CDH : Computational Diffie–Hellman
•
CRC : Cyclic Redundancy Check
•
CTR : Counter
•
CVL : Component Validation List
•
DEK : Data Encryption Key
•
DPM : Device Policy Manager
- It is Android native APIs for device management. Please see the link below.
- http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html
•
DRGB : Deterministic Random Bit Generator
•
ECDSA : Elliptic Curve Digital Signature Algorithm
•
EAP-TLS : Extensible Authentication Protocol - Transport Layer Security
•
ECC : Elliptic Curve Cryptography
•
eMMC : embedded Multi Media Card
•
FIPS : Federal Information Processing Standards
•
FS Signature : File System Signature
•
FW Signature : Firmware Signature
•
GCM : Galois Counter Mode
•
GPS : Global Positioning System
•
HMAC : Keyed-Hash Message Authentication Code
•
HW : Hardware
•
ISV : Independent Software Vendor
•
KEK : Key Encryption Key
•
KW : Key Wrap
•
LG FOTA : LG Firmware Over The Air
•
LG MDM : LG Mobile Device Management
- It is LG’s mobile device management solution. It extends DPM in android framework.
•
NFC : Near Field Communication
•
OS : Operating System
•
PBKDF2 : Password-Based Key Derivation Function 2
•
PIN : Personal Identification Number
•
PKG : Public Key Generation
•
PKV : Public Key Validation
•
RSA : Rivest Shamir Adleman
•
SD Card : Secure Digital Card
Page 5 of 64
•
SIG : Signature
•
SHA : Secure Hash Algorithm
•
SHS : Secure Hash Standard
•
SMS : Short Messaging Service
•
SP : Special Publications
•
SSID : Service Set Identifier
•
TEE : Trusted Execution Environment
•
USB : Universal Serial Bus
•
VPN : Virtual Private Network
•
WEP : Wired Equivalent Privacy
•
Wi-Fi : Wireless Fidelity
•
WLAN : Wireless Local-Area Network
•
WPA : Wi-Fi Protected Access
Page 6 of 64
2. Evaluated Capabilities
The Common Criteria configuration adds support for many security capabilities. Some of those capabilities include
the following:
1. Cryptographic Key Management
The LG provides Key Management feature to protect keys and key materials used for Full Disk
Encryption, SD Card encryption and Android KeyStore.
A.
Random Number Generation
This feature employs all deterministic random bit generation services in accordance with NIST 80090a using CTR_DRBG (AES) to generate keys which provide entropy of more than 128bits.
B.
Key management
It manages the major types of keys: DEKs and KEKs. DEKs are used to protect data. KEKs are used
to protect other keys – DEKs, other KEKs and other types of keys and key materials
C.
Key storage
It stores the cryptographic keys encrypted by a h/w-protected key into a special user partition. The
special user partition is wiped when Factory data reset is performed.
2. Data protection
The LG Data Encryption protects user data stored in the device’s internal storage and the external SD card
from an unauthorized use. The capability can be configured by application settings or by IT administrators
using MDM capabilities.
All user data is encrypted with 256-bits AES (Advanced Encryption Standard) algorithm and stored in the
user data partition The encryption key is protected by a KEK generated by combining a KEK derived from a
user PIN or password using PBKDF2 with a randomly generated KEK which is protected by h/w.
•
•
•
Full Disk encryption
SD Card encryption
KeyStore data protection
3. Certificate Validation
LG provides Certificate validation feature for all certificates to protect your secure connection from spoofing
and invalid certificates. This capability can be automatically configured by enabling CC Mode.
•
•
More robust validation of certificates
Revocation status checking of certificate, using OCSP(Online Certificate Status Protocol)
4. MDM Capability
Although generic Android OS has been supporting mobile devices management (MDM) capability since
Android 2.2, enterprises need substantial control and management over mobile devices where corporate data is
being used.
The newest native Android OS does not even provide as much management capability as IT managers would
want under various circumstances of organizations and environments. For example, there is no way to restrict
the use of GPS or Bluetooth by native MDM APIs of generic Android.
To close such gaps, LG Android devices come pre-loaded with extended MDM capability on top of the
native Android OS, giving IT administrators the enhanced ability to configure various device and application
settings, control hardware components, and manage applications at much more granular levels.
Page 7 of 64
LG Android device not only expends MDM capability and but also adds a rich feature set of mobile
application management keeping in mind of enterprise mobility management to meet the requirement for
granular and high level of manageability and security in LG Android devices.
Figure 1 describes LG MDM architecture. Independent software vendors (ISVs) can not only use generic
MDM APIs provided by Android but they can also leverage a rich set of extended MDM on LG Android
devices according to their needs and requirements.
•
•
•
•
•
•
•
•
Encryption Policy
Password Management
Lock-screen Policy
Certificate Management
Radio Control
Wi-Fi Settings
Hardware Control
Application Control
< LG MDM Architecture >
5. Firmware Update Protection
Except secure update verified by RSA(2048bit) altorithm and SHA256 for hash, unsecured firmware update
methods is restricted in CC mode. For the details of secure updates, please see the Section 4. Secure Update
Process.
•
Restriction of firmware update other than FOTA (CC mode only)
6. Audit Logging
LG provides Audit Logging feature to record the auditable events to help monitor secure-related objectives,
including identification of certain events, reconstruction of events, intrusion detection and problem detection.
For this purpose, Audit Logging feature records each audit record as a specific formula including date and time
of events, type of event, subject identity and outcome of the event at least. Thus, the integrity of audit logs
must be protected from modification. This protection is achieved by SELinux policy and DAC. Audit Logging
can be automatically configured by enabling CC Mode. For the details of Audit Logging, please see the
Section 8. Audit Logging.
Page 8 of 64
3. Security Configuration
The LG G5, V10, G4 Smartphone offers a rich built-in interface and MDM callable interface for security
configuration. This section identifies the security parameters for configuring your device in Common Criteria mode,
for managing its security settings and for controlling preinstalled and 3rd party applications. Please contact to
[email protected] for the information about the testing app, guide and the list of natively
installed applications.
3.1 Common Criteria Mode
To configure your device into Common Criteria Mode, you must set the following options:
1.
Enable the password on the lock-screen
 Please refer to No.5,6,7 in 3.2 Common Criteria Related Settings
2.
Disallow the ‘Download Mode’
 Please refer to No 44 in 3.2 Common Criteria Related Settings
3.
Enable device encryption (It isn’t needed in G5 device which applies ‘Default device encryption’.)
4.
Enable SD card encryption
5.
Disable the ‘Smart Lock’
6.
Disallow VPN split-tunneling
7.
Set CC mode
Note: Only the OpenSSL Cryptographic Module has been evaluated in the CC mode. While it is possible to use
other cryptographic modules without enabling CC mode, the use of them was not evaluated or tested during the CC
evaluation of the TOE.
3.2 Common Criteria Related Settings
The Common Criteria evaluation requires a range of security settings be available. Those security settings are
identified in the table below.
Security
Feature
CC
Mode
Encrypti
No.
1
2
Setting
Common
Criteria
Mode
Device
Encrypti
Description
Enable CC
mode
Encrypts all
internal
Required
Value
Enable
Enable
API
[LGMDM]
void
setCommonCriteriaMode(C
omponentName who, int
mode)
mode =
LGMDMManager.COMMO
NCRITERIA_ENABLED
[LGMDM]
Void
User Interface
N/A
Encrypt all data on
your phone.
Page 9 of 64
Security
Feature
No.
on
Setting
on
Description
Required
Value
storage
API
User Interface
setEncryptionPolicy(Compo
nentName who, int policy)
Settings > Security >
Encrypt phone (It
isn’t needed in G5
device which applies
‘Default device
encryption.)
Encrypt all data on
the SD card storage.
Encrypt SD card
storage.
Configure the Secure
start-up to be selected
“Require PIN to
power on phone”.
(LG G5 VS987
exceptionally turns
on the Secure start-up
in Settings >
Fingerprints &
security > Secure
start-up.)
Reset your settings to
the factory default
values and delete all
your data.
policy = 1
3
SD Card
Encrypti
on
Encrypts all
SD card
storage
Enable
[LGMDM]
void
setEncryptionPolicy(Compo
nentName who, int policy)
policy = 2
4
Wipe
Device
Removes all
data from
device
Enable
[LGMDM]
void wipeData(int flags)
flags =
0(Device)
1(Device+Storage)
Passwor
d
Manage
ment
5
6
Password
Length
Password
Complex
ity
Minimum
number of
characters in
a password
Specify the
type of
characters
required in a
password
Greater
than 6
[DevicePolicyManager]
void
setPasswordMinimumLengt
h(ComponentName admin,
int length)
length = greater than 6
Void
setPasswordQuality(Compo
nentName admin, int
quality)
Quality :
DevicePolicyManager.PASS
WORD_QUALITY_COMP
LEX (393216)
Settings > Backup &
reset > Factory data
reset
Set a screen lock type
to secure your phone
Display > Lock
screen > Select
screen lock >
Password
Set a screen lock type
to secure your phone
Display > Lock
screen > Select
screen lock >
Password
&
=================
void
setPasswordMinimumLetter
s(ComponentName admin,
Page 10 of 64
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
int length)
length = Insert the number
you want
or
void
setPasswordMinimumNume
ric (ComponentName
admin, int length)
you want
or
void
setPasswordMinimumLower
Case (ComponentName
admin, int length)
you want
or
void
setPasswordMinimumUpper
Case (ComponentName
admin, int length)
you want
or
void
setPasswordMinimumSymb
ols (ComponentName
admin, int length)
you want
or
void
setPasswordMinimumNonL
etter (ComponentName
admin, int length)
you want
=================
7
Password
Expiratio
n
Maximum
length of
time before a
password
must change
N/A
Void
setPasswordExpirationTime
out(ComponentName admin,
long timeout)
timeout = millisecond unit
ex. 1Day = 24*60*60*1000)
8
Maximu
m
Maximum
number of
10 or less
setMaximumFailedPassword
N/A
Page 11 of 64
Security
Feature
No.
Setting
Description
password
failed
attempt
authenticat
ion failures
Required
Value
API
User Interface
sForWipe(ComponentName
admin, int num)
num = insert the number you
want
9
10
Lockscreen
11
Password
Visible
Show
password
Inactivity
to
lockout
The last
character of
the password
is visible for
a few
seconds if
enabled
Disable
Disallow
show
password
option on the
configuratio
n screen of
lock-screen
password
Disable
Time before
lock-screen
is engaged
Less than
15 minutes
[LGMDM]
Void
setAllowPasswordTypingVi
sible(ComponentName who,
boolean allow)
allow = true : enabled
allow = false : disabled
[LGMDM]
Show the last
character of the
hidden password as
you type.
Password typing
visible
N/A
void
setAllowPasswordVisible
(ComponentName
who,
boolean allow)
void
setMaximumTimeToLock(C
omponentName admin, long
timeMs)
timeMs : millisecond unit
Sets the amount of
time before the
screen times out.
Settings > Display >
Screen timeout
Sets the amount of
time before the
screen automatically
locks after the
screen has timed-out.
