Skip to content

GitLab

Commit 94436163 authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Cleanup keystore API 

Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.

Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
parent 1932efc8
Hide whitespace changes
Inline Side-by-side
Showing with 109 additions and 270 deletions
keystore/IKeystoreService.cpp
View file @ 94436163
......@@ -396,19 +396,20 @@ public:
}
// test ping
virtual int32_t test()
virtual int32_t getState(int32_t userId)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
data.writeInt32(userId);
status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
if (status != NO_ERROR) {
ALOGD("test() could not contact remote: %d\n", status);
ALOGD("getState() could not contact remote: %d\n", status);
return -1;
}
int32_t err = reply.readExceptionCode();
int32_t ret = reply.readInt32();
if (err < 0) {
ALOGD("test() caught exception %d\n", err);
ALOGD("getState() caught exception %d\n", err);
return -1;
}
return ret;
......@@ -512,15 +513,15 @@ public:
return ret;
}
virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
data.writeString16(name);
data.writeString16(prefix);
data.writeInt32(uid);
status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
if (status != NO_ERROR) {
ALOGD("saw() could not contact remote: %d\n", status);
ALOGD("list() could not contact remote: %d\n", status);
return -1;
}
int32_t err = reply.readExceptionCode();
......@@ -530,7 +531,7 @@ public:
}
int32_t ret = reply.readInt32();
if (err < 0) {
ALOGD("saw() caught exception %d\n", err);
ALOGD("list() caught exception %d\n", err);
return -1;
}
return ret;
......@@ -575,10 +576,11 @@ public:
return ret;
}
virtual int32_t lock()
virtual int32_t lock(int32_t userId)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
data.writeInt32(userId);
status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
if (status != NO_ERROR) {
ALOGD("lock() could not contact remote: %d\n", status);
......@@ -613,22 +615,23 @@ public:
return ret;
}
virtual int32_t zero()
virtual bool isEmpty(int32_t userId)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
data.writeInt32(userId);
status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
if (status != NO_ERROR) {
ALOGD("zero() could not contact remote: %d\n", status);
return -1;
ALOGD("isEmpty() could not contact remote: %d\n", status);
return false;
}
int32_t err = reply.readExceptionCode();
int32_t ret = reply.readInt32();
if (err < 0) {
ALOGD("zero() caught exception %d\n", err);
return -1;
ALOGD("isEmpty() caught exception %d\n", err);
return false;
}
return ret;
return ret != 0;
}
virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
......@@ -787,26 +790,6 @@ public:
return 0;
}
virtual int32_t del_key(const String16& name, int uid)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
data.writeString16(name);
data.writeInt32(uid);
status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
if (status != NO_ERROR) {
ALOGD("del_key() could not contact remote: %d\n", status);
return -1;
}
int32_t err = reply.readExceptionCode();
int32_t ret = reply.readInt32();
if (err < 0) {
ALOGD("del_key() caught exception %d\n", err);
return -1;
}
return ret;
}
virtual int32_t grant(const String16& name, int32_t granteeUid)
{
Parcel data, reply;
......@@ -927,64 +910,6 @@ public:
return ret;
}
virtual int32_t reset_uid(int32_t uid) {
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
data.writeInt32(uid);
status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
if (status != NO_ERROR) {
ALOGD("reset_uid() could not contact remote: %d\n", status);
return -1;
}
int32_t err = reply.readExceptionCode();
int32_t ret = reply.readInt32();
if (err < 0) {
ALOGD("reset_uid() caught exception %d\n", err);
return -1;
}
return ret;
}
virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
