Keystore 2.0: Rename legacy_migrator to importer.
This refactor serves the disambiguation between the import of legacy
blobs into the sqlite3 database and the migration of keys between
namespaces, which becomes more promient in the light of shared uid
migration.
Test: No new test required because no functionality was changed.
Change-Id: I0612d0731083548a196911712f6c0adbbc9a5e9a
diff --git a/keystore2/src/authorization.rs b/keystore2/src/authorization.rs
index 81790af..8265dd0 100644
--- a/keystore2/src/authorization.rs
+++ b/keystore2/src/authorization.rs
@@ -16,7 +16,7 @@
use crate::error::Error as KeystoreError;
use crate::error::anyhow_error_to_cstring;
-use crate::globals::{ENFORCEMENTS, SUPER_KEY, DB, LEGACY_MIGRATOR};
+use crate::globals::{ENFORCEMENTS, SUPER_KEY, DB, LEGACY_IMPORTER};
use crate::permission::KeystorePerm;
use crate::super_key::UserState;
use crate::utils::{check_keystore_permission, watchdog as wd};
@@ -170,7 +170,7 @@
.with(|db| {
skm.unlock_and_get_user_state(
&mut db.borrow_mut(),
- &LEGACY_MIGRATOR,
+ &LEGACY_IMPORTER,
user_id as u32,
&password,
)
diff --git a/keystore2/src/globals.rs b/keystore2/src/globals.rs
index 2819314..9475cf6 100644
--- a/keystore2/src/globals.rs
+++ b/keystore2/src/globals.rs
@@ -18,7 +18,7 @@
use crate::gc::Gc;
use crate::legacy_blob::LegacyBlobLoader;
-use crate::legacy_migrator::LegacyMigrator;
+use crate::legacy_importer::LegacyImporter;
use crate::super_key::SuperKeyManager;
use crate::utils::watchdog as wd;
use crate::{async_task::AsyncTask, database::MonotonicRawTime};
@@ -175,8 +175,8 @@
pub static ref LEGACY_BLOB_LOADER: Arc<LegacyBlobLoader> = Arc::new(LegacyBlobLoader::new(
&DB_PATH.read().expect("Could not get the database path for legacy blob loader.")));
/// Legacy migrator. Atomically migrates legacy blobs to the database.
- pub static ref LEGACY_MIGRATOR: Arc<LegacyMigrator> =
- Arc::new(LegacyMigrator::new(Arc::new(Default::default())));
+ pub static ref LEGACY_IMPORTER: Arc<LegacyImporter> =
+ Arc::new(LegacyImporter::new(Arc::new(Default::default())));
/// Background thread which handles logging via statsd and logd
pub static ref LOGS_HANDLER: Arc<AsyncTask> = Default::default();
diff --git a/keystore2/src/legacy_migrator.rs b/keystore2/src/legacy_importer.rs
similarity index 79%
rename from keystore2/src/legacy_migrator.rs
rename to keystore2/src/legacy_importer.rs
index 65f4b0b..3f37b14 100644
--- a/keystore2/src/legacy_migrator.rs
+++ b/keystore2/src/legacy_importer.rs
@@ -38,8 +38,8 @@
use std::sync::mpsc::channel;
use std::sync::{Arc, Mutex};
-/// Represents LegacyMigrator.
-pub struct LegacyMigrator {
+/// Represents LegacyImporter.
+pub struct LegacyImporter {
async_task: Arc<AsyncTask>,
initializer: Mutex<
Option<
@@ -51,19 +51,19 @@
>,
>,
/// This atomic is used for cheap interior mutability. It is intended to prevent
- /// expensive calls into the legacy migrator when the legacy database is empty.
+ /// expensive calls into the legacy importer when the legacy database is empty.
/// When transitioning from READY to EMPTY, spurious calls may occur for a brief period
/// of time. This is tolerable in favor of the common case.
state: AtomicU8,
}
#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
-struct RecentMigration {
+struct RecentImport {
uid: u32,
alias: String,
}
-impl RecentMigration {
+impl RecentImport {
fn new(uid: u32, alias: String) -> Self {
Self { uid, alias }
}
@@ -74,15 +74,15 @@
User(u32),
}
-struct LegacyMigratorState {
- recently_migrated: HashSet<RecentMigration>,
- recently_migrated_super_key: HashSet<u32>,
+struct LegacyImporterState {
+ recently_imported: HashSet<RecentImport>,
+ recently_imported_super_key: HashSet<u32>,
legacy_loader: Arc<LegacyBlobLoader>,
sec_level_to_km_uuid: HashMap<SecurityLevel, Uuid>,
db: KeystoreDB,
}
-impl LegacyMigrator {
+impl LegacyImporter {
const WIFI_NAMESPACE: i64 = 102;
const AID_WIFI: u32 = 1010;
@@ -90,7 +90,7 @@
const STATE_READY: u8 = 1;
const STATE_EMPTY: u8 = 2;
- /// Constructs a new LegacyMigrator using the given AsyncTask object as migration
+ /// Constructs a new LegacyImporter using the given AsyncTask object as import
/// worker.
pub fn new(async_task: Arc<AsyncTask>) -> Self {
Self {
@@ -100,7 +100,7 @@
}
}
- /// The legacy migrator must be initialized deferred, because keystore starts very early.
