Replace cast operator with getValue() for key store return codes
The value of the error code is not intended to be used
in checks, and instead isOk() should be used. A few places
were found which used the error codes directly via the
cast operator. To make it less likely this will happen
in the future unintentionally, the cast operator is being
removed. Some code still wants to access the error code
directly, such as when logging, so getValue() is added
for these cases.
Bug: 119771891
Test: Built for walleye successfully, basic operations with
keystore_cli_v2 tool work correctly.
Change-Id: I46e82d66dc4932472d8a5b2749ece08e398e7c88
diff --git a/keystore/OperationResult.cpp b/keystore/OperationResult.cpp
index f4d2cc6..3ff8bc3 100644
--- a/keystore/OperationResult.cpp
+++ b/keystore/OperationResult.cpp
@@ -46,7 +46,7 @@
}
status_t OperationResult::writeToParcel(Parcel* out) const {
- out->writeInt32(resultCode);
+ out->writeInt32(resultCode.getErrorCode());
out->writeStrongBinder(token);
out->writeInt64(handle);
out->writeInt32(inputConsumed);
diff --git a/keystore/include/keystore/KeystoreResponse.h b/keystore/include/keystore/KeystoreResponse.h
index f892585..5ad260d 100644
--- a/keystore/include/keystore/KeystoreResponse.h
+++ b/keystore/include/keystore/KeystoreResponse.h
@@ -35,7 +35,7 @@
explicit KeystoreResponse(const int response_code)
: response_code_(response_code), error_msg_() {}
KeystoreResponse(const ::keystore::KeyStoreServiceReturnCode& rc)
- : response_code_(int32_t(rc)), error_msg_() {}
+ : response_code_(rc.getErrorCode()), error_msg_() {}
KeystoreResponse(const KeystoreResponse& other)
: response_code_(other.response_code_), error_msg_() {
if (other.error_msg_) {
diff --git a/keystore/include/keystore/keystore_return_types.h b/keystore/include/keystore/keystore_return_types.h
index fa4a224..e091447 100644
--- a/keystore/include/keystore/keystore_return_types.h
+++ b/keystore/include/keystore/keystore_return_types.h
@@ -64,7 +64,7 @@
errorCode_ == static_cast<int32_t>(ErrorCode::OK);
}
- inline operator int32_t() const {
+ inline int32_t getErrorCode() const {
if (!errorCode_) return static_cast<int32_t>(ResponseCode::NO_ERROR /* 1 */);
return errorCode_;
}
@@ -99,7 +99,7 @@
}
inline std::ostream& operator<<(std::ostream& out, const KeyStoreServiceReturnCode& error) {
- return out << int32_t(error);
+ return out << error.getErrorCode();
}
/**
@@ -137,7 +137,7 @@
return errorCode_ == static_cast<int32_t>(ResponseCode::NO_ERROR) ||
errorCode_ == static_cast<int32_t>(ErrorCode::OK);
}
- inline operator int32_t() const {
+ inline int32_t getErrorCode() const {
if (errorCode_ == static_cast<int32_t>(ResponseCode::NO_ERROR) /* 1 */) {
return static_cast<int32_t>(ErrorCode::OK) /* 0 */;
}
@@ -175,13 +175,13 @@
inline KeyStoreNativeReturnCode::KeyStoreNativeReturnCode(
const KeyStoreServiceReturnCode& errorCode)
- : errorCode_(int32_t(errorCode)) {}
+ : errorCode_(errorCode.getErrorCode()) {}
inline KeyStoreServiceReturnCode::KeyStoreServiceReturnCode(
const KeyStoreNativeReturnCode& errorCode)
- : errorCode_(int32_t(errorCode)) {}
+ : errorCode_(errorCode.getErrorCode()) {}
inline std::ostream& operator<<(std::ostream& out, const KeyStoreNativeReturnCode& error) {
- return out << int32_t(error);
+ return out << error.getErrorCode();
}
} // namespace keystore
