Cleanup keystore API
Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.
(cherry-picked from commit 9443616391a705856b2cad026afb69dc23a346e9)
Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp
index ab31418..1d9d48d 100644
--- a/keystore/IKeystoreService.cpp
+++ b/keystore/IKeystoreService.cpp
@@ -397,19 +397,20 @@
}
// test ping
- virtual int32_t test()
+ virtual int32_t getState(int32_t userId)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
- status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
+ data.writeInt32(userId);
+ status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
if (status != NO_ERROR) {
- ALOGD("test() could not contact remote: %d\n", status);
+ ALOGD("getState() could not contact remote: %d\n", status);
return -1;
}
int32_t err = reply.readExceptionCode();
int32_t ret = reply.readInt32();
if (err < 0) {
- ALOGD("test() caught exception %d\n", err);
+ ALOGD("getState() caught exception %d\n", err);
return -1;
}
return ret;
@@ -513,15 +514,15 @@
return ret;
}
- virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
+ virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
- data.writeString16(name);
+ data.writeString16(prefix);
data.writeInt32(uid);
- status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
+ status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
if (status != NO_ERROR) {
- ALOGD("saw() could not contact remote: %d\n", status);
+ ALOGD("list() could not contact remote: %d\n", status);
return -1;
}
int32_t err = reply.readExceptionCode();
@@ -531,7 +532,7 @@
}
int32_t ret = reply.readInt32();
if (err < 0) {
- ALOGD("saw() caught exception %d\n", err);
+ ALOGD("list() caught exception %d\n", err);
return -1;
}
return ret;
@@ -576,10 +577,11 @@
return ret;
}
- virtual int32_t lock()
+ virtual int32_t lock(int32_t userId)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
+ data.writeInt32(userId);
status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
if (status != NO_ERROR) {
ALOGD("lock() could not contact remote: %d\n", status);
@@ -614,22 +616,23 @@
return ret;
}
- virtual int32_t zero()
+ virtual bool isEmpty(int32_t userId)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
- status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
+ data.writeInt32(userId);
+ status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
if (status != NO_ERROR) {
- ALOGD("zero() could not contact remote: %d\n", status);
- return -1;
+ ALOGD("isEmpty() could not contact remote: %d\n", status);
+ return false;
}
int32_t err = reply.readExceptionCode();
int32_t ret = reply.readInt32();
if (err < 0) {
- ALOGD("zero() caught exception %d\n", err);
- return -1;
+ ALOGD("isEmpty() caught exception %d\n", err);
+ return false;
}
- return ret;
+ return ret != 0;
}
virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
@@ -788,26 +791,6 @@
return 0;
}
- virtual int32_t del_key(const String16& name, int uid)
- {
- Parcel data, reply;
- data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
- data.writeString16(name);
- data.writeInt32(uid);
- status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
- if (status != NO_ERROR) {
- ALOGD("del_key() could not contact remote: %d\n", status);
- return -1;
- }
- int32_t err = reply.readExceptionCode();
- int32_t ret = reply.readInt32();
- if (err < 0) {
- ALOGD("del_key() caught exception %d\n", err);
- return -1;
- }
- return ret;
- }
-
virtual int32_t grant(const String16& name, int32_t granteeUid)
{
Parcel data, reply;
@@ -928,64 +911,6 @@
return ret;
}
- virtual int32_t reset_uid(int32_t uid) {
- Parcel data, reply;
- data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
- data.writeInt32(uid);
- status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
- if (status != NO_ERROR) {
- ALOGD("reset_uid() could not contact remote: %d\n", status);
