Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f9494d172bb56c08d6859d8d51d38c682647f083 / . / keystore2 / src / maintenance.rs
blob: 5efb798d07b527fb0fc3d53603cd2a1f0e64b1a8 [file] [log] [blame]
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]1// Copyright 2021, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
Janis Danisevskis34a0cf22021-03-08 09:19:03 -0800[diff] [blame]15//! This module implements IKeystoreMaintenance AIDL interface.
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]16
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]17use crate::database::{KeyEntryLoadBits, KeyType, MonotonicRawTime};
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]18use crate::error::map_km_error;
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]19use crate::error::map_or_log_err;
20use crate::error::Error;
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]21use crate::globals::get_keymint_device;
Janis Danisevskis0ffb8a82022-02-06 22:37:21 -0800[diff] [blame]22use crate::globals::{DB, LEGACY_IMPORTER, SUPER_KEY};
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]23use crate::ks_err;
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]24use crate::permission::{KeyPerm, KeystorePerm};
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]25use crate::super_key::{SuperKeyManager, UserState};
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]26use crate::utils::{
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]27 check_key_permission, check_keystore_permission, uid_to_android_user, watchdog as wd,
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]28};
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]29use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
30 IKeyMintDevice::IKeyMintDevice, SecurityLevel::SecurityLevel,
31};
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]32use android_security_maintenance::aidl::android::security::maintenance::{
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]33 IKeystoreMaintenance::{BnKeystoreMaintenance, IKeystoreMaintenance},
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]34 UserState::UserState as AidlUserState,
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]35};
Andrew Walbrande45c8b2021-04-13 14:42:38 +0000[diff] [blame]36use android_security_maintenance::binder::{
37 BinderFeatures, Interface, Result as BinderResult, Strong, ThreadState,
38};
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]39use android_system_keystore2::aidl::android::system::keystore2::KeyDescriptor::KeyDescriptor;
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]40use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode;
41use anyhow::{Context, Result};
Paul Crowleyf61fee72021-03-17 14:38:44 -0700[diff] [blame]42use keystore2_crypto::Password;
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]43
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]44/// Reexport Domain for the benefit of DeleteListener
45pub use android_system_keystore2::aidl::android::system::keystore2::Domain::Domain;
46
47/// The Maintenance module takes a delete listener argument which observes user and namespace
48/// deletion events.
49pub trait DeleteListener {
50 /// Called by the maintenance module when an app/namespace is deleted.
51 fn delete_namespace(&self, domain: Domain, namespace: i64) -> Result<()>;
52 /// Called by the maintenance module when a user is deleted.
53 fn delete_user(&self, user_id: u32) -> Result<()>;
54}
55
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]56/// This struct is defined to implement the aforementioned AIDL interface.
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]57pub struct Maintenance {
58 delete_listener: Box<dyn DeleteListener + Send + Sync + 'static>,
59}
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]60
Janis Danisevskis34a0cf22021-03-08 09:19:03 -0800[diff] [blame]61impl Maintenance {
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]62 /// Create a new instance of Keystore Maintenance service.
63 pub fn new_native_binder(
64 delete_listener: Box<dyn DeleteListener + Send + Sync + 'static>,
65 ) -> Result<Strong<dyn IKeystoreMaintenance>> {
Andrew Walbrande45c8b2021-04-13 14:42:38 +0000[diff] [blame]66 Ok(BnKeystoreMaintenance::new_binder(
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]67 Self { delete_listener },
Andrew Walbrande45c8b2021-04-13 14:42:38 +0000[diff] [blame]68 BinderFeatures { set_requesting_sid: true, ..BinderFeatures::default() },
69 ))
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]70 }
71
Paul Crowleyf61fee72021-03-17 14:38:44 -0700[diff] [blame]72 fn on_user_password_changed(user_id: i32, password: Option<Password>) -> Result<()> {
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]73 // Check permission. Function should return if this failed. Therefore having '?' at the end
74 // is very important.
