Revert "Implement addAuthToken method of IKeystoreAuthorization ..."
Revert "Integrate IKeystoreAuthorization aidl's addAuthToken wit..."
Revert submission 1519257-rename_auth_service
Reason for revert: breaking WM presubmit, b/177787180
Reverted Changes:
Ib847b68d4:Integrate IKeystoreAuthorization aidl's addAuthTok...
I7893ab452:Integrate IKeystoreAuthorization aidl's addAuthTok...
I4a092119c:Implement addAuthToken method of IKeystoreAuthoriz...
Change-Id: I02a8495484f21c6fa523450641bc4c59abf649de
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index bf91e4b..354a6d6 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -20,7 +20,6 @@
rustlibs: [
"android.hardware.security.keymint-rust",
"android.security.apc-rust",
- "android.security.authorization-rust",
"android.security.compat-rust",
"android.system.keystore2-rust",
"libanyhow",
@@ -49,9 +48,9 @@
rustlibs: [
"android.hardware.security.keymint-rust",
"android.security.apc-rust",
- "android.security.authorization-rust",
"android.security.compat-rust",
"android.system.keystore2-rust",
+ "android.hardware.security.keymint-rust",
"libandroid_logger",
"libanyhow",
"libbinder_rs",
diff --git a/keystore2/aidl/Android.bp b/keystore2/aidl/Android.bp
index 696f38e..0d05dfe 100644
--- a/keystore2/aidl/Android.bp
+++ b/keystore2/aidl/Android.bp
@@ -28,8 +28,8 @@
}
aidl_interface {
- name: "android.security.authorization",
- srcs: [ "android/security/authorization/*.aidl" ],
+ name: "android.security.authorizations",
+ srcs: [ "android/security/authorizations/*.aidl" ],
imports: [ "android.hardware.security.keymint" ],
unstable: true,
backend: {
diff --git a/keystore2/aidl/android/security/authorization/IKeystoreAuthorization.aidl b/keystore2/aidl/android/security/authorizations/IKeystoreAuthorization.aidl
similarity index 96%
rename from keystore2/aidl/android/security/authorization/IKeystoreAuthorization.aidl
rename to keystore2/aidl/android/security/authorizations/IKeystoreAuthorization.aidl
index 48364f4..d3e80ee 100644
--- a/keystore2/aidl/android/security/authorization/IKeystoreAuthorization.aidl
+++ b/keystore2/aidl/android/security/authorizations/IKeystoreAuthorization.aidl
@@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-package android.security.authorization;
+package android.security.authorizations;
import android.hardware.security.keymint.HardwareAuthToken;
diff --git a/keystore2/src/authorization.rs b/keystore2/src/authorization.rs
deleted file mode 100644
index 08ae07c..0000000
--- a/keystore2/src/authorization.rs
+++ /dev/null
@@ -1,68 +0,0 @@
-// Copyright 2020, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! This module implements IKeyAuthorization AIDL interface.
-
-use crate::error::map_or_log_err;
-use crate::globals::ENFORCEMENTS;
-use crate::permission::KeystorePerm;
-use crate::utils::check_keystore_permission;
-use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
- HardwareAuthToken::HardwareAuthToken, HardwareAuthenticatorType::HardwareAuthenticatorType,
- Timestamp::Timestamp,
-};
-use android_security_authorization::binder::{Interface, Result as BinderResult};
-use android_security_authorization:: aidl::android::security::authorization::IKeystoreAuthorization::{
- BnKeystoreAuthorization, IKeystoreAuthorization,
-};
-use anyhow::{Context, Result};
-use binder::IBinder;
-
-/// This struct is defined to implement the aforementioned AIDL interface.
-/// As of now, it is an empty struct.
-pub struct AuthorizationManager;
-
-impl AuthorizationManager {
- /// Create a new instance of Keystore Authorization service.
- pub fn new_native_binder() -> Result<impl IKeystoreAuthorization> {
- let result = BnKeystoreAuthorization::new_binder(Self);
- result.as_binder().set_requesting_sid(true);
- Ok(result)
- }
-
- fn add_auth_token(&self, auth_token: &HardwareAuthToken) -> Result<()> {
- //check keystore permission
- check_keystore_permission(KeystorePerm::add_auth()).context("In add_auth_token.")?;
-
- //TODO: Keymint's HardwareAuthToken aidl needs to implement Copy/Clone
- let auth_token_copy = HardwareAuthToken {
- challenge: auth_token.challenge,
- userId: auth_token.userId,
- authenticatorId: auth_token.authenticatorId,
- authenticatorType: HardwareAuthenticatorType(auth_token.authenticatorType.0),
- timestamp: Timestamp { milliSeconds: auth_token.timestamp.milliSeconds },
- mac: auth_token.mac.clone(),
- };
- ENFORCEMENTS.add_auth_token(auth_token_copy)?;
- Ok(())
- }
-}
-
-impl Interface for AuthorizationManager {}
-
-impl IKeystoreAuthorization for AuthorizationManager {
- fn addAuthToken(&self, auth_token: &HardwareAuthToken) -> BinderResult<()> {
- map_or_log_err(self.add_auth_token(auth_token), Ok)
- }
-}
diff --git a/keystore2/src/keystore2_main.rs b/keystore2/src/keystore2_main.rs
index c75cfc8..8607eef 100644
--- a/keystore2/src/keystore2_main.rs
+++ b/keystore2/src/keystore2_main.rs
@@ -16,7 +16,6 @@
use binder::Interface;
use keystore2::apc::ApcManager;
-use keystore2::authorization::AuthorizationManager;
use keystore2::background_task_handler::Message;
use keystore2::globals::{BACKGROUND_TASK_HANDLER, ENFORCEMENTS};
use keystore2::service::KeystoreService;
@@ -26,7 +25,6 @@
static KS2_SERVICE_NAME: &str = "android.system.keystore2";
static APC_SERVICE_NAME: &str = "android.security.apc";
-static AUTHORIZATION_SERVICE_NAME: &str = "android.security.authorization";
/// Keystore 2.0 takes one argument which is a path indicating its designated working directory.
fn main() {
@@ -80,14 +78,6 @@
panic!("Failed to register service {} because of {:?}.", APC_SERVICE_NAME, e);
});
- let authorization_service = AuthorizationManager::new_native_binder().unwrap_or_else(|e| {
- panic!("Failed to create service {} because of {:?}.", AUTHORIZATION_SERVICE_NAME, e);
- });
- binder::add_service(AUTHORIZATION_SERVICE_NAME, authorization_service.as_binder())
- .unwrap_or_else(|e| {
- panic!("Failed to register service {} because of {:?}.", AUTHORIZATION_SERVICE_NAME, e);
- });
-
info!("Successfully registered Keystore 2.0 service.");
info!("Joining thread pool now.");
diff --git a/keystore2/src/lib.rs b/keystore2/src/lib.rs
index 240998e..f73cd59 100644
--- a/keystore2/src/lib.rs
+++ b/keystore2/src/lib.rs
@@ -17,7 +17,6 @@
pub mod apc;
pub mod auth_token_handler;
-pub mod authorization;
pub mod background_task_handler;
pub mod database;
pub mod enforcements;