Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / bb6cabdaa19489f0a3c54acf35c56ffe59da9820 / . / keystore / key_store_service.cpp
blob: 2f07fbf4294136f3f51911a7afd024c4edd9af2c [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Janis Danisevskis011675d2016-09-01 11:41:29 +0100[diff] [blame]17#define LOG_TAG "keystore"
18
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]19#include "key_store_service.h"
20
21#include <fcntl.h>
22#include <sys/stat.h>
23
Janis Danisevskis7612fd42016-09-01 11:50:02 +0100[diff] [blame]24#include <algorithm>
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]25#include <atomic>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]26#include <sstream>
27
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]28#include <android-base/scopeguard.h>
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]29#include <binder/IInterface.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]30#include <binder/IPCThreadState.h>
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]31#include <binder/IPermissionController.h>
32#include <binder/IServiceManager.h>
Brian Claire Young3133c452018-08-31 13:56:49 -0700[diff] [blame]33#include <cutils/multiuser.h>
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]34#include <log/log_event_list.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]35
36#include <private/android_filesystem_config.h>
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]37#include <private/android_logger.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]38
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]39#include <android/hardware/confirmationui/1.0/IConfirmationUI.h>
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]40#include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]41
42#include "defaults.h"
Max Bires33aac2d2018-02-23 10:53:10 -0800[diff] [blame]43#include "key_proto_handler.h"
Janis Danisevskis18f27ad2016-06-01 13:57:40 -0700[diff] [blame]44#include "keystore_attestation_id.h"
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]45#include "keystore_keymaster_enforcement.h"
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]46#include "keystore_utils.h"
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]47#include <keystore/keystore_hidl_support.h>
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]48#include <keystore/keystore_return_types.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]49
Janis Danisevskis8f737ad2017-11-21 12:30:15 -0800[diff] [blame]50#include <hardware/hw_auth_token.h>
51
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]52namespace keystore {
Shawn Willdend5a24e62017-02-28 13:53:24 -0700[diff] [blame]53
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]54using namespace android;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]55
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]56namespace {
57
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]58using ::android::binder::Status;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]59using android::security::keymaster::ExportResult;
60using android::security::keymaster::KeymasterArguments;
61using android::security::keymaster::KeymasterBlob;
62using android::security::keymaster::KeymasterCertificateChain;
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]63using android::security::keymaster::operationFailed;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]64using android::security::keymaster::OperationResult;
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]65using ConfirmationResponseCode = android::hardware::confirmationui::V1_0::ResponseCode;
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]66using ::android::security::keystore::IKeystoreOperationResultCallback;
67using ::android::security::keystore::IKeystoreResponseCallback;
68using ::android::security::keystore::KeystoreResponse;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]69
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]70constexpr double kIdRotationPeriod = 30 * 24 * 60 * 60; /* Thirty days, in seconds */
71const char* kTimestampFilePath = "timestamp";
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]72const int ID_ATTESTATION_REQUEST_GENERIC_INFO = 1 << 0;
73const int ID_ATTESTATION_REQUEST_UNIQUE_DEVICE_ID = 1 << 1;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]74
75struct BIGNUM_Delete {
76 void operator()(BIGNUM* p) const { BN_free(p); }
77};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame]78typedef std::unique_ptr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]79
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]80bool containsTag(const hidl_vec<KeyParameter>& params, Tag tag) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]81 return params.end() !=
82 std::find_if(params.begin(), params.end(),
83 [&](const KeyParameter& param) { return param.tag == tag; });
Shawn Willdend5a24e62017-02-28 13:53:24 -0700[diff] [blame]84}
85
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]86#define AIDL_RETURN(rc) \