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index aa177b6..2f17848 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -83,8 +83,7 @@
[&](const KeyParameter& param) { return param.tag == tag; });
}
-#define AIDL_RETURN(rc) \
- (*_aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(rc)), Status::ok())
+#define AIDL_RETURN(rc) (*_aidl_return = KeyStoreServiceReturnCode(rc).getErrorCode(), Status::ok())
std::pair<KeyStoreServiceReturnCode, bool> hadFactoryResetSinceIdRotation() {
struct stat sbuf;
@@ -190,7 +189,7 @@
KeyStoreServiceReturnCode result =
checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED);
if (!result.isOk()) {
- *aidl_return = static_cast<int32_t>(result);
+ *aidl_return = result.getErrorCode();
return Status::ok();
}
@@ -524,7 +523,7 @@
KeyStoreServiceReturnCode result =
checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
if (!result.isOk()) {
- *aidl_return = static_cast<int32_t>(result);
+ *aidl_return = result.getErrorCode();
return Status::ok();
}
@@ -953,14 +952,14 @@
return Status::ok();
}
if (authTokenAsVector.size() != sizeof(hw_auth_token_t)) {
- *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
+ *aidl_return = KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT).getErrorCode();
return Status::ok();
}
hw_auth_token_t authToken;
memcpy(reinterpret_cast<void*>(&authToken), authTokenAsVector.data(), sizeof(hw_auth_token_t));
if (authToken.version != 0) {
- *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
+ *aidl_return = KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT).getErrorCode();
return Status::ok();
}
diff --git a/keystore/keymaster_worker.cpp b/keystore/keymaster_worker.cpp
index 6dc055f..a5bcd07 100644
--- a/keystore/keymaster_worker.cpp
+++ b/keystore/keymaster_worker.cpp
@@ -108,7 +108,7 @@
error = keyStore_->del(lockedEntry);
if (!error.isOk()) {
- ALOGI("upgradeKeyBlob keystore->del failed %d", (int)error);
+ ALOGI("upgradeKeyBlob keystore->del failed %d", error.getErrorCode());
return;
}
@@ -121,7 +121,7 @@
error = keyStore_->put(lockedEntry, newBlob, charBlob);
if (!error.isOk()) {
- ALOGI("upgradeKeyBlob keystore->put failed %d", (int)error);
+ ALOGI("upgradeKeyBlob keystore->put failed %d", error.getErrorCode());
return;
}
blob = std::move(newBlob);
@@ -316,7 +316,7 @@
// one operation has been removed.
auto rc = abort(oldest);
if (operationMap_.getOperationCount() >= op_count_before_abort) {
- ALOGE("Failed to abort pruneable operation %p, error: %d", oldest.get(), int32_t(rc));
+ ALOGE("Failed to abort pruneable operation %p, error: %d", oldest.get(), rc.getErrorCode());
return false;
}
return true;
diff --git a/keystore/keystore_aidl_hidl_marshalling_utils.cpp b/keystore/keystore_aidl_hidl_marshalling_utils.cpp
index cdeaf32..49e18f0 100644
--- a/keystore/keystore_aidl_hidl_marshalling_utils.cpp
+++ b/keystore/keystore_aidl_hidl_marshalling_utils.cpp
@@ -219,7 +219,7 @@
}
status_t ExportResult::writeToParcel(Parcel* out) const {
- out->writeInt32(resultCode);
+ out->writeInt32(resultCode.getErrorCode());
return keystore::writeKeymasterBlob(exportData, out);
}
diff --git a/keystore/keystore_cli_v2.cpp b/keystore/keystore_cli_v2.cpp
index 777db33..0500da2 100644
--- a/keystore/keystore_cli_v2.cpp
+++ b/keystore/keystore_cli_v2.cpp
@@ -283,7 +283,7 @@
int AddEntropy(const std::string& input, int32_t flags) {