data.writeInt32(sourceUid);
data.writeInt32(targetUid);
status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
if (status != NO_ERROR) {
ALOGD("sync_uid() could not contact remote: %d\n", status);
return -1;
}
int32_t err = reply.readExceptionCode();
int32_t ret = reply.readInt32();
if (err < 0) {
ALOGD("sync_uid() caught exception %d\n", err);
return -1;
}
return ret;
}
virtual int32_t password_uid(const String16& password, int32_t uid)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
data.writeString16(password);
data.writeInt32(uid);
status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
if (status != NO_ERROR) {
ALOGD("password_uid() could not contact remote: %d\n", status);
return -1;
}
int32_t err = reply.readExceptionCode();
int32_t ret = reply.readInt32();
if (err < 0) {
ALOGD("password_uid() caught exception %d\n", err);
return -1;
}
return ret;
}
virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
{
Parcel data, reply;
......@@ -1340,9 +1265,10 @@ status_t BnKeystoreService::onTransact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
switch(code) {
case TEST: {
case GET_STATE: {
CHECK_INTERFACE(IKeystoreService, data, reply);
int32_t ret = test();
int32_t userId = data.readInt32();
int32_t ret = getState(userId);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
......@@ -1400,12 +1326,12 @@ status_t BnKeystoreService::onTransact(
reply->writeInt32(ret);
return NO_ERROR;
} break;
case SAW: {
case LIST: {
CHECK_INTERFACE(IKeystoreService, data, reply);
String16 name = data.readString16();
String16 prefix = data.readString16();
int uid = data.readInt32();
Vector<String16> matches;
int32_t ret = saw(name, uid, &matches);
int32_t ret = list(prefix, uid, &matches);
reply->writeNoException();
reply->writeInt32(matches.size());
Vector<String16>::const_iterator it = matches.begin();
......@@ -1433,7 +1359,8 @@ status_t BnKeystoreService::onTransact(
} break;
case LOCK: {
CHECK_INTERFACE(IKeystoreService, data, reply);
int32_t ret = lock();
int32_t userId = data.readInt32();
int32_t ret = lock(userId);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
......@@ -1447,11 +1374,12 @@ status_t BnKeystoreService::onTransact(
reply->writeInt32(ret);
return NO_ERROR;
} break;
case ZERO: {
case IS_EMPTY: {
CHECK_INTERFACE(IKeystoreService, data, reply);
int32_t ret = zero();
int32_t userId = data.readInt32();
bool ret = isEmpty(userId);
reply->writeNoException();
reply->writeInt32(ret);
reply->writeInt32(ret ? 1 : 0);
return NO_ERROR;
} break;
case GENERATE: {
......@@ -1570,15 +1498,6 @@ status_t BnKeystoreService::onTransact(
reply->writeInt32(ret);
return NO_ERROR;
} break;
case DEL_KEY: {
CHECK_INTERFACE(IKeystoreService, data, reply);
String16 name = data.readString16();
int uid = data.readInt32();
int32_t ret = del_key(name, uid);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
} break;
case GRANT: {
CHECK_INTERFACE(IKeystoreService, data, reply);
String16 name = data.readString16();
......@@ -1632,32 +1551,6 @@ status_t BnKeystoreService::onTransact(
reply->writeInt32(ret);
return NO_ERROR;
}
case RESET_UID: {
CHECK_INTERFACE(IKeystoreService, data, reply);
int32_t uid = data.readInt32();
int32_t ret = reset_uid(uid);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case SYNC_UID: {
CHECK_INTERFACE(IKeystoreService, data, reply);
int32_t sourceUid = data.readInt32();
int32_t targetUid = data.readInt32();
int32_t ret = sync_uid(sourceUid, targetUid);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case PASSWORD_UID: {
CHECK_INTERFACE(IKeystoreService, data, reply);
String16 password = data.readString16();
int32_t uid = data.readInt32();
int32_t ret = password_uid(password, uid);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case ADD_RNG_ENTROPY: {
CHECK_INTERFACE(IKeystoreService, data, reply);
const uint8_t* bytes = NULL;
......