Settings > Display >
Lock timer
12
13
14
Banner2)
Banner
message
displayed on
the lockscreen
Administra
tor defined
text
Remote
Lock
Looks the
device
remotely
Enable
Smart
Control
KEYGUA
[LGMDM]
N/A
Void
setWarningMsg(Component
Name who, boolean allow,
String str)
allow = true
str = Insert the text you want
[LGMDM]
N/A
void lockNow()
N/A
Page 12 of 64
Security
Feature
No.
Setting
lock
Description
smart lock
Required
Value
RD_DISA
BLE_FEA
TURES_N
ONE/KEY
GUARD_
DISABLE
_TRUST_
AGENTS
API
User Interface
void
setKeyguardDisabledFeature
s(ComponentName admin,
int which)
which =
KEYGUARD_DISABLE_T
RUST_AGENTS : disabled
which =
KEYGUARD_DISABLE_F
EATURES_NONE : enabled
15
16
Transitio
n to the
locked
state
Remove
Enterpris
e
applicati
ons
Prevents a
user from
turning off
the power
button
instantly
locks.
Disable
You cannot
see the
application
icon in the
Launcher's
menu
Disable
public void
setEnforcePowerButtonLock
s (ComponentName who,
boolean allow)
N/A
public void
setApplicationState
(ComponentName who,
List<LGMDMApplicationSt
ate> applicationStateList)
N/A
applicationStateList
application state list
LGMDMApplicationState.
If it is null or empty list,
remove all application state
policies.
Certifica
te
Manage
ment
17
18
Import
CA
Certificat
es
Remove
Certificat
es
Import CA
Certificates
into the
Trust
Anchor
Database or
the
credential
storage
Remove
certificates
from the
Trust
Anchor
Database or
the
credential
storage
[LGMDM]
int
installCertificate(Component
Name who, String path,
String password)
path : path of file location
password : PKCS12
password
[LGMDM]
Boolean
uninstallCertificate(Compon
entName who, String
certificateId)
Install certificates
from storage
Credential storage >
Install from storage
Deletes all secure
certificates and
related credentials
and erases the secure
storage’s own
password. you’re
prompted to confirm
you want to clear this
data.
Page 13 of 64
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
Install from storage >
Clear credentials
Radio
Control
19
Control
Wi-Fi
Control
access to
Wi-Fi
Enable/Dis
able
[LGMDM]
void
setAllowWifi(ComponentNa
me who, boolean allow)
Turns on Wi-Fi to
connect to available
Wi-Fi networks.
Settings > Networks
> Wi-Fi
20
Control
GPS
Control
access to
GPS
Enable/Dis
able
[LGMDM]
void
setAllowGPSLocation(Com
ponentName who, boolean
allow)
21
Control
Cellular
Control
access to
Cellular
Enable/Dis
able
[LGMDM]
void
setEnforceAirplaneMode(Co
mponentName who, boolean
enforce)
enforce = true : enforce
AirplaneMode
Turn on location
service, your phone
determines your
approximate location
using GPS.
Settings > General >
Location > Mode >
Device sensors
only(GPS only)
Turn off all wireless
connections(Wi-Fi,
Bluetooth and data)
and calls.
Settings > Networks
> More > Wireless &
networks > Airplane
mode
enforce=false : no
restriction(default)
void
setAllowAirplaneModeOn(C
omponentName who,
boolean allow)
22
Control
NFC
Control
access to
NFC
Enable/Dis
able
[LGMDM]
void
setAllowNfc(ComponentNa
me who, int allow)
23
Control
Bluetoot
Control
access to
Bluetooth
Enable/Dis
able
[LGMDM]
void
Allow sending and
receiving data, such
as transportation or
credit card info, by
holding phone and
other device together.
Settings > Networks
> Share & connect >
NFC
Turn the Bluetooth
wireless feature on or
Page 14 of 64
Security
Feature
No.
Setting
Description
Required
Value
h
API
setAllowBluetooth(Compon
entName who, int allow)
User Interface
off to use Bluetooth
Settings > Networks
> Bluetooth
24
25
26
Control
Location
Service
Control
SMS
Control
VPN
Control
access to
Location
Service
Control
Messaging
capabilities
Control
access to
VPN
Enable/Dis
able
Enable/Dis
able
Enable/Dis
able
[LGMDM]
void
setAllowGPSLocation(Com
ponentName who, boolean
allow)
public void
setAllowWirelessLocation(C
omponentName who,
boolean allow)
[LGMDM]
Turn on location
service, your phone
determines your
approximate location
using GPS, Wi-Fi and
mobile networks
Location > Mode >
High accuracy(GPS
and networks)
N/A
void
setAllowSendingSms(Comp
onentName who, boolean
allow)
void
setAllowReceivingSmsMms
(ComponentName who,
boolean allow)
[LGMDM]
void
setAllowVpn(ComponentNa
Displays the list of
Virtual Private
Networks (VPNs)
that you've
previously
configured. Allows
you to add different
types of VPNs.
Settings > Networks
> More > Wireless &
networks > VPN
27
Enable/di
sable
Bluetoot
h BR/DR
Prevents a
user from
ready to
connect in
Bluetooth.
Disable
public void
setAllowReadyToConnectIn
Bluetooth (ComponentName
who, boolean allow)
N/A
Page 15 of 64
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
Wi-Fi
Settings
28
Specify
Wi-Fi
SSIDs
Specify
SSID values
for
connecting
to Wi-Fi.
Can also
create white
and black
lists for
SSIDs.
listType =
2
[LGMDM]
void
setAllowWiFiSSIDList(Com
ponentName who, int
listType, List<String>
wblist)
Settings > Networks
> Wi-Fi
listType = 1 : Black list
listType = 2 : White list
wblist = list of WiFi SSID
29
Set
WLAN
CA
Certificat
e
Select the
CA
Certificate
for the WiFI
connection
CA
Certificate
[LGMDM]
Int
installCertificateSelectUsety
pe(ComponentName who,
String path, String password,
int useType)
Install from storage
useType = 2
30
Specify
security
type
Specify the
connection
security
(WEP,
WPA2, etc)
Wi-Fi
connection
type
[LGMDM]
void
setWiFiSecurityLevel(Comp
onentName who, int policy)
policy = 0~3
31
Select
authentic
ation
protocol
Specify the
EAP-TLS
connection
values
Wi-Fi
protocol
NONE : 0
WEP : 1
WPA: 2
EAP : 3
[LGMDM]
void setEap(String eap);
eap = “TLS”
“FAST”
“PEAP”
“TTLS”
Turns on Wi-Fi to
Wi-Fi networks.
Settings > Networks
> Wi-Fi> select
connected Wi-Fi >
check the security
type
Turns on Wi-Fi to
Wi-Fi networks.
Settings > Networks
> Wi-Fi > Select
Option Menu >
Saved Wi-Fi > check
configured Wi-Fi
Ex)
LGMDMWifiConfiguration
newConfig = new
LGMDMWifiConfiguration(
);
newConfig.SSID = oldSSID;
newConfig.hiddenSSID =
Page 16 of 64
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
false;
newConfig.priority =
oldPriority;
newConfig.allowedKeyMan
agement.set(LGMDMWifiC
onfiguration.KeyMgmt.WP
A_EAP);
newConfig.allowedKeyMan
agement.set(LGMDMWifiC
onfiguration.KeyMgmt.IEE
E8021X);
newConfig.setEap("TLS")
;
newConfig.setPhase2("None
");
newConfig.setIdentity("wifiuser");
newConfig.setCaCert("pmk"
);
newConfig.setClientCert("p
mk");
newConfig.setEngine(LGM
DMWifiConfiguration.ENG
INE_ENABLE);
newConfig.setEngineId(LG
MDMWifiConfiguration.KE
YSTORE_ENGINE_ID);
newConfig.setKeyId("pmk")
;
LGMDMManager.getInstan
ce().addWifiNetwork(newC
onfig)
32
Select
client
credentia
ls
Specify the
client
credentials
to access a
specified
WLAN
Wi-Fi
credentials
[LGMDM]
List<String>
enumCertificateIdSelectUset
ype(ComponentName who,
int useType)
useType = 2
Hardwar
e
Control
33
Control
Microph
one
Control
access to
microphones
Enable/Dis
able
[LGMDM]
Fingerprints &
Security > Certificate
management >
Trusted credentials >
select User tab >
check configured
credentials
N/A
void
setAllowMicrophone(Comp
onentName who, boolean
allow)
Page 17 of 64
Security
Feature
No.
34
Setting
Control
Camera
Description
Control
access to
camera
Required
Value
Enable/Dis
able
API
[LGMDM]
User Interface
N/A
void
setCameraDisabled(Compon
entName admin, boolean
disabled)
disabled = true : disabled
disabled = false : allow
35
36
Control
USB
Mass
Storage
Control
access to
mounting
the device
for storage
over USB.
Enable/Dis
able
[LGMDM]
Control
USB
Debuggi
ng
Control
access to
USB
debugging.
Enable/Dis
able
[LGMDM]
public void
setAllowUsb(ComponentNa
void
setAllowUSBDebugging(Co
allow)
37
Control
SD Card
Control
access to SD
card storage.
Enable/Dis
able
N/A
[LGMDM]
void
setAllowExternalMemorySl
ot(ComponentName who,
boolean allow)
Turn on debug mode
when USB is
connected
Developer options >
USB debugging
Storage >SD CARD
38
Control
USB
Tethered
Connecti
ons
Control
access to
USB
tethered
connections.
Enable/Dis
able
[LGMDM]
void
setAllowUSBTethering(Co
allow)
39
Control
Bluetoot
h
Tethered
Connecti
ons
Control
access to
Bluetooth
tethered
connections.
Enable/Dis
able
[LGMDM]
void
setAllowBluetoothTethering
(ComponentName who,
boolean allow)
40
Control
Hotspot
Control
access to
Enable/Dis
[LGMDM]
Connect the USB
cable to share the
internet connection
with the computer.
Settings > Networks
> More > Wireless &
networks > USB
tethering
Turn on Bluetooth
tethering and connect
other devices to
phone via Bluetooth
Settings > Networks
> More > Wireless &
networks > Bluetooth
tethering
Allows you to use
your device as a Wi-
Page 18 of 64
Security
Feature
No.
Setting
Description
Connecti
ons
Wi-Fi
hotspot
connections
Required
Value
able
API
void
setAllowHotspot(Componen
tName who, boolean allow)
User Interface
Fi hotspot for other
devices to use your
mobile network
connection.
Set up Wi-Fi hotspot:
Sets the SSID and
password for your
Wi-Fi hotspot.
Timeout: Allows you
to set the time after
which Wi-Fi hotspot
automatically turns
off.
Settings > Networks
> More > Wireless &
networks > Mobile
Hotspot
41
Automati
c Time
Allows the
device to get
time from
the Wi-Fi
connection
Enable/Dis
able
[LGMDM]
void
setAllowChangeDateAndTi
me(ComponentName who,
boolean allow)
Use Date & time
settings to set how
dates will be
displayed. You can
also use these settings
to set your own time
and time zone rather
than obtaining the
current time from the
mobile network.
