Blame - keystore2/src/maintenance.rs - android_system_security

2021-08-06 15:13:53 -0700

[diff] [blame]

32

};

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame^]

33

use apex_aidl_interface::aidl::android::apex::{

34

IApexService::IApexService,

35

};

Eric Biggers

2f9498a

2023-10-09 23:16:05 +0000

[diff] [blame]

36

use android_security_maintenance::aidl::android::security::maintenance::IKeystoreMaintenance::{

37

BnKeystoreMaintenance, IKeystoreMaintenance,

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

38

};

Andrew Walbran

de45c8b

2021-04-13 14:42:38 +0000

[diff] [blame]

39

use android_security_maintenance::binder::{

40

BinderFeatures, Interface, Result as BinderResult, Strong, ThreadState,

41

};

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

42

use android_security_metrics::aidl::android::security::metrics::{

43

KeystoreAtomPayload::KeystoreAtomPayload::StorageStats

44

};

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

45

use android_system_keystore2::aidl::android::system::keystore2::KeyDescriptor::KeyDescriptor;

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

46

use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode;

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

47

use anyhow::{anyhow, Context, Result};

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame^]

48

use binder::wait_for_interface;

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

49

use bssl_crypto::digest;

50

use der::{DerOrd, Encode, asn1::OctetString, asn1::SetOfVec, Sequence};

Paul Crowley

f61fee7

2021-03-17 14:38:44 -0700

[diff] [blame]

51

use keystore2_crypto::Password;

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame^]

52

use rustutils::system_properties::PropertyWatcher;

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

53

use std::cmp::Ordering;

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

54

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

55

/// Reexport Domain for the benefit of DeleteListener

56

pub use android_system_keystore2::aidl::android::system::keystore2::Domain::Domain;

57

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

58

/// Version number of KeyMint V4.

59

pub const KEYMINT_V4: i32 = 400;

60

61

/// Module information structure for DER-encoding.

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame^]

62

#[derive(Sequence, Debug, PartialEq, Eq)]

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

63

struct ModuleInfo {

64

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame^]

65

version: i64,

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

66

}

67

68

impl DerOrd for ModuleInfo {

69

// DER mandates "encodings of the component values of a set-of value shall appear in ascending

70

// order". `der_cmp` serves as a proxy for determining that ordering (though why the `der` crate

71

// requires this is unclear). Essentially, we just need to compare the `name` lengths, and then

72

// if those are equal, the `name`s themselves. (No need to consider `version`s since there can't

73

// be more than one `ModuleInfo` with the same `name` in the set-of `ModuleInfo`s.) We rely on

74

// `OctetString`'s `der_cmp` to do the aforementioned comparison.

75

fn der_cmp(&self, other: &Self) -> std::result::Result<Ordering, der::Error> {

76

self.name.der_cmp(&other.name)

}

}

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

80

/// The Maintenance module takes a delete listener argument which observes user and namespace

81

/// deletion events.

82

pub trait DeleteListener {

83

/// Called by the maintenance module when an app/namespace is deleted.

84

fn delete_namespace(&self, domain: Domain, namespace: i64) -> Result<()>;

85

/// Called by the maintenance module when a user is deleted.

86

fn delete_user(&self, user_id: u32) -> Result<()>;

87

}

88

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

89

/// This struct is defined to implement the aforementioned AIDL interface.

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

90

pub struct Maintenance {

91

delete_listener: Box<dyn DeleteListener + Send + Sync + 'static>,

92

}

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

93

Janis Danisevskis

34a0cf2

2021-03-08 09:19:03 -0800

[diff] [blame]

94

impl Maintenance {

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

95

/// Create a new instance of Keystore Maintenance service.