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]75 check_keystore_permission(KeystorePerm::ChangePassword).context(ks_err!())?;
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]76
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]77 let mut skm = SUPER_KEY.write().unwrap();
78
Paul Crowley7a658392021-03-18 17:08:20 -0700[diff] [blame]79 if let Some(pw) = password.as_ref() {
80 DB.with(|db| {
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]81 skm.unlock_screen_lock_bound_key(&mut db.borrow_mut(), user_id as u32, pw)
Paul Crowley7a658392021-03-18 17:08:20 -0700[diff] [blame]82 })
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]83 .context(ks_err!("unlock_screen_lock_bound_key failed"))?;
Paul Crowley7a658392021-03-18 17:08:20 -0700[diff] [blame]84 }
85
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]86 match DB
87 .with(|db| {
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]88 skm.reset_or_init_user_and_get_user_state(
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]89 &mut db.borrow_mut(),
Janis Danisevskis0ffb8a82022-02-06 22:37:21 -0800[diff] [blame]90 &LEGACY_IMPORTER,
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]91 user_id as u32,
Paul Crowleyf61fee72021-03-17 14:38:44 -0700[diff] [blame]92 password.as_ref(),
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]93 )
94 })
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]95 .context(ks_err!())?
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]96 {
97 UserState::LskfLocked => {
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]98 // Error - password can not be changed when the device is locked
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]99 Err(Error::Rc(ResponseCode::LOCKED)).context(ks_err!("Device is locked."))
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]100 }
101 _ => {
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]102 // LskfLocked is the only error case for password change
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]103 Ok(())
104 }
105 }
106 }
107
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]108 fn add_or_remove_user(&self, user_id: i32) -> Result<()> {
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]109 // Check permission. Function should return if this failed. Therefore having '?' at the end
110 // is very important.
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]111 check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]112
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]113 DB.with(|db| {
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]114 SUPER_KEY.write().unwrap().reset_user(
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]115 &mut db.borrow_mut(),
Janis Danisevskis0ffb8a82022-02-06 22:37:21 -0800[diff] [blame]116 &LEGACY_IMPORTER,
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]117 user_id as u32,
118 false,
119 )
120 })
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]121 .context(ks_err!("Trying to delete keys from db."))?;
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]122 self.delete_listener
123 .delete_user(user_id as u32)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]124 .context(ks_err!("While invoking the delete listener."))
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]125 }
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]126
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]127 fn clear_namespace(&self, domain: Domain, nspace: i64) -> Result<()> {
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]128 // Permission check. Must return on error. Do not touch the '?'.
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]129 check_keystore_permission(KeystorePerm::ClearUID).context("In clear_namespace.")?;
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]130
Janis Danisevskis0ffb8a82022-02-06 22:37:21 -0800[diff] [blame]131 LEGACY_IMPORTER
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]132 .bulk_delete_uid(domain, nspace)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]133 .context(ks_err!("Trying to delete legacy keys."))?;
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]134 DB.with(|db| db.borrow_mut().unbind_keys_for_namespace(domain, nspace))
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]135 .context(ks_err!("Trying to delete keys from db."))?;
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]136 self.delete_listener
137 .delete_namespace(domain, nspace)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]138 .context(ks_err!("While invoking the delete listener."))
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]139 }
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]140
141 fn get_state(user_id: i32) -> Result<AidlUserState> {
142 // Check permission. Function should return if this failed. Therefore having '?' at the end
143 // is very important.
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]144 check_keystore_permission(KeystorePerm::GetState).context("In get_state.")?;
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]145 let state = DB
146 .with(|db| {
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]147 SUPER_KEY.read().unwrap().get_user_state(
148 &mut db.borrow_mut(),
Janis Danisevskis0ffb8a82022-02-06 22:37:21 -0800[diff] [blame]149 &LEGACY_IMPORTER,
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]150 user_id as u32,
151 )
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]152 })
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]153 .context(ks_err!("Trying to get UserState."))?;
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]154
155 match state {
156 UserState::Uninitialized => Ok(AidlUserState::UNINITIALIZED),
157 UserState::LskfUnlocked(_) => Ok(AidlUserState::LSKF_UNLOCKED),
158 UserState::LskfLocked => Ok(AidlUserState::LSKF_LOCKED),
159 }
160 }
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]161
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]162 fn call_with_watchdog<F>(sec_level: SecurityLevel, name: &'static str, op: &F) -> Result<()>