Date & Time
42
Applicat
ion
Control
43
Enable/di
sable all
data
signaling
over
USB
The USB
mode is
forced to be
configured
as none.
Install
Applicati
on
Installs
specified
application
Disable
public void
setEnforceUsbModeAsNone
(ComponentName who,
boolean enforce)
N/A
enforce = true : enforce
enforce = false : release
[LGMDM]
N/A
void
installApplication(Compone
ntName who, String path)
path : apk file path to the
installation.
44
Uninstall
Applicati
on
Uninstalls
specified
application
[LGMDM]
public void
uninstallApplication(Compo
nentName who, String
packageName)
Application manager
> menu > Uninstall
apps
Page 19 of 64
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
packageName : package
name to be deleted.
45
Applicati
on
Whitelist
Specifies a
list of
applications
that may be
installed
[LGMDM]
<install>
Application manager
public void
setAllowInstallApplication(
ComponentName who,
boolean allow)
&
void
setApplicationState(Compon
entName who,
applicationStateList: Insert
the list you want
ex)
ArrayList<LGMDMApplica
tionState>
mSelectedAppStateList;
LGMDMApplicationState
item = new
LGMDMApplicationState();
item.setPackageName(editT
ext.getText().toString());
item.setAllowInstallation(1);
item.setAllowUninstallation(
0~2);
item.setEnable(0~2);
mSelectedAppStateList.add(
item);
<uninstall>
public void
setAllowUninstallApplicatio
n(ComponentName who,
boolean allow)
&
void
entName who,
Page 20 of 64
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
the list you want
ex)
tionState>
item = new
item.setAllowInstallation(0~
2);
1);
item);
46
Applicati
on
Blacklist
Specifies a
list of
applications
that may not
be installed
[LGMDM]
<install>
Application manager
void
entName who,
the list you want
ex)
tionState>
item = new
item.setAllowInstallation(2);
0~2);
item);
<uninstall>
void
Page 21 of 64
Security
Feature
No.
Setting
Description
Required
Value
API
User Interface
entName who,
the list you want
ex)
tionState>
item = new
2);
2);
item);
<running>
void
entName who,
the list you want
ex)
tionState>
item = new
2);
0~2);
item);
47
Applicati
on
Specifies the
location
Void
setAllowInstallation(int
N/A
Page 22 of 64
Security
Feature
No.
Setting
Description
Reposito
ry
from which
applications
may be
installed
Required
Value
API
User Interface
allowInstallation)
allowInstallation :
0(Default)
1(Enabled)
2(Disabled)
&
void
installApplication(Compone
ntName who, String path)
path : apk file path to the
installation.
Downloa
d Mode
48
Control
Downloa
d Mode
Control
access to
Download
Mode
[LGMDM]
Int
setAllowDownloadMode(Co
allow)
N/A
VPN
49
Control
VPN
splittunneling
Control
access to
VPN splittunneling
Disable
[LGMDM]
void
setAllowVPNSplitTunneling
(ComponentName who,
boolean allow)
N/A
Backup
50
Enable/di
sable
backup
to
Disable
backup
to
locally
connected
system
Disable
backup to
remote
system
Disable
public void
setAllowGoogleBackup
(ComponentName who,
boolean allow)
N/A
public void
setAllowSpecificApplication
(ComponentName who,
LGMDMManager.Applicati
onType applicationType,
boolean allow)
LGMDMManager.Applicati
onType.LGBACKUP is for
allowing/disallowing
LGBackup
Page 23 of 64
Security
Feature
Audit
Logging
No.
51
52
Setting
Configur
e the
auditable
items
Read
audit
logs kept
by the
TSF
Description
CC mode is
forced to be
configured
with
auditable
items at one
time
Admin only
can access
audit logs
Required
Value
Enable
API
public boolean
setGranularControlOnCCMo
de (ComponentName who,
int function)
User Interface
N/A
CC_MODE = 0x01,
CC_AUDIT_LOGGING =
0x2, ....
ex ) 0x3 is CC_MODE ==
ON,
CC_AUDIT_LOGGING ==
ON.
Enable
Returns
true : CC mode Service is
enabled, policy is called
false : CC mode Service is
not enabled, policy is not
called
public ParcelFileDescriptor
ExportCCauditLogFile
(ComponentName who)
N/A
Returns
ParcelFileDescriptor
[Password Policy Recommendation]
To configure good and strong password, next password policies are strongly recommended
1.
Password Length
For setting the good password, administrator has to set password length. It is recommended that the
password length is more than 8 characters.
 Please refer to No.5 in 3.2 Common Criteria Related Settings
2.
Password Complexity and Quality
Password complexity should include more than 1 character, number and symbol. Administrator can
enforce minimum number of numeric, upper and lower case, symbol, and so on. Administrator also can
choose one of password quality to increase the level of password strength;
PASSWORD_QUALITY_UNSPECIFIED,PASSWORD_QUALITY_SOMETHING,
PASSWORD_QUALITY_NUMERIC,PASSWORD_QUALITY_ALPHABETIC,
PASSWORD_QUALITY_ALPHANUMERIC, or PASSWORD_QUALITY_COMPLEX.
3.
Maximum password failed attempt
Administrator can set maximum password failed attempt policy. The device will be wiped immediately
when maximum count is reached in case of unsuccessful authentication. For example, when maximum
password failed attempt is 10, if the half of maximum count(5) is reached , device shows the warning
Page 24 of 64
dialog that displays ‘Life is good’ message and requires user input to continue trying authentication and
then, if maximum count(10) is reached, the device will be wiped.
Page 25 of 64
4. Secure Update Process
This section provides how secure updates are delivered. LG FOTA supports below verification item for secure
update when delta package for FOTA is placed on device’s storage.


Verification of delta package itself
Verification of whether delta package is for the device’s image or not
Verification of delta package itself is done through checking signature of it. The signature is made for every
delta package of firmware images and files. It’s used RSA(2048bit) altorithm and SHA256 for hash, to make
signature for packages of each images.
Verification of whether delta package is for the device’s image is done through checking CRC of every image
(CRC-32). It checks identification between calculated CRC value of every image such as all firmware image and all
files, and delivered CRC value of delta packages for
Download delta package
Check Signature
of whole pkg.
Write a update setting value to eMMC
Reset Device & reboot
Read a update setting value on eMMC
Update?
Stop FOTA Upgrade
Whole Signature mismatch error occurred
&
Device goes to Idle status
Magic code?
Check Signature
of each FW pkg.
Check identification by
CRC for each FW images
FW Signature mismatch error occurred
&
Normal boot
Validation Fail occurred
(Mismatch between FW image & pkg.)
&
Normal boot
Check Signature
of each File pkg.
FS Signature mismatch error occurred
&
Normal boot
Check identification by
CRC for each File
Validation Fail occurred
(Mismatch between FW image & pkg.)
&
Normal boot
Update Firmware images
Update Files
Reset & Normal booting
[FOTA update process for secure delta package]
Page 26 of 64
5. Cryptographic APIs
The following Algorithms are evaluated by CCTL (CC Testing Laboratory). You can access to the following
algorithms by using Android Cryptographic APIs.
5.1 FCS_CKM.2(1) - RSA
Assume that Alice knows a private key and Bob knows Alice’s public key.
Bob sent a key encrypted by the public key.
This example shows how Alice gets a plain key sent by Bob.
Alice needs her own private key to decrypt an encrypted key.
// generate an Alice’s private key
KeyFactory kf = KeyFactory.getInstance("RSA", “ AndroidOpenSSL”);
RSAPrivateKeySpec rsa_private = new RSAPrivateKeySpec(
new BigInteger(n, 16), new BigInteger(d, 16));
// generate private key
PrivateKey privKey = kf.generatePrivate(rsa_private);
// Decrypt an encrypted key
Cipher cipher = Cipher.getInstance(“ RSA/ECB/NoPadding”, “ AndroidOpenSSL”);
cipher.init(Cipher.DECRYPT_MODE, privKey);
cipher.update(encryptedKey);
byte[] resultK = cipher.doFinal();
Algorithms of AndroidOpenSSL for RSA Pair-wise key establishment
“RSA/ECB/NoPadding”
“RSA/ECB/PKCS1Padding”
Reference webpage:
http://developer.android.com/intl/ko/reference/javax/crypto/Cipher.html
5.2 FCS_CKM.2(1) – ECDH
Assume that Alice knows a private key and a Bob’s public key.
Bob knows his private key and an Alice’s public key.
Then Alice and Bob can share a secret key via ECDH Key agreement.
// Bob’s public key
ECPublicKey BobPubkey = … ;
// Alice’s private key generation
ECPrivateKey AlicePrivkey = … ;
//Generate Secret key in Bob Side
KeyAgreement ka = KeyAgreement.getInstance(“ECDH”,” AndroidOpenSSL”);
ka.init(AlicePrivkey);
ka.doPhase(BobPubkey, true);
byte[] secret = ka.generateSecret();
Key agreement of AndroidOpenSSL
“ECDH” for KeyAgreement
Reference webpage:
http://developer.android.com/intl/ko/reference/javax/crypto/KeyAgreement.html
Page 27 of 64
5.3 FCS_COP.1(1) - AES CBC
Cipher class encrypts or decrypts a plaintext.
// get cipher instance with provided algorithm and provider
Cipher cipher = Cipher.getInstance(“AES/CBC/NoPadding”, “ AndroidOpenSSL”);
// generate key and iv to be used when encrypt or decrypt
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
AlgorithmParameterSpec ivSpec = new IvParameterSpec(iv);
// initiate cipher instance as encrypt mode
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);
byte[] encrypted = cipher.doFinal(plaintext);
// initiate cipher instance as decrypt mode
cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec);
byte[] decrypted = cipher.doFinal(encrypted);
AES algorithms of AndroidOpenSSL
“AES/CBC/NoPadding”
Reference webpage
http://developer.android.com/intl/ko/reference/javax/crypto/Cipher.html
5.4 FCS_COP.1(2) - SHA
You can use MessageDigest class to calculate the hash of plaintext.
MessageDigest md = MessageDigest.getInstance(“ SHA-256”, “ AndroidOpenSSL”);
md.update(plaintext);
byte[] hashdata = md.digest();
MessageDigest algorithms of AndroidOpenSSL
“SHA-1”, “SHA-256”, “SHA-384”, “SHA-512”
Reference webpage:
http://developer.android.com/reference/java/security/MessageDigest.html
Page 28 of 64
5.5 FCS_COP.1(3) – RSA(Signature Algorithms)
KeyFactory class generates RSA private key and public key.
Signature class signs a plaintext with private key generated above and verifies it with public key.
