keystore/permissions.h - android_system_security - Gitiles

 /*
  * Copyright (C) 2016 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #ifndef KEYSTORE_PERMISSIONS_H_
 #define KEYSTORE_PERMISSIONS_H_

 #include <unistd.h>

 /* Here are the permissions, actions, users, and the main function. */
 enum perm_t {
     P_GET_STATE = 1 << 0,
     P_GET = 1 << 1,
     P_INSERT = 1 << 2,
     P_DELETE = 1 << 3,
     P_EXIST = 1 << 4,
     P_LIST = 1 << 5,
     P_RESET = 1 << 6,
     P_PASSWORD = 1 << 7,
     P_LOCK = 1 << 8,
     P_UNLOCK = 1 << 9,
     P_IS_EMPTY = 1 << 10,
     P_SIGN = 1 << 11,
     P_VERIFY = 1 << 12,
     P_GRANT = 1 << 13,
     P_DUPLICATE = 1 << 14,
     P_CLEAR_UID = 1 << 15,
     P_ADD_AUTH = 1 << 16,
     P_USER_CHANGED = 1 << 17,
     P_GEN_UNIQUE_ID = 1 << 18,
 };

 const char* get_perm_label(perm_t perm);

 /**
  * Returns the UID that the callingUid should act as. This is here for
  * legacy support of the WiFi and VPN systems and should be removed
  * when WiFi can operate in its own namespace.
  */
 uid_t get_keystore_euid(uid_t uid);

 /**
  * Returns true if the uid/pid/sid has a permission. Checks based on sid if available.
  *
  * sid may be null on older kernels
  */
 bool has_permission(uid_t uid, perm_t perm, pid_t spid, const char* sid);

 /**
  * Returns true if the callingUid is allowed to interact in the targetUid's
  * namespace.
  */
 bool is_granted_to(uid_t callingUid, uid_t targetUid);

 int configure_selinux();

 /*
  * Keystore grants.
  *
  * What are keystore grants?
  *
  * Keystore grants are a mechanism that allows an app to grant the permission to use one of its
  * keys to an other app.
  *
  * Liftime of a grant:
  *
  * A keystore grant is ephemeral in that is never persistently stored. When the keystore process
  * exits, all grants are lost. Also, grants can be explicitly revoked by the granter by invoking
  * the ungrant operation.
  *
  * What happens when a grant is created?
  *
  * The grant operation expects a valid key alias and the uid of the grantee, i.e., the app that
  * shall be allowed to use the key denoted by the alias. It then makes an entry in the grant store
  * which generates a new alias of the form <alias>_KEYSTOREGRANT_<random_grant_no_>. This grant
  * alias is returned to the caller which can pass the new alias to the grantee. For every grantee,
  * the grant store keeps a set of grants, an entry of which holds the following information:
  *  - the owner of the key by uid, aka granter uid,
  *  - the original alias of the granted key, and
  *  - the random grant number.
  * (See "grant_store.h:class Grant")
  *
  * What happens when a grant is used?
  *
  * Upon any keystore operation that expects an alias, the alias and the caller's uid are used
  * to retrieve a key file. If that fails some operations try to retrieve a key file indirectly
  * through a grant. These operations include:
  *  - attestKey
  *  - begin
  *  - exportKey
  *  - get
  *  - getKeyCharacteristics
  *  - del
  *  - exist
  *  - getmtime
  * Operations that DO NOT follow the grant indirection are:
  *  - import
  *  - generate
  *  - grant
  *  - ungrant
  * Especially, the latter two mean that neither can a grantee transitively grant a granted key
  * to a third, nor can they relinquish access to the key or revoke access to the key by a third.
  */

 #endif  // KEYSTORE_PERMISSIONS_H_
	/*
	* Copyright (C) 2016 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#ifndef KEYSTORE_PERMISSIONS_H_
	#define KEYSTORE_PERMISSIONS_H_

	#include <unistd.h>

	/* Here are the permissions, actions, users, and the main function. */
	enum perm_t {
	P_GET_STATE = 1 << 0,
	P_GET = 1 << 1,
	P_INSERT = 1 << 2,
	P_DELETE = 1 << 3,
	P_EXIST = 1 << 4,
	P_LIST = 1 << 5,
	P_RESET = 1 << 6,
	P_PASSWORD = 1 << 7,
	P_LOCK = 1 << 8,
	P_UNLOCK = 1 << 9,
	P_IS_EMPTY = 1 << 10,
	P_SIGN = 1 << 11,
	P_VERIFY = 1 << 12,
	P_GRANT = 1 << 13,
	P_DUPLICATE = 1 << 14,
	P_CLEAR_UID = 1 << 15,
	P_ADD_AUTH = 1 << 16,
	P_USER_CHANGED = 1 << 17,
	P_GEN_UNIQUE_ID = 1 << 18,
	};

	const char* get_perm_label(perm_t perm);

	/**
	* Returns the UID that the callingUid should act as. This is here for
	* legacy support of the WiFi and VPN systems and should be removed
	* when WiFi can operate in its own namespace.
	*/
	uid_t get_keystore_euid(uid_t uid);

	/**
	* Returns true if the uid/pid/sid has a permission. Checks based on sid if available.
	*
	* sid may be null on older kernels
	*/
	bool has_permission(uid_t uid, perm_t perm, pid_t spid, const char* sid);

	/**
	* Returns true if the callingUid is allowed to interact in the targetUid's
	* namespace.
	*/
	bool is_granted_to(uid_t callingUid, uid_t targetUid);

	int configure_selinux();

	/*
	* Keystore grants.
	*
	* What are keystore grants?
	*
	* Keystore grants are a mechanism that allows an app to grant the permission to use one of its
	* keys to an other app.
	*
	* Liftime of a grant:
	*
	* A keystore grant is ephemeral in that is never persistently stored. When the keystore process
	* exits, all grants are lost. Also, grants can be explicitly revoked by the granter by invoking
	* the ungrant operation.
	*
	* What happens when a grant is created?
	*
	* The grant operation expects a valid key alias and the uid of the grantee, i.e., the app that
	* shall be allowed to use the key denoted by the alias. It then makes an entry in the grant store
	* which generates a new alias of the form <alias>_KEYSTOREGRANT_<random_grant_no_>. This grant
	* alias is returned to the caller which can pass the new alias to the grantee. For every grantee,
	* the grant store keeps a set of grants, an entry of which holds the following information:
	* - the owner of the key by uid, aka granter uid,
	* - the original alias of the granted key, and
	* - the random grant number.
	* (See "grant_store.h:class Grant")
	*
	* What happens when a grant is used?
	*
	* Upon any keystore operation that expects an alias, the alias and the caller's uid are used
	* to retrieve a key file. If that fails some operations try to retrieve a key file indirectly
	* through a grant. These operations include:
	* - attestKey
	* - begin
	* - exportKey
	* - get
	* - getKeyCharacteristics
	* - del
	* - exist
	* - getmtime
	* Operations that DO NOT follow the grant indirection are:
	* - import
	* - generate
	* - grant
	* - ungrant
	* Especially, the latter two mean that neither can a grantee transitively grant a granted key
	* to a third, nor can they relinquish access to the key or revoke access to the key by a third.
	*/

	#endif // KEYSTORE_PERMISSIONS_H_