+ /// The legacy importer must be initialized deferred, because keystore starts very early.
/// At this time the data partition may not be mounted. So we cannot open database connections
/// until we get actual key load requests. This sets the function that the legacy loader
/// uses to connect to the database.
@@ -125,11 +125,11 @@
Ok(())
}
- /// This function is called by the migration requestor to check if it is worth
- /// making a migration request. It also transitions the state from UNINITIALIZED
+ /// This function is called by the import requestor to check if it is worth
+ /// making an import request. It also transitions the state from UNINITIALIZED
/// to READY or EMPTY on first use. The deferred initialization is necessary, because
/// Keystore 2.0 runs early during boot, where data may not yet be mounted.
- /// Returns Ok(STATE_READY) if a migration request is worth undertaking and
+ /// Returns Ok(STATE_READY) if an import request is worth undertaking and
/// Ok(STATE_EMPTY) if the database is empty. An error is returned if the loader
/// was not initialized and cannot be initialized.
fn check_state(&self) -> Result<u8> {
@@ -157,9 +157,9 @@
}
self.async_task.queue_hi(move |shelf| {
- shelf.get_or_put_with(|| LegacyMigratorState {
- recently_migrated: Default::default(),
- recently_migrated_super_key: Default::default(),
+ shelf.get_or_put_with(|| LegacyImporterState {
+ recently_imported: Default::default(),
+ recently_imported_super_key: Default::default(),
legacy_loader,
sec_level_to_km_uuid,
db,
@@ -189,14 +189,14 @@
);
}
(Self::STATE_READY, _) => return Ok(Self::STATE_READY),
- (s, _) => panic!("Unknown legacy migrator state. {} ", s),
+ (s, _) => panic!("Unknown legacy importer state. {} ", s),
}
}
}
/// List all aliases for uid in the legacy database.
pub fn list_uid(&self, domain: Domain, namespace: i64) -> Result<Vec<KeyDescriptor>> {
- let _wp = wd::watch_millis("LegacyMigrator::list_uid", 500);
+ let _wp = wd::watch_millis("LegacyImporter::list_uid", 500);
let uid = match (domain, namespace) {
(Domain::APP, namespace) => namespace as u32,
@@ -217,44 +217,44 @@
)
}
- /// Sends the given closure to the migrator thread for execution after calling check_state.
+ /// Sends the given closure to the importer thread for execution after calling check_state.
/// Returns None if the database was empty and the request was not executed.
- /// Otherwise returns Some with the result produced by the migration request.
+ /// Otherwise returns Some with the result produced by the import request.
/// The loader state may transition to STATE_EMPTY during the execution of this function.
fn do_serialized<F, T: Send + 'static>(&self, f: F) -> Option<Result<T>>
where
- F: FnOnce(&mut LegacyMigratorState) -> Result<T> + Send + 'static,
+ F: FnOnce(&mut LegacyImporterState) -> Result<T> + Send + 'static,
{
// Short circuit if the database is empty or not initialized (error case).
match self.check_state().context("In do_serialized: Checking state.") {
- Ok(LegacyMigrator::STATE_EMPTY) => return None,
- Ok(LegacyMigrator::STATE_READY) => {}
+ Ok(LegacyImporter::STATE_EMPTY) => return None,
+ Ok(LegacyImporter::STATE_READY) => {}
Err(e) => return Some(Err(e)),
- Ok(s) => panic!("Unknown legacy migrator state. {} ", s),
+ Ok(s) => panic!("Unknown legacy importer state. {} ", s),
}
// We have established that there may be a key in the legacy database.
- // Now we schedule a migration request.
+ // Now we schedule an import request.
let (sender, receiver) = channel();
self.async_task.queue_hi(move |shelf| {
- // Get the migrator state from the shelf.
- // There may not be a state. This can happen if this migration request was scheduled
+ // Get the importer state from the shelf.
+ // There may not be a state. This can happen if this import request was scheduled
// before a previous request established that the legacy database was empty
// and removed the state from the shelf. Since we know now that the database
// is empty, we can return None here.