// generate key spec
KeyFactory kf = KeyFactory.getInstance(“RSA”, “ AndroidOpenSSL”);
RSAPrivateKeySpec rsa_private = new RSAPrivateKeySpec(
new BigInteger(n, 16), new BigInteger(d, 16));
RSAPublicKeySpec rsa_public = new RSAPublicKeySpec(
new BigInteger(n, 16), new BigInteger(e, 16));
// generate key
PrivateKey privKey = kf.generatePrivate(rsa_private);
PublicKey pubKey = kf.generatePublic(rsa_public);
// sign test
Signature signature = Signature.getInstance(“ SHA1WithRSA”, “ AndroidOpenSSL”);
signature.initSign(privKey);
signature.update(plaintext);
byte[] signed = signature.sign();
// verify test
signature.initVerify(pubKey);
signature.update(plaintext);
boolean verified = signature.verify(signed);
Signature algorithms of AndroidOpenSSL
“SHA1WithRSA”
“SHA256WithRSA”
“SHA384WithRSA”
“SHA512WithRSA”
Key generators of AndroidOpenSSL
“RSA” KeyFactory
“RSA” KeyPairGenerator
Reference webpages:
http://developer.android.com/reference/java/security/KeyFactory.html
http://developer.android.com/reference/java/security/Signature.html
http://developer.android.com/reference/java/security/spec/RSAPrivateKeySpec.html
http://developer.android.com/reference/java/security/spec/RSAPublicKeySpec.html
Page 29 of 64
5.6 FCS_COP.1(3) – ECDSA(Signature Algorithms)
Signature class signs a hash data with EC private key and verifies it with EC public key.
KeyPairGenerator kpg;
ECGenParameterSpec kpgparams;
kpg = KeyPairGenerator.getInstance("EC", “AndroidOpenSSL”);
kpgparams = new ECGenParameterSpec(”secp256r1”);
kpg.initialize(kpgparams, new SecureRandom());
ECParameterSpec params = ((ECPublicKey)kpg.generateKeyPair().getPublic()).getParams();
// key spec generation
ECPoint point = new ECPoint(Qx, Qy);
ECPublicKeySpec ec_public = new ECPublicKeySpec(point, params);
ECPrivateKeySpec ec_private = new ECPrivateKeySpec(d, params);
// key generation
KeyFactory kf;
kf = KeyFactory.getInstance("EC", “AndroidOpenSSL”);
ECPrivateKey privkey = (ECPrivateKey) kf.generatePrivate(ec_private);
ECPublicKey pubkey = (ECPublicKey) kf.generatePublic(ec_public);
// sign the hashdata and generate signature
Signature signature = Signature.getInstance(“SHA256WithECDSA”, “AndroidOpenSSL”);
signature.initSign(privkey);
signature.update(hashdata);
byte[] signed = signature.sign();
// verify the signature with public key
signature.initVerify(pubkey);
signature.update(hashdata);
boolean verified = signature.verify(signed);
Signature algorithms of AndroidOpenSSL
“SHA256withECDSA”
Key generators of AndroidOpenSSL
“EC” for KeyFactory
“EC” for KeyPairGenerator
Supported curves
“secp256r1”
“secp384r1”
“secp521r1”
Reference webpages:
http://developer.android.com/reference/java/security/Signature.html
http://developer.android.com/reference/java/security/spec/ECPublicKeySpec.html
http://developer.android.com/reference/java/security/spec/ECPrivateKeySpec.html
Page 30 of 64
5.7 FCS_COP.1(4) - HMAC
Mac class calculates the hash of plaintext with key.
Mac hmac = Mac.getInstance(“HmacSHA1”, “ AndroidOpenSSL”);
SecretKeySpec secretkey = new SecretKeySpec(key, algorithm);
hmac.init(secretkey);
byte[] hmacdata = hmac.doFinal(plaintext);
MAC algorithms of AndroidOpenSSL
“HmacSHA1”
“HmacSHA256”
“HmacSHA384”
“HmacSHA512”
Reference webpages:
http://developer.android.com/reference/javax/crypto/Mac.html
Page 31 of 64
6. VPN Configuration
The LG VPN in LGE mobile devices provides IPsec VPN connection.
If a VPN connection is established, interceptor module(kernel side) in LG VPN is able to control all inbound and
outbound traffic traverse.
It means that all IP traffics are controlled through the VPN client (IPsec tunnels).
Applications
User
socket
<Inbound>
LG VPN
socket
socket
Kernel
interceptor
tun0
Routing
Routing
Applications
User
socket
<Outbound>
LG VPN
socket
eth0
socket
Kernel
Routing
tun0
interceptor
Routing
eth0
The Split-tunneling feature is enabled by default. So, the Split-tunneling feature must be disabled on the
CC Mode. The feature can be configured by MDM capability.
Page 32 of 64
7. Wi-Fi Configuration
User can set Wi-Fi configuration on the device by going to ‘Settings > Wi-Fi’.
Follow the next instructions to test EAP-TLS/TTLS in the LGE devices:
1.
2.
3.
Place certificates into internal storage or external SD card by using MTP or Email attachment.
Administrators are able to distribute certificates by web link that executes certificates installation directly.
“Install certificates” of the “PERSONAL” tab on the “advanced Wi-Fi” menu.
- Must select “Wi-Fi” of “Credential use” tab.
Back to the Wi-Fi menu, Select Access point which is supported EAP-method.
- Select EAP method to “TLS” or “TTLS”
- Select CA certificate, User certificate installed on Step #2
- Input identity parameter.
- Push “Connect” button.
Page 33 of 64
8. Bluetooth Configuration
User can set Bluetooth configuration on the device by going to ‘Settings > Bluetooth’.
Follow the next instructions to test pairing with a remote Bluetooth device:
1.
2.
3.
4.
Search remote device
Select device to pair if you find remote device
Please check passkey and select “PAIR”
You can connect device if you success to pair.
5.
You can delete device in your paired list if you select Unpair menu.
Page 34 of 64
9. Audit Logging
A MDM client can get the audit log file using the API #52 ‘Read audit logs’ that is mentioned in Section 3.2
Common Criteria Related Settings.
Basically, the whole concept of Audit logging is based on Android logging system. The following provides
examples of audit log.
12-31 20:27:05.776 2662 2662 I CCModeService: FIPS validated BouncyCastle self-test success!!!
12-31 20:25:51.605 819 819 D CCAUDIT_KERN: <6>[ 1.796391 / 01-01 00:00:01.739][5] [880] [CCAudit]
Secure boot Success
Similar to Android logging system, basic format of Audit logging is written and it represents fields as follows.
•
•
•
•
•
Date and time of the event;
type of event; This is described as log level and log tag
subject identity; This is described as PID and PPID
the outcome (success or failure) of the event; and
additional information in the below table.
Audit logs of kernel are also complied with typical kernel log . These additionally contains typical kernel log
information in the outcome field and tag the log with ‘CCAUDIT_KERN’.
Each field of two example logs corresponds with above format as below.
Date and Time
12-31
20:27:05.776
12-31
20:25:51.605
Type of event
Subject
identity
The outcome
I / CCModeService
2662 / 2662
FIPS validated BouncyCastle self-test success!!!
D / CCAUDIT_KERN
819 / 819
<6>[ 1.796391 / 01-01 00:00:01.739][5] [880]
[CCAudit] Secure boot Success
The following provides a list of audit events required by the MDFPP so the administrator knows what to look for
when reading the audit log.
MDFPP
Requirem
ent
FAU_GEN
.1.1
Auditable
Events
Start-up and
shutdown of the
audit functions;
All
administrative
actions;
Start-up and
shutdown of the
OS and kernel;
Additional
Audit Record
Contents
The outcome of Audit Records
a. write_flag_to_misc::CC_AUDIT_LOGGING is started
b. write_flag_to_misc::CC_AUDIT_LOGGING is stopped
a.
setAllowBluetooth(ComponentInfo{com.lge.mdm.newclient/co
m.lge.mdm.newclient.MainActivity$DeviceAdminSampleRecei
ver}) : 1
a. [CCAudit] Run init process for OS startup
b. devicePowerOff, devicefunction : 1, who :
com.lge.mdm.newclient
c. start normal shutdown
Page 35 of 64
MDFPP
Requirem
ent
Auditable
Events
Additional
Audit Record
Contents
Insertion or
removal of
removable
media;
a. [CCAudit] mmc1: slot status change detected (0 -> 1)
b. [CCAudit] mmc1: slot status change detected (1 -> 0)
log :
c. [CCAudit] mmc1: slot status change detected (0 -> 1)
d. [CCAudit] mmc1: slot status change detected (1 -> 0)
a. [gmail-ls][Account {[email protected],
type=com.google}] Account synchronizing connection is
established,,,
Establishment of
a synchronizing
connection;
FCS_CKM
_EXT.1
FCS_CKM
.1(1)
FCS_HTT
PS_EXT.1
[selection: Audit
records reaching
[95] percentage
of audit
capacity].
[selection: none]
a. CCAudit logging record reaches 95 percent
Failure of key
generation
activity for
authentication
keys.
Failure of the
certificate
validity check.
a. Primary keymaster device failed to generate key, falling back
to SW.
b. rc ERROR : -4
Issuer Name and
Subject Name of
certificate.
[selection:
User's
authorization
decision, no
additional
information].
FCS_RBG
_EXT.1
Failure of the
randomization
process.
FCS_STG_
EXT.1
Import or
destruction of
key.
[selection:
Exceptions to
use and
destruction
rules, No other
events]
Identity of key.
Role and
identity of
requestor.
FCS_STG_
EXT.3
Failure to verify
integrity of
stored key.
Identity of key
being verified.
a. SSL:Certificate invalid:subject name=/OU=Domain Control
Validated/OU=COMODO SSL
Wildcard/CN=*.crashlytics.com:issuer
name=/C=GB/ST=Greater
Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO RSA Domain Validation Secure Server
CA
a. dual ec drbg disabled
b. error initialising drbg
c. no fips random method set
a. importKey keyName =
USRPKEY_9fcbc887f0ab90118827ec41270497dee5dc629e,
uid = -1
del : filename :
user_0/1000_USRPKEY_6f41232b523647d0043d9c57a309255
0cdf0bc50, keyBlob type : 4, userId = 0
del : filename :
user_0/1000_USRCERT_6f41232b523647d0043d9c57a309255
0cdf0bc50, keyBlob del : filename :
user_0/1000_CACERT_6f41232b523647d0043d9c57a3092550
cdf0bc50, keyBlob type : 1, userId = 0
a. Failed to verify integrity of stored key :
user_0/1000_USRCERT_111
Page 36 of 64
MDFPP
Requirem
ent
FCS_TLS
C_EXT.1
Auditable
Events
Failure to
establish an
EAP-TLS
session.
Additional
Audit Record
Contents
Reason for
failure.
1. Invalid information when EAP-TLS connection
a. Wi-Fi EAP-TLS Private key not configured
b. Wi-Fi EAP-TLS ca_cert is invalid.
c. Wi-Fi EAP-TLS client_cert is invalid.
d. Wi-Fi EAP-TLS key_id is invalid.
e. Wi-Fi TLS: Failed to load private key
f. Wi-Fi TLS: Failed to set TLS connection parameters
2. Failure in SSL initialize during EAP-TLS connection
a. Wi-Fi EAP-TLS Failed to initialize SSL.
b. Wi-Fi EAP-TLS SSL : Failed to initialize new TLS
connection
3. When EAP-TLS connect/disconnect/connect fail
a. Wi-Fi EAP-TLS Done(establish)
b. Wi-Fi EAP-TLS session termination!!
c. Wi-Fi EAP-TSL SSL: Received non-ACK when output
fragments are waiting to be sent out
d. Wi-Fi EAP-TLS SSL: Failed - tls_out available to report error
e. Wi-Fi EAP-TLS SSL: TLS errors detected
f. Wi-Fi EAP-TLS SSL: Invalid TLS message: no Flags octet
included
Establishment/te
rmination of an
EAP-TLS
session.