keystore/include/keystore/IKeystoreService.h
View file @ 94436163
......@@ -98,50 +98,46 @@ void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel*
class IKeystoreService: public IInterface {
public:
enum {
TEST = IBinder::FIRST_CALL_TRANSACTION + 0,
GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0,
GET = IBinder::FIRST_CALL_TRANSACTION + 1,
INSERT = IBinder::FIRST_CALL_TRANSACTION + 2,
DEL = IBinder::FIRST_CALL_TRANSACTION + 3,
EXIST = IBinder::FIRST_CALL_TRANSACTION + 4,
SAW = IBinder::FIRST_CALL_TRANSACTION + 5,
LIST = IBinder::FIRST_CALL_TRANSACTION + 5,
RESET = IBinder::FIRST_CALL_TRANSACTION + 6,
ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7,
LOCK = IBinder::FIRST_CALL_TRANSACTION + 8,
UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9,
ZERO = IBinder::FIRST_CALL_TRANSACTION + 10,
IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10,
GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11,
IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12,
SIGN = IBinder::FIRST_CALL_TRANSACTION + 13,
VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14,
GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15,
DEL_KEY = IBinder::FIRST_CALL_TRANSACTION + 16,
GRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 18,
GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 19,
DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 20,
IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 21,
CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 22,
RESET_UID = IBinder::FIRST_CALL_TRANSACTION + 23,
SYNC_UID = IBinder::FIRST_CALL_TRANSACTION + 24,
PASSWORD_UID = IBinder::FIRST_CALL_TRANSACTION + 25,
ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 26,
GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 27,
GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 28,
IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 29,
EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 30,
BEGIN = IBinder::FIRST_CALL_TRANSACTION + 31,
UPDATE = IBinder::FIRST_CALL_TRANSACTION + 32,
FINISH = IBinder::FIRST_CALL_TRANSACTION + 33,
ABORT = IBinder::FIRST_CALL_TRANSACTION + 34,
IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 35,
ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 36,
ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 37,
ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 38,
GRANT = IBinder::FIRST_CALL_TRANSACTION + 16,
UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18,
DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19,
IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20,
CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21,
ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22,
GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23,
GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24,
IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25,
EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26,
BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27,
UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28,
FINISH = IBinder::FIRST_CALL_TRANSACTION + 29,
ABORT = IBinder::FIRST_CALL_TRANSACTION + 30,
IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31,
ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32,
ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33,
ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34,
};
DECLARE_META_INTERFACE(KeystoreService);
virtual int32_t test() = 0;
virtual int32_t getState(int32_t userId) = 0;
virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength) = 0;
......@@ -152,17 +148,17 @@ public:
virtual int32_t exist(const String16& name, int uid) = 0;
virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches) = 0;
virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches) = 0;
virtual int32_t reset() = 0;
virtual int32_t onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0;
virtual int32_t lock() = 0;
virtual int32_t lock(int32_t userId) = 0;
virtual int32_t unlock(int32_t userId, const String16& password) = 0;
virtual int32_t zero() = 0;
virtual bool isEmpty(int32_t userId) = 0;
virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
int32_t flags, Vector<sp<KeystoreArg> >* args) = 0;
......@@ -178,8 +174,6 @@ public:
virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) = 0;
virtual int32_t del_key(const String16& name, int uid) = 0;
virtual int32_t grant(const String16& name, int32_t granteeUid) = 0;
virtual int32_t ungrant(const String16& name, int32_t granteeUid) = 0;
......@@ -193,12 +187,6 @@ public:
virtual int32_t clear_uid(int64_t uid) = 0;
virtual int32_t reset_uid(int32_t uid) = 0;
virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid) = 0;
virtual int32_t password_uid(const String16& password, int32_t uid) = 0;
virtual int32_t addRngEntropy(const uint8_t* data, size_t dataLength) = 0;
virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
......
keystore/keystore.cpp
View file @ 94436163
......@@ -152,27 +152,24 @@ static void keymaster_device_release(keymaster0_device_t* dev) {
/* Here are the permissions, actions, users, and the main function. */
typedef enum {
P_TEST = 1 << 0,
P_GET_STATE = 1 << 0,
P_GET = 1 << 1,
P_INSERT = 1 << 2,
P_DELETE = 1 << 3,
P_EXIST = 1 << 4,
P_SAW = 1 << 5,
P_LIST = 1 << 5,
P_RESET = 1 << 6,
P_PASSWORD = 1 << 7,
P_LOCK = 1 << 8,
P_UNLOCK = 1 << 9,
P_ZERO = 1 << 10,
P_IS_EMPTY = 1 << 10,
P_SIGN = 1 << 11,
P_VERIFY = 1 << 12,