87 (*_aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(rc)), Status::ok())
88
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]89std::pair<KeyStoreServiceReturnCode, bool> hadFactoryResetSinceIdRotation() {
90 struct stat sbuf;
91 if (stat(kTimestampFilePath, &sbuf) == 0) {
Yi Konge353f252018-07-30 01:38:39 -0700[diff] [blame]92 double diff_secs = difftime(time(nullptr), sbuf.st_ctime);
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]93 return {ResponseCode::NO_ERROR, diff_secs < kIdRotationPeriod};
94 }
95
96 if (errno != ENOENT) {
97 ALOGE("Failed to stat \"timestamp\" file, with error %d", errno);
98 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
99 }
100
101 int fd = creat(kTimestampFilePath, 0600);
102 if (fd < 0) {
103 ALOGE("Couldn't create \"timestamp\" file, with error %d", errno);
104 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
105 }
106
107 if (close(fd)) {
108 ALOGE("Couldn't close \"timestamp\" file, with error %d", errno);
109 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
110 }
111
112 return {ResponseCode::NO_ERROR, true};
113}
114
Eran Messeri03fc4c82018-08-16 18:53:15 +0100[diff] [blame]115using ::android::security::KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE;
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]116
117KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, AuthorizationSet* params) {
118 KeyStoreServiceReturnCode responseCode;
119 bool factoryResetSinceIdRotation;
120 std::tie(responseCode, factoryResetSinceIdRotation) = hadFactoryResetSinceIdRotation();
121
122 if (!responseCode.isOk()) return responseCode;
123 if (factoryResetSinceIdRotation) params->push_back(TAG_RESET_SINCE_ID_ROTATION);
124
125 auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
126 if (!asn1_attestation_id_result.isOk()) {
127 ALOGE("failed to gather attestation_id");
128 return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
129 }
130 std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
131
132 /*
Eran Messeri03fc4c82018-08-16 18:53:15 +0100[diff] [blame]133 * The attestation application ID must not be longer than
134 * KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE, error out if gather_attestation_application_id
135 * returned such an invalid vector.
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]136 */
137 if (asn1_attestation_id.size() > KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE) {
Eran Messeri03fc4c82018-08-16 18:53:15 +0100[diff] [blame]138 ALOGE("BUG: Gathered Attestation Application ID is too big (%d)",
139 static_cast<int32_t>(asn1_attestation_id.size()));
140 return ErrorCode::CANNOT_ATTEST_IDS;
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]141 }
142
143 params->push_back(TAG_ATTESTATION_APPLICATION_ID, asn1_attestation_id);
144
145 return ResponseCode::NO_ERROR;
146}
147
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]148} // anonymous namespace
149
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]150Status KeyStoreService::getState(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]151 if (!checkBinderPermission(P_GET_STATE)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]152 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
153 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]154 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]155 *aidl_return = mKeyStore->getState(userId);
156 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]157}
158
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]159Status KeyStoreService::get(const String16& name, int32_t uid, ::std::vector<uint8_t>* item) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]160 uid_t targetUid = getEffectiveUid(uid);
161 if (!checkBinderPermission(P_GET, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]162 // see keystore/keystore.h
163 return Status::fromServiceSpecificError(
164 static_cast<int32_t>(ResponseCode::PERMISSION_DENIED));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]165 }
166
167 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]168 ResponseCode rc;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]169 Blob keyBlob;
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]170 Blob charBlob;
171 LockedKeyBlobEntry lockedEntry;
172
173 std::tie(rc, keyBlob, charBlob, lockedEntry) =
174 mKeyStore->getKeyForName(name8, targetUid, TYPE_GENERIC);
175 if (rc != ResponseCode::NO_ERROR) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]176 *item = ::std::vector<uint8_t>();
177 // Return empty array if key is not found
178 // TODO: consider having returned value nullable or parse exception on the client.
179 return Status::fromServiceSpecificError(static_cast<int32_t>(rc));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]180 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]181 auto resultBlob = blob2hidlVec(keyBlob);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]182 // The static_cast here is needed to prevent a move, forcing a deep copy.
