Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / de45c8b9995a6f8ebd3bc13c15ee0deba1a5e1ea^! / . / keystore2 / src / security_level.rs
commitde45c8b9995a6f8ebd3bc13c15ee0deba1a5e1ea[log] [tgz]
authorAndrew Walbran <qwandor@google.com>Tue Apr 13 14:42:38 2021 +0000
committerAndrew Walbran <qwandor@google.com>Fri Apr 16 16:56:36 2021 +0000
tree2490e03f1063a9d1bebd8e953bb0203695466e11
parent2295dae96257d1db8b3f8e5d04a6591b55ac33dd [diff] [blame]
Moving set_requesting_sid to new_binder method.

Bug: 178852354
Test: mm
Change-Id: Ib6af028b19d36965ad2de62c8ddc52936b6abec2

diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index c654c02..8530a2e 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs

@@ -22,6 +22,7 @@
     KeyMintHardwareInfo::KeyMintHardwareInfo, KeyParameter::KeyParameter,
     KeyParameterValue::KeyParameterValue, SecurityLevel::SecurityLevel, Tag::Tag,
 };
+use android_hardware_security_keymint::binder::{BinderFeatures, Strong, ThreadState};
 use android_system_keystore2::aidl::android::system::keystore2::{
     AuthenticatorSpec::AuthenticatorSpec, CreateOperationResponse::CreateOperationResponse,
     Domain::Domain, IKeystoreOperation::IKeystoreOperation,
@@ -57,7 +58,6 @@
     utils::key_characteristics_to_internal,
 };
 use anyhow::{anyhow, Context, Result};
-use binder::{IBinderInternal, Strong, ThreadState};
 
 /// Implementation of the IKeystoreSecurityLevel Interface.
 pub struct KeystoreSecurityLevel {
@@ -79,8 +79,8 @@
 
 impl KeystoreSecurityLevel {
     /// Creates a new security level instance wrapped in a
-    /// BnKeystoreSecurityLevel proxy object. It also
-    /// calls `IBinderInternal::set_requesting_sid` on the new interface, because
+    /// BnKeystoreSecurityLevel proxy object. It also enables
+    /// `BinderFeatures::set_requesting_sid` on the new interface, because
     /// we need it for checking keystore permissions.
     pub fn new_native_binder(
         security_level: SecurityLevel,
@@ -88,16 +88,18 @@
     ) -> Result<(Strong<dyn IKeystoreSecurityLevel>, Uuid)> {
         let (dev, hw_info, km_uuid) = get_keymint_device(&security_level)
             .context("In KeystoreSecurityLevel::new_native_binder.")?;
-        let result = BnKeystoreSecurityLevel::new_binder(Self {
-            security_level,
-            keymint: dev,
-            hw_info,
-            km_uuid,
-            operation_db: OperationDb::new(),
-            rem_prov_state: RemProvState::new(security_level, km_uuid),
-            id_rotation_state,
-        });
-        result.as_binder().set_requesting_sid(true);
+        let result = BnKeystoreSecurityLevel::new_binder(
+            Self {
+                security_level,
+                keymint: dev,
+                hw_info,
+                km_uuid,
+                operation_db: OperationDb::new(),
+                rem_prov_state: RemProvState::new(security_level, km_uuid),
+                id_rotation_state,
+            },
+            BinderFeatures { set_requesting_sid: true, ..BinderFeatures::default() },
+        );
         Ok((result, km_uuid))
     }