Deprecate put and return error in ILegacyKeystore
Legacy keystore is a old relic that was suppoed to be
disabled a while ago. It has enabled functionality that was
supposed to be removed but wasn't because it would break
changes in the VPN and WIFI code. This would begin the
process of permanently removing it.
Test: atest CtsKeystoreTestCases
Change-Id: Iedc1dca24a40eb0cf30c5280fc2842ff79cf7f17
diff --git a/keystore2/aconfig/flags.aconfig b/keystore2/aconfig/flags.aconfig
index 41e1a92..1ed1d9a 100644
--- a/keystore2/aconfig/flags.aconfig
+++ b/keystore2/aconfig/flags.aconfig
@@ -9,7 +9,7 @@
}
flag {
- name: "disable_legacy_keystore_put"
+ name: "disable_legacy_keystore_put_v2"
namespace: "hardware_backed_security"
description: "This flag disables legacy keystore put and makes it so that command returns an error"
bug: "307460850"
diff --git a/keystore2/legacykeystore/Android.bp b/keystore2/legacykeystore/Android.bp
index 505b165..7a61378 100644
--- a/keystore2/legacykeystore/Android.bp
+++ b/keystore2/legacykeystore/Android.bp
@@ -31,6 +31,7 @@
"android.security.legacykeystore-rust",
"libanyhow",
"libbinder_rs",
+ "libkeystore2_flags_rust",
"liblog_rust",
"librusqlite",
"librustutils",
@@ -43,6 +44,7 @@
defaults: ["liblegacykeystore-rust_defaults"],
rustlibs: [
"libkeystore2",
+ "libkeystore2_flags_rust",
"librusqlite",
],
}
@@ -59,6 +61,7 @@
"libbinder_rs",
"libkeystore2",
"libkeystore2_test_utils",
+ "libkeystore2_flags_rust",
"liblog_rust",
"librusqlite",
"librustutils",
diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs
index 55224f7..6be272b 100644
--- a/keystore2/legacykeystore/lib.rs
+++ b/keystore2/legacykeystore/lib.rs
@@ -121,6 +121,12 @@
}
fn put(&mut self, caller_uid: u32, alias: &str, entry: &[u8]) -> Result<()> {
+ if keystore2_flags::disable_legacy_keystore_put_v2() {
+ return Err(Error::deprecated()).context(concat!(
+ "Storing into Keystore's legacy database is ",
+ "no longer supported, store in an app-specific database instead"
+ ));
+ }
self.with_transaction(TransactionBehavior::Immediate, |tx| {
tx.execute(
"INSERT OR REPLACE INTO profiles (owner, alias, profile) values (?, ?, ?)",
@@ -201,6 +207,11 @@
pub fn perm() -> Self {
Error::Error(ERROR_PERMISSION_DENIED)
}
+
+ /// Short hand for `Error::Error(ERROR_SYSTEM_ERROR)`
+ pub fn deprecated() -> Self {
+ Error::Error(ERROR_SYSTEM_ERROR)
+ }
}
/// This function should be used by legacykeystore service calls to translate error conditions
@@ -332,6 +343,12 @@
}
fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> Result<()> {
+ if keystore2_flags::disable_legacy_keystore_put_v2() {
+ return Err(Error::deprecated()).context(concat!(
+ "Storing into Keystore's legacy database is ",
+ "no longer supported, store in an app-specific database instead"
+ ));
+ }
let uid = Self::get_effective_uid(uid).context("In put.")?;
let mut db = self.open_db().context("In put.")?;
db.put(uid, alias, entry).context("In put: Trying to insert entry into DB.")?;