- return -1;
- }
- int32_t err = reply.readExceptionCode();
- int32_t ret = reply.readInt32();
- if (err < 0) {
- ALOGD("reset_uid() caught exception %d\n", err);
- return -1;
- }
- return ret;
-
- }
-
- virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
- {
- Parcel data, reply;
- data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
- data.writeInt32(sourceUid);
- data.writeInt32(targetUid);
- status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
- if (status != NO_ERROR) {
- ALOGD("sync_uid() could not contact remote: %d\n", status);
- return -1;
- }
- int32_t err = reply.readExceptionCode();
- int32_t ret = reply.readInt32();
- if (err < 0) {
- ALOGD("sync_uid() caught exception %d\n", err);
- return -1;
- }
- return ret;
- }
-
- virtual int32_t password_uid(const String16& password, int32_t uid)
- {
- Parcel data, reply;
- data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
- data.writeString16(password);
- data.writeInt32(uid);
- status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
- if (status != NO_ERROR) {
- ALOGD("password_uid() could not contact remote: %d\n", status);
- return -1;
- }
- int32_t err = reply.readExceptionCode();
- int32_t ret = reply.readInt32();
- if (err < 0) {
- ALOGD("password_uid() caught exception %d\n", err);
- return -1;
- }
- return ret;
- }
virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
{
Parcel data, reply;
@@ -1341,9 +1266,10 @@
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
switch(code) {
- case TEST: {
+ case GET_STATE: {
CHECK_INTERFACE(IKeystoreService, data, reply);
- int32_t ret = test();
+ int32_t userId = data.readInt32();
+ int32_t ret = getState(userId);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
@@ -1401,12 +1327,12 @@
reply->writeInt32(ret);
return NO_ERROR;
} break;
- case SAW: {
+ case LIST: {
CHECK_INTERFACE(IKeystoreService, data, reply);
- String16 name = data.readString16();
+ String16 prefix = data.readString16();
int uid = data.readInt32();
Vector<String16> matches;
- int32_t ret = saw(name, uid, &matches);
+ int32_t ret = list(prefix, uid, &matches);
reply->writeNoException();
reply->writeInt32(matches.size());
Vector<String16>::const_iterator it = matches.begin();
@@ -1434,7 +1360,8 @@
} break;
case LOCK: {
CHECK_INTERFACE(IKeystoreService, data, reply);
- int32_t ret = lock();
+ int32_t userId = data.readInt32();
+ int32_t ret = lock(userId);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
@@ -1448,11 +1375,12 @@
reply->writeInt32(ret);
return NO_ERROR;
} break;
- case ZERO: {
+ case IS_EMPTY: {
CHECK_INTERFACE(IKeystoreService, data, reply);
- int32_t ret = zero();
+ int32_t userId = data.readInt32();
+ bool ret = isEmpty(userId);
reply->writeNoException();
- reply->writeInt32(ret);
+ reply->writeInt32(ret ? 1 : 0);
return NO_ERROR;
} break;
case GENERATE: {
@@ -1574,15 +1502,6 @@
reply->writeInt32(ret);
return NO_ERROR;
} break;
- case DEL_KEY: {
- CHECK_INTERFACE(IKeystoreService, data, reply);
- String16 name = data.readString16();
- int uid = data.readInt32();
- int32_t ret = del_key(name, uid);
- reply->writeNoException();
- reply->writeInt32(ret);
- return NO_ERROR;
- } break;
case GRANT: {
CHECK_INTERFACE(IKeystoreService, data, reply);
String16 name = data.readString16();
@@ -1636,32 +1555,6 @@
reply->writeInt32(ret);
return NO_ERROR;
}
- case RESET_UID: {
- CHECK_INTERFACE(IKeystoreService, data, reply);
- int32_t uid = data.readInt32();
- int32_t ret = reset_uid(uid);
- reply->writeNoException();
- reply->writeInt32(ret);
- return NO_ERROR;
- }
- case SYNC_UID: {
- CHECK_INTERFACE(IKeystoreService, data, reply);
- int32_t sourceUid = data.readInt32();
- int32_t targetUid = data.readInt32();
- int32_t ret = sync_uid(sourceUid, targetUid);
- reply->writeNoException();
- reply->writeInt32(ret);
- return NO_ERROR;
