Use ConnectivityBlobStore as the main storage
mechanism in WifiKeystore.
See aosp/2859045 as an example of using
ConnectivityBlobStore.
The expected behavior per-API is:
- put: Always write to ConnectivityBlobStore.
- get: Attempt to get from ConnectivityBlobStore.
If alias is not found there, try checking
in LegacyKeystore.
- remove: Remove alias from both ConnectivityBlobStore
and LegacyKeystore.
- list: List aliases from both ConnectivityBlobStore
and LegacyKeystore. Deduplicate before returning.
Bug: 304553176
Test: atest WifiKeyStoreTest
Test: Manual test - Added test commands to WifiShellCommand
to test all of the APIs.
Change-Id: I30b7553bf0ca6a76f81f52aa06f67126fffc4127
diff --git a/wifi/java/src/android/net/wifi/WifiBlobStore.java b/wifi/java/src/android/net/wifi/WifiBlobStore.java
new file mode 100644
index 0000000..8bfaae7
--- /dev/null
+++ b/wifi/java/src/android/net/wifi/WifiBlobStore.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net.wifi;
+
+import com.android.internal.net.ConnectivityBlobStore;
+
+/**
+ * Database blob store for Wifi.
+ * @hide
+ */
+public class WifiBlobStore extends ConnectivityBlobStore {
+ private static final String DB_NAME = "WifiBlobStore.db";
+ private static WifiBlobStore sInstance;
+ private WifiBlobStore() {
+ super(DB_NAME);
+ }
+
+ /** Returns an instance of WifiBlobStore. */
+ public static WifiBlobStore getInstance() {
+ if (sInstance == null) {
+ sInstance = new WifiBlobStore();
+ }
+ return sInstance;
+ }
+}
diff --git a/wifi/java/src/android/net/wifi/WifiKeystore.java b/wifi/java/src/android/net/wifi/WifiKeystore.java
index 1cda032..a06d0ee 100644
--- a/wifi/java/src/android/net/wifi/WifiKeystore.java
+++ b/wifi/java/src/android/net/wifi/WifiKeystore.java
@@ -18,12 +18,17 @@
import android.annotation.NonNull;
import android.annotation.SuppressLint;
import android.annotation.SystemApi;
+import android.os.Binder;
import android.os.Process;
import android.os.ServiceManager;
import android.os.ServiceSpecificException;
import android.security.legacykeystore.ILegacyKeystore;
import android.util.Log;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
/**
* This class allows the storage and retrieval of non-standard Wifi certificate blobs.
* @hide
@@ -34,7 +39,7 @@
private static final String TAG = "WifiKeystore";
private static final String LEGACY_KEYSTORE_SERVICE_NAME = "android.security.legacykeystore";
- private static ILegacyKeystore getService() {
+ private static ILegacyKeystore getLegacyKeystore() {
return ILegacyKeystore.Stub.asInterface(
ServiceManager.checkService(LEGACY_KEYSTORE_SERVICE_NAME));
}
@@ -54,13 +59,18 @@
@SystemApi
@SuppressLint("UnflaggedApi")
public static boolean put(@NonNull String alias, @NonNull byte[] blob) {
+ // ConnectivityBlobStore uses the calling uid as a key into the DB.
+ // Clear identity to ensure that callers from system apps and the Wifi framework
+ // are able to access the same values.
+ final long identity = Binder.clearCallingIdentity();
try {
Log.i(TAG, "put blob. alias " + alias);
- getService().put(alias, Process.WIFI_UID, blob);
- return true;
+ return WifiBlobStore.getInstance().put(alias, blob);
} catch (Exception e) {
Log.e(TAG, "Failed to put blob.", e);
return false;
+ } finally {
+ Binder.restoreCallingIdentity(identity);
}
}
@@ -69,23 +79,31 @@
* @param alias Name of the blob to retrieve.