- let (new_state, result) = if let Some(legacy_migrator_state) =
- shelf.get_downcast_mut::<LegacyMigratorState>()
+ let (new_state, result) = if let Some(legacy_importer_state) =
+ shelf.get_downcast_mut::<LegacyImporterState>()
{
- let result = f(legacy_migrator_state);
- (legacy_migrator_state.check_empty(), Some(result))
+ let result = f(legacy_importer_state);
+ (legacy_importer_state.check_empty(), Some(result))
} else {
(Self::STATE_EMPTY, None)
};
- // If the migration request determined that the database is now empty, we discard
+ // If the import request determined that the database is now empty, we discard
// the state from the shelf to free up the resources we won't need any longer.
if result.is_some() && new_state == Self::STATE_EMPTY {
- shelf.remove_downcast_ref::<LegacyMigratorState>();
+ shelf.remove_downcast_ref::<LegacyImporterState>();
}
// Send the result to the requester.
@@ -271,7 +271,7 @@
};
// We can only transition to EMPTY but never back.
- // The migrator never creates any legacy blobs.
+ // The importer never creates any legacy blobs.
if new_state == Self::STATE_EMPTY {
self.state.store(Self::STATE_EMPTY, Ordering::Relaxed)
}
@@ -280,10 +280,10 @@
}
/// Runs the key_accessor function and returns its result. If it returns an error and the
- /// root cause was KEY_NOT_FOUND, tries to migrate a key with the given parameters from
+ /// root cause was KEY_NOT_FOUND, tries to import a key with the given parameters from
/// the legacy database to the new database and runs the key_accessor function again if
- /// the migration request was successful.
- pub fn with_try_migrate<F, T>(
+ /// the import request was successful.
+ pub fn with_try_import<F, T>(
&self,
key: &KeyDescriptor,
caller_uid: u32,
@@ -292,7 +292,7 @@
where
F: Fn() -> Result<T>,
{
- let _wp = wd::watch_millis("LegacyMigrator::with_try_migrate", 500);
+ let _wp = wd::watch_millis("LegacyImporter::with_try_import", 500);
// Access the key and return on success.
match key_accessor() {
@@ -304,7 +304,7 @@
}
// Filter inputs. We can only load legacy app domain keys and some special rules due
- // to which we migrate keys transparently to an SELINUX domain.
+ // to which we import keys transparently to an SELINUX domain.
let uid = match key {
KeyDescriptor { domain: Domain::APP, alias: Some(_), .. } => caller_uid,
KeyDescriptor { domain: Domain::SELINUX, nspace, alias: Some(_), .. } => {
@@ -324,11 +324,11 @@
let key_clone = key.clone();
let result = self
- .do_serialized(move |migrator_state| migrator_state.check_and_migrate(uid, key_clone));
+ .do_serialized(move |importer_state| importer_state.check_and_import(uid, key_clone));
if let Some(result) = result {
result?;
- // After successful migration try again.
+ // After successful import try again.
key_accessor()
} else {
Err(Error::Rc(ResponseCode::KEY_NOT_FOUND)).context("Legacy database is empty.")
@@ -336,8 +336,8 @@
}
/// Calls key_accessor and returns the result on success. In the case of a KEY_NOT_FOUND error
- /// this function makes a migration request and on success retries the key_accessor.
- pub fn with_try_migrate_super_key<F, T>(
+ /// this function makes an import request and on success retries the key_accessor.
+ pub fn with_try_import_super_key<F, T>(
&self,
user_id: u32,
pw: &Password,
@@ -346,31 +346,31 @@
where
F: FnMut() -> Result<Option<T>>,
{
- let _wp = wd::watch_millis("LegacyMigrator::with_try_migrate_super_key", 500);
+ let _wp = wd::watch_millis("LegacyImporter::with_try_import_super_key", 500);
match key_accessor() {
Ok(Some(result)) => return Ok(Some(result)),
Ok(None) => {}
Err(e) => return Err(e),
}
- let pw = pw.try_clone().context("In with_try_migrate_super_key: Cloning password.")?;
- let result = self.do_serialized(move |migrator_state| {
- migrator_state.check_and_migrate_super_key(user_id, &pw)
+ let pw = pw.try_clone().context("In with_try_import_super_key: Cloning password.")?;
+ let result = self.do_serialized(move |importer_state| {
+ importer_state.check_and_import_super_key(user_id, &pw)
});
if let Some(result) = result {
result?;
- // After successful migration try again.