183 if (item) *item = static_cast<const hidl_vec<uint8_t>&>(blob2hidlVec(keyBlob));
184 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]185}
186
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]187Status KeyStoreService::insert(const String16& name, const ::std::vector<uint8_t>& item,
188 int targetUid, int32_t flags, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]189 targetUid = getEffectiveUid(targetUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]190 KeyStoreServiceReturnCode result =
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]191 checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]192 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]193 *aidl_return = static_cast<int32_t>(result);
194 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]195 }
196
197 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]198 auto lockedEntry = mKeyStore->getLockedBlobEntryIfNotExists(name8.string(), targetUid);
199
200 if (!lockedEntry) {
201 ALOGE("failed to grab lock on blob entry %u_%s", targetUid, name8.string());
202 *aidl_return = static_cast<int32_t>(ResponseCode::KEY_ALREADY_EXISTS);
203 return Status::ok();
204 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]205
Yi Konge353f252018-07-30 01:38:39 -0700[diff] [blame]206 Blob keyBlob(&item[0], item.size(), nullptr, 0, ::TYPE_GENERIC);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]207 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
208
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]209 *aidl_return = static_cast<int32_t>(mKeyStore->put(lockedEntry, keyBlob, {}));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]210 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]211}
212
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]213Status KeyStoreService::del(const String16& name, int targetUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]214 targetUid = getEffectiveUid(targetUid);
215 if (!checkBinderPermission(P_DELETE, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]216 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
217 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]218 }
219 String8 name8(name);
Rubin Xu7675c9f2017-03-15 19:26:52 +0000[diff] [blame]220 ALOGI("del %s %d", name8.string(), targetUid);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]221 auto lockedEntry = mKeyStore->getLockedBlobEntryIfExists(name8.string(), targetUid);
222 if (!lockedEntry) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]223 *aidl_return = static_cast<int32_t>(ResponseCode::KEY_NOT_FOUND);
224 return Status::ok();
225 }
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700[diff] [blame]226
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]227 ResponseCode result = mKeyStore->del(lockedEntry);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]228
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]229 *aidl_return = static_cast<int32_t>(result);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]230 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]231}
232
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]233Status KeyStoreService::exist(const String16& name, int targetUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]234 targetUid = getEffectiveUid(targetUid);
235 if (!checkBinderPermission(P_EXIST, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]236 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
237 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]238 }
239
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]240 LockedKeyBlobEntry lockedEntry =
241 mKeyStore->getLockedBlobEntryIfExists(String8(name).string(), targetUid);
242 *aidl_return =
243 static_cast<int32_t>(lockedEntry ? ResponseCode::NO_ERROR : ResponseCode::KEY_NOT_FOUND);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]244 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]245}
246
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]247Status KeyStoreService::list(const String16& prefix, int32_t targetUid,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]248 ::std::vector<::android::String16>* matches) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]249 targetUid = getEffectiveUid(targetUid);
250 if (!checkBinderPermission(P_LIST, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]251 return Status::fromServiceSpecificError(
252 static_cast<int32_t>(ResponseCode::PERMISSION_DENIED));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]253 }
254 const String8 prefix8(prefix);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]255 const std::string stdPrefix(prefix8.string());
256
257 ResponseCode rc;
258 std::list<LockedKeyBlobEntry> internal_matches;
259
260 std::tie(rc, internal_matches) = LockedKeyBlobEntry::list(
261 mKeyStore->getUserStateDB().getUserStateByUid(targetUid)->getUserDirName(),
262 [&](uid_t uid, const std::string& alias) {
263 std::mismatch(stdPrefix.begin(), stdPrefix.end(), alias.begin(), alias.end());
264 return uid == static_cast<uid_t>(targetUid) &&
265 std::mismatch(stdPrefix.begin(), stdPrefix.end(), alias.begin(), alias.end())
266 .first == stdPrefix.end();
267 });
268
269 if (rc != ResponseCode::NO_ERROR) {
270 return Status::fromServiceSpecificError(static_cast<int32_t>(rc));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]271 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]272
273 for (LockedKeyBlobEntry& entry : internal_matches) {
274 matches->push_back(String16(entry->alias().substr(prefix8.size()).c_str()));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]275 }
276 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]277}
278
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]279Status KeyStoreService::reset(int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]280 if (!checkBinderPermission(P_RESET)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]281 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
282 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]283 }
284
285 uid_t callingUid = IPCThreadState::self()->getCallingUid();
286 mKeyStore->resetUser(get_user_id(callingUid), false);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]287 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
288 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]289}
290
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]291Status KeyStoreService::onUserPasswordChanged(int32_t userId, const String16& password,
292 int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]293 if (!checkBinderPermission(P_PASSWORD)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]294 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
295 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]296 }
297
298 const String8 password8(password);
299 // Flush the auth token table to prevent stale tokens from sticking
300 // around.