96

pub fn new_native_binder(

97

delete_listener: Box<dyn DeleteListener + Send + Sync + 'static>,

98

) -> Result<Strong<dyn IKeystoreMaintenance>> {

Andrew Walbran

de45c8b

2021-04-13 14:42:38 +0000

[diff] [blame]

99

Ok(BnKeystoreMaintenance::new_binder(

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

100

Self { delete_listener },

Andrew Walbran

de45c8b

2021-04-13 14:42:38 +0000

[diff] [blame]

101

BinderFeatures { set_requesting_sid: true, ..BinderFeatures::default() },

102

))

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

103

}

104

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

105

fn add_or_remove_user(&self, user_id: i32) -> Result<()> {

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

106

// Check permission. Function should return if this failed. Therefore having '?' at the end

107

// is very important.

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

108

check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;

Janis Danisevskis

0fd25a6

2022-01-04 19:53:37 -0800

[diff] [blame]

109

Janis Danisevskis

2021-02-18 20:04:10 -0800

[diff] [blame]

110

DB.with(|db| {

Nathan Huckleberry

204a044

2023-03-30 17:27:47 +0000

[diff] [blame]

111

SUPER_KEY.write().unwrap().remove_user(

Janis Danisevskis

2021-02-18 20:04:10 -0800

[diff] [blame]

112

&mut db.borrow_mut(),

Janis Danisevskis

0ffb8a8

2022-02-06 22:37:21 -0800

[diff] [blame]

113

&LEGACY_IMPORTER,

Janis Danisevskis

2021-02-18 20:04:10 -0800

[diff] [blame]

114

user_id as u32,

Janis Danisevskis

2021-02-18 20:04:10 -0800

[diff] [blame]

115

)

116

})

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

117

.context(ks_err!("Trying to delete keys from db."))?;

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

118

self.delete_listener

119

.delete_user(user_id as u32)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

120

.context(ks_err!("While invoking the delete listener."))

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

121

}

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

122

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

123

fn init_user_super_keys(

&self,

user_id: i32,

password: Password,

allow_existing: bool,

128

) -> Result<()> {

129

// Permission check. Must return on error. Do not touch the '?'.

130

check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;

131

132

let mut skm = SUPER_KEY.write().unwrap();

133

DB.with(|db| {

134

skm.initialize_user(

135

&mut db.borrow_mut(),

&LEGACY_IMPORTER,

user_id as u32,

&password,

allow_existing,

)

})

.context(ks_err!("Failed to initialize user super keys"))

143

}

144

145

// Deletes all auth-bound keys when the user's LSKF is removed.

146

fn on_user_lskf_removed(user_id: i32) -> Result<()> {

147

// Permission check. Must return on error. Do not touch the '?'.

148

check_keystore_permission(KeystorePerm::ChangePassword).context(ks_err!())?;

149

150

LEGACY_IMPORTER

151

.bulk_delete_user(user_id as u32, true)

152

.context(ks_err!("Failed to delete legacy keys."))?;

153

154

DB.with(|db| db.borrow_mut().unbind_auth_bound_keys_for_user(user_id as u32))

155

.context(ks_err!("Failed to delete auth-bound keys."))

156

}

157

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

158

fn clear_namespace(&self, domain: Domain, nspace: i64) -> Result<()> {

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

159

// Permission check. Must return on error. Do not touch the '?'.

Janis Danisevskis

a916d99

2021-10-19 15:46:09 -0700

[diff] [blame]

160

check_keystore_permission(KeystorePerm::ClearUID).context("In clear_namespace.")?;

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

161

Janis Danisevskis

0ffb8a8

2022-02-06 22:37:21 -0800

[diff] [blame]

162

LEGACY_IMPORTER

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

163

.bulk_delete_uid(domain, nspace)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

164

.context(ks_err!("Trying to delete legacy keys."))?;

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

165

DB.with(|db| db.borrow_mut().unbind_keys_for_namespace(domain, nspace))

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

166

.context(ks_err!("Trying to delete keys from db."))?;

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

167

self.delete_listener

168

.delete_namespace(domain, nspace)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

169

.context(ks_err!("While invoking the delete listener."))

