Blame - keystore2/src/maintenance.rs - android_system_security

2021-08-06 15:13:53 -0700

[diff] [blame]

32

};

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame]

33

use apex_aidl_interface::aidl::android::apex::{

34

IApexService::IApexService,

35

};

Eric Biggers

2f9498a

2023-10-09 23:16:05 +0000

[diff] [blame]

36

use android_security_maintenance::aidl::android::security::maintenance::IKeystoreMaintenance::{

37

BnKeystoreMaintenance, IKeystoreMaintenance,

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

38

};

Andrew Walbran

de45c8b

2021-04-13 14:42:38 +0000

[diff] [blame]

39

use android_security_maintenance::binder::{

40

BinderFeatures, Interface, Result as BinderResult, Strong, ThreadState,

41

};

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

42

use android_security_metrics::aidl::android::security::metrics::{

43

KeystoreAtomPayload::KeystoreAtomPayload::StorageStats

44

};

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

45

use android_system_keystore2::aidl::android::system::keystore2::KeyDescriptor::KeyDescriptor;

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

46

use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode;

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

47

use anyhow::{anyhow, Context, Result};

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame]

48

use binder::wait_for_interface;

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

49

use bssl_crypto::digest;

50

use der::{DerOrd, Encode, asn1::OctetString, asn1::SetOfVec, Sequence};

Paul Crowley

f61fee7

2021-03-17 14:38:44 -0700

[diff] [blame]

51

use keystore2_crypto::Password;

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame]

52

use rustutils::system_properties::PropertyWatcher;

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

53

use std::cmp::Ordering;

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

54

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

55

/// Reexport Domain for the benefit of DeleteListener

56

pub use android_system_keystore2::aidl::android::system::keystore2::Domain::Domain;

57

Karuna Wadhera

8b31909

2024-12-11 04:42:45 +0000

[diff] [blame]

#[cfg(test)]

mod tests;

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

61

/// Version number of KeyMint V4.

62

pub const KEYMINT_V4: i32 = 400;

63

64

/// Module information structure for DER-encoding.

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame]

65

#[derive(Sequence, Debug, PartialEq, Eq)]

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

66

struct ModuleInfo {

67

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame]

68

version: i64,

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

69

}

70

71

impl DerOrd for ModuleInfo {

72

// DER mandates "encodings of the component values of a set-of value shall appear in ascending

73

// order". `der_cmp` serves as a proxy for determining that ordering (though why the `der` crate

74

// requires this is unclear). Essentially, we just need to compare the `name` lengths, and then

75

// if those are equal, the `name`s themselves. (No need to consider `version`s since there can't

76

// be more than one `ModuleInfo` with the same `name` in the set-of `ModuleInfo`s.) We rely on

77

// `OctetString`'s `der_cmp` to do the aforementioned comparison.

78

fn der_cmp(&self, other: &Self) -> std::result::Result<Ordering, der::Error> {

79

self.name.der_cmp(&other.name)

}

}

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

83

/// The Maintenance module takes a delete listener argument which observes user and namespace

84

/// deletion events.

85

pub trait DeleteListener {

86

/// Called by the maintenance module when an app/namespace is deleted.

87

fn delete_namespace(&self, domain: Domain, namespace: i64) -> Result<()>;

88

/// Called by the maintenance module when a user is deleted.

89

fn delete_user(&self, user_id: u32) -> Result<()>;

90

}

91

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

92

/// This struct is defined to implement the aforementioned AIDL interface.

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

93

pub struct Maintenance {

94

delete_listener: Box<dyn DeleteListener + Send + Sync + 'static>,

95

}

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

96

Janis Danisevskis

34a0cf2

2021-03-08 09:19:03 -0800

[diff] [blame]

97

impl Maintenance {

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

98

/// Create a new instance of Keystore Maintenance service.

99

pub fn new_native_binder(

100

delete_listener: Box<dyn DeleteListener + Send + Sync + 'static>,

101

) -> Result<Strong<dyn IKeystoreMaintenance>> {

Andrew Walbran

de45c8b

2021-04-13 14:42:38 +0000

[diff] [blame]

102

Ok(BnKeystoreMaintenance::new_binder(

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

103

Self { delete_listener },

Andrew Walbran

de45c8b

2021-04-13 14:42:38 +0000

[diff] [blame]

104

BinderFeatures { set_requesting_sid: true, ..BinderFeatures::default() },

105

))

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

106

}

107

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

108

fn add_or_remove_user(&self, user_id: i32) -> Result<()> {

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

109

// Check permission. Function should return if this failed. Therefore having '?' at the end

110

// is very important.

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

111

check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;

Janis Danisevskis

0fd25a6

2022-01-04 19:53:37 -0800

[diff] [blame]

112

Janis Danisevskis

2021-02-18 20:04:10 -0800

[diff] [blame]

113

DB.with(|db| {

Nathan Huckleberry

204a044

2023-03-30 17:27:47 +0000

[diff] [blame]

114

SUPER_KEY.write().unwrap().remove_user(

Janis Danisevskis

2021-02-18 20:04:10 -0800

[diff] [blame]

115

&mut db.borrow_mut(),

Janis Danisevskis

0ffb8a8

2022-02-06 22:37:21 -0800

[diff] [blame]

116

&LEGACY_IMPORTER,

Janis Danisevskis

2021-02-18 20:04:10 -0800

[diff] [blame]

117

user_id as u32,

Janis Danisevskis

2021-02-18 20:04:10 -0800

[diff] [blame]

118

)

119

})

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

120

.context(ks_err!("Trying to delete keys from db."))?;

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

121

self.delete_listener

122

.delete_user(user_id as u32)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

123

.context(ks_err!("While invoking the delete listener."))

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

124

}

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

125

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

126

fn init_user_super_keys(

&self,

user_id: i32,

password: Password,

allow_existing: bool,

131

) -> Result<()> {

132

// Permission check. Must return on error. Do not touch the '?'.

133

check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;

134

135

let mut skm = SUPER_KEY.write().unwrap();

136

DB.with(|db| {

137

skm.initialize_user(

138

&mut db.borrow_mut(),

&LEGACY_IMPORTER,

user_id as u32,

&password,

allow_existing,

)

})

.context(ks_err!("Failed to initialize user super keys"))

146

}

147

148

// Deletes all auth-bound keys when the user's LSKF is removed.

149

fn on_user_lskf_removed(user_id: i32) -> Result<()> {

150

// Permission check. Must return on error. Do not touch the '?'.

151

check_keystore_permission(KeystorePerm::ChangePassword).context(ks_err!())?;

152

153

LEGACY_IMPORTER

154

.bulk_delete_user(user_id as u32, true)

155

.context(ks_err!("Failed to delete legacy keys."))?;

156

157

DB.with(|db| db.borrow_mut().unbind_auth_bound_keys_for_user(user_id as u32))

158

.context(ks_err!("Failed to delete auth-bound keys."))

159

}

160

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

161

fn clear_namespace(&self, domain: Domain, nspace: i64) -> Result<()> {

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

162

// Permission check. Must return on error. Do not touch the '?'.

Janis Danisevskis

a916d99

2021-10-19 15:46:09 -0700

[diff] [blame]

163

check_keystore_permission(KeystorePerm::ClearUID).context("In clear_namespace.")?;

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

164

Janis Danisevskis

0ffb8a8

2022-02-06 22:37:21 -0800

[diff] [blame]

165

LEGACY_IMPORTER

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

166

.bulk_delete_uid(domain, nspace)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

167

.context(ks_err!("Trying to delete legacy keys."))?;

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

168

DB.with(|db| db.borrow_mut().unbind_keys_for_namespace(domain, nspace))

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

169

.context(ks_err!("Trying to delete keys from db."))?;

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

170

self.delete_listener

171

.delete_namespace(domain, nspace)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

172

.context(ks_err!("While invoking the delete listener."))

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

173

}

Hasini Gunasinghe

9ee1841

2021-03-11 20:12:44 +0000

[diff] [blame]

174

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

175

fn call_with_watchdog<F>(

176

sec_level: SecurityLevel,

177

178

op: &F,

179

min_version: Option<i32>,

180

) -> Result<()>

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

181

where

Stephen Crane

23cf724

2022-01-19 17:49:46 +0000

[diff] [blame]

182

F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

183

{

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

184

let (km_dev, hw_info, _) =

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

185

get_keymint_device(&sec_level).context(ks_err!("getting keymint device"))?;

Janis Danisevskis

2ee014b

2021-05-05 14:29:08 -0700

[diff] [blame]

186

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

187

if let Some(min_version) = min_version {

188

if hw_info.versionNumber < min_version {

189

log::info!("skipping {name} for {sec_level:?} since its keymint version {} is less than the minimum required version {min_version}", hw_info.versionNumber);

return Ok(());

}

}

David Drysdale

2024-07-18 13:01:23 +0100

[diff] [blame]

194

let _wp = wd::watch_millis_with("Maintenance::call_with_watchdog", 500, (sec_level, name));

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

195

map_km_error(op(km_dev)).with_context(|| ks_err!("calling {}", name))?;

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

Ok(())

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

199

fn call_on_all_security_levels<F>(

200

201

op: F,

202

min_version: Option<i32>,

203

) -> Result<()>

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

204

where

Stephen Crane

23cf724

2022-01-19 17:49:46 +0000

[diff] [blame]

205

F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

206

{

207

let sec_levels = [

208

(SecurityLevel::TRUSTED_ENVIRONMENT, "TRUSTED_ENVIRONMENT"),

209

(SecurityLevel::STRONGBOX, "STRONGBOX"),

210

];

James Farrell

d77b97f

2023-08-15 20:03:38 +0000

[diff] [blame]

211

sec_levels.iter().try_fold((), |_result, (sec_level, sec_level_string)| {

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

212

let curr_result = Maintenance::call_with_watchdog(*sec_level, name, &op, min_version);

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

213

match curr_result {

214

Ok(()) => log::info!(

215

"Call to {} succeeded for security level {}.",

216

name,

217

&sec_level_string

218

),

David Drysdale

ce2b90b

2024-07-17 15:56:29 +0100

[diff] [blame]

219

Err(ref e) => {

220

if *sec_level == SecurityLevel::STRONGBOX

221

&& e.downcast_ref::<Error>()

222

== Some(&Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE))

223

{

224

log::info!("Call to {} failed for StrongBox as it is not available", name,)

225

} else {

226

log::error!(

227

"Call to {} failed for security level {}: {}.",

name,

&sec_level_string,

e

)

}

}

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

234

}

James Farrell

d77b97f

2023-08-15 20:03:38 +0000

[diff] [blame]

235

curr_result

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

})

}

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

239

fn early_boot_ended() -> Result<()> {

Janis Danisevskis

a916d99

2021-10-19 15:46:09 -0700

[diff] [blame]

240

check_keystore_permission(KeystorePerm::EarlyBootEnded)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

241

.context(ks_err!("Checking permission"))?;

Paul Crowley

44c02da

2021-04-08 17:04:43 +0000

[diff] [blame]

242

log::info!("In early_boot_ended.");

243

Janis Danisevskis

0fd25a6

2022-01-04 19:53:37 -0800

[diff] [blame]

244

if let Err(e) =

245

DB.with(|db| SuperKeyManager::set_up_boot_level_cache(&SUPER_KEY, &mut db.borrow_mut()))

246

{

Paul Crowley

44c02da

2021-04-08 17:04:43 +0000

[diff] [blame]

247

log::error!("SUPER_KEY.set_up_boot_level_cache failed:\n{:?}\n:(", e);

248

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

249

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame]

250

if keystore2_flags::attest_modules() {

251

std::thread::spawn(move || {

252

Self::watch_apex_info()

253

.unwrap_or_else(|e| log::error!("watch_apex_info failed: {e:?}"));

254

});

255

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

256

Maintenance::call_on_all_security_levels("earlyBootEnded", |dev| dev.earlyBootEnded(), None)

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

257

}

258

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame]

259

/// Watch the `apexd.status` system property, and read apex module information once

260

/// it is `activated`.

261

///

262

/// Blocks waiting for system property changes, so must be run in its own thread.

263

fn watch_apex_info() -> Result<()> {

264

let prop = "apexd.status";

265

log::info!("start monitoring '{prop}' property");

266

let mut w = PropertyWatcher::new(prop).context(ks_err!("PropertyWatcher::new failed"))?;

267

loop {

268

let value = w.read(|_name, value| Ok(value.to_string()));

269

// The status for apexd moves from "starting" to "activated" to "ready"; the apex

270

// info file should be populated for either of the latter two states, so cope with

271

// both in case we miss a state change.

272

log::info!("property '{prop}' is now '{value:?}'");

273

if matches!(value.as_deref(), Ok("activated") | Ok("ready")) {

274

match Self::read_apex_info() {

275

Ok(modules) => {

276

Self::set_module_info(modules)

277

.context(ks_err!("failed to set module info"))?;

break;

}

Err(e) => {

log::error!(

"failed to read apex info, try again on next state change: {e:?}"

);

}

}

}

log::info!("await a change to '{prop}'...");

289

w.wait(None).context(ks_err!("property wait failed"))?;

290

log::info!("await a change to '{prop}'...notified");

}

Ok(())

}

fn read_apex_info() -> Result<Vec<ModuleInfo>> {

296

let _wp = wd::watch("read_apex_info via IApexService.getActivePackages()");

297

let apexd: Strong<dyn IApexService> =

298

wait_for_interface("apexservice").context("failed to AIDL connect to apexd")?;

299

let packages = apexd.getActivePackages().context("failed to retrieve active packages")?;

packages

.into_iter()

.map(|pkg| {

log::info!("apex modules += {} version {}", pkg.moduleName, pkg.versionCode);

304

let name = OctetString::new(pkg.moduleName.as_bytes()).map_err(|e| {

305

anyhow!("failed to convert '{}' to OCTET_STRING: {e:?}", pkg.moduleName)

306

})?;

307

Ok(ModuleInfo { name, version: pkg.versionCode })

})

.collect()

}

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

312

fn migrate_key_namespace(source: &KeyDescriptor, destination: &KeyDescriptor) -> Result<()> {

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

313

let calling_uid = ThreadState::get_calling_uid();

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

314

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

315

match source.domain {

316

Domain::SELINUX | Domain::KEY_ID | Domain::APP => (),

John Wu

2022-01-13 15:21:43 -0800

[diff] [blame]

317

_ => {

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

318

return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))

319

.context(ks_err!("Source domain must be one of APP, SELINUX, or KEY_ID."));

John Wu

2022-01-13 15:21:43 -0800

[diff] [blame]

320

}

321

};

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

322

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

323

match destination.domain {

324

Domain::SELINUX | Domain::APP => (),

John Wu

2022-01-13 15:21:43 -0800

[diff] [blame]

325

_ => {

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

326

return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))

327

.context(ks_err!("Destination domain must be one of APP or SELINUX."));

John Wu

2022-01-13 15:21:43 -0800

[diff] [blame]

}

};

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

331

let user_id = uid_to_android_user(calling_uid);

Janis Danisevskis

2022-01-26 14:11:14 -0800

[diff] [blame]

332

Eric Biggers

673d34a

2023-10-18 01:54:18 +0000

[diff] [blame]

333

let super_key = SUPER_KEY.read().unwrap().get_after_first_unlock_key_by_user_id(user_id);

Janis Danisevskis

2022-01-26 14:11:14 -0800

[diff] [blame]

334

335

DB.with(|db| {

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

336

let (key_id_guard, _) = LEGACY_IMPORTER

337

.with_try_import(source, calling_uid, super_key, || {

338

db.borrow_mut().load_key_entry(

339

source,

340

KeyType::Client,

341

KeyEntryLoadBits::NONE,

342

calling_uid,

343

|k, av| {

344

check_key_permission(KeyPerm::Use, k, &av)?;

345

check_key_permission(KeyPerm::Delete, k, &av)?;

346

check_key_permission(KeyPerm::Grant, k, &av)

347

},

348

)

Janis Danisevskis

2022-01-26 14:11:14 -0800

[diff] [blame]

349

})

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

350

.context(ks_err!("Failed to load key blob."))?;

John Wu

2022-03-14 16:02:56 -0700

[diff] [blame]

351

{

352

db.borrow_mut().migrate_key_namespace(key_id_guard, destination, calling_uid, |k| {

353

check_key_permission(KeyPerm::Rebind, k, &None)

354

})

Janis Danisevskis

2022-01-26 14:11:14 -0800

[diff] [blame]

355

}

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

356

})

357

}

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

358

359

fn delete_all_keys() -> Result<()> {

360

// Security critical permission check. This statement must return on fail.

Janis Danisevskis

a916d99

2021-10-19 15:46:09 -0700

[diff] [blame]

361

check_keystore_permission(KeystorePerm::DeleteAllKeys)

Shaquille Johnson

2022-09-19 12:39:01 +0000

[diff] [blame]

362

.context(ks_err!("Checking permission"))?;

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

363

log::info!("In delete_all_keys.");

364

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

365

Maintenance::call_on_all_security_levels("deleteAllKeys", |dev| dev.deleteAllKeys(), None)

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

366

}

Eran Messeri

2024-01-09 12:43:31 +0000

[diff] [blame]

367

368

fn get_app_uids_affected_by_sid(

369

user_id: i32,

370

secure_user_id: i64,

371

) -> Result<std::vec::Vec<i64>> {

372

// This method is intended to be called by Settings and discloses a list of apps

Eran Messeri

cfe79f1

2024-02-05 17:50:41 +0000

[diff] [blame]

373

// associated with a user, so it requires the "android.permission.MANAGE_USERS"

374

// permission (to avoid leaking list of apps to unauthorized callers).

375

check_get_app_uids_affected_by_sid_permissions().context(ks_err!())?;

Eran Messeri

2024-01-09 12:43:31 +0000

[diff] [blame]

376

DB.with(|db| db.borrow_mut().get_app_uids_affected_by_sid(user_id, secure_user_id))

377

.context(ks_err!("Failed to get app UIDs affected by SID"))

378

}

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

379

380

fn dump_state(&self, f: &mut dyn std::io::Write) -> std::io::Result<()> {

381

writeln!(f, "keystore2 running")?;

382

writeln!(f)?;

383

384

// Display underlying device information

385

for sec_level in &[SecurityLevel::TRUSTED_ENVIRONMENT, SecurityLevel::STRONGBOX] {

386

let Ok((_dev, hw_info, uuid)) = get_keymint_device(sec_level) else { continue };

387

388

writeln!(f, "Device info for {sec_level:?} with {uuid:?}")?;

389

writeln!(f, " HAL version: {}", hw_info.versionNumber)?;

390

writeln!(f, " Implementation name: {}", hw_info.keyMintName)?;

391

writeln!(f, " Implementation author: {}", hw_info.keyMintAuthorName)?;

392

writeln!(f, " Timestamp token required: {}", hw_info.timestampTokenRequired)?;

}

writeln!(f)?;

David Drysdale

2024-12-11 11:07:56 +0000

[diff] [blame]

396

// Display module attestation information

397

{

398

let info = ENCODED_MODULE_INFO.read().unwrap();

399

if let Some(info) = info.as_ref() {

400

writeln!(f, "Attested module information (DER-encoded):")?;

401

writeln!(f, " {}", hex::encode(info))?;

402

writeln!(f)?;

403

} else {

404

writeln!(f, "Attested module information not set")?;

writeln!(f)?;

}

}

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

409

// Display database size information.

410

match crate::metrics_store::pull_storage_stats() {

411

Ok(atoms) => {

412

writeln!(f, "Database size information (in bytes):")?;

413

for atom in atoms {

414

if let StorageStats(stats) = &atom.payload {

415

let stype = format!("{:?}", stats.storage_type);

416

if stats.unused_size == 0 {

417

writeln!(f, " {:<40}: {:>12}", stype, stats.size)?;

} else {

writeln!(

f,

" {:<40}: {:>12} (unused {})",

422

stype, stats.size, stats.unused_size

)?;

}

}

}

}

Err(e) => {

writeln!(f, "Failed to retrieve storage stats: {e:?}")?;

}

}

writeln!(f)?;

David Drysdale

2024-06-06 16:17:28 +0100

[diff] [blame]

434

// Display database config information.

435

writeln!(f, "Database configuration:")?;

436

DB.with(|db| -> std::io::Result<()> {

437

let pragma_str = |f: &mut dyn std::io::Write, name| -> std::io::Result<()> {

438

let mut db = db.borrow_mut();

439

let value: String = db

440

.pragma(name)

441

.unwrap_or_else(|e| format!("unknown value for '{name}', failed: {e:?}"));

442

writeln!(f, " {name} = {value}")

443

};

444

let pragma_i32 = |f: &mut dyn std::io::Write, name| -> std::io::Result<()> {

445

let mut db = db.borrow_mut();

446

let value: i32 = db.pragma(name).unwrap_or_else(|e| {

447

log::error!("unknown value for '{name}', failed: {e:?}");

448

-1

449

});

450

writeln!(f, " {name} = {value}")

451

};

452

pragma_i32(f, "auto_vacuum")?;

453

pragma_str(f, "journal_mode")?;

454

pragma_i32(f, "journal_size_limit")?;

455

pragma_i32(f, "synchronous")?;

456

pragma_i32(f, "schema_version")?;

457

pragma_i32(f, "user_version")?;

Ok(())

})?;

writeln!(f)?;

David Drysdale

2023-05-22 18:51:30 +0100

[diff] [blame]

462

// Display accumulated metrics.

463

writeln!(f, "Metrics information:")?;

464

writeln!(f)?;

465

write!(f, "{:?}", *crate::metrics_store::METRICS_STORE)?;

466

writeln!(f)?;

467

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

468

// Reminder: any additional information added to the `dump_state()` output needs to be

469

// careful not to include confidential information (e.g. key material).

470

471

Ok(())

472

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

473

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

474

fn set_module_info(module_info: Vec<ModuleInfo>) -> Result<()> {

David Drysdale

2024-12-05 18:50:40 +0000

[diff] [blame]

475

log::info!("set_module_info with {} modules", module_info.len());

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

476

let encoding = Self::encode_module_info(module_info)

477

.map_err(|e| anyhow!({ e }))

478

.context(ks_err!("Failed to encode module_info"))?;

479

let hash = digest::Sha256::hash(&encoding).to_vec();

480

481

{

482

let mut saved = ENCODED_MODULE_INFO.write().unwrap();

483

if let Some(saved_encoding) = &*saved {

484

if *saved_encoding == encoding {

485

log::warn!(

486

"Module info already set, ignoring repeated attempt to set same info."

);

return Ok(());

}

return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT)).context(ks_err!(

491

"Failed to set module info as it is already set to a different value."

492

));

493

}

494

*saved = Some(encoding);

}

let kps =

vec![KeyParameter { tag: Tag::MODULE_HASH, value: KeyParameterValue::Blob(hash) }];

499

500

Maintenance::call_on_all_security_levels(

501

"setAdditionalAttestationInfo",

502

|dev| dev.setAdditionalAttestationInfo(&kps),

Some(KEYMINT_V4),

)

}

Karuna Wadhera

2024-11-20 06:50:29 +0000

[diff] [blame]

507

fn encode_module_info(module_info: Vec<ModuleInfo>) -> Result<Vec<u8>, der::Error> {

508

SetOfVec::<ModuleInfo>::from_iter(module_info.into_iter())?.to_der()

509

}

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

510

}

511

David Drysdale

2024-09-16 13:32:27 +0100

[diff] [blame]

512

impl Interface for Maintenance {

513

fn dump(

514

&self,

515

f: &mut dyn std::io::Write,

516

_args: &[&std::ffi::CStr],

517

) -> Result<(), binder::StatusCode> {

518

if !keystore2_flags::enable_dump() {

519

log::info!("skipping dump() as flag not enabled");

520

return Ok(());

521

}

522

log::info!("dump()");

523

let _wp = wd::watch("IKeystoreMaintenance::dump");

524

check_dump_permission().map_err(|_e| {

525

log::error!("dump permission denied");

526

binder::StatusCode::PERMISSION_DENIED

527

})?;

528

529

self.dump_state(f).map_err(|e| {

530

log::error!("dump_state failed: {e:?}");

531

binder::StatusCode::UNKNOWN_ERROR

532

})

533

}

534

}

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

535

Janis Danisevskis

34a0cf2

2021-03-08 09:19:03 -0800

[diff] [blame]

536

impl IKeystoreMaintenance for Maintenance {

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

537

fn onUserAdded(&self, user_id: i32) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

538

log::info!("onUserAdded(user={user_id})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

539

let _wp = wd::watch("IKeystoreMaintenance::onUserAdded");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

540

self.add_or_remove_user(user_id).map_err(into_logged_binder)

