Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / abfc6f99d13121026b41da69bc01a8ea8a67d0bc^1..abfc6f99d13121026b41da69bc01a8ea8a67d0bc / .
commitabfc6f99d13121026b41da69bc01a8ea8a67d0bc[log] [tgz]
authorShaquille Johnson <ssjohnson@google.com>Tue Nov 28 17:41:16 2023 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Nov 28 17:41:16 2023 +0000
treeab80fd9a90d13f2358e6f557d674a8f054c9e167
parentc705c146ba17aaafbaed56a1bafa8c352b9c3aa3 [diff]
parent2dc300aee07133e4c3c9c3e1871f9280658f9e0a [diff]
Merge "Deprecate put and return error in ILegacyKeystore" into main am: 2dc300aee0

Original change: https://android-review.googlesource.com/c/platform/system/security/+/2797796

Change-Id: I0c99eff2ad660c565b2dba1c8e41293c33a7394d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/keystore2/aconfig/flags.aconfig b/keystore2/aconfig/flags.aconfig
index 725df2a..7bdb007 100644
--- a/keystore2/aconfig/flags.aconfig
+++ b/keystore2/aconfig/flags.aconfig

@@ -9,7 +9,7 @@
 }
 
 flag {
-  name: "disable_legacy_keystore_put"
+  name: "disable_legacy_keystore_put_v2"
   namespace: "hardware_backed_security"
   description: "This flag disables legacy keystore put and makes it so that command returns an error"
   bug: "307460850"

diff --git a/keystore2/legacykeystore/Android.bp b/keystore2/legacykeystore/Android.bp
index accc8b2..8cb7289 100644
--- a/keystore2/legacykeystore/Android.bp
+++ b/keystore2/legacykeystore/Android.bp

@@ -31,6 +31,7 @@
         "android.security.legacykeystore-rust",
         "libanyhow",
         "libbinder_rs",
+        "libkeystore2_flags_rust",
         "liblog_rust",
         "libkeystore2_flags_rust",
         "librusqlite",
@@ -44,6 +45,7 @@
     defaults: ["liblegacykeystore-rust_defaults"],
     rustlibs: [
         "libkeystore2",
+        "libkeystore2_flags_rust",
         "librusqlite",
     ],
 }
@@ -61,6 +63,7 @@
         "libkeystore2",
         "libkeystore2_flags_rust",
         "libkeystore2_test_utils",
+        "libkeystore2_flags_rust",
         "liblog_rust",
         "librusqlite",
         "librustutils",

diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs
index edc530a..cf61482 100644
--- a/keystore2/legacykeystore/lib.rs
+++ b/keystore2/legacykeystore/lib.rs

@@ -127,6 +127,12 @@
     }
 
     fn put(&mut self, caller_uid: u32, alias: &str, entry: &[u8]) -> Result<()> {
+        if keystore2_flags::disable_legacy_keystore_put_v2() {
+            return Err(Error::deprecated()).context(concat!(
+                "Storing into Keystore's legacy database is ",
+                "no longer supported, store in an app-specific database instead"
+            ));
+        }
         self.with_transaction(TransactionBehavior::Immediate, |tx| {
             tx.execute(
                 "INSERT OR REPLACE INTO profiles (owner, alias, profile) values (?, ?, ?)",
@@ -207,6 +213,11 @@
     pub fn perm() -> Self {
         Error::Error(ERROR_PERMISSION_DENIED)
     }
+
+    /// Short hand for `Error::Error(ERROR_SYSTEM_ERROR)`
+    pub fn deprecated() -> Self {
+        Error::Error(ERROR_SYSTEM_ERROR)
+    }
 }
 
 /// This function should be used by legacykeystore service calls to translate error conditions
@@ -338,6 +349,12 @@
     }
 
     fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> Result<()> {
+        if keystore2_flags::disable_legacy_keystore_put_v2() {
+            return Err(Error::deprecated()).context(concat!(
+                "Storing into Keystore's legacy database is ",
+                "no longer supported, store in an app-specific database instead"
+            ));
+        }
         let uid = Self::get_effective_uid(uid).context("In put.")?;
         let mut db = self.open_db().context("In put.")?;
         db.put(uid, alias, entry).context("In put: Trying to insert entry into DB.")?;