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

170

}

Hasini Gunasinghe

9ee1841

2021-03-11 20:12:44 +0000

[diff] [blame]

171

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

172

fn call_with_watchdog<F>(

173

sec_level: SecurityLevel,

174

175

op: &F,

176

min_version: Option<i32>,

177

) -> Result<()>

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

178

where

Stephen Crane

23cf724

2022-01-19 17:49:46 +0000

[diff] [blame]

179

F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

180

{

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

181

let (km_dev, hw_info, _) =

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

182

get_keymint_device(&sec_level).context(ks_err!("getting keymint device"))?;

Janis Danisevskis

2ee014b

2021-05-05 14:29:08 -0700

[diff] [blame]

183

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

184

if let Some(min_version) = min_version {

185

if hw_info.versionNumber < min_version {

186

log::info!("skipping {name} for {sec_level:?} since its keymint version {} is less than the minimum required version {min_version}", hw_info.versionNumber);

return Ok(());

}

}

David Drysdale

2024-07-18 13:01:23 +0100

[diff] [blame]

191

let _wp = wd::watch_millis_with("Maintenance::call_with_watchdog", 500, (sec_level, name));

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

192

map_km_error(op(km_dev)).with_context(|| ks_err!("calling {}", name))?;

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

Ok(())

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

196

fn call_on_all_security_levels<F>(

197

198

op: F,

199

min_version: Option<i32>,

200

) -> Result<()>

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

201

where

Stephen Crane

23cf724

2022-01-19 17:49:46 +0000

[diff] [blame]

202

F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

203

{

204

let sec_levels = [

205

(SecurityLevel::TRUSTED_ENVIRONMENT, "TRUSTED_ENVIRONMENT"),

206

(SecurityLevel::STRONGBOX, "STRONGBOX"),

207

];

James Farrell

d77b97f

2023-08-15 20:03:38 +0000

[diff] [blame]

208

sec_levels.iter().try_fold((), |_result, (sec_level, sec_level_string)| {

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

209

let curr_result = Maintenance::call_with_watchdog(*sec_level, name, &op, min_version);

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

210

match curr_result {

211

Ok(()) => log::info!(

212

"Call to {} succeeded for security level {}.",

213

name,

214

&sec_level_string

215

),

David Drysdale

ce2b90b

2024-07-17 15:56:29 +0100

[diff] [blame]

216

Err(ref e) => {

217

if *sec_level == SecurityLevel::STRONGBOX

218

&& e.downcast_ref::<Error>()

219

== Some(&Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE))

220

{

221

log::info!("Call to {} failed for StrongBox as it is not available", name,)

222

} else {

223

log::error!(

224

"Call to {} failed for security level {}: {}.",

name,

&sec_level_string,

e

)

}

}

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

231

}

James Farrell

d77b97f

2023-08-15 20:03:38 +0000

[diff] [blame]

232

curr_result

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

})

}

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

236

fn early_boot_ended() -> Result<()> {

Janis Danisevskis

a916d99

2021-10-19 15:46:09 -0700

[diff] [blame]

237

check_keystore_permission(KeystorePerm::EarlyBootEnded)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

238

.context(ks_err!("Checking permission"))?;

Paul Crowley

44c02da

2021-04-08 17:04:43 +0000

[diff] [blame]

239

log::info!("In early_boot_ended.");

240

Janis Danisevskis

0fd25a6

2022-01-04 19:53:37 -0800

[diff] [blame]

241

if let Err(e) =

242

DB.with(|db| SuperKeyManager::set_up_boot_level_cache(&SUPER_KEY, &mut db.borrow_mut()))

243

{

Paul Crowley

44c02da

2021-04-08 17:04:43 +0000

[diff] [blame]

244

log::error!("SUPER_KEY.set_up_boot_level_cache failed:\n{:?}\n:(", e);

245

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

246

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame^]

247

if keystore2_flags::attest_modules() {

248

std::thread::spawn(move || {

249

Self::watch_apex_info()

250

.unwrap_or_else(|e| log::error!("watch_apex_info failed: {e:?}"));

251

});

252

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

253

Maintenance::call_on_all_security_levels("earlyBootEnded", |dev| dev.earlyBootEnded(), None)

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

254

}

255

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame^]

256

/// Watch the `apexd.status` system property, and read apex module information once

257

/// it is `activated`.

