Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 3eb829da4de8f335f44a19b9b8f5d58bf9b89588^! / . / keystore2 / src / keystore2_main.rs
commit3eb829da4de8f335f44a19b9b8f5d58bf9b89588[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Mon Jun 14 14:18:20 2021 -0700
committerJanis Danisevskis <jdanis@google.com>Wed Jun 30 12:37:12 2021 -0700
tree15d5e09e9b7e66b1dbe9c003db4334633bc15621
parent30257fa90851e4f1ef3574dcd83cc763ba7ae535 [diff] [blame]
Keystore 2.0: Extend the functionality of the Vpn profile store.

It turns out there are more clients that use Keystore in a creative
way. This patch renames the VpnProfileStore to LegacyKeystore and
extends the functionality such that it allows access to all blobs with
alias prefixes that were not known to Keystore. It also brings back the
option to specify a uid argument. Specifically, for AID_SYSTEM to
manipulate the WIFI namespace.

Test: TBD
Bug: 191373871
Merged-In: Iaf81e7ccaee3c09a465dcec0fd5899b781c31db5
Change-Id: Iaf81e7ccaee3c09a465dcec0fd5899b781c31db5

diff --git a/keystore2/src/keystore2_main.rs b/keystore2/src/keystore2_main.rs
index 53461da..45338c4 100644
--- a/keystore2/src/keystore2_main.rs
+++ b/keystore2/src/keystore2_main.rs

@@ -22,16 +22,16 @@
 use keystore2::service::KeystoreService;
 use keystore2::{apc::ApcManager, shared_secret_negotiation};
 use keystore2::{authorization::AuthorizationManager, id_rotation::IdRotationState};
+use legacykeystore::LegacyKeystore;
 use log::{error, info};
 use std::{panic, path::Path, sync::mpsc::channel};
-use vpnprofilestore::VpnProfileStore;
 
 static KS2_SERVICE_NAME: &str = "android.system.keystore2.IKeystoreService/default";
 static APC_SERVICE_NAME: &str = "android.security.apc";
 static AUTHORIZATION_SERVICE_NAME: &str = "android.security.authorization";
 static REMOTE_PROVISIONING_SERVICE_NAME: &str = "android.security.remoteprovisioning";
 static USER_MANAGER_SERVICE_NAME: &str = "android.security.maintenance";
-static VPNPROFILESTORE_SERVICE_NAME: &str = "android.security.vpnprofilestore";
+static LEGACY_KEYSTORE_SERVICE_NAME: &str = "android.security.legacykeystore";
 
 /// Keystore 2.0 takes one argument which is a path indicating its designated working directory.
 fn main() {
@@ -120,14 +120,14 @@
         });
     }
 
-    let vpnprofilestore = VpnProfileStore::new_native_binder(
+    let legacykeystore = LegacyKeystore::new_native_binder(
         &keystore2::globals::DB_PATH.read().expect("Could not get DB_PATH."),
     );
-    binder::add_service(VPNPROFILESTORE_SERVICE_NAME, vpnprofilestore.as_binder()).unwrap_or_else(
+    binder::add_service(LEGACY_KEYSTORE_SERVICE_NAME, legacykeystore.as_binder()).unwrap_or_else(
         |e| {
             panic!(
                 "Failed to register service {} because of {:?}.",
-                VPNPROFILESTORE_SERVICE_NAME, e
+                LEGACY_KEYSTORE_SERVICE_NAME, e
             );
         },
     );