std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
- int32_t result = keystore->addRandomNumberGeneratorEntropy(input, flags);
+ int32_t result = keystore->addRandomNumberGeneratorEntropy(input, flags).getErrorCode();
printf("AddEntropy: %d\n", result);
return result;
}
@@ -310,12 +310,12 @@
AuthorizationSet software_enforced_characteristics;
auto result = keystore->generateKey(name, params, flags, &hardware_enforced_characteristics,
&software_enforced_characteristics);
- printf("GenerateKey: %d\n", int32_t(result));
+ printf("GenerateKey: %d\n", result.getErrorCode());
if (result.isOk()) {
PrintKeyCharacteristics(hardware_enforced_characteristics,
software_enforced_characteristics);
}
- return result;
+ return result.getErrorCode();
}
int GetCharacteristics(const std::string& name) {
@@ -324,32 +324,32 @@
AuthorizationSet software_enforced_characteristics;
auto result = keystore->getKeyCharacteristics(name, &hardware_enforced_characteristics,
&software_enforced_characteristics);
- printf("GetCharacteristics: %d\n", int32_t(result));
+ printf("GetCharacteristics: %d\n", result.getErrorCode());
if (result.isOk()) {
PrintKeyCharacteristics(hardware_enforced_characteristics,
software_enforced_characteristics);
}
- return result;
+ return result.getErrorCode();
}
int ExportKey(const std::string& name) {
std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
std::string data;
- int32_t result = keystore->exportKey(KeyFormat::X509, name, &data);
+ int32_t result = keystore->exportKey(KeyFormat::X509, name, &data).getErrorCode();
printf("ExportKey: %d (%zu)\n", result, data.size());
return result;
}
int DeleteKey(const std::string& name) {
std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
- int32_t result = keystore->deleteKey(name);
+ int32_t result = keystore->deleteKey(name).getErrorCode();
printf("DeleteKey: %d\n", result);
return result;
}
int DeleteAllKeys() {
std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
- int32_t result = keystore->deleteAllKeys();
+ int32_t result = keystore->deleteAllKeys().getErrorCode();
printf("DeleteAllKeys: %d\n", result);
return result;
}
@@ -413,8 +413,8 @@
auto result =
keystore->beginOperation(KeyPurpose::SIGN, name, sign_params, &output_params, &handle);
if (!result.isOk()) {
- printf("Sign: BeginOperation failed: %d\n", int32_t(result));
- return result;
+ printf("Sign: BeginOperation failed: %d\n", result.getErrorCode());
+ return result.getErrorCode();
}
AuthorizationSet empty_params;
size_t num_input_bytes_consumed;
@@ -422,14 +422,14 @@
result = keystore->updateOperation(handle, empty_params, "data_to_sign",
&num_input_bytes_consumed, &output_params, &output_data);
if (!result.isOk()) {
- printf("Sign: UpdateOperation failed: %d\n", int32_t(result));
- return result;
+ printf("Sign: UpdateOperation failed: %d\n", result.getErrorCode());
+ return result.getErrorCode();
}
result = keystore->finishOperation(handle, empty_params, std::string() /*signature_to_verify*/,
&output_params, &output_data);
if (!result.isOk()) {
- printf("Sign: FinishOperation failed: %d\n", int32_t(result));
- return result;
+ printf("Sign: FinishOperation failed: %d\n", result.getErrorCode());
+ return result.getErrorCode();
}
printf("Sign: %zu bytes.\n", output_data.size());
// We have a signature, now verify it.