258

///

259

/// Blocks waiting for system property changes, so must be run in its own thread.

260

fn watch_apex_info() -> Result<()> {

261

let prop = "apexd.status";

262

log::info!("start monitoring '{prop}' property");

263

let mut w = PropertyWatcher::new(prop).context(ks_err!("PropertyWatcher::new failed"))?;

264

loop {

265

let value = w.read(|_name, value| Ok(value.to_string()));

266

// The status for apexd moves from "starting" to "activated" to "ready"; the apex

267

// info file should be populated for either of the latter two states, so cope with

268

// both in case we miss a state change.

269

log::info!("property '{prop}' is now '{value:?}'");

270

if matches!(value.as_deref(), Ok("activated") | Ok("ready")) {

271

match Self::read_apex_info() {

272

Ok(modules) => {

273

Self::set_module_info(modules)

274

.context(ks_err!("failed to set module info"))?;

break;

}

Err(e) => {

log::error!(

"failed to read apex info, try again on next state change: {e:?}"

);

}

}

}

log::info!("await a change to '{prop}'...");

286

w.wait(None).context(ks_err!("property wait failed"))?;

287

log::info!("await a change to '{prop}'...notified");

}

Ok(())

}

fn read_apex_info() -> Result<Vec<ModuleInfo>> {

293

let _wp = wd::watch("read_apex_info via IApexService.getActivePackages()");

294

let apexd: Strong<dyn IApexService> =

295

wait_for_interface("apexservice").context("failed to AIDL connect to apexd")?;

296

let packages = apexd.getActivePackages().context("failed to retrieve active packages")?;

packages

.into_iter()

.map(|pkg| {

log::info!("apex modules += {} version {}", pkg.moduleName, pkg.versionCode);

301

let name = OctetString::new(pkg.moduleName.as_bytes()).map_err(|e| {

302

anyhow!("failed to convert '{}' to OCTET_STRING: {e:?}", pkg.moduleName)

303

})?;

304

Ok(ModuleInfo { name, version: pkg.versionCode })

})

.collect()

}

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

309

fn migrate_key_namespace(source: &KeyDescriptor, destination: &KeyDescriptor) -> Result<()> {

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

310

let calling_uid = ThreadState::get_calling_uid();

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

311

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

312

match source.domain {

313

Domain::SELINUX | Domain::KEY_ID | Domain::APP => (),

John Wu

2022-01-13 15:21:43 -0800

[diff] [blame]

314

_ => {

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

315

return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))

316

.context(ks_err!("Source domain must be one of APP, SELINUX, or KEY_ID."));

John Wu

2022-01-13 15:21:43 -0800

[diff] [blame]

317

}

318

};

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

319

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

320

match destination.domain {

321

Domain::SELINUX | Domain::APP => (),

John Wu

2022-01-13 15:21:43 -0800

[diff] [blame]

322

_ => {

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

323

return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))

324

.context(ks_err!("Destination domain must be one of APP or SELINUX."));

John Wu

2022-01-13 15:21:43 -0800

[diff] [blame]

}

};

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

328

let user_id = uid_to_android_user(calling_uid);

Janis Danisevskis

2022-01-26 14:11:14 -0800

[diff] [blame]

329

Eric Biggers

673d34a

2023-10-18 01:54:18 +0000

[diff] [blame]