+ // After successful import try again.
key_accessor()
} else {
Ok(None)
}
}
- /// Deletes all keys belonging to the given namespace, migrating them into the database
+ /// Deletes all keys belonging to the given namespace, importing them into the database
/// for subsequent garbage collection if necessary.
pub fn bulk_delete_uid(&self, domain: Domain, nspace: i64) -> Result<()> {
- let _wp = wd::watch_millis("LegacyMigrator::bulk_delete_uid", 500);
+ let _wp = wd::watch_millis("LegacyImporter::bulk_delete_uid", 500);
let uid = match (domain, nspace) {
(Domain::APP, nspace) => nspace as u32,
@@ -379,24 +379,24 @@
_ => return Ok(()),
};
- let result = self.do_serialized(move |migrator_state| {
- migrator_state.bulk_delete(BulkDeleteRequest::Uid(uid), false)
+ let result = self.do_serialized(move |importer_state| {
+ importer_state.bulk_delete(BulkDeleteRequest::Uid(uid), false)
});
result.unwrap_or(Ok(()))
}
- /// Deletes all keys belonging to the given android user, migrating them into the database
+ /// Deletes all keys belonging to the given android user, importing them into the database
/// for subsequent garbage collection if necessary.
pub fn bulk_delete_user(
&self,
user_id: u32,
keep_non_super_encrypted_keys: bool,
) -> Result<()> {
- let _wp = wd::watch_millis("LegacyMigrator::bulk_delete_user", 500);
+ let _wp = wd::watch_millis("LegacyImporter::bulk_delete_user", 500);
- let result = self.do_serialized(move |migrator_state| {
- migrator_state
+ let result = self.do_serialized(move |importer_state| {
+ importer_state
.bulk_delete(BulkDeleteRequest::User(user_id), keep_non_super_encrypted_keys)
});
@@ -406,12 +406,12 @@
/// Queries the legacy database for the presence of a super key for the given user.
pub fn has_super_key(&self, user_id: u32) -> Result<bool> {
let result =
- self.do_serialized(move |migrator_state| migrator_state.has_super_key(user_id));
+ self.do_serialized(move |importer_state| importer_state.has_super_key(user_id));
result.unwrap_or(Ok(false))
}
}
-impl LegacyMigratorState {
+impl LegacyImporterState {
fn get_km_uuid(&self, is_strongbox: bool) -> Result<Uuid> {
let sec_level = if is_strongbox {
SecurityLevel::STRONGBOX
@@ -430,17 +430,17 @@
.context("In list_uid: Trying to list legacy entries.")
}
- /// This is a key migration request that must run in the migrator thread. This must
+ /// This is a key import request that must run in the importer thread. This must
/// be passed to do_serialized.
- fn check_and_migrate(&mut self, uid: u32, mut key: KeyDescriptor) -> Result<()> {
+ fn check_and_import(&mut self, uid: u32, mut key: KeyDescriptor) -> Result<()> {
let alias = key.alias.clone().ok_or_else(|| {
- anyhow::anyhow!(Error::sys()).context(concat!(
- "In check_and_migrate: Must be Some because ",
- "our caller must not have called us otherwise."
- ))
+ anyhow::anyhow!(Error::sys()).context(
+ "In check_and_import: Must be Some because \
+ our caller must not have called us otherwise.",
+ )
})?;
- if self.recently_migrated.contains(&RecentMigration::new(uid, alias.clone())) {
+ if self.recently_imported.contains(&RecentImport::new(uid, alias.clone())) {
return Ok(());
}
@@ -452,7 +452,7 @@
let (km_blob_params, user_cert, ca_cert) = self
.legacy_loader
.load_by_uid_alias(uid, &alias, None)
- .context("In check_and_migrate: Trying to load legacy blob.")?;
+ .context("In check_and_import: Trying to load legacy blob.")?;
let result = match km_blob_params {
Some((km_blob, params)) => {
let is_strongbox = km_blob.is_strongbox();
@@ -464,33 +464,33 @@
let super_key_id = match self
.db
.load_super_key(&USER_SUPER_KEY, user_id)
- .context("In check_and_migrate: Failed to load super key")?
+ .context("In check_and_import: Failed to load super key")?
{
Some((_, entry)) => entry.id(),
None => {
// This might be the first time we access the super key,
- // and it may not have been migrated. We cannot import
+ // and it may not have been imported. We cannot import
// the legacy super_key key now, because we need to reencrypt
// it which we cannot do if we are not unlocked, which we are
- // not because otherwise the key would have been migrated.
+ // not because otherwise the key would have been imported.
// We can check though if the key exists. If it does,
// we can return Locked. Otherwise, we can delete the
// key and return NotFound, because the key will never
// be unlocked again.
if self.legacy_loader.has_super_key(user_id) {
return Err(Error::Rc(ResponseCode::LOCKED)).context(concat!(
- "In check_and_migrate: Cannot migrate super key of this ",
+ "In check_and_import: Cannot import super key of this ",
"key while user is locked."
));
} else {
self.legacy_loader.remove_keystore_entry(uid, &alias).context(
concat!(
- "In check_and_migrate: ",
+ "In check_and_import: ",
"Trying to remove obsolete key."
),
)?;
return Err(Error::Rc(ResponseCode::KEY_NOT_FOUND))
- .context("In check_and_migrate: Obsolete key.");
+ .context("In check_and_import: Obsolete key.");
}
}
};
@@ -505,18 +505,18 @@
BlobValue::Decrypted(data) => (LegacyBlob::ZVec(data), BlobMetaData::new()),
_ => {
return Err(Error::Rc(ResponseCode::KEY_NOT_FOUND))
- .context("In check_and_migrate: Legacy key has unexpected type.")