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]301 mKeyStore->getAuthTokenTable().Clear();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]302
303 if (password.size() == 0) {
304 ALOGI("Secure lockscreen for user %d removed, deleting encrypted entries", userId);
305 mKeyStore->resetUser(userId, true);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]306 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
307 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]308 } else {
309 switch (mKeyStore->getState(userId)) {
310 case ::STATE_UNINITIALIZED: {
311 // generate master key, encrypt with password, write to file,
312 // initialize mMasterKey*.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]313 *aidl_return = static_cast<int32_t>(mKeyStore->initializeUser(password8, userId));
314 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]315 }
316 case ::STATE_NO_ERROR: {
317 // rewrite master key with new password.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]318 *aidl_return = static_cast<int32_t>(mKeyStore->writeMasterKey(password8, userId));
319 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]320 }
321 case ::STATE_LOCKED: {
322 ALOGE("Changing user %d's password while locked, clearing old encryption", userId);
323 mKeyStore->resetUser(userId, true);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]324 *aidl_return = static_cast<int32_t>(mKeyStore->initializeUser(password8, userId));
325 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]326 }
327 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]328 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
329 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]330 }
331}
332
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]333Status KeyStoreService::onUserAdded(int32_t userId, int32_t parentId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]334 if (!checkBinderPermission(P_USER_CHANGED)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]335 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
336 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]337 }
338
339 // Sanity check that the new user has an empty keystore.
340 if (!mKeyStore->isEmpty(userId)) {
341 ALOGW("New user %d's keystore not empty. Clearing old entries.", userId);
342 }
343 // Unconditionally clear the keystore, just to be safe.
344 mKeyStore->resetUser(userId, false);
345 if (parentId != -1) {
346 // This profile must share the same master key password as the parent profile. Because the
347 // password of the parent profile is not known here, the best we can do is copy the parent's
348 // master key and master key file. This makes this profile use the same master key as the
349 // parent profile, forever.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]350 *aidl_return = static_cast<int32_t>(mKeyStore->copyMasterKey(parentId, userId));
351 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]352 } else {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]353 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
354 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]355 }
356}
357
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]358Status KeyStoreService::onUserRemoved(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]359 if (!checkBinderPermission(P_USER_CHANGED)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]360 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
361 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]362 }
363
364 mKeyStore->resetUser(userId, false);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]365 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
366 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]367}
368
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]369Status KeyStoreService::lock(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]370 if (!checkBinderPermission(P_LOCK)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]371 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
372 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]373 }
374
375 State state = mKeyStore->getState(userId);
376 if (state != ::STATE_NO_ERROR) {
377 ALOGD("calling lock in state: %d", state);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]378 *aidl_return = static_cast<int32_t>(ResponseCode(state));
379 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]380 }
381
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]382 mKeyStore->getEnforcementPolicy().set_device_locked(true, userId);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]383 mKeyStore->lock(userId);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]384 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
385 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]386}
387
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]388Status KeyStoreService::unlock(int32_t userId, const String16& pw, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]389 if (!checkBinderPermission(P_UNLOCK)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]390 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
391 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]392 }
393
394 State state = mKeyStore->getState(userId);
395 if (state != ::STATE_LOCKED) {
396 switch (state) {
397 case ::STATE_NO_ERROR:
398 ALOGI("calling unlock when already unlocked, ignoring.");
399 break;
400 case ::STATE_UNINITIALIZED:
401 ALOGE("unlock called on uninitialized keystore.");
402 break;
403 default:
404 ALOGE("unlock called on keystore in unknown state: %d", state);
405 break;
406 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]407 *aidl_return = static_cast<int32_t>(ResponseCode(state));
408 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]409 }
410
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]411 mKeyStore->getEnforcementPolicy().set_device_locked(false, userId);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]412 const String8 password8(pw);
413 // read master key, decrypt with password, initialize mMasterKey*.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]414 *aidl_return = static_cast<int32_t>(mKeyStore->readMasterKey(password8, userId));
415 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]416}
417
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]418Status KeyStoreService::isEmpty(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]419 if (!checkBinderPermission(P_IS_EMPTY)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]420 *aidl_return = static_cast<int32_t>(false);
421 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]422 }
423
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]424 *aidl_return = static_cast<int32_t>(mKeyStore->isEmpty(userId));