- }
- case PASSWORD_UID: {
- CHECK_INTERFACE(IKeystoreService, data, reply);
- String16 password = data.readString16();
- int32_t uid = data.readInt32();
- int32_t ret = password_uid(password, uid);
- reply->writeNoException();
- reply->writeInt32(ret);
- return NO_ERROR;
- }
case ADD_RNG_ENTROPY: {
CHECK_INTERFACE(IKeystoreService, data, reply);
const uint8_t* bytes = NULL;
diff --git a/keystore/include/keystore/IKeystoreService.h b/keystore/include/keystore/IKeystoreService.h
index 7fdfe38..d208325 100644
--- a/keystore/include/keystore/IKeystoreService.h
+++ b/keystore/include/keystore/IKeystoreService.h
@@ -98,50 +98,46 @@
class IKeystoreService: public IInterface {
public:
enum {
- TEST = IBinder::FIRST_CALL_TRANSACTION + 0,
+ GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0,
GET = IBinder::FIRST_CALL_TRANSACTION + 1,
INSERT = IBinder::FIRST_CALL_TRANSACTION + 2,
DEL = IBinder::FIRST_CALL_TRANSACTION + 3,
EXIST = IBinder::FIRST_CALL_TRANSACTION + 4,
- SAW = IBinder::FIRST_CALL_TRANSACTION + 5,
+ LIST = IBinder::FIRST_CALL_TRANSACTION + 5,
RESET = IBinder::FIRST_CALL_TRANSACTION + 6,
ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7,
LOCK = IBinder::FIRST_CALL_TRANSACTION + 8,
UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9,
- ZERO = IBinder::FIRST_CALL_TRANSACTION + 10,
+ IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10,
GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11,
IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12,
SIGN = IBinder::FIRST_CALL_TRANSACTION + 13,
VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14,
GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15,
- DEL_KEY = IBinder::FIRST_CALL_TRANSACTION + 16,
- GRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
- UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 18,
- GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 19,
- DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 20,
- IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 21,
- CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 22,
- RESET_UID = IBinder::FIRST_CALL_TRANSACTION + 23,
- SYNC_UID = IBinder::FIRST_CALL_TRANSACTION + 24,
- PASSWORD_UID = IBinder::FIRST_CALL_TRANSACTION + 25,
- ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 26,
- GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 27,
- GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 28,
- IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 29,
- EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 30,
- BEGIN = IBinder::FIRST_CALL_TRANSACTION + 31,
- UPDATE = IBinder::FIRST_CALL_TRANSACTION + 32,
- FINISH = IBinder::FIRST_CALL_TRANSACTION + 33,
- ABORT = IBinder::FIRST_CALL_TRANSACTION + 34,
- IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 35,
- ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 36,
- ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 37,
- ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 38,
+ GRANT = IBinder::FIRST_CALL_TRANSACTION + 16,
+ UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
+ GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18,
+ DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19,
+ IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20,
+ CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21,
+ ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22,
+ GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23,
+ GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24,
+ IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25,
+ EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26,
+ BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27,
+ UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28,
+ FINISH = IBinder::FIRST_CALL_TRANSACTION + 29,
+ ABORT = IBinder::FIRST_CALL_TRANSACTION + 30,
+ IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31,
+ ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32,
+ ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33,
+ ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34,
};
DECLARE_META_INTERFACE(KeystoreService);
- virtual int32_t test() = 0;
+ virtual int32_t getState(int32_t userId) = 0;
virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength) = 0;
@@ -152,17 +148,17 @@
virtual int32_t exist(const String16& name, int uid) = 0;
- virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches) = 0;
+ virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches) = 0;
virtual int32_t reset() = 0;
virtual int32_t onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0;
- virtual int32_t lock() = 0;
+ virtual int32_t lock(int32_t userId) = 0;
virtual int32_t unlock(int32_t userId, const String16& password) = 0;
- virtual int32_t zero() = 0;
+ virtual bool isEmpty(int32_t userId) = 0;
virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
int32_t flags, Vector<sp<KeystoreArg> >* args) = 0;
@@ -178,8 +174,6 @@
virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) = 0;
- virtual int32_t del_key(const String16& name, int uid) = 0;
-
virtual int32_t grant(const String16& name, int32_t granteeUid) = 0;
virtual int32_t ungrant(const String16& name, int32_t granteeUid) = 0;
@@ -193,12 +187,6 @@
virtual int32_t clear_uid(int64_t uid) = 0;
- virtual int32_t reset_uid(int32_t uid) = 0;
-
- virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid) = 0;
-
- virtual int32_t password_uid(const String16& password, int32_t uid) = 0;
-
virtual int32_t addRngEntropy(const uint8_t* data, size_t dataLength) = 0;
virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 3068756..6bcbace 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -152,27 +152,24 @@
/* Here are the permissions, actions, users, and the main function. */
typedef enum {
- P_TEST = 1 << 0,
+ P_GET_STATE = 1 << 0,
P_GET = 1 << 1,
P_INSERT = 1 << 2,
P_DELETE = 1 << 3,
P_EXIST = 1 << 4,
- P_SAW = 1 << 5,
+ P_LIST = 1 << 5,
P_RESET = 1 << 6,
P_PASSWORD = 1 << 7,
P_LOCK = 1 << 8,
P_UNLOCK = 1 << 9,
- P_ZERO = 1 << 10,
+ P_IS_EMPTY = 1 << 10,
P_SIGN = 1 << 11,
P_VERIFY = 1 << 12,
P_GRANT = 1 << 13,
P_DUPLICATE = 1 << 14,
P_CLEAR_UID = 1 << 15,
- P_RESET_UID = 1 << 16,
- P_SYNC_UID = 1 << 17,
- P_PASSWORD_UID = 1 << 18,
- P_ADD_AUTH = 1 << 19,
- P_USER_CHANGED = 1 << 20,
+ P_ADD_AUTH = 1 << 16,
+ P_USER_CHANGED = 1 << 17,
} perm_t;
static struct user_euid {
@@ -186,25 +183,22 @@
/* perm_labels associcated with keystore_key SELinux class verbs. */
const char *perm_labels[] = {
- "test",
+ "get_state",
"get",
"insert",
"delete",
"exist",
- "saw",
+ "list",
"reset",
"password",
"lock",
"unlock",
- "zero",
+ "is_empty",
"sign",
"verify",
"grant",
"duplicate",
"clear_uid",
- "reset_uid",
- "sync_uid",
- "password_uid",
"add_auth",
"user_changed",
};
@@ -219,8 +213,8 @@
{AID_ROOT, static_cast<perm_t>(P_GET) },
};
-static const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_TEST | P_GET | P_INSERT | P_DELETE | P_EXIST | P_SAW | P_SIGN
- | P_VERIFY);
+static const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_GET_STATE | P_GET | P_INSERT | P_DELETE
+ | P_EXIST | P_LIST | P_SIGN | P_VERIFY);
static char *tctx;
static int ks_is_selinux_enabled;
@@ -1069,7 +1063,7 @@
android::String8 prefix("");
android::Vector<android::String16> aliases;
UserState* userState = getUserState(userId);
- if (saw(prefix, &aliases, userId) != ::NO_ERROR) {
+ if (list(prefix, &aliases, userId) != ::NO_ERROR) {
return;
}
for (uint32_t i = 0; i < aliases.size(); i++) {
@@ -1225,7 +1219,7 @@
return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR;
}
- ResponseCode saw(const android::String8& prefix, android::Vector<android::String16> *matches,