330

let super_key = SUPER_KEY.read().unwrap().get_after_first_unlock_key_by_user_id(user_id);

Janis Danisevskis

2022-01-26 14:11:14 -0800

[diff] [blame]

331

332

DB.with(|db| {

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

333

let (key_id_guard, _) = LEGACY_IMPORTER

334

.with_try_import(source, calling_uid, super_key, || {

335

db.borrow_mut().load_key_entry(

336

source,

337

KeyType::Client,

338

KeyEntryLoadBits::NONE,

339

calling_uid,

340

|k, av| {

341

check_key_permission(KeyPerm::Use, k, &av)?;

342

check_key_permission(KeyPerm::Delete, k, &av)?;

343

check_key_permission(KeyPerm::Grant, k, &av)

344

},

345

)

Janis Danisevskis

2022-01-26 14:11:14 -0800

[diff] [blame]

346

})

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

347

.context(ks_err!("Failed to load key blob."))?;

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

348

{

349

db.borrow_mut().migrate_key_namespace(key_id_guard, destination, calling_uid, |k| {

350

check_key_permission(KeyPerm::Rebind, k, &None)

351

})

Janis Danisevskis

2022-01-26 14:11:14 -0800

[diff] [blame]

352

}

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

353

})

354

}

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

355

356

fn delete_all_keys() -> Result<()> {

357

// Security critical permission check. This statement must return on fail.

Janis Danisevskis

a916d99

2021-10-19 15:46:09 -0700

[diff] [blame]

358

check_keystore_permission(KeystorePerm::DeleteAllKeys)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

359

.context(ks_err!("Checking permission"))?;

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

360

log::info!("In delete_all_keys.");

361

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

362

Maintenance::call_on_all_security_levels("deleteAllKeys", |dev| dev.deleteAllKeys(), None)

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

363

}

Eran Messeri

2024-01-09 12:43:31 +0000

[diff] [blame]

364

365

fn get_app_uids_affected_by_sid(

366

user_id: i32,

367

secure_user_id: i64,

368

) -> Result<std::vec::Vec<i64>> {

369

// This method is intended to be called by Settings and discloses a list of apps

Eran Messeri

cfe79f1

2024-02-05 17:50:41 +0000

[diff] [blame]

370

// associated with a user, so it requires the "android.permission.MANAGE_USERS"

371

// permission (to avoid leaking list of apps to unauthorized callers).

372

check_get_app_uids_affected_by_sid_permissions().context(ks_err!())?;

Eran Messeri

2024-01-09 12:43:31 +0000

[diff] [blame]

373

DB.with(|db| db.borrow_mut().get_app_uids_affected_by_sid(user_id, secure_user_id))

374

.context(ks_err!("Failed to get app UIDs affected by SID"))

375

}

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

376

377

fn dump_state(&self, f: &mut dyn std::io::Write) -> std::io::Result<()> {

378

writeln!(f, "keystore2 running")?;

379

writeln!(f)?;

380

381

// Display underlying device information

382

for sec_level in &[SecurityLevel::TRUSTED_ENVIRONMENT, SecurityLevel::STRONGBOX] {

383

let Ok((_dev, hw_info, uuid)) = get_keymint_device(sec_level) else { continue };

384

385

writeln!(f, "Device info for {sec_level:?} with {uuid:?}")?;

386

writeln!(f, " HAL version: {}", hw_info.versionNumber)?;

387

writeln!(f, " Implementation name: {}", hw_info.keyMintName)?;

388

writeln!(f, " Implementation author: {}", hw_info.keyMintAuthorName)?;

389

writeln!(f, " Timestamp token required: {}", hw_info.timestampTokenRequired)?;

}

writeln!(f)?;

David Drysdale

2024-12-11 11:07:56 +0000

[diff] [blame]

393

// Display module attestation information

394

{

395

let info = ENCODED_MODULE_INFO.read().unwrap();

396

if let Some(info) = info.as_ref() {

397

writeln!(f, "Attested module information (DER-encoded):")?;

398

writeln!(f, " {}", hex::encode(info))?;

399

writeln!(f)?;

400

} else {

401

writeln!(f, "Attested module information not set")?;

writeln!(f)?;

}

}

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

406

// Display database size information.