163 where
Stephen Crane23cf7242022-01-19 17:49:46 +0000[diff] [blame]164 F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]165 {
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]166 let (km_dev, _, _) =
167 get_keymint_device(&sec_level).context(ks_err!("getting keymint device"))?;
Janis Danisevskis2ee014b2021-05-05 14:29:08 -0700[diff] [blame]168
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]169 let _wp = wd::watch_millis_with("In call_with_watchdog", 500, move || {
170 format!("Seclevel: {:?} Op: {}", sec_level, name)
171 });
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]172 map_km_error(op(km_dev)).with_context(|| ks_err!("calling {}", name))?;
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]173 Ok(())
174 }
175
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]176 fn call_on_all_security_levels<F>(name: &'static str, op: F) -> Result<()>
177 where
Stephen Crane23cf7242022-01-19 17:49:46 +0000[diff] [blame]178 F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]179 {
180 let sec_levels = [
181 (SecurityLevel::TRUSTED_ENVIRONMENT, "TRUSTED_ENVIRONMENT"),
182 (SecurityLevel::STRONGBOX, "STRONGBOX"),
183 ];
184 sec_levels.iter().fold(Ok(()), move |result, (sec_level, sec_level_string)| {
185 let curr_result = Maintenance::call_with_watchdog(*sec_level, name, &op);
186 match curr_result {
187 Ok(()) => log::info!(
188 "Call to {} succeeded for security level {}.",
189 name,
190 &sec_level_string
191 ),
192 Err(ref e) => log::error!(
193 "Call to {} failed for security level {}: {}.",
194 name,
195 &sec_level_string,
196 e
197 ),
198 }
199 result.and(curr_result)
200 })
201 }
202
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]203 fn early_boot_ended() -> Result<()> {
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]204 check_keystore_permission(KeystorePerm::EarlyBootEnded)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]205 .context(ks_err!("Checking permission"))?;
Paul Crowley44c02da2021-04-08 17:04:43 +0000[diff] [blame]206 log::info!("In early_boot_ended.");
207
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]208 if let Err(e) =
209 DB.with(|db| SuperKeyManager::set_up_boot_level_cache(&SUPER_KEY, &mut db.borrow_mut()))
210 {
Paul Crowley44c02da2021-04-08 17:04:43 +0000[diff] [blame]211 log::error!("SUPER_KEY.set_up_boot_level_cache failed:\n{:?}\n:(", e);
212 }
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]213 Maintenance::call_on_all_security_levels("earlyBootEnded", |dev| dev.earlyBootEnded())
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]214 }
215
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]216 fn on_device_off_body() -> Result<()> {
217 // Security critical permission check. This statement must return on fail.
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]218 check_keystore_permission(KeystorePerm::ReportOffBody).context(ks_err!())?;
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]219
Matthew Maurerd7815ca2021-05-06 21:58:45 -0700[diff] [blame]220 DB.with(|db| db.borrow_mut().update_last_off_body(MonotonicRawTime::now()));
221 Ok(())
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]222 }
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]223
224 fn migrate_key_namespace(source: &KeyDescriptor, destination: &KeyDescriptor) -> Result<()> {
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]225 let calling_uid = ThreadState::get_calling_uid();
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]226
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]227 match source.domain {
228 Domain::SELINUX | Domain::KEY_ID | Domain::APP => (),
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]229 _ => {
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]230 return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))
231 .context(ks_err!("Source domain must be one of APP, SELINUX, or KEY_ID."));
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]232 }
233 };
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]234
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]235 match destination.domain {
236 Domain::SELINUX | Domain::APP => (),
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]237 _ => {
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]238 return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))
239 .context(ks_err!("Destination domain must be one of APP or SELINUX."));
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]240 }
241 };
242
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]243 let user_id = uid_to_android_user(calling_uid);
Janis Danisevskisf84d0b02022-01-26 14:11:14 -0800[diff] [blame]244
245 let super_key = SUPER_KEY.read().unwrap().get_per_boot_key_by_user_id(user_id);
246
247 DB.with(|db| {
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]248 let (key_id_guard, _) = LEGACY_IMPORTER
249 .with_try_import(source, calling_uid, super_key, || {
250 db.borrow_mut().load_key_entry(
251 source,
252 KeyType::Client,
253 KeyEntryLoadBits::NONE,
254 calling_uid,
255 |k, av| {
256 check_key_permission(KeyPerm::Use, k, &av)?;
257 check_key_permission(KeyPerm::Delete, k, &av)?;
258 check_key_permission(KeyPerm::Grant, k, &av)
259 },
260 )
Janis Danisevskisf84d0b02022-01-26 14:11:14 -0800[diff] [blame]261 })
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]262 .context(ks_err!("Failed to load key blob."))?;
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]263 {
264 db.borrow_mut().migrate_key_namespace(key_id_guard, destination, calling_uid, |k| {
265 check_key_permission(KeyPerm::Rebind, k, &None)
266 })
Janis Danisevskisf84d0b02022-01-26 14:11:14 -0800[diff] [blame]267 }
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]268 })
269 }
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]270
271 fn delete_all_keys() -> Result<()> {
272 // Security critical permission check. This statement must return on fail.
