Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 6905c336b29561abf7841cfa1bde5eeab62915e7^! / . / keystore / keystore.cpp
commit6905c336b29561abf7841cfa1bde5eeab62915e7[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Fri Sep 01 13:24:23 2017 -0700
committerJanis Danisevskis <jdanis@google.com>Fri Sep 01 14:58:39 2017 -0700
treed181749f636adfab736c1e1c68a1d2bfede11167
parent66ffb8a4895fb185ffcc88bd3fba78d8737dd022 [diff] [blame]
Fix retreiving characteristics file for grant key

getKeyForName was broken in case the name was a grant name and the
type was TYPE_KEY_CHARACTERISTICS. In this case the key blob instead of
the key characteristics blob was retreived.

Bug: 65200397
Bug: 37264540
Bug: 62237038
Test: run cts-dev --module CtsDevicePolicyManagerTestCases --test
          com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
 	  because it grants a key
Change-Id: I0746d60555b51d47ea19ab05b9da29164c8b71db

diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index ab386ad..a5d482e 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp

@@ -24,6 +24,7 @@
 #include <openssl/bio.h>
 
 #include <utils/String16.h>
+#include <utils/String8.h>
 
 #include <keystore/IKeystoreService.h>
 
@@ -39,6 +40,7 @@
 const android::String16 KeyStore::sRSAKeyType("RSA");
 
 using namespace keystore;
+using android::String8;
 
 KeyStore::KeyStore(Entropy* entropy, const km_device_t& device, const km_device_t& fallback,
                    bool allowNewFallback)
@@ -414,12 +416,13 @@
     return ResponseCode::NO_ERROR;
 }
 
-std::string KeyStore::addGrant(const char* filename, const char* alias, uid_t granteeUid) {
-    return mGrants.put(granteeUid, alias, filename);
+std::string KeyStore::addGrant(const char* alias, uid_t granterUid, uid_t granteeUid) {
+    return mGrants.put(granteeUid, alias, getUserStateByUid(granterUid)->getUserDirName(),
+                       granterUid);
 }
 
-bool KeyStore::removeGrant(const char* filename, uid_t granteeUid) {
-    return mGrants.removeByFileName(granteeUid, filename);
+bool KeyStore::removeGrant(const char* alias, uid_t granteeUid) {
+    return mGrants.removeByFileAlias(granteeUid, alias);
 }
 
 ResponseCode KeyStore::importKey(const uint8_t* key, size_t keyLen, const char* filename,
@@ -519,7 +522,8 @@
     // They might be using a granted key.
     auto grant = mGrants.get(uid, keyName.string());
     if (!grant) return ResponseCode::KEY_NOT_FOUND;
-    filepath8 = grant->key_file_.c_str();
+    filepath8.format("%s/%s", grant->owner_dir_name_.c_str(),
+            getKeyNameForUid(String8(grant->alias_.c_str()), grant->owner_uid_, type).c_str());
 
     // It is a granted key. Try to load it.
     return get(filepath8.string(), keyBlob, type, userId);