407

match crate::metrics_store::pull_storage_stats() {

408

Ok(atoms) => {

409

writeln!(f, "Database size information (in bytes):")?;

410

for atom in atoms {

411

if let StorageStats(stats) = &atom.payload {

412

let stype = format!("{:?}", stats.storage_type);

413

if stats.unused_size == 0 {

414

writeln!(f, " {:<40}: {:>12}", stype, stats.size)?;

} else {

writeln!(

f,

" {:<40}: {:>12} (unused {})",

419

stype, stats.size, stats.unused_size

)?;

}

}

}

}

Err(e) => {

writeln!(f, "Failed to retrieve storage stats: {e:?}")?;

}

}

writeln!(f)?;

David Drysdale

2023-05-22 18:51:30 +0100

[diff] [blame]

431

// Display accumulated metrics.

432

writeln!(f, "Metrics information:")?;

433

writeln!(f)?;

434

write!(f, "{:?}", *crate::metrics_store::METRICS_STORE)?;

435

writeln!(f)?;

436

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

437

// Reminder: any additional information added to the `dump_state()` output needs to be

438

// careful not to include confidential information (e.g. key material).

439

440

Ok(())

441

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

442

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

443

fn set_module_info(module_info: Vec<ModuleInfo>) -> Result<()> {

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame^]

444

log::info!("set_module_info with {} modules", module_info.len());

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

445

let encoding = Self::encode_module_info(module_info)

446

.map_err(|e| anyhow!({ e }))

447

.context(ks_err!("Failed to encode module_info"))?;

448

let hash = digest::Sha256::hash(&encoding).to_vec();

449

450

{

451

let mut saved = ENCODED_MODULE_INFO.write().unwrap();

452

if let Some(saved_encoding) = &*saved {

453

if *saved_encoding == encoding {

454

log::warn!(

455

"Module info already set, ignoring repeated attempt to set same info."

);

return Ok(());

}

return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT)).context(ks_err!(

460

"Failed to set module info as it is already set to a different value."

461

));

462

}

463

*saved = Some(encoding);

}

let kps =

vec![KeyParameter { tag: Tag::MODULE_HASH, value: KeyParameterValue::Blob(hash) }];

468

469

Maintenance::call_on_all_security_levels(

470

"setAdditionalAttestationInfo",

471

|dev| dev.setAdditionalAttestationInfo(&kps),

Some(KEYMINT_V4),

)

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

476

fn encode_module_info(module_info: Vec<ModuleInfo>) -> Result<Vec<u8>, der::Error> {

477

SetOfVec::<ModuleInfo>::from_iter(module_info.into_iter())?.to_der()

478

}

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

479

}

480

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

481

impl Interface for Maintenance {

482

fn dump(

483

&self,

484

f: &mut dyn std::io::Write,

485

_args: &[&std::ffi::CStr],

486

) -> Result<(), binder::StatusCode> {

487

if !keystore2_flags::enable_dump() {

488

log::info!("skipping dump() as flag not enabled");

489

return Ok(());

490

}

491

log::info!("dump()");

492

let _wp = wd::watch("IKeystoreMaintenance::dump");

493

check_dump_permission().map_err(|_e| {

494

log::error!("dump permission denied");

495

binder::StatusCode::PERMISSION_DENIED

496

})?;

497

498

self.dump_state(f).map_err(|e| {

499

log::error!("dump_state failed: {e:?}");

500

binder::StatusCode::UNKNOWN_ERROR

501

})

502

}

503

}

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

504

Janis Danisevskis

34a0cf2

2021-03-08 09:19:03 -0800

[diff] [blame]