+ .context("In check_and_import: Legacy key has unexpected type.")
}
};
let km_uuid = self
.get_km_uuid(is_strongbox)
- .context("In check_and_migrate: Trying to get KM UUID")?;
+ .context("In check_and_import: Trying to get KM UUID")?;
blob_metadata.add(BlobMetaEntry::KmUuid(km_uuid));
let mut metadata = KeyMetaData::new();
let creation_date = DateTime::now()
- .context("In check_and_migrate: Trying to make creation time.")?;
+ .context("In check_and_import: Trying to make creation time.")?;
metadata.add(KeyMetaEntry::CreationDate(creation_date));
// Store legacy key in the database.
@@ -530,49 +530,49 @@
&metadata,
&km_uuid,
)
- .context("In check_and_migrate.")?;
+ .context("In check_and_import.")?;
Ok(())
}
None => {
if let Some(ca_cert) = ca_cert {
self.db
.store_new_certificate(&key, KeyType::Client, &ca_cert, &KEYSTORE_UUID)
- .context("In check_and_migrate: Failed to insert new certificate.")?;
+ .context("In check_and_import: Failed to insert new certificate.")?;
Ok(())
} else {
Err(Error::Rc(ResponseCode::KEY_NOT_FOUND))
- .context("In check_and_migrate: Legacy key not found.")
+ .context("In check_and_import: Legacy key not found.")
}
}
};
match result {
Ok(()) => {
- // Add the key to the migrated_keys list.
- self.recently_migrated.insert(RecentMigration::new(uid, alias.clone()));
+ // Add the key to the imported_keys list.
+ self.recently_imported.insert(RecentImport::new(uid, alias.clone()));
// Delete legacy key from the file system
self.legacy_loader
.remove_keystore_entry(uid, &alias)
- .context("In check_and_migrate: Trying to remove migrated key.")?;
+ .context("In check_and_import: Trying to remove imported key.")?;
Ok(())
}
Err(e) => Err(e),
}
}
- fn check_and_migrate_super_key(&mut self, user_id: u32, pw: &Password) -> Result<()> {
- if self.recently_migrated_super_key.contains(&user_id) {
+ fn check_and_import_super_key(&mut self, user_id: u32, pw: &Password) -> Result<()> {
+ if self.recently_imported_super_key.contains(&user_id) {
return Ok(());
}
if let Some(super_key) = self
.legacy_loader
.load_super_key(user_id, pw)
- .context("In check_and_migrate_super_key: Trying to load legacy super key.")?
+ .context("In check_and_import_super_key: Trying to load legacy super key.")?
{
let (blob, blob_metadata) =
crate::super_key::SuperKeyManager::encrypt_with_password(&super_key, pw)
- .context("In check_and_migrate_super_key: Trying to encrypt super key.")?;
+ .context("In check_and_import_super_key: Trying to encrypt super key.")?;
self.db
.store_super_key(
@@ -583,20 +583,20 @@
&KeyMetaData::new(),
)
.context(concat!(
- "In check_and_migrate_super_key: ",
+ "In check_and_import_super_key: ",
"Trying to insert legacy super_key into the database."
))?;
self.legacy_loader.remove_super_key(user_id);
- self.recently_migrated_super_key.insert(user_id);
+ self.recently_imported_super_key.insert(user_id);
Ok(())
} else {
Err(Error::Rc(ResponseCode::KEY_NOT_FOUND))
- .context("In check_and_migrate_super_key: No key found do migrate.")
+ .context("In check_and_import_super_key: No key found do import.")
}
}
- /// Key migrator request to be run by do_serialized.
- /// See LegacyMigrator::bulk_delete_uid and LegacyMigrator::bulk_delete_user.
+ /// Key importer request to be run by do_serialized.
+ /// See LegacyImporter::bulk_delete_uid and LegacyImporter::bulk_delete_user.
fn bulk_delete(
&mut self,
bulk_delete_request: BulkDeleteRequest,
@@ -695,21 +695,21 @@
self.legacy_loader
.remove_keystore_entry(uid, &alias)
- .context("In bulk_delete: Trying to remove migrated key.")?;
+ .context("In bulk_delete: Trying to remove imported key.")?;
}
Ok(())
}
fn has_super_key(&mut self, user_id: u32) -> Result<bool> {
- Ok(self.recently_migrated_super_key.contains(&user_id)
+ Ok(self.recently_imported_super_key.contains(&user_id)
|| self.legacy_loader.has_super_key(user_id))
}
fn check_empty(&self) -> u8 {
if self.legacy_loader.is_empty().unwrap_or(false) {
- LegacyMigrator::STATE_EMPTY
+ LegacyImporter::STATE_EMPTY
} else {
- LegacyMigrator::STATE_READY
+ LegacyImporter::STATE_READY
}
}
}
diff --git a/keystore2/src/lib.rs b/keystore2/src/lib.rs
index 134f707..0a80763 100644
--- a/keystore2/src/lib.rs
+++ b/keystore2/src/lib.rs
@@ -29,7 +29,7 @@
/// Internal Representation of Key Parameter and convenience functions.
