Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f9f5545824277837e882bac26545c85eb3e174a5^! / . / keystore / grant_store.h
commitf9f5545824277837e882bac26545c85eb3e174a5[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Thu Sep 21 11:29:47 2017 -0700
committerJanis Danisevskis <jdanis@google.com>Mon Oct 02 12:21:14 2017 -0700
tree138e12e2810770d2f1830dc838fa72c26f1f6b39
parent947a7c710e1731e2b384c793312bc47df54bd1a6 [diff] [blame]
Fix multiple issues with the keystore grant mechanism

1. Ungrant did not check the callers uid which allowed any caller
   to remove grants to any key.
2. Grants were not removed when a key was deleted.
3. clean_uid did not clear the grant cache of the target uid.
   This would leave state grants that could have been used
   by a new app that happend to get the same uid as the one
   that was previously uninstalled.
4. Various paths did not respect grants: del, exist, getmtime
   The del path was particularly awkward because it is required
   by upgradeKeyBlob. This means it must work when a key that needs
   upgrading is accessed through a grant alias.

Bug: 65851049
Merged-In: I6709b7562d47ad6156bee88a9e2d961f8a4a797d
Change-Id: I6709b7562d47ad6156bee88a9e2d961f8a4a797d

diff --git a/keystore/grant_store.h b/keystore/grant_store.h
index ab03630..6341c76 100644
--- a/keystore/grant_store.h
+++ b/keystore/grant_store.h

@@ -34,10 +34,12 @@
 public:
     Grant(const std::string& alias, const std::string& owner_dir_name, const uid_t owner_uid,
           const uint64_t grant_no);
-    std::string alias_;
-    std::string owner_dir_name_;
-    uid_t owner_uid_;
-    uint64_t grant_no_;
+    // the following three field are used to recover the key filename that the grant refers to
+    std::string alias_;            ///< original/wrapped key alias
+    std::string owner_dir_name_;   ///< key owner key directory
+    uid_t owner_uid_;              ///< key owner uid
+
+    uint64_t grant_no_;            ///< numeric grant identifier - randomly assigned
 
     operator const uint64_t&() const { return grant_no_; }
 };
@@ -57,7 +59,9 @@
     std::string put(const uid_t uid, const std::string& alias, const std::string& owner_dir_name,
                     const uid_t owner_uid);
     const Grant* get(const uid_t uid, const std::string& alias) const;
-    bool removeByFileAlias(const uid_t uid, const std::string& alias);
+    bool removeByFileAlias(const uid_t granteeUid, const uid_t granterUid, const std::string& alias);
+    void removeAllGrantsToKey(const uid_t granterUid, const std::string& alias);
+    void removeAllGrantsToUid(const uid_t granteeUid);
 
     // GrantStore is neither copyable nor movable.
     GrantStore(const GrantStore&) = delete;