505

impl IKeystoreMaintenance for Maintenance {

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

506

fn onUserAdded(&self, user_id: i32) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

507

log::info!("onUserAdded(user={user_id})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

508

let _wp = wd::watch("IKeystoreMaintenance::onUserAdded");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

509

self.add_or_remove_user(user_id).map_err(into_logged_binder)

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

510

}

511

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

512

fn initUserSuperKeys(

&self,

user_id: i32,

password: &[u8],

allow_existing: bool,

517

) -> BinderResult<()> {

518

log::info!("initUserSuperKeys(user={user_id}, allow_existing={allow_existing})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

519

let _wp = wd::watch("IKeystoreMaintenance::initUserSuperKeys");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

520

self.init_user_super_keys(user_id, password.into(), allow_existing)

521

.map_err(into_logged_binder)

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

522

}

523

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

524

fn onUserRemoved(&self, user_id: i32) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

525

log::info!("onUserRemoved(user={user_id})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

526

let _wp = wd::watch("IKeystoreMaintenance::onUserRemoved");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

527

self.add_or_remove_user(user_id).map_err(into_logged_binder)

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

528

}

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

529

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

530

fn onUserLskfRemoved(&self, user_id: i32) -> BinderResult<()> {

531

log::info!("onUserLskfRemoved(user={user_id})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

532

let _wp = wd::watch("IKeystoreMaintenance::onUserLskfRemoved");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

533

Self::on_user_lskf_removed(user_id).map_err(into_logged_binder)

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

534

}

535

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

536

fn clearNamespace(&self, domain: Domain, nspace: i64) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

537

log::info!("clearNamespace({domain:?}, nspace={nspace})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

538

let _wp = wd::watch("IKeystoreMaintenance::clearNamespace");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

539

self.clear_namespace(domain, nspace).map_err(into_logged_binder)

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

540

}

Hasini Gunasinghe

9ee1841

2021-03-11 20:12:44 +0000

[diff] [blame]

541

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

542

fn earlyBootEnded(&self) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

543

log::info!("earlyBootEnded()");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

544

let _wp = wd::watch("IKeystoreMaintenance::earlyBootEnded");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

545

Self::early_boot_ended().map_err(into_logged_binder)

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

546

}

547

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

548

fn migrateKeyNamespace(

549

&self,

550

source: &KeyDescriptor,

551

destination: &KeyDescriptor,

552

) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

553

log::info!("migrateKeyNamespace(src={source:?}, dest={destination:?})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

554

let _wp = wd::watch("IKeystoreMaintenance::migrateKeyNamespace");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

555

Self::migrate_key_namespace(source, destination).map_err(into_logged_binder)

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

556

}

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

557

558

fn deleteAllKeys(&self) -> BinderResult<()> {

David Drysdale

ce2b90b

2024-07-17 15:56:29 +0100

[diff] [blame]

559

log::warn!("deleteAllKeys() invoked, indicating initial setup or post-factory reset");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

560

let _wp = wd::watch("IKeystoreMaintenance::deleteAllKeys");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

561

Self::delete_all_keys().map_err(into_logged_binder)

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

562

}

Eran Messeri

2024-01-09 12:43:31 +0000

[diff] [blame]

563

564

fn getAppUidsAffectedBySid(

&self,

user_id: i32,

secure_user_id: i64,

) -> BinderResult<std::vec::Vec<i64>> {

569

log::info!("getAppUidsAffectedBySid(secure_user_id={secure_user_id:?})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

570

let _wp = wd::watch("IKeystoreMaintenance::getAppUidsAffectedBySid");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

571

Self::get_app_uids_affected_by_sid(user_id, secure_user_id).map_err(into_logged_binder)

Eran Messeri

2024-01-09 12:43:31 +0000

[diff] [blame]

572

}

Hasini Gunasinghe