pub mod key_parameter;
pub mod legacy_blob;
-pub mod legacy_migrator;
+pub mod legacy_importer;
pub mod maintenance;
pub mod metrics;
pub mod metrics_store;
diff --git a/keystore2/src/maintenance.rs b/keystore2/src/maintenance.rs
index c0f1e1e..71f43d6 100644
--- a/keystore2/src/maintenance.rs
+++ b/keystore2/src/maintenance.rs
@@ -19,7 +19,7 @@
use crate::error::map_or_log_err;
use crate::error::Error;
use crate::globals::get_keymint_device;
-use crate::globals::{DB, LEGACY_MIGRATOR, SUPER_KEY};
+use crate::globals::{DB, LEGACY_IMPORTER, SUPER_KEY};
use crate::permission::{KeyPerm, KeystorePerm};
use crate::super_key::{SuperKeyManager, UserState};
use crate::utils::{
@@ -88,7 +88,7 @@
.with(|db| {
skm.reset_or_init_user_and_get_user_state(
&mut db.borrow_mut(),
- &LEGACY_MIGRATOR,
+ &LEGACY_IMPORTER,
user_id as u32,
password.as_ref(),
)
@@ -115,7 +115,7 @@
DB.with(|db| {
SUPER_KEY.write().unwrap().reset_user(
&mut db.borrow_mut(),
- &LEGACY_MIGRATOR,
+ &LEGACY_IMPORTER,
user_id as u32,
false,
)
@@ -130,7 +130,7 @@
// Permission check. Must return on error. Do not touch the '?'.
check_keystore_permission(KeystorePerm::ClearUID).context("In clear_namespace.")?;
- LEGACY_MIGRATOR
+ LEGACY_IMPORTER
.bulk_delete_uid(domain, nspace)
.context("In clear_namespace: Trying to delete legacy keys.")?;
DB.with(|db| db.borrow_mut().unbind_keys_for_namespace(domain, nspace))
@@ -148,7 +148,7 @@
.with(|db| {
SUPER_KEY.read().unwrap().get_user_state(
&mut db.borrow_mut(),
- &LEGACY_MIGRATOR,
+ &LEGACY_IMPORTER,
user_id as u32,
)
})
@@ -256,8 +256,8 @@
};
DB.with(|db| {
- let (key_id_guard, _) = LEGACY_MIGRATOR
- .with_try_migrate(source, src_uid, || {
+ let (key_id_guard, _) = LEGACY_IMPORTER
+ .with_try_import(source, src_uid, || {
db.borrow_mut().load_key_entry(
source,
KeyType::Client,
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 83f0bee..eefbc20 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -20,7 +20,7 @@
};
use crate::database::{CertificateInfo, KeyIdGuard};
use crate::error::{self, map_km_error, map_or_log_err, Error, ErrorCode};
-use crate::globals::{DB, ENFORCEMENTS, LEGACY_MIGRATOR, SUPER_KEY};
+use crate::globals::{DB, ENFORCEMENTS, LEGACY_IMPORTER, SUPER_KEY};
use crate::key_parameter::KeyParameter as KsKeyParam;
use crate::key_parameter::KeyParameterValue as KsKeyParamValue;
use crate::metrics_store::log_key_creation_event_stats;
@@ -164,7 +164,7 @@
.unwrap()
.handle_super_encryption_on_key_init(
&mut db,
- &LEGACY_MIGRATOR,
+ &LEGACY_IMPORTER,
&(key.domain),
&key_parameters,
flags,
@@ -245,7 +245,7 @@
_ => {
let (key_id_guard, mut key_entry) = DB
.with::<_, Result<(KeyIdGuard, KeyEntry)>>(|db| {
- LEGACY_MIGRATOR.with_try_migrate(key, caller_uid, || {
+ LEGACY_IMPORTER.with_try_import(key, caller_uid, || {
db.borrow_mut().load_key_entry(
key,
KeyType::Client,
@@ -723,7 +723,7 @@
let (wrapping_key_id_guard, mut wrapping_key_entry) = DB
.with(|db| {
- LEGACY_MIGRATOR.with_try_migrate(&key, caller_uid, || {
+ LEGACY_IMPORTER.with_try_import(&key, caller_uid, || {
db.borrow_mut().load_key_entry(
wrapping_key,
KeyType::Client,
diff --git a/keystore2/src/service.rs b/keystore2/src/service.rs
index 2725dc2..46bc8b0 100644
--- a/keystore2/src/service.rs
+++ b/keystore2/src/service.rs
@@ -26,7 +26,7 @@
};
use crate::{
database::Uuid,
- globals::{create_thread_local_db, DB, LEGACY_BLOB_LOADER, LEGACY_MIGRATOR},
+ globals::{create_thread_local_db, DB, LEGACY_BLOB_LOADER, LEGACY_IMPORTER},
};
use crate::{database::KEYSTORE_UUID, permission};
use crate::{
@@ -81,7 +81,7 @@
}
let uuid_by_sec_level = result.uuid_by_sec_level.clone();