Non-TOE
endpoint of
connection.
4. Connection success/failure
a. Wi-Fi Connection success
b. Wi-Fi Connect Failure
1. Invalid information when EAP-TLS connection
a. Wi-Fi EAP-TLS Private key not configured
b. Wi-Fi EAP-TLS ca_cert is invalid.
c. Wi-Fi EAP-TLS client_cert is invalid.
d. Wi-Fi EAP-TLS key_id is invalid.
e. Wi-Fi TLS: Failed to load private key
f. Wi-Fi TLS: Failed to set TLS connection parameters
2. Failure in SSL initialize during EAP-TLS connection
a. Wi-Fi EAP-TLS Failed to initialize SSL.
b. Wi-Fi EAP-TLS SSL : Failed to initialize new TLS
connection
included
Page 37 of 64
MDFPP
Requirem
ent
FCS_TLS
C_EXT.2
FDP_DAR
_EXT.1
Auditable
Events
Additional
Audit Record
Contents
Failure to
establish a TLS
session.
Reason for
failure.
Failure to verify
presented
identifier.
Presented
identifier and
reference
identifier.
Non-TOE
endpoint of
connection.
Establishment/te
rmination of a
TLS session.
Failure to
encrypt/decrypt
data.
FDP_STG
_EXT.1
Addition or
removal of
certificate from
Trust Anchor
Database.
Subject name of
certificate.
FDP_UPC
_EXT.1
Application
initiation of
trusted channel.
Name of
application.
Trusted channel
protocol.
Non-TOE
endpoint of
connection.
FIA_AFL_
EXT.1
Excess of
authentication
failure limit.
SSL:Validation error:subject
name=/C=US/ST=California/L=Mountain View/O=Google
Inc/CN=*.googleapis.com:issuer name=/C=US/O=Google
Inc/CN=Google Internet Authority G2
a. connect to google.com, facebook.com,ssllabs.com through
https://
a. SSL:session connected:hostname=www.googleapis.com
b. SSL:session
terminated:hostname=www.googleadservices.com
a. [CCAudit] Error getting random bytes in SEC mode
b. [CCAudit] ecryptfs_filldir: Error attempting to decode and
decrypt
c. [CCAudit] Error attempting to allocate memory
d. [CCAudit] ecryptfs_open: Error attempting to initialize the
lower file for the dentry with name
a. Addition CA Cert - C=FI,O=Authentec\, Inc.,CN=Test RSA
CA
b. Delete CA Cert - CN=GeoTrust Primary Certification
Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use
only, O=GeoTrust Inc., C=US
c. Delete CA Cert - OU=certSIGN ROOT CA, O=certSIGN,
C=RO
d. Delete CA Cert - CN=DST ACES CA X6, OU=DST ACES,
O=Digital Signature Trust, C=US
e. Delete CA Cert - CN=GeoTrust Global CA, O=GeoTrust Inc.,
C=US
f. Delete CA Cert - CN=USERTrust ECC Certification
Authority, O=The USERTRUST Network, L=Jersey City,
ST=New Jersey, C=US
g. Delete CA Cert - CN=UTN-USERFirst-Hardware,
OU=http://www.usertrust.com, O=The USERTRUST Network,
L=Salt Lake City, ST=UT, C=US
a. com.slacker.radio attempts to establish SSL/TLS connection.
b. com.slacker.radio attempts to establish SSL/TLS connection.
c. com.vcast.mediamanager attempts to establish SSL/TLS
connection.
d. com.vcast.mediamanager attempts to establish SSL/TLS
connection.
e. com.cequint.ecid attempts to establish SSL/TLS connection.
f. com.cequint.ecid attempts to establish SSL/TLS connection.
a. Excess of authentication failure limit.
Page 38 of 64
MDFPP
Requirem
ent
FIA_BLT_
EXT.1
Auditable
Events
User
authorization of
Bluetooth
device.
User
authorization for
local Bluetooth
service.
Additional
Audit Record
Contents
User
authorization
decision.
Bluetooth
address and
name of device.
Bluetooth
profile. Identity
of local service.
1. PAIR :
a. [FIA_BLT_EXT.1] - (NEW_PAIR_REQUEST) :
b. [FIA_BLT_EXT.1] - (SSP_REQUEST) : V10
[22:22:2C:6D:9F:07] [CoD:524] PASSKEY:794842
VARIANT:PAIRING_VARIANT_PASSKEY_CONFIRMATI
ON
c. [FIA_BLT_EXT.1] - (BOND_BONDED) : V10
[22:22:2C:6D:9F:07] [CoD:524]
d. [FIA_BLT_EXT.1] - (ENTER_STABLE) :
2. CANCLE :
[22:22:2C:6D:9F:07] [CoD:524] PASSKEY:705961
ON
c. [FIA_BLT_EXT.1] - (BOND_NONE) : V10
[22:22:2C:6D:9F:07] [CoD:524]
REASON:UNBOND_REASON_REMOVED - An existing
bond was explicitly revoked
FIA_BLT_
EXT.2
FIA_UAU
_EXT.2
FIA_UAU
_EXT
Initiation of
Bluetooth
connection.
Bluetooth
address and
name of device.
Failure of
Bluetooth
connection.
Action
performed
before
authentication.
User changes
Password
Authentication
Factor.
Reason for
failure.
Reason for
failure of
validation.
3. request delayed :
[22:22:2C:6D:9F:07] [CoD:524] PASSKEY:355552
ON
c. [FIA_BLT_EXT.1] - (BOND_NONE) : V10
[22:22:2C:6D:9F:07] [CoD:524]
REASON:UNBOND_REASON_AUTH_FAILED - A bond
attempt failed because pins did not match, or remote device did
not respond to pin request in time
e. STATE_ON :
SCAN_MODE_CONNECTABLE_DISCOVERABLE
a. OPP Service Access User decision: accept, Peer Device
NameLG ZeroAddress22:22:20:26:86:C1
b. OPP Service Access User decision: reject, Peer Device
NameLG ZeroAddress22:22:20:26:86:C1
a. Failed to connectPAN
a. PackageName: com.jiubang.goscreenlock is performed before
user authentication
a. User changes Password Authentication Factor. .3
Page 39 of 64
MDFPP
Requirem
ent
FIA_X509
_EXT.2
FMT_SMF
_EXT.1
Auditable
Events
Failure to
establish
connection to
determine
revocation
status.
Change of
settings.
Success or
failure of
function.
FMT_SMF
_EXT.2
FPT_AEX
_EXT.4
FPT_NOT
_EXT.1
Additional
Audit Record
Contents
a. SSL:Certificate revoked:subject
name=/C=KR/ST=Seoul/L=Youngdungpogu/O=LG Electronics
Inc./OU=it 2/CN=*.lgecloud.com:issuer
Role of user that
changed setting.
Value of new
setting
Role of user that
performed
function.
Function
performed.
Reason for
failure.
Initiation of
software update.
Version of
update.
Initiation of
application
installation or
update.
Unenrollment.
Name and
version of
application.
Blocked attempt
to modify TSF
data.
[selection:
Measurement of
TSF software,
none].
Identity of
administrator.
Remediation
action
performed.
Identity of
subject. Identity
of TSF data.
[selection:
integrity
verification
value, no
additional data].
a. setEnforceAirplaneMode : true, who :
1. Success
a. LG VPN existing profile newly saved : xpsk
b. LG VPN DisableSplitTunneling FALSE : xpsk
c. LG VPN connection SUCCESS : xpsk
2. Failure
a. LG VPN new profile created : xpsk
b. LG VPN DisableSplitTunneling FALSE : xpsk
c. LG VPN connection FAILED : xpsk
d. LG VPN failed REASON : Timeout while connecting
a. Started updating software successfully.
b. SW update Version : XXXXX
a. com.google.android.apps.translate(4.4.0.RC01.104701208):
Installation Success!
b. com.google.android.apps.translate(4.4.0.RC01.104701208):
Removed!
a. [MDMCClog] removeActiveAdmin() requested unenrollment
process~!!!
a. [CCAudit] do_sys_open error=-13 file=/data/dalvikcache/arm/system@app@[email protected]@classes.de
x flag=131650 proc=dex2oat parent=com.lge.ime
1. Bootimage Fail
a. [CCAudit] Image hash :
7D95E4XXXXXXXXXXXXXXXXXXXXX...
b. [CCAudit] cert hash :
420F5BXXXXXXXXXXXXXXXXXX...
c. [CCAudit] Hash is different
d. [CCAudit] Image mis-matched
e. [CCAudit] Secure boot Fail
2. System component fail
a. [CCAudit] [WALLPAPER] : Modules hash :
1EEE9FXXXXXXXXXXXXXXX...
b. [CCAudit] [WALLPAPER] : [ 293] verify_certificate Different hash
c. [CCAudit] [WALLPAPER] : Cert hash :
44D649XXXXXXXXXXXXXXX....
Page 40 of 64
MDFPP
Requirem
ent
Auditable
Events
Additional
Audit Record
Contents
d. [CCAudit] [WALLPAPER] : Verifying fail... 9
[selection:
Measurement of
TSF software,
none].
[selection:
Measurement of
TSF software,
none].
[selection:
integrity
verification
value, no
additional data].
[selection:
integrity
verification
value, no
additional data].
a. Openssl Self-test Started!!!!
b. cc_mode_selftest::OpenSSL fips self-test failed~~!!!
c. Openssl Self-test failed!!! errorno=-9
a. com.lge.org.bouncycastle.crypto.fips.FipsSelfTestFailedError:
Failed self test on encryption: AES
b. at
com.lge.org.bouncycastle.crypto.fips.SelfTestExecutor.validate(
SelfTestExecutor.java:3c. at
com.lge.org.bouncycastle.crypto.fips.FipsAES$EngineProvider.
createEngine(FipsAES.java:918)
d. at
com.lge.org.bouncycastle.crypto.fips.FipsAES.<clinit>(FipsAE
S.java:192)
e. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.loadClass(Fips
Status.java:178)
f. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.access$200(Fip
sStatus.java:21)
g. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus$Loader.<init>(
FipsStatus.java:315)
h. at
com.lge.org.bouncycastle.crypto.fips.FipsStatus.isReady(FipsSt
atus.java:49)
i.
com.lge.org.bouncycastle.crypto.fips.FipsSelfTestFailedError:
j. at
SelfTestExecutor.java:3k. at
l. at
S.java:192)
m. at
Status.java:178)
n. at
sStatus.java:21)
o. at
p. at
Page 41 of 64
MDFPP
Requirem
ent
Auditable
Events
Additional
Audit Record
Contents
atus.java:49)
FPT_TST_
EXT.1
Initiation of selftest. Failure of
self-test.