P_GRANT = 1 << 13,
P_DUPLICATE = 1 << 14,
P_CLEAR_UID = 1 << 15,
P_RESET_UID = 1 << 16,
P_SYNC_UID = 1 << 17,
P_PASSWORD_UID = 1 << 18,
P_ADD_AUTH = 1 << 19,
P_USER_CHANGED = 1 << 20,
P_ADD_AUTH = 1 << 16,
P_USER_CHANGED = 1 << 17,
} perm_t;
static struct user_euid {
......@@ -186,25 +183,22 @@ static struct user_euid {
/* perm_labels associcated with keystore_key SELinux class verbs. */
const char *perm_labels[] = {
"test",
"get_state",
"get",
"insert",
"delete",
"exist",
"saw",
"list",
"reset",
"password",
"lock",
"unlock",
"zero",
"is_empty",
"sign",
"verify",
"grant",
"duplicate",
"clear_uid",
"reset_uid",
"sync_uid",
"password_uid",
"add_auth",
"user_changed",
};
......@@ -219,8 +213,8 @@ static struct user_perm {
{AID_ROOT, static_cast<perm_t>(P_GET) },
};
static const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_TEST | P_GET | P_INSERT | P_DELETE | P_EXIST | P_SAW | P_SIGN
| P_VERIFY);
static const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_GET_STATE | P_GET | P_INSERT | P_DELETE
| P_EXIST | P_LIST | P_SIGN | P_VERIFY);
static char *tctx;
static int ks_is_selinux_enabled;
......@@ -1066,7 +1060,7 @@ public:
android::String8 prefix("");
android::Vector<android::String16> aliases;
UserState* userState = getUserState(userId);
if (saw(prefix, &aliases, userId) != ::NO_ERROR) {
if (list(prefix, &aliases, userId) != ::NO_ERROR) {
return;
}
for (uint32_t i = 0; i < aliases.size(); i++) {
......@@ -1222,7 +1216,7 @@ public:
return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR;
}
ResponseCode saw(const android::String8& prefix, android::Vector<android::String16> *matches,
ResponseCode list(const android::String8& prefix, android::Vector<android::String16> *matches,
uid_t userId) {
UserState* userState = getUserState(userId);
......@@ -1676,12 +1670,12 @@ public:
}
}
int32_t test() {
if (!checkBinderPermission(P_TEST)) {
int32_t getState(int32_t userId) {
if (!checkBinderPermission(P_GET_STATE)) {
return ::PERMISSION_DENIED;
}
return mKeyStore->getState(get_user_id(IPCThreadState::self()->getCallingUid()));
return mKeyStore->getState(userId);
}
int32_t get(const String16& name, uint8_t** item, size_t* itemLength) {
......@@ -1752,15 +1746,15 @@ public:
return ::NO_ERROR;
}
int32_t saw(const String16& prefix, int targetUid, Vector<String16>* matches) {
int32_t list(const String16& prefix, int targetUid, Vector<String16>* matches) {
targetUid = getEffectiveUid(targetUid);
if (!checkBinderPermission(P_SAW, targetUid)) {
if (!checkBinderPermission(P_LIST, targetUid)) {
return ::PERMISSION_DENIED;
}
const String8 prefix8(prefix);
String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid));
if (mKeyStore->saw(filename, matches, get_user_id(targetUid)) != ::NO_ERROR) {
if (mKeyStore->list(filename, matches, get_user_id(targetUid)) != ::NO_ERROR) {
return ::SYSTEM_ERROR;
}
return ::NO_ERROR;
......@@ -1842,12 +1836,11 @@ public:
return ::NO_ERROR;
}
int32_t lock() {
int32_t lock(int32_t userId) {
if (!checkBinderPermission(P_LOCK)) {
return ::PERMISSION_DENIED;
}
uid_t userId = get_user_id(IPCThreadState::self()->getCallingUid());
State state = mKeyStore->getState(userId);
if (state != ::STATE_NO_ERROR) {
ALOGD("calling lock in state: %d", state);
......@@ -1874,13 +1867,12 @@ public:
return mKeyStore->readMasterKey(password8, userId);
}
int32_t zero() {
if (!checkBinderPermission(P_ZERO)) {
return -1;
bool isEmpty(int32_t userId) {
if (!checkBinderPermission(P_IS_EMPTY)) {
return false;
}
uid_t callingUid = IPCThreadState::self()->getCallingUid();
return mKeyStore->isEmpty(get_user_id(callingUid)) ? ::KEY_NOT_FOUND : ::NO_ERROR;
return mKeyStore->isEmpty(userId);
}
int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize,
......@@ -2169,10 +2161,6 @@ public:
return ::NO_ERROR;
}
int32_t del_key(const String16& name, int targetUid) {
return del(name, targetUid);
}
int32_t grant(const String16& name, int32_t granteeUid) {
uid_t callingUid = IPCThreadState::self()->getCallingUid();
int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT);
......@@ -2312,7 +2300,7 @@ public:
String8 prefix = String8::format("%u_", targetUid);
Vector<String16> aliases;
if (mKeyStore->saw(prefix, &aliases, get_user_id(targetUid)) != ::NO_ERROR) {
if (mKeyStore->list(prefix, &aliases, get_user_id(targetUid)) != ::NO_ERROR) {
return ::SYSTEM_ERROR;
}
......@@ -2324,52 +2312,6 @@ public:
return ::NO_ERROR;
}
int32_t reset_uid(int32_t targetUid) {
// TODO: Remove this method from the binder interface
targetUid = getEffectiveUid(targetUid);
return onUserPasswordChanged(get_user_id(targetUid), String16(""));
}
int32_t sync_uid(int32_t sourceUid, int32_t targetUid) {
if (!checkBinderPermission(P_SYNC_UID, targetUid)) {
return ::PERMISSION_DENIED;
}
uid_t sourceUser = get_user_id(sourceUid);
uid_t targetUser = get_user_id(targetUid);
if (sourceUser == targetUser) {
return ::SYSTEM_ERROR;
}
// Initialise user keystore with existing master key held in-memory
return mKeyStore->copyMasterKey(sourceUser, targetUser);
}
int32_t password_uid(const String16& pw, int32_t targetUid) {
targetUid = getEffectiveUid(targetUid);
if (!checkBinderPermission(P_PASSWORD, targetUid)) {
return ::PERMISSION_DENIED;
}
const String8 password8(pw);
uid_t userId = get_user_id(targetUid);
switch (mKeyStore->getState(userId)) {
case ::STATE_UNINITIALIZED: {
// generate master key, encrypt with password, write to file, initialize mMasterKey*.
