commit b88c3eb96625513df4cc998d739d17266ebaf89f
author Kenny Root <kroot@google.com> Wed Feb 13 14:43:43 2013 -0800
committer Kenny Root <kroot@google.com> Wed Feb 13 15:36:58 2013 -0800
tree 98c11c9e7eb1f22e7d059bfb55d79e8fba770041
parent d38a0b07a3104fcb1e747a0fa06641dee8fc058f

keystore: add UID to certain APIs

This will allow explicit indication of which UID to put things under for
trusted UIDs (e.g., system UID) in a future change instead of putting
things only in the calling UID.

Change-Id: Ifc321a714d874a1142890138101ce4166906f413

keystore/keystore.cpp

diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index ef64f33..bd4e564 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -978,7 +978,7 @@
         return ::NO_ERROR;
     }
 
-    int32_t insert(const String16& name, const uint8_t* item, size_t itemLength) {
+    int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid) {
         uid_t callingUid = IPCThreadState::self()->getCallingUid();
         if (!has_permission(callingUid, P_INSERT)) {
             ALOGW("permission denied for %d: insert", callingUid);
@@ -986,6 +986,10 @@
         }
         callingUid = get_keystore_euid(callingUid);
 
+        if (uid != -1) {
+            return ::PERMISSION_DENIED;
+        }
+
         State state = checkState();
         if (state != STATE_NO_ERROR) {
             ALOGD("calling insert in state: %d", state);
@@ -1001,7 +1005,7 @@
         return mKeyStore->put(filename, &keyBlob);
     }
 
-    int32_t del(const String16& name) {
+    int32_t del(const String16& name, int uid) {
         uid_t callingUid = IPCThreadState::self()->getCallingUid();
         if (!has_permission(callingUid, P_DELETE)) {
             ALOGW("permission denied for %d: del", callingUid);
@@ -1009,6 +1013,10 @@
         }
         callingUid = get_keystore_euid(callingUid);
 
+        if (uid != -1) {
+            return ::PERMISSION_DENIED;
+        }
+
         String8 name8(name);
         char filename[NAME_MAX];
 
@@ -1022,7 +1030,7 @@
         return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR;
     }
 
-    int32_t exist(const String16& name) {
+    int32_t exist(const String16& name, int uid) {
         uid_t callingUid = IPCThreadState::self()->getCallingUid();
         if (!has_permission(callingUid, P_EXIST)) {
             ALOGW("permission denied for %d: exist", callingUid);
@@ -1030,6 +1038,10 @@
         }
         callingUid = get_keystore_euid(callingUid);
 
+        if (uid != -1) {
+            return ::PERMISSION_DENIED;
+        }
+
         String8 name8(name);
         char filename[NAME_MAX];
 
@@ -1041,7 +1053,7 @@
         return ::NO_ERROR;
     }
 
-    int32_t saw(const String16& prefix, Vector<String16>* matches) {
+    int32_t saw(const String16& prefix, int uid, Vector<String16>* matches) {
         uid_t callingUid = IPCThreadState::self()->getCallingUid();
         if (!has_permission(callingUid, P_SAW)) {
             ALOGW("permission denied for %d: saw", callingUid);
@@ -1049,6 +1061,10 @@
         }
         callingUid = get_keystore_euid(callingUid);
 
+        if (uid != -1) {
+            return ::PERMISSION_DENIED;
+        }
+
         DIR* dir = opendir(".");
         if (!dir) {
             return ::SYSTEM_ERROR;
@@ -1186,7 +1202,7 @@
         return mKeyStore->isEmpty() ? ::KEY_NOT_FOUND : ::NO_ERROR;
     }
 
-    int32_t generate(const String16& name) {
+    int32_t generate(const String16& name, int uid) {
         uid_t callingUid = IPCThreadState::self()->getCallingUid();
         if (!has_permission(callingUid, P_INSERT)) {
             ALOGW("permission denied for %d: generate", callingUid);
@@ -1194,6 +1210,10 @@
         }
         callingUid = get_keystore_euid(callingUid);
 
+        if (uid != -1) {
+            return ::PERMISSION_DENIED;
+        }
+
         State state = checkState();
         if (state != STATE_NO_ERROR) {
             ALOGD("calling generate in state: %d", state);
@@ -1233,7 +1253,7 @@
         return mKeyStore->put(filename, &keyBlob);
     }
 
-    int32_t import(const String16& name, const uint8_t* data, size_t length) {
+    int32_t import(const String16& name, const uint8_t* data, size_t length, int uid) {
         uid_t callingUid = IPCThreadState::self()->getCallingUid();
         if (!has_permission(callingUid, P_INSERT)) {
             ALOGW("permission denied for %d: import", callingUid);
@@ -1241,6 +1261,10 @@
         }
         callingUid = get_keystore_euid(callingUid);
 
+        if (uid != -1) {
+            return ::PERMISSION_DENIED;
+        }
+
         State state = checkState();
         if (state != STATE_NO_ERROR) {
             ALOGD("calling import in state: %d", state);
@@ -1408,7 +1432,7 @@
         return ::NO_ERROR;
     }
 
-    int32_t del_key(const String16& name) {
+    int32_t del_key(const String16& name, int uid) {
         uid_t callingUid = IPCThreadState::self()->getCallingUid();
         if (!has_permission(callingUid, P_DELETE)) {
             ALOGW("permission denied for %d: del_key", callingUid);
@@ -1416,6 +1440,10 @@
         }
         callingUid = get_keystore_euid(callingUid);
 
+        if (uid != -1) {
+            return ::PERMISSION_DENIED;
+        }
+
         String8 name8(name);
         char filename[NAME_MAX];