Algorithm that
caused failure.
1. openssl error log
a. Error entering FIPS mode
b. RSA key generation faild as expected.
c. Testing induced failure of DSA keygen test
d. Pairwise Consistency DSA test failure induced
e. Pairwise Consistency DSA test failed as expected
f. DSA key generation failed as expected.
g. Error entering FIPS mode
h. Testing induced failure of ECDSA keygen test
h. ECDSA key generation failed as expected.
i. Error entering FIPS mode
j. Testing induced failure of DRBG CPRNG test
k. DRBG SHA1 test Failed Incorrectly!!
l. failed INCORRECTLY!
2. BCFIPS error log
a. com.lge.org.bouncycastle.crypto.fips.FipsSelfTestFailedError:
b. at
SelfTestExecutor.java:34)
c. at
d. at
S.java:192)
e. at
Status.java:178)
f. at
sStatus.java:21)
g. at
h. at
atus.java:49)
i. com.lge.org.bouncycastle.crypto.fips.FipsSelfTestFailedError:
j. at
SelfTestExecutor.java:34)
k. at
l. at
Page 42 of 64
MDFPP
Requirem
ent
FPT_TST_
EXT.2
FPT_TUD
_EXT.2
Auditable
Events
Additional
Audit Record
Contents
Start-up of TOE.
Boot Mode.
[selection:
detected
integrity
violation, none].
[selection: The
TSF code file
that caused the
integrity
violation,
no additional
information].
Success or
failure of
signature
verification for
software
updates.
Success or
failure of
signature
verification for
applications.
FTA_TAB.
1
Change in
banner setting.
FTA_WSE
_EXT.1
All attempts to
connect to
access points.
S.java:192)
m. at
Status.java:178)
n. at
sStatus.java:21)
o. at
p. at
atus.java:49)
a. [CCAudit] Start-up BOOT MODE = Reboot_by_PowerKey
1. Bootimage Success
a. [CCAudit] Image hash :
7D95E4XXXXXXXXXXXXXXXXXXXXX…
b. [CCAudit] Secure boot Success
2. System component Success
a. [CCAudit] [WALLPAPER] : Modules hash :
1EEE9FXXXXXXXXXXXXXXX...
b. [CCAudit] [WALLPAPER] : [ 309] verify_certificate Success verifying
a. [CCAudit] Signature verification for software updates
Note: You may need to update FOTA system App to get logs of
this item. Please contact to [email protected] for the application.
1. success :
a. com.lge.mdm.newclient: Signature verification Success!
2. Failure
a. android.content.pm.PackageParser$PackageParserException:
Failed to collect certificates from
/data/app/vmdl1629286186.tmp/base.apk
b. Caused by: java.lang.SecurityException: Incorrect signature
a. Banner is showing
b. Banner is removed
Identity of
access point.
1. SSID that DUT trying to connect
a. Wi-Fi Attempts to connect to [SSID]
Page 43 of 64
MDFPP
Requirem
ent
FTP_ITC_
EXT.1
Additional
Audit Record
Contents
Auditable
Events
Initiation and
termination of
trusted channel.
Initiation and
termination of
trusted channel.
Trusted channel
protocol. NonTOE endpoint of
connection.
Trusted channel
protocol. NonTOE endpoint of
connection.
a. SSL:session connected:hostname=www.googleapis.com
b. SSL:session
terminated:hostname=www.googleadservices.com
included
<Security Setting Related MDM Audit Logs>
No.
1
Change of
Settings
Common
Criteria
Mode
Description
Enable CC
mode
Required
Value
Enable
Audit Records
[MDMCClog] "setCommonCriteriaMode, mode : " + mode + "
(0:NONE, 1:DISABLED, 2:ENABLED)” + “, who : “ +
who.getPackageName()
 mode : 0(COMMONCRITERIA NONE),
1(COMMONCRITERIA DISABLED),
2(COMMONcRITERIA ENABLED)
2
Device
Encryption
Encrypts all
internal
storage
Enable
[MDMCClog] "setEncryptionPolicy : " + policy + " (0:NONE,
1:DEVICE, 2:STORAGE, 3:DEVICE_AND_STORAGE,” +
"4:DEVICE_DISABLED, 5:DISABLED,
6:DEVICE_AND_STORAGE_DISABLED)" + “who : “ +
who.getPackageName())
 policy : int
3
SD Card
Encryption
Encrypts all
SD card
storage
Enable
[MDMCClog] "setEncryptionPolicy : " + policy + " (0:NONE,
1:DEVICE, 2:STORAGE, 3:DEVICE_AND_STORAGE,” +
"4:DEVICE_DISABLED, 5:DISABLED,
6:DEVICE_AND_STORAGE_DISABLED)" + “who : “ +
who.getPackageName())
 policy : int
4
5
Wipe
Device
Removes all
data from
device
Enable
Password
Length
Minimum
number of
characters in a
Greater
than 6
[MDMCClog] "setAllowWipeDataMaster : " + allow
 allow : boolean (true or false)
[MDMCClog] "setPasswordMinimumLength
: " + length + ", ComponentName: " + who.getPackageName()
 length : int
Page 44 of 64
No.
Change of
Settings
Description
Required
Value
Audit Records
password
6
Password
Complexit
y
Specify the
type of
characters
required in a
password
[MDMCClog] setActivePasswordState, quality: 327680
 quality : password quality (Unspecified(0
(0x00000000)), Something(65536 (0x00010000)),
Numeric(131072 (0x00020000)), Alphabetic(262144
(0x00040000)), Alphanumeric(327680 (0x00050000)),
Complex(393216 (0x00060000)))
 more detailed :
http://developer.android.com/intl/es/reference/android/
app/admin/DevicePolicyManager.html#PASSWORD_
QUALITY_ALPHANUMERIC
[MDMCClog] "setPasswordMinimumLetters: " + length + ",
ComponentName: " + who.getPackageName()
 length : int
[MDMCClog] "setPasswordExpirationTimeout: " + timeout + ",
 timeout : long (millisecond)
ex. 1Day = 24*60*60*1000
7
Password
Expiration
Maximum
length of time
before a
password must
change
8
Maximum
password
failed
attempt
10 or less
Maximum
number of
authenticatio
n failures
[MDMCClog] "setMaximumFailedPasswordsForWipe: " + num
+ ", ComponentName: " + who.getPackageName()
 num : int
9
Password
Visible
The last
character of
the password
is visible for a
few seconds if
enabled
Disable
[MDMCClog] "setAllowPasswordTypingVisible: " + allow + ",
who : " + who.getPackageName()
10
Show
password
Disallow show
password
option on the
configuration
screen of lockscreen
password
Disable
[MDMCClog] "setAllowPasswordVisible: " + allow + ", who :
" + who.getPackageName()
11
Inactivity
to lockout
Time before
lock-screen is
engaged
Less than
15 minutes
[MDMCClog] "setMaximumTimeToLock: " + timeMS + ",
 timeMS : long (millisecond)
ex. 1Day = 24*60*60*1000
12
Banner2)
Banner
message
displayed on
the lockscreen
Administra
tor defined
text
[MDMCClog] "setWarningMsg: " + allow + “, str : “ + str + ",
 allow : boolean (true or false), str : String
Page 45 of 64
No.
Change of
Settings
Description
Required
Value
Audit Records
13
Remote
Lock
Looks the
device
remotely
Enable
MDMCClog: setLockoutNow, level : 1
(0:UNLOCKOUT_STATE,
1:stUnlockoutNow(ComponentName), 2:LOCKOUT_STATE),
str : tyui, recoveryKey : null, who : com.lge.mdm.newclient
14
Smart lock
Control smart
lock
KEYGUA
RD_DISA
BLE_FEA
TURES_N
ONE/KEY
GUARD_
DISABLE
_TRUST_
AGENTS
[MDMCClog] ""setKeyguardDisabledFeatures: " + which
+ " (0:FEATURES_NONE, 1:WIDGETS_ALL,
2:SECURE_CAMERA"
+ "3:SECURENOTIFICATIONS, 4:TRUST_AGENTS,
5:UNREDACTED_NOTIFICATIONS"
+ "6:FINGERPRINT, 7:FEATURES_ALL)" + ",
 which : int
15
Transition
to the
locked
state
Prevents a
user from
turning off the
power button
instantly
locks.
Disable
[MDMCClog] "setEnforcePowerButtonLocks: " + allow + ",
16
Remove
Enterprise
application
s
You cannot
see the
application
icon in the
Launcher's
menu
Disable
MDMCClog: setApplicationState, list :
[LGMDMApplicationState
[packageName=com.google.android.gm, allowInstallation=0,
allowUninstallation=0, enable=3], who : com.lge.mdm.new
 Enable : 0(Default), 1(Enable), 2(Disable), 3(Hide)
17
Import CA
Certificate
s
Import CA
Certificates
into the Trust
Anchor
Database or
the credential
storage
[MDMCClog] "installCertificate, certificateId : " + certificateId
+ ", who : " + who.getPackageName()
 certificteId : String
18
Remove
Certificate
s
Remove
certificates
from the
Trust Anchor
Database or
the credential
storage
[MDMCClog] "uninstallCertificate, certificateId : " +
certificateId + ", who : " + who.getPackageName()
 certificteId : String
19
Control
Wi-Fi
Control access
to Wi-Fi
Enable/Dis
able
[MDMCClog] "setAllowWifi: " + allow + ", who : " +
20
Control
GPS
Control access
to GPS
Enable/Dis
able
21
Control
Cellular
Control access
to Cellular
Enable/Dis
able
22
Control
Control access
Enable/Dis
[MDMCClog] "setGPSLocation: " + allow + ", who : " +
[MDMCClog] "setAllowMobileNetwork: " + allow + ", who : "
+ who.getPackageName()
[MDMCClog] "setAllowNfc: " + allow + " (0:DISALLOW,
Page 46 of 64
No.