425 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]426}
427
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]428Status KeyStoreService::grant(const String16& name, int32_t granteeUid,
429 ::android::String16* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]430 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Bo Zhu91de6db2018-03-20 12:52:13 -0700[diff] [blame]431 auto result =
432 checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]433 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]434 *aidl_return = String16();
435 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]436 }
437
438 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]439 auto lockedEntry = mKeyStore->getLockedBlobEntryIfExists(name8.string(), callingUid);
440 if (!lockedEntry) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]441 *aidl_return = String16();
442 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]443 }
444
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]445 *aidl_return = String16(mKeyStore->addGrant(lockedEntry, granteeUid).c_str());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]446 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]447}
448
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]449Status KeyStoreService::ungrant(const String16& name, int32_t granteeUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]450 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Bo Zhu91de6db2018-03-20 12:52:13 -0700[diff] [blame]451 KeyStoreServiceReturnCode result =
452 checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]453 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]454 *aidl_return = static_cast<int32_t>(result);
455 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]456 }
457
458 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]459
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]460 auto lockedEntry = mKeyStore->getLockedBlobEntryIfExists(name8.string(), callingUid);
461 if (!lockedEntry) {
462 *aidl_return = static_cast<int32_t>(ResponseCode::KEY_NOT_FOUND);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]463 }
464
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]465 *aidl_return = mKeyStore->removeGrant(lockedEntry, granteeUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]466 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]467}
468
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]469Status KeyStoreService::getmtime(const String16& name, int32_t uid, int64_t* time) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]470 uid_t targetUid = getEffectiveUid(uid);
471 if (!checkBinderPermission(P_GET, targetUid)) {
472 ALOGW("permission denied for %d: getmtime", targetUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]473 *time = -1L;
474 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]475 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]476 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]477
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]478 auto lockedEntry = mKeyStore->getLockedBlobEntryIfExists(name8.string(), targetUid);
479 if (!lockedEntry) {
480 ALOGW("could not access key with alias %s for getmtime", name8.string());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]481 *time = -1L;
482 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]483 }
484
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]485 std::string filename = lockedEntry->getKeyBlobPath();
486
487 int fd = TEMP_FAILURE_RETRY(open(filename.c_str(), O_NOFOLLOW, O_RDONLY));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]488 if (fd < 0) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]489 ALOGW("could not open %s for getmtime", filename.c_str());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]490 *time = -1L;
491 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]492 }
493
494 struct stat s;
495 int ret = fstat(fd, &s);
496 close(fd);
497 if (ret == -1) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]498 ALOGW("could not stat %s for getmtime", filename.c_str());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]499 *time = -1L;
500 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]501 }
502
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]503 *time = static_cast<int64_t>(s.st_mtime);
504 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]505}
506
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]507Status KeyStoreService::is_hardware_backed(const String16& keyType, int32_t* aidl_return) {
508 *aidl_return = static_cast<int32_t>(mKeyStore->isHardwareBacked(keyType) ? 1 : 0);
509 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]510}
511
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]512Status KeyStoreService::clear_uid(int64_t targetUid64, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]513 uid_t targetUid = getEffectiveUid(targetUid64);
514 if (!checkBinderPermissionSelfOrSystem(P_CLEAR_UID, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]515 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
516 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]517 }
Rubin Xu7675c9f2017-03-15 19:26:52 +0000[diff] [blame]518 ALOGI("clear_uid %" PRId64, targetUid64);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]519
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700[diff] [blame]520 mKeyStore->removeAllGrantsToUid(targetUid);
521
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]522 ResponseCode rc;
523 std::list<LockedKeyBlobEntry> entries;
524
525 // list has a fence making sure no workers are modifying blob files before iterating the
526 // data base. All returned entries are locked.
527 std::tie(rc, entries) = LockedKeyBlobEntry::list(
528 mKeyStore->getUserStateDB().getUserStateByUid(targetUid)->getUserDirName(),
529 [&](uid_t uid, const std::string&) -> bool { return uid == targetUid; });
530
531 if (rc != ResponseCode::NO_ERROR) {
532 *aidl_return = static_cast<int32_t>(rc);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]533 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]534 }
535
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]536 for (LockedKeyBlobEntry& lockedEntry : entries) {
Rubin Xu85c85e92017-04-26 20:07:30 +0100[diff] [blame]537 if (get_app_id(targetUid) == AID_SYSTEM) {
538 Blob keyBlob;
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]539 Blob charBlob;
540 std::tie(rc, keyBlob, charBlob) = mKeyStore->get(lockedEntry);
541 if (rc == ResponseCode::NO_ERROR && keyBlob.isCriticalToDeviceEncryption()) {
Rubin Xu85c85e92017-04-26 20:07:30 +0100[diff] [blame]542 // Do not clear keys critical to device encryption under system uid.