return mKeyStore->initializeUser(password8, userId);
}
case ::STATE_NO_ERROR: {
// rewrite master key with new password.
return mKeyStore->writeMasterKey(password8, userId);
}
case ::STATE_LOCKED: {
// read master key, decrypt with password, initialize mMasterKey*.
return mKeyStore->readMasterKey(password8, userId);
}
}
return ::SYSTEM_ERROR;
}
int32_t addRngEntropy(const uint8_t* data, size_t dataLength) {
const keymaster1_device_t* device = mKeyStore->getDevice();
const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
......
keystore/keystore_cli.cpp
View file @ 94436163
......@@ -76,6 +76,24 @@ static const char* responses[] = {
} \
} while (0)
#define SINGLE_INT_ARG_INT_RETURN(cmd) \
do { \
if (strcmp(argv[1], #cmd) == 0) { \
if (argc < 3) { \
fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \
return 1; \
} \
int32_t ret = service->cmd(atoi(argv[2])); \
if (ret < 0) { \
fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \
return 1; \
} else { \
printf(#cmd ": %s (%d)\n", responses[ret], ret); \
return 0; \
} \
} \
} while (0)
#define SINGLE_ARG_PLUS_UID_INT_RETURN(cmd) \
do { \
if (strcmp(argv[1], #cmd) == 0) { \
......@@ -145,14 +163,14 @@ static const char* responses[] = {
} \
} while (0)
static int saw(sp<IKeystoreService> service, const String16& name, int uid) {
static int list(sp<IKeystoreService> service, const String16& name, int uid) {
Vector<String16> matches;
int32_t ret = service->saw(name, uid, &matches);
int32_t ret = service->list(name, uid, &matches);
if (ret < 0) {
fprintf(stderr, "saw: could not connect: %d\n", ret);
fprintf(stderr, "list: could not connect: %d\n", ret);
return 1;
} else if (ret != ::NO_ERROR) {
fprintf(stderr, "saw: %s (%d)\n", responses[ret], ret);
fprintf(stderr, "list: %s (%d)\n", responses[ret], ret);
return 1;
} else {
Vector<String16>::const_iterator it = matches.begin();
......@@ -183,7 +201,7 @@ int main(int argc, char* argv[])
* All the commands should return a value
*/
NO_ARG_INT_RETURN(test);
SINGLE_INT_ARG_INT_RETURN(getState);
SINGLE_ARG_DATA_RETURN(get);
......@@ -193,8 +211,8 @@ int main(int argc, char* argv[])
SINGLE_ARG_PLUS_UID_INT_RETURN(exist);
if (strcmp(argv[1], "saw") == 0) {
return saw(service, argc < 3 ? String16("") : String16(argv[2]),
if (strcmp(argv[1], "list") == 0) {
return list(service, argc < 3 ? String16("") : String16(argv[2]),
argc < 4 ? -1 : atoi(argv[3]));
}
......@@ -202,18 +220,16 @@ int main(int argc, char* argv[])
// TODO: notifyUserPasswordChanged
NO_ARG_INT_RETURN(lock);
SINGLE_INT_ARG_INT_RETURN(lock);
// TODO: unlock
NO_ARG_INT_RETURN(zero);
SINGLE_INT_ARG_INT_RETURN(isEmpty);
// TODO: generate
SINGLE_ARG_DATA_RETURN(get_pubkey);
SINGLE_ARG_PLUS_UID_INT_RETURN(del_key);
// TODO: grant
// TODO: ungrant
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment