resolve merge conflicts of 2b93ec4 to oc-dr1-dev
Test: I solemnly swear I tested this conflict resolution.
Change-Id: Ie605cbb7f90eca6d17c2c5f6a50ec1ee21edf633
Merged-In: I6709b7562d47ad6156bee88a9e2d961f8a4a797d
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 24a096c..4432b56 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -191,16 +191,21 @@
}
String8 name8(name);
ALOGI("del %s %d", name8.string(), targetUid);
- String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
- ResponseCode result = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid));
+ auto filename = mKeyStore->getBlobFileNameIfExists(name8, targetUid, ::TYPE_ANY);
+ if (!filename.isOk()) return ResponseCode::KEY_NOT_FOUND;
+
+ ResponseCode result = mKeyStore->del(filename.value().string(), ::TYPE_ANY,
+ get_user_id(targetUid));
if (result != ResponseCode::NO_ERROR) {
return result;
}
- // Also delete any characteristics files
- String8 chrFilename(
- mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_KEY_CHARACTERISTICS));
- return mKeyStore->del(chrFilename.string(), ::TYPE_KEY_CHARACTERISTICS, get_user_id(targetUid));
+ filename = mKeyStore->getBlobFileNameIfExists(name8, targetUid, ::TYPE_KEY_CHARACTERISTICS);
+ if (filename.isOk()) {
+ return mKeyStore->del(filename.value().string(), ::TYPE_KEY_CHARACTERISTICS,
+ get_user_id(targetUid));
+ }
+ return ResponseCode::NO_ERROR;
}
KeyStoreServiceReturnCode KeyStoreService::exist(const String16& name, int targetUid) {
@@ -209,13 +214,8 @@
return ResponseCode::PERMISSION_DENIED;
}
- String8 name8(name);
- String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
-
- if (access(filename.string(), R_OK) == -1) {
- return (errno != ENOENT) ? ResponseCode::SYSTEM_ERROR : ResponseCode::KEY_NOT_FOUND;
- }
- return ResponseCode::NO_ERROR;
+ auto filename = mKeyStore->getBlobFileNameIfExists(String8(name), targetUid, ::TYPE_ANY);
+ return filename.isOk() ? ResponseCode::NO_ERROR : ResponseCode::KEY_NOT_FOUND;
}
KeyStoreServiceReturnCode KeyStoreService::list(const String16& prefix, int targetUid,
@@ -554,17 +554,16 @@
return -1L;
}
- String8 name8(name);
- String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
+ auto filename = mKeyStore->getBlobFileNameIfExists(String8(name), targetUid, ::TYPE_ANY);
- if (access(filename.string(), R_OK) == -1) {
- ALOGW("could not access %s for getmtime", filename.string());
+ if (!filename.isOk()) {
+ ALOGW("could not access %s for getmtime", filename.value().string());
return -1L;
}
- int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY));
+ int fd = TEMP_FAILURE_RETRY(open(filename.value().string(), O_NOFOLLOW, O_RDONLY));
if (fd < 0) {
- ALOGW("could not open %s for getmtime", filename.string());
+ ALOGW("could not open %s for getmtime", filename.value().string());
return -1L;
}
@@ -572,7 +571,7 @@
int ret = fstat(fd, &s);
close(fd);
if (ret == -1) {
- ALOGW("could not stat %s for getmtime", filename.string());
+ ALOGW("could not stat %s for getmtime", filename.value().string());
return -1L;
}
@@ -1867,8 +1866,12 @@
return;
}
- String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10));
- error = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(uid));
+ auto filename = mKeyStore->getBlobFileNameIfExists(name8, uid, ::TYPE_KEYMASTER_10);
+ if (!filename.isOk()) {
+ ALOGI("trying to upgrade a non existing blob");
+ return;
+ }
+ error = mKeyStore->del(filename.value().string(), ::TYPE_ANY, get_user_id(uid));
if (!error.isOk()) {
ALOGI("upgradeKeyBlob keystore->del failed %d", (int)error);
return;
@@ -1881,7 +1884,7 @@
newBlob.setSuperEncrypted(blob->isSuperEncrypted());
newBlob.setCriticalToDeviceEncryption(blob->isCriticalToDeviceEncryption());
- error = mKeyStore->put(filename.string(), &newBlob, get_user_id(uid));
+ error = mKeyStore->put(filename.value().string(), &newBlob, get_user_id(uid));
if (!error.isOk()) {
ALOGI("upgradeKeyBlob keystore->put failed %d", (int)error);
return;
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index ab386ad..6d3bac5 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -154,6 +154,29 @@
}
}
+NullOr<android::String8> KeyStore::getBlobFileNameIfExists(const android::String8& alias, uid_t uid,
+ const BlobType type) {
+ android::String8 filepath8(getKeyNameForUidWithDir(alias, uid, type));
+
+ if (!access(filepath8.string(), R_OK | W_OK)) return filepath8;
+
+ // If this is one of the legacy UID->UID mappings, use it.