543 continue;
544 }
545 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]546 mKeyStore->del(lockedEntry);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]547 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]548 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
549 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]550}
551
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]552Status KeyStoreService::addRngEntropy(
553 const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb,
554 const ::std::vector<uint8_t>& entropy, int32_t flags, int32_t* _aidl_return) {
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]555 auto device = mKeyStore->getDevice(flagsToSecurityLevel(flags));
556 if (!device) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]557 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]558 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]559
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]560 device->addRngEntropy(entropy, [cb](Return<ErrorCode> rc) {
561 cb->onFinished(KeyStoreServiceReturnCode(KS_HANDLE_HIDL_ERROR(rc)));
562 });
563
564 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]565}
566
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]567Status KeyStoreService::generateKey(
568 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
569 const String16& name, const KeymasterArguments& params, const ::std::vector<uint8_t>& entropy,
570 int uid, int flags, int32_t* _aidl_return) {
Max Biresef4f0672017-11-29 14:38:48 -0800[diff] [blame]571 // TODO(jbires): remove this getCallingUid call upon implementation of b/25646100
572 uid_t originalUid = IPCThreadState::self()->getCallingUid();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]573 uid = getEffectiveUid(uid);
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]574 auto logOnScopeExit = android::base::make_scope_guard([&] {
575 if (__android_log_security()) {
576 android_log_event_list(SEC_TAG_AUTH_KEY_GENERATED)
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]577 << int32_t(*_aidl_return == static_cast<int32_t>(ResponseCode::NO_ERROR))
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]578 << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
579 }
580 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]581 KeyStoreServiceReturnCode rc =
582 checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
583 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]584 return AIDL_RETURN(rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]585 }
Rubin Xu67899de2017-04-21 19:15:13 +0100[diff] [blame]586 if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) {
587 ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]588 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Rubin Xu67899de2017-04-21 19:15:13 +0100[diff] [blame]589 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]590
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]591 if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]592 // TODO(jbires): remove uid checking upon implementation of b/25646100
Max Bires670467d2017-12-12 11:16:43 -0800[diff] [blame]593 if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
Max Biresef4f0672017-11-29 14:38:48 -0800[diff] [blame]594 originalUid != IPCThreadState::self()->getCallingUid()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]595 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]596 }
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]597 }
598
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]599 SecurityLevel securityLevel = flagsToSecurityLevel(flags);
600 auto dev = mKeyStore->getDevice(securityLevel);
601 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]602 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]603 }
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]604
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]605 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]606 auto lockedEntry = mKeyStore->getLockedBlobEntryIfNotExists(name8.string(), uid);
607 if (!lockedEntry) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]608 return AIDL_RETURN(ResponseCode::KEY_ALREADY_EXISTS);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]609 }
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]610
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]611 logOnScopeExit.Disable();
612
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]613 dev->generateKey(
614 std::move(lockedEntry), params.getParameters(), entropy, flags,
615 [cb, uid, name](KeyStoreServiceReturnCode rc, KeyCharacteristics keyCharacteristics) {
616 if (__android_log_security()) {
617 android_log_event_list(SEC_TAG_AUTH_KEY_GENERATED)
618 << rc.isOk() << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
619 }
620 cb->onFinished(rc,
621 android::security::keymaster::KeyCharacteristics(keyCharacteristics));
622 });
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]623
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]624 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]625}
626
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]627Status KeyStoreService::getKeyCharacteristics(
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]628 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]629 const String16& name, const ::android::security::keymaster::KeymasterBlob& clientId,
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -0800[diff] [blame]630 const ::android::security::keymaster::KeymasterBlob& appData, int32_t uid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]631 int32_t* _aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]632
633 uid_t targetUid = getEffectiveUid(uid);
634 uid_t callingUid = IPCThreadState::self()->getCallingUid();
635 if (!is_granted_to(callingUid, targetUid)) {
636 ALOGW("uid %d not permitted to act for uid %d in getKeyCharacteristics", callingUid,
637 targetUid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]638 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]639 }
640
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]641 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]642
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]643 ResponseCode rc;
644 Blob keyBlob;
645 Blob charBlob;
646 LockedKeyBlobEntry lockedEntry;
Janis Danisevskisd714a672017-09-01 14:31:36 -0700[diff] [blame]647
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]648 std::tie(rc, keyBlob, charBlob, lockedEntry) =
649 mKeyStore->getKeyForName(name8, targetUid, TYPE_KEYMASTER_10);
650
651 if (rc != ResponseCode::NO_ERROR) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]652 return AIDL_RETURN(rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]653 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]654
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]655 auto dev = mKeyStore->getDevice(keyBlob);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]656 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]657 return AIDL_RETURN(ResponseCode::SYSTEM_ERROR);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]658 }
659
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]660 // If the charBlob is up to date, it simply moves the argument blobs to the returned blobs
661 // and extracts the characteristics on the way. Otherwise it updates the cache file with data
662 // from keymaster. It may also upgrade the key blob.