- LEGACY_MIGRATOR
+ LEGACY_IMPORTER
.set_init(move || {
(create_thread_local_db(), uuid_by_sec_level, LEGACY_BLOB_LOADER.clone())
})
@@ -132,7 +132,7 @@
let caller_uid = ThreadState::get_calling_uid();
let (key_id_guard, mut key_entry) = DB
.with(|db| {
- LEGACY_MIGRATOR.with_try_migrate(key, caller_uid, || {
+ LEGACY_IMPORTER.with_try_import(key, caller_uid, || {
db.borrow_mut().load_key_entry(
key,
KeyType::Client,
@@ -183,7 +183,7 @@
) -> Result<()> {
let caller_uid = ThreadState::get_calling_uid();
DB.with::<_, Result<()>>(|db| {
- let entry = match LEGACY_MIGRATOR.with_try_migrate(key, caller_uid, || {
+ let entry = match LEGACY_IMPORTER.with_try_import(key, caller_uid, || {
db.borrow_mut().load_key_entry(
key,
KeyType::Client,
@@ -292,7 +292,7 @@
fn delete_key(&self, key: &KeyDescriptor) -> Result<()> {
let caller_uid = ThreadState::get_calling_uid();
DB.with(|db| {
- LEGACY_MIGRATOR.with_try_migrate(key, caller_uid, || {
+ LEGACY_IMPORTER.with_try_import(key, caller_uid, || {
db.borrow_mut().unbind_key(key, KeyType::Client, caller_uid, |k, av| {
check_key_permission(KeyPerm::Delete, k, &av).context("During delete_key.")
})
@@ -310,7 +310,7 @@
) -> Result<KeyDescriptor> {
let caller_uid = ThreadState::get_calling_uid();
DB.with(|db| {
- LEGACY_MIGRATOR.with_try_migrate(key, caller_uid, || {
+ LEGACY_IMPORTER.with_try_import(key, caller_uid, || {
db.borrow_mut().grant(
key,
caller_uid,
diff --git a/keystore2/src/super_key.rs b/keystore2/src/super_key.rs
index 6862011..2fb4991 100644
--- a/keystore2/src/super_key.rs
+++ b/keystore2/src/super_key.rs
@@ -26,7 +26,7 @@
error::ResponseCode,
key_parameter::{KeyParameter, KeyParameterValue},
legacy_blob::LegacyBlobLoader,
- legacy_migrator::LegacyMigrator,
+ legacy_importer::LegacyImporter,
raw_device::KeyMintDevice,
utils::watchdog as wd,
utils::AID_KEYSTORE,
@@ -507,7 +507,7 @@
fn super_key_exists_in_db_for_user(
&self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
user_id: UserId,
) -> Result<bool> {
let key_in_db = db
@@ -517,7 +517,7 @@
if key_in_db {
Ok(key_in_db)
} else {
- legacy_migrator
+ legacy_importer
.has_super_key(user_id)
.context("In super_key_exists_in_db_for_user: Trying to query legacy db.")
}
@@ -529,13 +529,13 @@
pub fn check_and_unlock_super_key(
&mut self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
user_id: UserId,
pw: &Password,
) -> Result<UserState> {
let alias = &USER_SUPER_KEY;
- let result = legacy_migrator
- .with_try_migrate_super_key(user_id, pw, || db.load_super_key(alias, user_id))
+ let result = legacy_importer
+ .with_try_import_super_key(user_id, pw, || db.load_super_key(alias, user_id))
.context("In check_and_unlock_super_key. Failed to load super key")?;
match result {
@@ -558,12 +558,12 @@
pub fn check_and_initialize_super_key(
&mut self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
user_id: UserId,
pw: Option<&Password>,
) -> Result<UserState> {
let super_key_exists_in_db = self
- .super_key_exists_in_db_for_user(db, legacy_migrator, user_id)
+ .super_key_exists_in_db_for_user(db, legacy_importer, user_id)
.context("In check_and_initialize_super_key. Failed to check if super key exists.")?;
if super_key_exists_in_db {
Ok(UserState::LskfLocked)
@@ -691,12 +691,12 @@
fn super_encrypt_on_key_init(
&self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
user_id: UserId,
key_blob: &[u8],
) -> Result<(Vec<u8>, BlobMetaData)> {
match self
- .get_user_state(db, legacy_migrator, user_id)
+ .get_user_state(db, legacy_importer, user_id)
.context("In super_encrypt. Failed to get user state.")?