+ ResponseCode list(const android::String8& prefix, android::Vector<android::String16> *matches,
uid_t userId) {
UserState* userState = getUserState(userId);
@@ -1679,12 +1673,12 @@
}
}
- int32_t test() {
- if (!checkBinderPermission(P_TEST)) {
+ int32_t getState(int32_t userId) {
+ if (!checkBinderPermission(P_GET_STATE)) {
return ::PERMISSION_DENIED;
}
- return mKeyStore->getState(get_user_id(IPCThreadState::self()->getCallingUid()));
+ return mKeyStore->getState(userId);
}
int32_t get(const String16& name, uint8_t** item, size_t* itemLength) {
@@ -1755,15 +1749,15 @@
return ::NO_ERROR;
}
- int32_t saw(const String16& prefix, int targetUid, Vector<String16>* matches) {
+ int32_t list(const String16& prefix, int targetUid, Vector<String16>* matches) {
targetUid = getEffectiveUid(targetUid);
- if (!checkBinderPermission(P_SAW, targetUid)) {
+ if (!checkBinderPermission(P_LIST, targetUid)) {
return ::PERMISSION_DENIED;
}
const String8 prefix8(prefix);
String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid));
- if (mKeyStore->saw(filename, matches, get_user_id(targetUid)) != ::NO_ERROR) {
+ if (mKeyStore->list(filename, matches, get_user_id(targetUid)) != ::NO_ERROR) {
return ::SYSTEM_ERROR;
}
return ::NO_ERROR;
@@ -1845,12 +1839,11 @@
return ::NO_ERROR;
}
- int32_t lock() {
+ int32_t lock(int32_t userId) {
if (!checkBinderPermission(P_LOCK)) {
return ::PERMISSION_DENIED;
}
- uid_t userId = get_user_id(IPCThreadState::self()->getCallingUid());
State state = mKeyStore->getState(userId);
if (state != ::STATE_NO_ERROR) {
ALOGD("calling lock in state: %d", state);
@@ -1877,13 +1870,12 @@
return mKeyStore->readMasterKey(password8, userId);
}
- int32_t zero() {
- if (!checkBinderPermission(P_ZERO)) {
- return -1;
+ bool isEmpty(int32_t userId) {
+ if (!checkBinderPermission(P_IS_EMPTY)) {
+ return false;
}
- uid_t callingUid = IPCThreadState::self()->getCallingUid();
- return mKeyStore->isEmpty(get_user_id(callingUid)) ? ::KEY_NOT_FOUND : ::NO_ERROR;
+ return mKeyStore->isEmpty(userId);
}
int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize,
@@ -2172,10 +2164,6 @@
return ::NO_ERROR;
}
- int32_t del_key(const String16& name, int targetUid) {
- return del(name, targetUid);
- }
-
int32_t grant(const String16& name, int32_t granteeUid) {
uid_t callingUid = IPCThreadState::self()->getCallingUid();
int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT);
@@ -2315,7 +2303,7 @@
String8 prefix = String8::format("%u_", targetUid);
Vector<String16> aliases;
- if (mKeyStore->saw(prefix, &aliases, get_user_id(targetUid)) != ::NO_ERROR) {
+ if (mKeyStore->list(prefix, &aliases, get_user_id(targetUid)) != ::NO_ERROR) {
return ::SYSTEM_ERROR;
}
@@ -2327,52 +2315,6 @@
return ::NO_ERROR;
}
- int32_t reset_uid(int32_t targetUid) {
- // TODO: Remove this method from the binder interface
- targetUid = getEffectiveUid(targetUid);
- return onUserPasswordChanged(get_user_id(targetUid), String16(""));
- }
-
- int32_t sync_uid(int32_t sourceUid, int32_t targetUid) {
- if (!checkBinderPermission(P_SYNC_UID, targetUid)) {
- return ::PERMISSION_DENIED;
- }
- uid_t sourceUser = get_user_id(sourceUid);
- uid_t targetUser = get_user_id(targetUid);
-
- if (sourceUser == targetUser) {
- return ::SYSTEM_ERROR;
- }
-
- // Initialise user keystore with existing master key held in-memory
- return mKeyStore->copyMasterKey(sourceUser, targetUser);
- }
-
- int32_t password_uid(const String16& pw, int32_t targetUid) {
- targetUid = getEffectiveUid(targetUid);
- if (!checkBinderPermission(P_PASSWORD, targetUid)) {
- return ::PERMISSION_DENIED;
- }
- const String8 password8(pw);
- uid_t userId = get_user_id(targetUid);
-
- switch (mKeyStore->getState(userId)) {
- case ::STATE_UNINITIALIZED: {
- // generate master key, encrypt with password, write to file, initialize mMasterKey*.