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]273 check_keystore_permission(KeystorePerm::DeleteAllKeys)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]274 .context(ks_err!("Checking permission"))?;
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]275 log::info!("In delete_all_keys.");
276
277 Maintenance::call_on_all_security_levels("deleteAllKeys", |dev| dev.deleteAllKeys())
278 }
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]279}
280
Janis Danisevskis34a0cf22021-03-08 09:19:03 -0800[diff] [blame]281impl Interface for Maintenance {}
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]282
Janis Danisevskis34a0cf22021-03-08 09:19:03 -0800[diff] [blame]283impl IKeystoreMaintenance for Maintenance {
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]284 fn onUserPasswordChanged(&self, user_id: i32, password: Option<&[u8]>) -> BinderResult<()> {
Hasini Gunasinghe5a893e82021-05-05 14:32:32 +0000[diff] [blame]285 let _wp = wd::watch_millis("IKeystoreMaintenance::onUserPasswordChanged", 500);
Paul Crowleyf61fee72021-03-17 14:38:44 -0700[diff] [blame]286 map_or_log_err(Self::on_user_password_changed(user_id, password.map(|pw| pw.into())), Ok)
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]287 }
288
289 fn onUserAdded(&self, user_id: i32) -> BinderResult<()> {
Hasini Gunasinghe5a893e82021-05-05 14:32:32 +0000[diff] [blame]290 let _wp = wd::watch_millis("IKeystoreMaintenance::onUserAdded", 500);
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]291 map_or_log_err(self.add_or_remove_user(user_id), Ok)
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]292 }
293
294 fn onUserRemoved(&self, user_id: i32) -> BinderResult<()> {
Hasini Gunasinghe5a893e82021-05-05 14:32:32 +0000[diff] [blame]295 let _wp = wd::watch_millis("IKeystoreMaintenance::onUserRemoved", 500);
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]296 map_or_log_err(self.add_or_remove_user(user_id), Ok)
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]297 }
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]298
299 fn clearNamespace(&self, domain: Domain, nspace: i64) -> BinderResult<()> {
Hasini Gunasinghe5a893e82021-05-05 14:32:32 +0000[diff] [blame]300 let _wp = wd::watch_millis("IKeystoreMaintenance::clearNamespace", 500);
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]301 map_or_log_err(self.clear_namespace(domain, nspace), Ok)
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]302 }
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]303
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]304 fn getState(&self, user_id: i32) -> BinderResult<AidlUserState> {
Hasini Gunasinghe5a893e82021-05-05 14:32:32 +0000[diff] [blame]305 let _wp = wd::watch_millis("IKeystoreMaintenance::getState", 500);
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]306 map_or_log_err(Self::get_state(user_id), Ok)
307 }
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]308
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]309 fn earlyBootEnded(&self) -> BinderResult<()> {
Hasini Gunasinghe5a893e82021-05-05 14:32:32 +0000[diff] [blame]310 let _wp = wd::watch_millis("IKeystoreMaintenance::earlyBootEnded", 500);
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]311 map_or_log_err(Self::early_boot_ended(), Ok)
312 }
313
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]314 fn onDeviceOffBody(&self) -> BinderResult<()> {
Hasini Gunasinghe5a893e82021-05-05 14:32:32 +0000[diff] [blame]315 let _wp = wd::watch_millis("IKeystoreMaintenance::onDeviceOffBody", 500);
Janis Danisevskis333b7c02021-03-23 18:57:41 -0700[diff] [blame]316 map_or_log_err(Self::on_device_off_body(), Ok)
317 }
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]318
319 fn migrateKeyNamespace(
320 &self,
321 source: &KeyDescriptor,
322 destination: &KeyDescriptor,
323 ) -> BinderResult<()> {
Hasini Gunasinghe5a893e82021-05-05 14:32:32 +0000[diff] [blame]324 let _wp = wd::watch_millis("IKeystoreMaintenance::migrateKeyNamespace", 500);
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]325 map_or_log_err(Self::migrate_key_namespace(source, destination), Ok)
326 }
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]327
328 fn deleteAllKeys(&self) -> BinderResult<()> {
329 let _wp = wd::watch_millis("IKeystoreMaintenance::deleteAllKeys", 500);
330 map_or_log_err(Self::delete_all_keys(), Ok)
331 }
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]332}