{
UserState::LskfUnlocked(super_key) => {
@@ -737,7 +737,7 @@
pub fn handle_super_encryption_on_key_init(
&self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
domain: &Domain,
key_parameters: &[KeyParameter],
flags: Option<i32>,
@@ -747,7 +747,7 @@
match Enforcements::super_encryption_required(domain, key_parameters, flags) {
SuperEncryptionType::None => Ok((key_blob.to_vec(), BlobMetaData::new())),
SuperEncryptionType::LskfBound => self
- .super_encrypt_on_key_init(db, legacy_migrator, user_id, key_blob)
+ .super_encrypt_on_key_init(db, legacy_importer, user_id, key_blob)
.context(concat!(
"In handle_super_encryption_on_key_init. ",
"Failed to super encrypt with LskfBound key."
@@ -1086,11 +1086,11 @@
/// Returns the keystore locked state of the given user. It requires the thread local
/// keystore database and a reference to the legacy migrator because it may need to
- /// migrate the super key from the legacy blob database to the keystore database.
+ /// import the super key from the legacy blob database to the keystore database.
pub fn get_user_state(
&self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
user_id: UserId,
) -> Result<UserState> {
match self.get_per_boot_key_by_user_id(user_id) {
@@ -1099,7 +1099,7 @@
// Check if a super key exists in the database or legacy database.
// If so, return locked user state.
if self
- .super_key_exists_in_db_for_user(db, legacy_migrator, user_id)
+ .super_key_exists_in_db_for_user(db, legacy_importer, user_id)
.context("In get_user_state.")?
{
Ok(UserState::LskfLocked)
@@ -1123,7 +1123,7 @@
pub fn reset_or_init_user_and_get_user_state(
&mut self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
user_id: UserId,
password: Option<&Password>,
) -> Result<UserState> {
@@ -1131,7 +1131,7 @@
Some(_) if password.is_none() => {
// Transitioning to swiping, delete only the super key in database and cache,
// and super-encrypted keys in database (and in KM).
- self.reset_user(db, legacy_migrator, user_id, true).context(
+ self.reset_user(db, legacy_importer, user_id, true).context(
"In reset_or_init_user_and_get_user_state: Trying to delete keys from the db.",
)?;
// Lskf is now removed in Keystore.
@@ -1147,7 +1147,7 @@
// If so, return LskfLocked state.
// Otherwise, i) if the password is provided, initialize the super key and return
// LskfUnlocked state ii) if password is not provided, return Uninitialized state.
- self.check_and_initialize_super_key(db, legacy_migrator, user_id, password)
+ self.check_and_initialize_super_key(db, legacy_importer, user_id, password)
}
}
}
@@ -1158,7 +1158,7 @@
pub fn unlock_and_get_user_state(
&mut self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
user_id: UserId,
password: &Password,
) -> Result<UserState> {
@@ -1172,7 +1172,7 @@
// If not, return Uninitialized state.
// Otherwise, try to unlock the super key and if successful,
// return LskfUnlocked.
- self.check_and_unlock_super_key(db, legacy_migrator, user_id, password)
+ self.check_and_unlock_super_key(db, legacy_importer, user_id, password)
.context("In unlock_and_get_user_state. Failed to unlock super key.")
}
}
@@ -1184,12 +1184,12 @@
pub fn reset_user(
&mut self,
db: &mut KeystoreDB,
- legacy_migrator: &LegacyMigrator,
+ legacy_importer: &LegacyImporter,
user_id: UserId,
keep_non_super_encrypted_keys: bool,
) -> Result<()> {
// Mark keys created on behalf of the user as unreferenced.
- legacy_migrator
+ legacy_importer
.bulk_delete_user(user_id, keep_non_super_encrypted_keys)
.context("In reset_user: Trying to delete legacy keys.")?;
db.unbind_keys_for_user(user_id, keep_non_super_encrypted_keys)
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 82e6700..c924bef 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs
@@ -20,7 +20,7 @@
use crate::permission::{KeyPerm, KeyPermSet, KeystorePerm};
use crate::{
database::{KeyType, KeystoreDB},
- globals::LEGACY_MIGRATOR,
+ globals::LEGACY_IMPORTER,
};
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
KeyCharacteristics::KeyCharacteristics, Tag::Tag,
@@ -211,7 +211,7 @@
) -> Result<Vec<KeyDescriptor>> {
let mut result = Vec::new();
result.append(
- &mut LEGACY_MIGRATOR
+ &mut LEGACY_IMPORTER
.list_uid(domain, namespace)
.context("In list_key_entries: Trying to list legacy keys.")?,
);