Change of
Settings
Description
Required
Value
Audit Records
NFC
to NFC
able
1:ALLOW)" + ", who : " + who.getPackageName()
[MDMCClog] "setAllowBluetooth: " (" + who + ") : " + allow
+ " (0:DISALLOW, 1:ALLOW_AUDIOONLY, 2:ALLOW)"
 allow : int
MDMCClog: setAllowWirelessLocationWithWhitelist : false,
list : [com.android.chrome], who : com.lge.mdm.newclient
23
Control
Bluetooth
Control access
to Bluetooth
Enable/Dis
able
24
Control
Location
Service
Control access
to Location
Service
Enable/Dis
able
25
Control
SMS
Control
Messaging
capabilities
Enable/Dis
able
[MDMCClog] "setAllowSendingSMS: " + allow + ", who : " +
allow : boolean (true or false)
26
Control
VPN
Control access
to VPN
Enable/Dis
able
[MDMCClog] "setAllowVon: " + allowType + ", who : " +
 allow : 0 (allow), 3(disallow)
28
Specify
Wi-Fi
SSIDs
Specify SSID
values for
connecting to
Wi-Fi. Can
also create
white and
black lists for
SSIDs.
listType =
2
MDMCClog: addNetwork, config : * ID: -1 SSID: "
testAP_802.1x" BSSID: null PRIO: 40
29
Set WLAN
CA
Certificate
Select the CA
Certificate for
the Wi-FI
connection
CA
Certificate
MDMCClog: ca_cert: mdmweak
30
Specify
security
type
Specify the
connection
security
(WEP, WPA2,
etc)
Wi-Fi
connection
type
MDMCClog: KeyMgmt: WPA_EAP IEEE8021X Protocols
31
Select
authenticat
ion
protocol
Specify the
EAP-TLS
connection
values
Wi-Fi
protocol
MDMCClog: eap: TTLS
32
Select
client
credentials
Specify the
client
credentials to
access a
specified
WLAN
Wi-Fi
credentials
MDMCClog: client_cert: mdmweak
33
Control
Microphon
e
Control access
to
microphones
Enable/Dis
able
[MDMCClog] "setAllowMicrophone : " + allow + ", who : " +
34
Control
Camera
Control access
to camera
Enable/Dis
able
[MDMCClog] "setCameraDisabled : " + disabled + ",
 disabled : boolean (true or false)
Page 47 of 64
No.
Change of
Settings
Description
Required
Value
Audit Records
35
Control
USB Mass
Storage
Control access
to mounting
the device for
storage over
USB.
Enable/Dis
able
[MDMCClog] "setAllowUsb : " + allow + ", who : " +
36
Control
USB
Debugging
Control access
to USB
debugging.
Enable/Dis
able
[MDMCClog] "setAllowUSBDebugging : " + allow + ", who : "
37
Control SD
Card
Control access
to SD card
storage.
Enable/Dis
able
[MDMCClog] "setAllowExternalMemorySlot : " + allow + ",
38
Control
USB
Tethered
Connectio
ns
Control access
to USB
tethered
connections.
Enable/Dis
able
[MDMCClog] "setAllowUSBTethering : " + allow + ", who : "
39
Control
Bluetooth
Tethered
Connectio
ns
Control access
to Bluetooth
tethered
connections.
Enable/Dis
able
[MDMCClog] "setAllowBluetoothTethering : " + allow + ",
40
Control
Hotspot
Connectio
ns
Control access
to Wi-Fi
hotspot
connections
Enable/Dis
able
[MDMCClog] "setAllowHotspot : " + allow + ", who : " +
42
Enable/dis
able all
data
signaling
over USB
The USB
mode is forced
to be
configured as
none.
Disable
MDMCClog: setEnfoceUsbModeAsNone : false, who :
43
Install
Applicatio
n
Installs
specified
application
MDMCClog: installApplication, path :
/storage/emulated/0/mytest.p12, who : com.lge.mdm.newclient
44
Uninstall
Applicatio
n
Uninstalls
specified
application
MDMCClog: uninstallApplication, packageName :
com.wildtangent.android, who : com.lge.mdm.newclient
45
Applicatio
n Whitelist
Specifies a list
of applications
that may be
installed
LGMDMApplicationState [packageName=com.amazon.kindle,
allowInstallation=1, allowUninstallation=0,enable=0]], who :
 allowInstallation : 0(Default), 1(Enable), 2(Disable)
46
Applicatio
n Blacklist
Specifies a list
of applications
that may not
be installed
LGMDMApplicationState [packageName=com.amazon.kindle,
allowInstallation=2, allowUninstallation=0,enable=0]], who :
 allowInstallation : 0(Default), 1(Enable), 2(Disable)
Page 48 of 64
Change of
Settings
Description
48
Control
Download
Mode
Control access
to Download
Mode
49
Control
VPN splittunneling
Control access
to VPN splittunneling
Disable
MDMCClog: setAllowVPNSplitTunneling : false, who :
50
Enable/dis
able
backup to
Disable
backup
locally
connected
system
Disable
MDMCClog: setAllowSpecificApplication : false,
applicationName : LGBACKUP, who : com.lge.mdm.newclient
No.
Required
Value
Audit Records
[MDMCClog] "setAllowDownloadMode : " + allow + ", who :
" + who.getPackageName()
to
MDMCClog: setAllowGoogleBackup : false, who :
Disable
backup to
remote system
51
Configure
the
auditable
items
CC mode is
forced to be
configured
with auditable
items at one
time
Enable
MDMCClog: setCommonCriteriaMode : 2 (0:NONE,
1:DISABLED, 2:ENABLED), who : com.lge.mdm.newclient
Page 49 of 64
Page 50 of 64
10. Data Separation
This section describes how to install ‘Work Profile’ of ‘Android for Work’ and wipe enterprise data.
10.1 Work Profile installation and Data Separation
There are 2 ways to set up work profile installation.
The first one is using Corp. Account. When a Corp. Account that's set to enforce EMM policy is added to a device
(either on a new device in the Setup Wizard, or afterwards from Settings), the corresponding DPC(Device Policy
Controller) for that account’s domain will be downloaded and invoked in order to continue the setup AfW work
profile.
The other way is by using the DPC that is downloaded via Play Store or EMM store and just executed to set up AfW
work profile.
The data separation between personal and work profiles is implemented by storage emulation. Each profile has its
own physical storage, which can be accessed only by the applications in it. When an application starts, the physical
storage is mounted to an application as an emulated path that is mapped with its own UserHandle. An application
with a different UserHandle is not allowed to accessing data stored with the original UserHandle.
Additionally, all data separation is governed at the system level, all the way down to the SELinux kernel, which runs
in full enforcement mode as of Lollipop. Separation between the work and personal users is strictly enforced, and
cross-sharing of intents from work to personal is off by default. The admin does have the option to enable sharing in
certain instances, such as work contacts to the system dialer for caller ID.
10.2 How to wipe enterprise data (Work Profile)
The android framework is supporting the method to be able to wipe enterprise data that is described in
DevicePolicyManager.
So DPC(Device Policy Controller) just calls the method for wiping all of the enterprise data in the work profile.
Page 51 of 64
Appendix A Generating Secure Random Data
This appendix guides how to generate cryptographically secure pseudo-random data.
To use FIPS validated SecureRandom, enable FIPS mode of OpenSSL first. See Appendix C.
Reference Page: http://developer.android.com/reference/java/security/SecureRandom.html
A.1 Android API for Generating Secure Random Data
SecureRandom() provides the most cryptographically strong provider available as following example.
com.android.org.conscrypt.FipsMode.FIPS_mode_set(1);
SecureRandom sr = new SecureRandom();
Byte[] output = new byte[16]
Sr.nextBytes(output);
Page 52 of 64
Appendix B Secure Key Storage
This appendix guides how to utilize the key management with Keystore APIs
Reference Page:
https://developer.android.com/reference/java/security/KeyStore.html
B.1 Key Usage
Use the AndroidKeyStore provider to let an individual app store its own credentials that only the application itself
can access. This provides a way for applications to manage credentials that are usable only by themselves.
AndroidKeyStore is registered as a KeyStore type for use with the KeyStore.getInstance(type) method and as a
provider for use with the KeyPairGenerator.getInstance(algorithm, provider) method.
You can refer to examples from the Android KeyStore System webpage for generating a new key pair, signing and
verifying as follow.
Reference pages:
https://developer.android.com/training/articles/keystore.html
https://developer.android.com/reference/java/security/KeyPairGenerator.html
https://developer.android.com/intl/ko/reference/android/security/keystore/KeyGenParameterSpec.html
B.2 Symmetric Key Generation
The Android Keystore system lets you create secret keys in the secure key storage.
KeyGenerator keygen = KeyGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
keygen.init(new KeyGenParameterSpec.Builder(
"AESTEST",
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.setRandomizedEncryptionRequired(false)
.build());
SecretKey sk = keygen.generateKey();
Generators of AndroidKeyStore
“AES” SecretKeyFactory & KeyGenerator
B.3 Symmetric key encryption/decryption
Applications can encrypt their plain text by using a SecretKey stored in the AndroidKeyStore.
Encrypt and decrypt a message by a key stored in the AndroidKeyStore
AlgorithmParameterSpec ivSpec = new IvParameterSpec(hexToBytes(iv));
KeyStore keystore = KeyStore.getInstance("AndroidKeyStore");
keystore.load(null);
SecretKeyEntry keystoreKey = (SecretKeyEntry)keystore.getEntry("AESTEST", null);
Page 53 of 64
SecretKey sk = keystoreKey.getSecretKey();
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, sk, ivSpec);
byte[] encrypted = cipher.doFinal(hexToBytes(plaintext));
cipher.init(Cipher.DECRYPT_MODE, sk, ivSpec);
byte[] decrypted = cipher.doFinal(encrypted);
Cipher algorithm of AndoridKeyStore
“AES/ECB/NoPadding”
B.4 Asymmetric Key Generation
Generate a key pair in the AndroidKeyStore
KeyPairGenerator kpg1 = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg1.initialize(new KeyGenParameterSpec.Builder(
"RSATEST1",
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
.setKeySize(Integer.parseInt(mod))
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384,
KeyProperties.DIGEST_SHA512)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.build());
// Generate Key Pair from the Secure Key Store
kpg1.generateKeyPair();
Generators of AndroidKeyStore
“RSA” KeyFactory & KeyPairGenerator
“EC” KeyFactory & KeyPairGenerator
B.5 Asymmetric Key Sign and Verify
Sign and verify
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
// Get RSA Key
KeyStore.Entry entry1 = ks.getEntry("TEST1", null);
PrivateKey privKey1 = ((PrivateKeyEntry) entry1).getPrivateKey();
PublicKey pubKey1 = ((PrivateKeyEntry) entry1).getCertificate().getPublicKey();
// Sign Test
Signature s = Signature.getInstance(algorithm);
s.initSign(privKey1);
s.update(msg, 0, expectedMaxMessageSizeBytes);
byte[] signature = s.sign();
// Verify Test
s.initVerify(pubKey1);
Page 54 of 64
s.update(msg, 0, expectedMaxMessageSizeBytes);
Signature algorithms of AndroidKeyStore
“NONEwithRSA”
“SHA1withRSA”
“SHA256withRSA”
“SHA384withRSA”
“SHA512withRSA”
“ECDSA”
B.6 Key Destruction
Application can delete the entry identified with the given alias from this KeyStore.
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
ks.deleteEntry(“TEST_ALIAS_1”);
Page 55 of 64
Appendix C Configuration of FIPS Validated Cryptographic Engines
This appendix guides how to configure FIPS mode.
C.1 Setting the FIPS Mode
Get a FIPS status of OpenSSL by FIPS_mode() function and set FIPS mode by FIPS_mode_set() function.
Example code
import com.android.org.conscrypt.FipsMode;
if (FipsMode.FIPS_mode() != 1) {
if (FipsMode.FIPS_mode_set(1) != 1) {
Log.e("CryptoTest", "Failed to OpenSSL enable");
} else {
Toast.makeText(this, "OpenSSL FIPS Mode Enable Success", Toast.LENGTH_LONG).show();
}
} else {
Toast.makeText(this, "OpenSSL is in FIPS Mode", Toast.LENGTH_LONG).show();
}
C.2 SDK for FipsMode APIs
A SDK is needed to build an application using FipsMode APIs. Please contact to [email protected] for the information about the SDK for FipsMode APIs.
