Keystore 2.0: Adding uuid field to persistent.keyentry
This change adds a uuid field to map keys to KM devices to the keyentry
table. For now, the security level reported by the KeyMint instance's
hardware info is uased as uuid until the hardware info returns an
actual uuid. This security level may differ from the security level
requested by keystore clients in some situations, e.g., when running a
pure software implementation or on chrome os.
Test: atest keystore2_test
Change-Id: I4b9556804eb6a435ac48d5929fc238e22c23d94d
diff --git a/keystore2/src/gc.rs b/keystore2/src/gc.rs
index b5bdd98..692cb7e 100644
--- a/keystore2/src/gc.rs
+++ b/keystore2/src/gc.rs
@@ -18,7 +18,7 @@
//! optionally dispose of sensitive key material appropriately, and then delete
//! the key entry from the database.
-use crate::globals::{get_keymint_device, DB};
+use crate::globals::{get_keymint_dev_by_uuid, DB};
use crate::{error::map_km_error, globals::ASYNC_TASK};
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::IKeyMintDevice::IKeyMintDevice;
use anyhow::Result;
@@ -42,7 +42,9 @@
if let Some((key_id, mut key_entry)) = db.get_unreferenced_key()? {
if let Some(blob) = key_entry.take_km_blob() {
let km_dev: Box<dyn IKeyMintDevice> =
- get_keymint_device(key_entry.sec_level())?.get_interface()?;
+ get_keymint_dev_by_uuid(key_entry.km_uuid())
+ .map(|(dev, _)| dev)?
+ .get_interface()?;
if let Err(e) = map_km_error(km_dev.deleteKey(&blob)) {
// Log but ignore error.
log::error!("Error trying to delete key. {:?}", e);