* @return The unstructured blob, that is the blob that was stored using
* {@link android.net.wifi.WifiKeystore#put}.
- * Returns null if no blob was found.
+ * Returns empty byte[] if no blob was found.
* @hide
*/
@SystemApi
@SuppressLint("UnflaggedApi")
public static @NonNull byte[] get(@NonNull String alias) {
+ final long identity = Binder.clearCallingIdentity();
try {
Log.i(TAG, "get blob. alias " + alias);
- return getService().get(alias, Process.WIFI_UID);
+ byte[] blob = WifiBlobStore.getInstance().get(alias);
+ if (blob != null) {
+ return blob;
+ }
+ Log.i(TAG, "Searching for blob in Legacy Keystore");
+ return getLegacyKeystore().get(alias, Process.WIFI_UID);
} catch (ServiceSpecificException e) {
if (e.errorCode != ILegacyKeystore.ERROR_ENTRY_NOT_FOUND) {
Log.e(TAG, "Failed to get blob.", e);
}
} catch (Exception e) {
Log.e(TAG, "Failed to get blob.", e);
+ } finally {
+ Binder.restoreCallingIdentity(identity);
}
- return null;
+ return new byte[0];
}
/**
@@ -97,17 +115,27 @@
@SystemApi
@SuppressLint("UnflaggedApi")
public static boolean remove(@NonNull String alias) {
+ boolean blobStoreSuccess = false;
+ boolean legacyKsSuccess = false;
+ final long identity = Binder.clearCallingIdentity();
try {
- getService().remove(alias, Process.WIFI_UID);
- return true;
+ Log.i(TAG, "remove blob. alias " + alias);
+ blobStoreSuccess = WifiBlobStore.getInstance().remove(alias);
+ // Legacy Keystore will throw an exception if the alias is not found.
+ getLegacyKeystore().remove(alias, Process.WIFI_UID);
+ legacyKsSuccess = true;
} catch (ServiceSpecificException e) {
if (e.errorCode != ILegacyKeystore.ERROR_ENTRY_NOT_FOUND) {
Log.e(TAG, "Failed to remove blob.", e);
}
} catch (Exception e) {
Log.e(TAG, "Failed to remove blob.", e);
+ } finally {
+ Binder.restoreCallingIdentity(identity);
}
- return false;
+ Log.i(TAG, "Removal status: wifiBlobStore=" + blobStoreSuccess
+ + ", legacyKeystore=" + legacyKsSuccess);
+ return blobStoreSuccess || legacyKsSuccess;
}
/**
@@ -119,14 +147,24 @@
@SystemApi
@SuppressLint("UnflaggedApi")
public static @NonNull String[] list(@NonNull String prefix) {
+ final long identity = Binder.clearCallingIdentity();
try {
- final String[] aliases = getService().list(prefix, Process.WIFI_UID);
- for (int i = 0; i < aliases.length; ++i) {
- aliases[i] = aliases[i].substring(prefix.length());
+ // Aliases from WifiBlobStore will be pre-trimmed.
+ final String[] blobStoreAliases = WifiBlobStore.getInstance().list(prefix);
+ final String[] legacyAliases = getLegacyKeystore().list(prefix, Process.WIFI_UID);
+ for (int i = 0; i < legacyAliases.length; ++i) {
+ legacyAliases[i] = legacyAliases[i].substring(prefix.length());
}
- return aliases;
+ // Deduplicate aliases before returning.
+ Set<String> uniqueAliases = new HashSet<>();
+ uniqueAliases.addAll(Arrays.asList(blobStoreAliases));
+ uniqueAliases.addAll(Arrays.asList(legacyAliases));
+ String[] uniqueAliasArray = new String[uniqueAliases.size()];
+ return uniqueAliases.toArray(uniqueAliasArray);
} catch (Exception e) {
Log.e(TAG, "Failed to list blobs.", e);
+ } finally {
+ Binder.restoreCallingIdentity(identity);
}
return new String[0];
}