- return mKeyStore->initializeUser(password8, userId);
- }
- case ::STATE_NO_ERROR: {
- // rewrite master key with new password.
- return mKeyStore->writeMasterKey(password8, userId);
- }
- case ::STATE_LOCKED: {
- // read master key, decrypt with password, initialize mMasterKey*.
- return mKeyStore->readMasterKey(password8, userId);
- }
- }
- return ::SYSTEM_ERROR;
- }
-
int32_t addRngEntropy(const uint8_t* data, size_t dataLength) {
const keymaster1_device_t* device = mKeyStore->getDevice();
const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
diff --git a/keystore/keystore_cli.cpp b/keystore/keystore_cli.cpp
index 1391abf..a3088e4 100644
--- a/keystore/keystore_cli.cpp
+++ b/keystore/keystore_cli.cpp
@@ -76,6 +76,24 @@
} \
} while (0)
+#define SINGLE_INT_ARG_INT_RETURN(cmd) \
+ do { \
+ if (strcmp(argv[1], #cmd) == 0) { \
+ if (argc < 3) { \
+ fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \
+ return 1; \
+ } \
+ int32_t ret = service->cmd(atoi(argv[2])); \
+ if (ret < 0) { \
+ fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \
+ return 1; \
+ } else { \
+ printf(#cmd ": %s (%d)\n", responses[ret], ret); \
+ return 0; \
+ } \
+ } \
+ } while (0)
+
#define SINGLE_ARG_PLUS_UID_INT_RETURN(cmd) \
do { \
if (strcmp(argv[1], #cmd) == 0) { \
@@ -145,14 +163,14 @@
} \
} while (0)
-static int saw(sp<IKeystoreService> service, const String16& name, int uid) {
+static int list(sp<IKeystoreService> service, const String16& name, int uid) {
Vector<String16> matches;
- int32_t ret = service->saw(name, uid, &matches);
+ int32_t ret = service->list(name, uid, &matches);
if (ret < 0) {
- fprintf(stderr, "saw: could not connect: %d\n", ret);
+ fprintf(stderr, "list: could not connect: %d\n", ret);
return 1;
} else if (ret != ::NO_ERROR) {
- fprintf(stderr, "saw: %s (%d)\n", responses[ret], ret);
+ fprintf(stderr, "list: %s (%d)\n", responses[ret], ret);
return 1;
} else {
Vector<String16>::const_iterator it = matches.begin();
@@ -183,7 +201,7 @@
* All the commands should return a value
*/
- NO_ARG_INT_RETURN(test);
+ SINGLE_INT_ARG_INT_RETURN(getState);
SINGLE_ARG_DATA_RETURN(get);
@@ -193,8 +211,8 @@
SINGLE_ARG_PLUS_UID_INT_RETURN(exist);
- if (strcmp(argv[1], "saw") == 0) {
- return saw(service, argc < 3 ? String16("") : String16(argv[2]),
+ if (strcmp(argv[1], "list") == 0) {
+ return list(service, argc < 3 ? String16("") : String16(argv[2]),
argc < 4 ? -1 : atoi(argv[3]));
}
@@ -202,18 +220,16 @@
// TODO: notifyUserPasswordChanged
- NO_ARG_INT_RETURN(lock);
+ SINGLE_INT_ARG_INT_RETURN(lock);
// TODO: unlock
- NO_ARG_INT_RETURN(zero);
+ SINGLE_INT_ARG_INT_RETURN(isEmpty);
// TODO: generate
SINGLE_ARG_DATA_RETURN(get_pubkey);
- SINGLE_ARG_PLUS_UID_INT_RETURN(del_key);
-
// TODO: grant
// TODO: ungrant