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]663 dev->getKeyCharacteristics(
664 std::move(lockedEntry), clientId.getData(), appData.getData(), std::move(keyBlob),
665 std::move(charBlob),
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]666 [cb](KeyStoreServiceReturnCode rc, KeyCharacteristics keyCharacteristics) {
667 cb->onFinished(rc,
668 android::security::keymaster::KeyCharacteristics(keyCharacteristics));
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]669 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]670
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]671 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]672}
673
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]674Status KeyStoreService::importKey(
675 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
676 const String16& name, const KeymasterArguments& params, int32_t format,
677 const ::std::vector<uint8_t>& keyData, int uid, int flags, int32_t* _aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]678 uid = getEffectiveUid(uid);
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]679 auto logOnScopeExit = android::base::make_scope_guard([&] {
680 if (__android_log_security()) {
681 android_log_event_list(SEC_TAG_KEY_IMPORTED)
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]682 << int32_t(*_aidl_return == static_cast<int32_t>(ResponseCode::NO_ERROR))
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]683 << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
684 }
685 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]686 KeyStoreServiceReturnCode rc =
687 checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
688 if (!rc.isOk()) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]689 LOG(ERROR) << "permissission denied";
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]690 return AIDL_RETURN(rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]691 }
Rubin Xu67899de2017-04-21 19:15:13 +0100[diff] [blame]692 if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) {
693 ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]694 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Rubin Xu67899de2017-04-21 19:15:13 +0100[diff] [blame]695 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]696
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]697 SecurityLevel securityLevel = flagsToSecurityLevel(flags);
698 auto dev = mKeyStore->getDevice(securityLevel);
699 if (!dev) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]700 LOG(ERROR) << "importKey - cound not get keymaster device";
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]701 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]702 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]703
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]704 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]705 auto lockedEntry = mKeyStore->getLockedBlobEntryIfNotExists(name8.string(), uid);
706 if (!lockedEntry) {
707 LOG(ERROR) << "importKey - key: " << name8.string() << " " << int(uid)
708 << " already exists.";
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]709 return AIDL_RETURN(ResponseCode::KEY_ALREADY_EXISTS);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]710 }
Janis Danisevskis4a1da2f2018-03-26 15:02:38 -0700[diff] [blame]711
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]712 logOnScopeExit.Disable();
Janis Danisevskis4a1da2f2018-03-26 15:02:38 -0700[diff] [blame]713
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]714 dev->importKey(
715 std::move(lockedEntry), params.getParameters(), KeyFormat(format), keyData, flags,
716 [cb, uid, name](KeyStoreServiceReturnCode rc, KeyCharacteristics keyCharacteristics) {
717 if (__android_log_security()) {
718 android_log_event_list(SEC_TAG_KEY_IMPORTED)
719 << rc.isOk() << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
720 }
721 cb->onFinished(rc,
722 android::security::keymaster::KeyCharacteristics(keyCharacteristics));
723 });
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]724
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]725 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]726}
727
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]728Status KeyStoreService::exportKey(
729 const ::android::sp<::android::security::keystore::IKeystoreExportKeyCallback>& cb,
730 const String16& name, int32_t format,
731 const ::android::security::keymaster::KeymasterBlob& clientId,
732 const ::android::security::keymaster::KeymasterBlob& appData, int32_t uid,
733 int32_t* _aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]734
735 uid_t targetUid = getEffectiveUid(uid);
736 uid_t callingUid = IPCThreadState::self()->getCallingUid();
737 if (!is_granted_to(callingUid, targetUid)) {
738 ALOGW("uid %d not permitted to act for uid %d in exportKey", callingUid, targetUid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]739 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]740 }
741
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]742 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]743
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]744 KeyStoreServiceReturnCode rc;
745 Blob keyBlob;
746 Blob charBlob;
747 LockedKeyBlobEntry lockedEntry;
748
749 std::tie(rc, keyBlob, charBlob, lockedEntry) =
750 mKeyStore->getKeyForName(name8, targetUid, TYPE_KEYMASTER_10);
751 if (!rc) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]752 return AIDL_RETURN(rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]753 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]754