Page 56 of 64
Appendix D Guidance for using HTTPS/TLS APIs
This appendix guides how to use HTTPS/TLS APIs in your source codes. Using URL class is easy and safe way to
use HTTPS. Developers can use SSLSocket class directly to utilize TLS connection.
The detail guidance is available at following reference webpages.
Reference webpage:
http://developer.android.com/reference/javax/net/ssl/package-summary.html
https://developer.android.com/training/articles/security-ssl.html
D.1 Android APIs for TLS connection
Https connections can be established by using URL class.
URL url = new URL("https://wikipedia.org");
URLConnection urlConnection = url.openConnection();
InputStream in = urlConnection.getInputStream();
copyInputStreamToOutputStream(in, System.out);
D.2 How to set cipher suites using Android API
It describes how to set TLS cipher suites with Android APIs. The cipher suites are limited on the CC Mode to
prevent TLS connection by weak cipher suites because LG Android platform restricts other cipher suites not in the
following table from being set when generating cipher suites list of client hello message for TLS connection.
Application developers can choose few cipher suites among the approved cipher suites.
Example codes
private X509HostnameVerifier hostname Verifier;
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException
{
SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(socket,
host, port, autoClose);
sslSocket.setEnabledProtocols(protocol);
String[] ciphersuits = new String[]{"AES128-SHA",
"AES256-SHA",
"DHE-RSA-AES128-SHA",
"DHE-RSA-AES256-SHA",
"AES128-SHA256",
"AES256-SHA256",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384"};
sslSocket.setEnabledCipherSuites(ciphersuits);
hostnameVerifier.verify(host, sslSocket);
return sslSocket;
Page 57 of 64
}
Approved Cipher suites
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS version
TLSv1
TLSv1.1
TLSv1.2
D.3 How to set client certificate
If server requires client certificate to establish connection, client should provide a certificate to be authenticated by
the sever.
A custom X509KeyManager can be used to supply a client certificate.
Example codes
KeyStore keyStore = ...;
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), null, null);
URL url = new URL("https://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
Reference webpage:
http://developer.android.com/intl/ko/reference/javax/net/ssl/HttpsURLConnection.html
Page 58 of 64
Appendix E Guidance for Bluetooth APIs
This appendix guides how to establish a secure channel for Bluetooth in your source codes.
Reference webpage:
http://developer.android.com/reference/android/bluetooth/package-summary.html
E.1 Android APIs for Bluetooth
Android provides classes that manage Bluetooth functionality, such as scanning for devices, connecting with devices,
and managing data transfer between devices. The Bluetooth API supports both "Classic Bluetooth" and Bluetooth
Low Energy.
The Bluetooth APIs let applications:
•
•
•
•
•
•
•
Scan for other Bluetooth devices (including BLE devices).
Query the local Bluetooth adapter for paired Bluetooth devices.
Establish RFCOMM channels/sockets.
Connect to specified sockets on other devices.
Transfer data to and from other devices.
Communicate with BLE devices, such as proximity sensors, heart rate monitors, fitness devices, and so on.
Act as a GATT client or a GATT server (BLE).
BluetoothA2dp
This class provides the public APIs to control the Bluetooth A2DP profile.
BluetoothGatt
Public API for the Bluetooth GATT Profile.BluetoothGattServer
Public API for the
Bluetooth GATT Profile server role.
BluetoothHeadset
Public API for controlling the Bluetooth Headset Service.
BluetoothHealth
Public API for Bluetooth Health Profile.
BluetoothAdapter
Represents the local device Bluetooth adapter.
BluetoothDevice
Represents a remote Bluetooth device.
BluetoothManager
High level manager used to obtain an instance of an BluetoothAdapter and to conduct
overall Bluetooth Management.
BluetoothServerSocket
A listening Bluetooth socket.
BluetoothSocket
A connected or connecting Bluetooth socket.
E.2 How to establish a secure channel for Bluetooth using Android API
It describes how to establish a secure channel for Bluetooth with Android APIs.
Example codes
Start the bonding (pairing) process with the remote device.
public boolean startPairing() {
if (!mDevice.createBond()) {
return false;
}
This is an asynchronous call, it will return immediately. Register for ACTION_BOND_STATE_CHANGED
intents to be notified when the bonding process completes, and its result. Android system services will handle
the necessary user interactions to confirm and complete the bonding process.
public SecureSocket createSocket() {
Page 59 of 64
BluetoothSocket socket = null;
try {
socket = device.createRfcommSocketToServiceRecord(UUID_SPP);
} catch (IOException e) {
;
}
Use this socket only if an authenticated socket link is possible. Authentication refers to the authentication of the
link key to prevent man-in-the-middle type of attacks. For example, for Bluetooth 2.1 devices, if any of the
devices does not have an input and output capability or just has the ability to display a numeric key, a secure
socket connection is not possible.
E.3 How to interact with the BLE device via the Android BLE API
Here is an example to interact with the BLE device via the Android BLE API.
// A service that interacts with the BLE device via the Android BLE API.
public class BluetoothLeService extends Service {
private final static String TAG = BluetoothLeService.class.getSimpleName();
private BluetoothManager mBluetoothManager;
private BluetoothAdapter mBluetoothAdapter;
private String mBluetoothDeviceAddress;
private BluetoothGatt mBluetoothGatt;
private int mConnectionState = STATE_DISCONNECTED;
private static final int STATE_DISCONNECTED = 0;
private static final int STATE_CONNECTING = 1;
private static final int STATE_CONNECTED = 2;
public final static String ACTION_GATT_CONNECTED =
"com.example.bluetooth.le.ACTION_GATT_CONNECTED";
public final static String ACTION_GATT_DISCONNECTED =
"com.example.bluetooth.le.ACTION_GATT_DISCONNECTED";
public final static String ACTION_GATT_SERVICES_DISCOVERED =
"com.example.bluetooth.le.ACTION_GATT_SERVICES_DISCOVERED";
public final static String ACTION_DATA_AVAILABLE =
"com.example.bluetooth.le.ACTION_DATA_AVAILABLE";
public final static String EXTRA_DATA =
"com.example.bluetooth.le.EXTRA_DATA";
public final static UUID UUID_HEART_RATE_MEASUREMENT =
UUID.fromString(SampleGattAttributes.HEART_RATE_MEASUREMENT);
// Various callback methods defined by the BLE API.
private final BluetoothGattCallback mGattCallback =
new BluetoothGattCallback() {
@Override
public void onConnectionStateChange(BluetoothGatt gatt, int status,
int newState) {
String intentAction;
if (newState == BluetoothProfile.STATE_CONNECTED) {
intentAction = ACTION_GATT_CONNECTED;
mConnectionState = STATE_CONNECTED;
Page 60 of 64
broadcastUpdate(intentAction);
Log.i(TAG, "Connected to GATT server.");
Log.i(TAG, "Attempting to start service discovery:" +
mBluetoothGatt.discoverServices());
} else if (newState == BluetoothProfile.STATE_DISCONNECTED) {
intentAction = ACTION_GATT_DISCONNECTED;
mConnectionState = STATE_DISCONNECTED;
Log.i(TAG, "Disconnected from GATT server.");
broadcastUpdate(intentAction);
}
}
@Override
// New services discovered
public void onServicesDiscovered(BluetoothGatt gatt, int status) {
if (status == BluetoothGatt.GATT_SUCCESS) {
broadcastUpdate(ACTION_GATT_SERVICES_DISCOVERED);
} else {
Log.w(TAG, "onServicesDiscovered received: " + status);
}
}
@Override
// Result of a characteristic read operation
public void onCharacteristicRead(BluetoothGatt gatt,
BluetoothGattCharacteristic characteristic,
int status) {
if (status == BluetoothGatt.GATT_SUCCESS) {
broadcastUpdate(ACTION_DATA_AVAILABLE, characteristic);
}
}
...
};
...
}
http://developer.android.com/intl/ko/guide/topics/connectivity/bluetooth-le.html
E.4 How to establish a profile connection for Bluetooth using Android API
It describes how to establish a profile connection for Bluetooth with Android APIs.
Example codes
You can connect device with each profile like as below.
-
profile.connect(mDevice)
You can get the each profile proxy like as below API to handle each profiles.
public boolean getProfileProxy(Context context, BluetoothProfile.ServiceListener listener,
int profile) {
if (context == null || listener == null) return false;
Page 61 of 64
if (profile == BluetoothProfile.HEADSET) {
BluetoothHeadset headset = new BluetoothHeadset(context, listener);
return true;
} else if (profile == BluetoothProfile.A2DP) {
BluetoothA2dp a2dp = new BluetoothA2dp(context, listener);
return true;
} else if (profile == BluetoothProfile.A2DP_SINK) {
BluetoothA2dpSink a2dpSink = new BluetoothA2dpSink(context, listener);
return true;
} else if (profile == BluetoothProfile.AVRCP_CONTROLLER) {
BluetoothAvrcpController avrcp = new BluetoothAvrcpController(context, listener);
return true;
} else if (profile == BluetoothProfile.INPUT_DEVICE) {
BluetoothInputDevice iDev = new BluetoothInputDevice(context, listener);
return true;
} else if (profile == BluetoothProfile.PAN) {
BluetoothPan pan = new BluetoothPan(context, listener);
return true;
} else if (profile == BluetoothProfile.DUN) {
BluetoothDun dun = new BluetoothDun(context, listener);
return true;
} else if (profile == BluetoothProfile.HEALTH) {
BluetoothHealth health = new BluetoothHealth(context, listener);
return true;
} else if (profile == BluetoothProfile.MAP) {
BluetoothMap map = new BluetoothMap(context, listener);
return true;
} else if (profile == BluetoothProfile.HEADSET_CLIENT) {
BluetoothHeadsetClient headsetClient = new BluetoothHeadsetClient(context, listener);
return true;
} else if (profile == BluetoothProfile.SAP) {
BluetoothSap sap = new BluetoothSap(context, listener);
return true;
} else if (profile == BluetoothProfile.HID_DEVICE) {
BluetoothHidDevice hidd = new BluetoothHidDevice(context, listener);
return true;
} else {
return false;
}
}
Page 62 of 64
Appendix F Guidance for Access control to System services
F.1 access control to system services
Users can restrict applications access to sysem service in application install time.
If users want to install an application from Android PlayStore, the users must accept all permissions for system
services used by the application when the application is installed.
Page 63 of 64
Page 64 of 64

LG Electronics Inc. LG Android 6 devices (G5, V10, G4)

Transcription

Similar documents

Super Bowl 50 Stats

Able2Extract mobile Quick Start Guide

Full Map

Cloud4Wi introduction

Click to edit Master title style Welcome!

visionnet W205-4

3D Snow Rally Canada

Moovbox M310 Mobile Broadband Gateway Connected vehicle

HM1700 BLUETOOTH® HEADSET

A WarioWare Inspired Android Powered Game Salisbury University