Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 16db29efdc1db15197f7e86e9f4e48e8e4ffdd7a^! / . / keystore2 / src / utils.rs
commit16db29efdc1db15197f7e86e9f4e48e8e4ffdd7a[log] [tgz]
authorJohn Wu <topjohnwu@google.com>Thu Jan 13 15:21:43 2022 -0800
committerJohn Wu <topjohnwu@google.com>Thu Jan 13 15:21:43 2022 -0800
treee6e27e4f1b0a5ab0ce2d34d37c6776a139fd7287
parentd966d9e59697fff8830e1bb49010b85c0f51743c [diff] [blame]
keystore2 support for app UID migration

- Update migrate_key_namespace to accept specific UIDs for APP domain
  source and destination key descriptors
- Add new API to maintenance service to query a list of aliases for
  specified app UIDs

Test: atest SharedUserMigrationTest#testDataMigration (in internal)
Bug: 211665859
Change-Id: Ica06a8cd7c3f7b85f58d5953a22231cf7e9a1d7f

diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index f6d92ee..82e6700 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs

@@ -18,6 +18,10 @@
 use crate::error::{map_binder_status, Error, ErrorCode};
 use crate::permission;
 use crate::permission::{KeyPerm, KeyPermSet, KeystorePerm};
+use crate::{
+    database::{KeyType, KeystoreDB},
+    globals::LEGACY_MIGRATOR,
+};
 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
     KeyCharacteristics::KeyCharacteristics, Tag::Tag,
 };
@@ -27,9 +31,9 @@
     ResponseCode::ResponseCode as ApcResponseCode,
 };
 use android_system_keystore2::aidl::android::system::keystore2::{
-    Authorization::Authorization, KeyDescriptor::KeyDescriptor,
+    Authorization::Authorization, Domain::Domain, KeyDescriptor::KeyDescriptor,
 };
-use anyhow::Context;
+use anyhow::{Context, Result};
 use binder::{Strong, ThreadState};
 use keystore2_apc_compat::{
     ApcCompatUiOptions, APC_COMPAT_ERROR_ABORTED, APC_COMPAT_ERROR_CANCELLED,
@@ -199,6 +203,28 @@
     rustutils::users::multiuser_get_user_id(uid)
 }
 
+/// List all key aliases for a given domain + namespace.
+pub fn list_key_entries(
+    db: &mut KeystoreDB,
+    domain: Domain,
+    namespace: i64,
+) -> Result<Vec<KeyDescriptor>> {
+    let mut result = Vec::new();
+    result.append(
+        &mut LEGACY_MIGRATOR
+            .list_uid(domain, namespace)
+            .context("In list_key_entries: Trying to list legacy keys.")?,
+    );
+    result.append(
+        &mut db
+            .list(domain, namespace, KeyType::Client)
+            .context("In list_key_entries: Trying to list keystore database.")?,
+    );
+    result.sort_unstable();
+    result.dedup();
+    Ok(result)
+}
+
 /// This module provides helpers for simplified use of the watchdog module.
 #[cfg(feature = "watchdog")]
 pub mod watchdog {