| Janis Danisevskis | a75e208 | 2020-10-07 16:44:26 -0700 | [diff] [blame^] | 1 | // Copyright 2020, The Android Open Source Project |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
| 15 | //! This module implements utility functions used by the Keystore 2.0 service |
| 16 | //! implementation. |
| 17 | |
| 18 | use crate::error::Error; |
| 19 | use crate::permission; |
| 20 | use crate::permission::{KeyPerm, KeyPermSet, KeystorePerm}; |
| 21 | use android_hardware_keymint::aidl::android::hardware::keymint::{ |
| 22 | KeyParameter::KeyParameter as KmParam, Tag::Tag, |
| 23 | }; |
| 24 | use android_system_keystore2::aidl::android::system::keystore2::{ |
| 25 | KeyDescriptor::KeyDescriptor, KeyParameter::KeyParameter, |
| 26 | }; |
| 27 | use anyhow::{anyhow, Context}; |
| 28 | use binder::{FromIBinder, SpIBinder, ThreadState}; |
| 29 | use std::sync::Mutex; |
| 30 | |
| 31 | /// This function uses its namesake in the permission module and in |
| 32 | /// combination with with_calling_sid from the binder crate to check |
| 33 | /// if the caller has the given keystore permission. |
| 34 | pub fn check_keystore_permission(perm: KeystorePerm) -> anyhow::Result<()> { |
| 35 | ThreadState::with_calling_sid(|calling_sid| { |
| 36 | permission::check_keystore_permission( |
| 37 | &calling_sid.ok_or_else(Error::sys).context( |
| 38 | "In check_keystore_permission: Cannot check permission without calling_sid.", |
| 39 | )?, |
| 40 | perm, |
| 41 | ) |
| 42 | }) |
| 43 | } |
| 44 | |
| 45 | /// This function uses its namesake in the permission module and in |
| 46 | /// combination with with_calling_sid from the binder crate to check |
| 47 | /// if the caller has the given grant permission. |
| 48 | pub fn check_grant_permission(access_vec: KeyPermSet, key: &KeyDescriptor) -> anyhow::Result<()> { |
| 49 | ThreadState::with_calling_sid(|calling_sid| { |
| 50 | permission::check_grant_permission( |
| 51 | &calling_sid.ok_or_else(Error::sys).context( |
| 52 | "In check_grant_permission: Cannot check permission without calling_sid.", |
| 53 | )?, |
| 54 | access_vec, |
| 55 | key, |
| 56 | ) |
| 57 | }) |
| 58 | } |
| 59 | |
| 60 | /// This function uses its namesake in the permission module and in |
| 61 | /// combination with with_calling_sid from the binder crate to check |
| 62 | /// if the caller has the given key permission. |
| 63 | pub fn check_key_permission( |
| 64 | perm: KeyPerm, |
| 65 | key: &KeyDescriptor, |
| 66 | access_vector: &Option<KeyPermSet>, |
| 67 | ) -> anyhow::Result<()> { |
| 68 | ThreadState::with_calling_sid(|calling_sid| { |
| 69 | permission::check_key_permission( |
| 70 | &calling_sid |
| 71 | .ok_or_else(Error::sys) |
| 72 | .context("In check_key_permission: Cannot check permission without calling_sid.")?, |
| 73 | perm, |
| 74 | key, |
| 75 | access_vector, |
| 76 | ) |
| 77 | }) |
| 78 | } |
| 79 | |
| 80 | /// This function converts a `KeyParameter` from the keystore2 AIDL |
| 81 | /// bindings into a `KeyParameter` from the keymint AIDL bindings. |
| 82 | /// TODO This is a temporary workaround until the keymint AIDL spec |
| 83 | /// lands. |
| 84 | pub fn keyparam_ks_to_km(p: &KeyParameter) -> KmParam { |
| 85 | KmParam { |
| 86 | tag: Tag(p.tag), |
| 87 | boolValue: p.boolValue, |
| 88 | integer: p.integer, |
| 89 | longInteger: p.longInteger, |
| 90 | dateTime: p.dateTime, |
| 91 | blob: match &p.blob { |
| 92 | Some(b) => b.clone(), |
| 93 | None => vec![], |
| 94 | }, |
| 95 | } |
| 96 | } |
| 97 | |
| 98 | /// Thread safe wrapper around SpIBinder. It is safe to have SpIBinder smart pointers to the |
| 99 | /// same object in multiple threads, but cloning a SpIBinder is not thread safe. |
| 100 | /// Keystore frequently hands out binder tokens to the security level interface. If this |
| 101 | /// is to happen from a multi threaded thread pool, the SpIBinder needs to be protected by a |
| 102 | /// Mutex. |
| 103 | #[derive(Debug)] |
| 104 | pub struct Asp(Mutex<SpIBinder>); |
| 105 | |
| 106 | impl Asp { |
| 107 | /// Creates a new instance owning a SpIBinder wrapped in a Mutex. |
| 108 | pub fn new(i: SpIBinder) -> Self { |
| 109 | Self(Mutex::new(i)) |
| 110 | } |
| 111 | |
| 112 | /// Clones the owned SpIBinder and attempts to convert it into the requested interface. |
| 113 | pub fn get_interface<T: FromIBinder + ?Sized>(&self) -> anyhow::Result<Box<T>> { |
| 114 | // We can use unwrap here because we never panic when locked, so the mutex |
| 115 | // can never be poisoned. |
| 116 | let lock = self.0.lock().unwrap(); |
| 117 | (*lock) |
| 118 | .clone() |
| 119 | .into_interface() |
| 120 | .map_err(|e| anyhow!(format!("get_interface failed with error code {:?}", e))) |
| 121 | } |
| 122 | } |