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

541

}

542

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

543

fn initUserSuperKeys(

&self,

user_id: i32,

password: &[u8],

allow_existing: bool,

548

) -> BinderResult<()> {

549

log::info!("initUserSuperKeys(user={user_id}, allow_existing={allow_existing})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

550

let _wp = wd::watch("IKeystoreMaintenance::initUserSuperKeys");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

551

self.init_user_super_keys(user_id, password.into(), allow_existing)

552

.map_err(into_logged_binder)

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

553

}

554

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

555

fn onUserRemoved(&self, user_id: i32) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

556

log::info!("onUserRemoved(user={user_id})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

557

let _wp = wd::watch("IKeystoreMaintenance::onUserRemoved");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

558

self.add_or_remove_user(user_id).map_err(into_logged_binder)

Hasini Gunasinghe

2021-01-27 19:34:37 +0000

[diff] [blame]

559

}

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

560

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

561

fn onUserLskfRemoved(&self, user_id: i32) -> BinderResult<()> {

562

log::info!("onUserLskfRemoved(user={user_id})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

563

let _wp = wd::watch("IKeystoreMaintenance::onUserLskfRemoved");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

564

Self::on_user_lskf_removed(user_id).map_err(into_logged_binder)

Eric Biggers

2023-10-27 03:55:29 +0000

[diff] [blame]

565

}

566

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

567

fn clearNamespace(&self, domain: Domain, nspace: i64) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

568

log::info!("clearNamespace({domain:?}, nspace={nspace})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

569

let _wp = wd::watch("IKeystoreMaintenance::clearNamespace");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

570

self.clear_namespace(domain, nspace).map_err(into_logged_binder)

Janis Danisevskis

2021-02-22 18:46:55 -0800

[diff] [blame]

571

}

Hasini Gunasinghe

9ee1841

2021-03-11 20:12:44 +0000

[diff] [blame]

572

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

573

fn earlyBootEnded(&self) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

574

log::info!("earlyBootEnded()");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

575

let _wp = wd::watch("IKeystoreMaintenance::earlyBootEnded");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

576

Self::early_boot_ended().map_err(into_logged_binder)

Satya Tangirala

2021-03-09 12:54:21 -0800

[diff] [blame]

577

}

578

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

579

fn migrateKeyNamespace(

580

&self,

581

source: &KeyDescriptor,

582

destination: &KeyDescriptor,

583

) -> BinderResult<()> {

David Drysdale

2023-06-19 12:28:53 +0100

[diff] [blame]

584

log::info!("migrateKeyNamespace(src={source:?}, dest={destination:?})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

585

let _wp = wd::watch("IKeystoreMaintenance::migrateKeyNamespace");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

586

Self::migrate_key_namespace(source, destination).map_err(into_logged_binder)

Janis Danisevskis

2021-04-14 15:44:36 -0700

[diff] [blame]

587

}

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

588

589

fn deleteAllKeys(&self) -> BinderResult<()> {

David Drysdale

ce2b90b

2024-07-17 15:56:29 +0100

[diff] [blame]

590

log::warn!("deleteAllKeys() invoked, indicating initial setup or post-factory reset");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

591

let _wp = wd::watch("IKeystoreMaintenance::deleteAllKeys");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

592

Self::delete_all_keys().map_err(into_logged_binder)

Paul Crowley

2021-08-06 15:13:53 -0700

[diff] [blame]

593

}

Eran Messeri

2024-01-09 12:43:31 +0000

[diff] [blame]

594

595

fn getAppUidsAffectedBySid(

&self,

user_id: i32,

secure_user_id: i64,

) -> BinderResult<std::vec::Vec<i64>> {

600

log::info!("getAppUidsAffectedBySid(secure_user_id={secure_user_id:?})");

David Drysdale

2024-05-23 13:16:07 +0100

[diff] [blame]

601

let _wp = wd::watch("IKeystoreMaintenance::getAppUidsAffectedBySid");

David Drysdale

2024-06-07 16:22:49 +0100

[diff] [blame]

602

Self::get_app_uids_affected_by_sid(user_id, secure_user_id).map_err(into_logged_binder)

Eran Messeri

2024-01-09 12:43:31 +0000

[diff] [blame]

603

}

Hasini Gunasinghe