@@ -438,24 +438,24 @@
result =
keystore->beginOperation(KeyPurpose::VERIFY, name, sign_params, &output_params, &handle);
if (!result.isOk()) {
- printf("Verify: BeginOperation failed: %d\n", int32_t(result));
- return result;
+ printf("Verify: BeginOperation failed: %d\n", result.getErrorCode());
+ return result.getErrorCode();
}
result = keystore->updateOperation(handle, empty_params, "data_to_sign",
&num_input_bytes_consumed, &output_params, &output_data);
if (!result.isOk()) {
- printf("Verify: UpdateOperation failed: %d\n", int32_t(result));
- return result;
+ printf("Verify: UpdateOperation failed: %d\n", result.getErrorCode());
+ return result.getErrorCode();
}
result = keystore->finishOperation(handle, empty_params, signature_to_verify, &output_params,
&output_data);
if (result == ErrorCode::VERIFICATION_FAILED) {
printf("Verify: Failed to verify signature.\n");
- return result;
+ return result.getErrorCode();
}
if (!result.isOk()) {
- printf("Verify: FinishOperation failed: %d\n", int32_t(result));
- return result;
+ printf("Verify: FinishOperation failed: %d\n", result.getErrorCode());
+ return result.getErrorCode();
}
printf("Verify: OK\n");
return 0;
diff --git a/keystore/keystore_client_impl.cpp b/keystore/keystore_client_impl.cpp
index 18e9eb1..140931b 100644
--- a/keystore/keystore_client_impl.cpp
+++ b/keystore/keystore_client_impl.cpp
@@ -161,7 +161,7 @@
uint64_t handle;
auto result = beginOperation(purpose, key_name, input_parameters, output_parameters, &handle);
if (!result.isOk()) {
- ALOGE("BeginOperation failed: %d", int32_t(result));
+ ALOGE("BeginOperation failed: %d", result.getErrorCode());
return false;
}
AuthorizationSet empty_params;
@@ -170,13 +170,13 @@
result = updateOperation(handle, empty_params, input_data, &num_input_bytes_consumed,
&ignored_params, output_data);
if (!result.isOk()) {
- ALOGE("UpdateOperation failed: %d", int32_t(result));
+ ALOGE("UpdateOperation failed: %d", result.getErrorCode());
return false;
}
result =
finishOperation(handle, empty_params, signature_to_verify, &ignored_params, output_data);
if (!result.isOk()) {
- ALOGE("FinishOperation failed: %d", int32_t(result));
+ ALOGE("FinishOperation failed: %d", result.getErrorCode());
return false;
}
return true;
@@ -467,7 +467,7 @@
if (!verified) {
auto result = deleteKey(key_name);
if (!result.isOk()) {
- ALOGE("Failed to delete invalid encryption key: %d", int32_t(result));
+ ALOGE("Failed to delete invalid encryption key: %d", result.getErrorCode());
return false;
}
key_exists = false;
@@ -485,7 +485,7 @@
generateKey(key_name, key_parameters, flags, &hardware_enforced_characteristics,
&software_enforced_characteristics);
if (!result.isOk()) {
- ALOGE("Failed to generate encryption key: %d", int32_t(result));
+ ALOGE("Failed to generate encryption key: %d", result.getErrorCode());
return false;
}
if (hardware_enforced_characteristics.size() == 0) {
@@ -506,7 +506,7 @@
if (!verified) {
auto result = deleteKey(key_name);
if (!result.isOk()) {
- ALOGE("Failed to delete invalid authentication key: %d", int32_t(result));
+ ALOGE("Failed to delete invalid authentication key: %d", result.getErrorCode());
return false;
}
key_exists = false;
@@ -524,7 +524,7 @@
generateKey(key_name, key_parameters, flags, &hardware_enforced_characteristics,
&software_enforced_characteristics);
if (!result.isOk()) {
- ALOGE("Failed to generate authentication key: %d", int32_t(result));
+ ALOGE("Failed to generate authentication key: %d", result.getErrorCode());
return false;
}
if (hardware_enforced_characteristics.size() == 0) {
@@ -541,7 +541,7 @@
auto result = getKeyCharacteristics(key_name, &hardware_enforced_characteristics,
&software_enforced_characteristics);
if (!result.isOk()) {
- ALOGE("Failed to query encryption key: %d", int32_t(result));
+ ALOGE("Failed to query encryption key: %d", result.getErrorCode());
return false;
}
*verified = true;
@@ -582,7 +582,7 @@
auto result = getKeyCharacteristics(key_name, &hardware_enforced_characteristics,
&software_enforced_characteristics);
if (!result.isOk()) {
- ALOGE("Failed to query authentication key: %d", int32_t(result));
+ ALOGE("Failed to query authentication key: %d", result.getErrorCode());
return false;
}
*verified = true;