+ uid_t euid = get_keystore_euid(uid);
+ if (euid != uid) {
+ filepath8 = getKeyNameForUidWithDir(alias, euid, type);
+ if (!access(filepath8.string(), R_OK | W_OK)) return filepath8;
+ }
+
+ // They might be using a granted key.
+ auto grant = mGrants.get(uid, alias.string());
+ if (grant) {
+ filepath8 = grant->key_file_.c_str();
+ if (!access(filepath8.string(), R_OK | W_OK)) return filepath8;
+ }
+ return {};
+}
+
+
void KeyStore::resetUser(uid_t userId, bool keepUnenryptedEntries) {
android::String8 prefix("");
android::Vector<android::String16> aliases;
@@ -498,31 +521,13 @@
ResponseCode KeyStore::getKeyForName(Blob* keyBlob, const android::String8& keyName,
const uid_t uid, const BlobType type) {
- android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid, type));
+ auto filepath8 = getBlobFileNameIfExists(keyName, uid, type);
uid_t userId = get_user_id(uid);
- ResponseCode responseCode = get(filepath8.string(), keyBlob, type, userId);
- if (responseCode == ResponseCode::NO_ERROR) {
- return responseCode;
- }
+ if (filepath8.isOk())
+ return get(filepath8.value().string(), keyBlob, type, userId);
- // If this is one of the legacy UID->UID mappings, use it.
- uid_t euid = get_keystore_euid(uid);
- if (euid != uid) {
- filepath8 = getKeyNameForUidWithDir(keyName, euid, type);
- responseCode = get(filepath8.string(), keyBlob, type, userId);
- if (responseCode == ResponseCode::NO_ERROR) {
- return responseCode;
- }
- }
-
- // They might be using a granted key.
- auto grant = mGrants.get(uid, keyName.string());
- if (!grant) return ResponseCode::KEY_NOT_FOUND;
- filepath8 = grant->key_file_.c_str();
-
- // It is a granted key. Try to load it.
- return get(filepath8.string(), keyBlob, type, userId);
+ return ResponseCode::KEY_NOT_FOUND;
}
UserState* KeyStore::getUserState(uid_t userId) {
@@ -569,7 +574,7 @@
}
bool KeyStore::upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion,
- const BlobType type, uid_t uid) {
+ const BlobType type, uid_t userId) {
bool updated = false;
uint8_t version = oldVersion;
@@ -579,7 +584,7 @@
blob->setType(type);
if (type == TYPE_KEY_PAIR) {
- importBlobAsKey(blob, filename, uid);
+ importBlobAsKey(blob, filename, userId);
}
version = 1;
updated = true;
@@ -611,7 +616,7 @@
};
typedef std::unique_ptr<BIO, BIO_Delete> Unique_BIO;
-ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t uid) {
+ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t userId) {
// We won't even write to the blob directly with this BIO, so const_cast is okay.
Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength()));
if (b.get() == NULL) {
@@ -639,13 +644,13 @@
return ResponseCode::SYSTEM_ERROR;
}
- ResponseCode rc = importKey(pkcs8key.get(), len, filename, get_user_id(uid),
+ ResponseCode rc = importKey(pkcs8key.get(), len, filename, userId,
blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE);
if (rc != ResponseCode::NO_ERROR) {
return rc;
}
- return get(filename, blob, TYPE_KEY_PAIR, uid);
+ return get(filename, blob, TYPE_KEY_PAIR, userId);
}
void KeyStore::readMetaData() {
diff --git a/keystore/keystore.h b/keystore/keystore.h
index a08508f..f208320 100644
--- a/keystore/keystore.h
+++ b/keystore/keystore.h
@@ -70,6 +70,8 @@
const BlobType type);
android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid,
const BlobType type);
+ NullOr<android::String8> getBlobFileNameIfExists(const android::String8& alias, uid_t uid,
+ const BlobType type);
/*
* Delete entries owned by userId. If keepUnencryptedEntries is true