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]755 auto dev = mKeyStore->getDevice(keyBlob);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]756
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]757 dev->exportKey(std::move(lockedEntry), KeyFormat(format), clientId.getData(), appData.getData(),
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]758 std::move(keyBlob), std::move(charBlob),
759 [cb](ExportResult exportResult) { cb->onFinished(exportResult); });
Ji Wang2c142312016-10-14 17:21:10 +0800[diff] [blame]760
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]761 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]762}
763
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]764Status KeyStoreService::begin(const sp<IKeystoreOperationResultCallback>& cb,
765 const sp<IBinder>& appToken, const String16& name, int32_t purpose,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]766 bool pruneable, const KeymasterArguments& params,
767 const ::std::vector<uint8_t>& entropy, int32_t uid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]768 int32_t* _aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]769 uid_t callingUid = IPCThreadState::self()->getCallingUid();
770 uid_t targetUid = getEffectiveUid(uid);
771 if (!is_granted_to(callingUid, targetUid)) {
772 ALOGW("uid %d not permitted to act for uid %d in begin", callingUid, targetUid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]773 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]774 }
775 if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) {
776 ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]777 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]778 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]779 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]780 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]781 }
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]782
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]783 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]784 Blob keyBlob;
785 Blob charBlob;
786 LockedKeyBlobEntry lockedEntry;
787 ResponseCode rc;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]788
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]789 std::tie(rc, keyBlob, charBlob, lockedEntry) =
790 mKeyStore->getKeyForName(name8, targetUid, TYPE_KEYMASTER_10);
791
792 if (rc == ResponseCode::LOCKED && keyBlob.isSuperEncrypted()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]793 return AIDL_RETURN(ErrorCode::KEY_USER_NOT_AUTHENTICATED);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]794 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]795 if (rc != ResponseCode::NO_ERROR) return AIDL_RETURN(rc);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]796
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]797 auto dev = mKeyStore->getDevice(keyBlob);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]798 AuthorizationSet opParams = params.getParameters();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]799
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]800 dev->begin(std::move(lockedEntry), appToken, std::move(keyBlob), std::move(charBlob), pruneable,
801 static_cast<KeyPurpose>(purpose), std::move(opParams), entropy,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]802 [this, cb, dev](OperationResult result_) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]803 if (result_.resultCode.isOk() ||
804 result_.resultCode == ResponseCode::OP_AUTH_NEEDED) {
805 addOperationDevice(result_.token, dev);
806 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]807 cb->onFinished(result_);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]808 });
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]809
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]810 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]811}
812
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]813Status KeyStoreService::update(const ::android::sp<IKeystoreOperationResultCallback>& cb,
814 const ::android::sp<::android::IBinder>& token,
815 const ::android::security::keymaster::KeymasterArguments& params,
816 const ::std::vector<uint8_t>& input, int32_t* _aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]817 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]818 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]819 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]820
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]821 auto dev = getOperationDevice(token);
822 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]823 return AIDL_RETURN(ErrorCode::INVALID_OPERATION_HANDLE);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]824 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]825
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]826 dev->update(token, params.getParameters(), input, [this, cb, token](OperationResult result_) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]827 if (!result_.resultCode.isOk()) {
828 removeOperationDevice(token);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]829 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]830 cb->onFinished(result_);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]831 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]832
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]833 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]834}
835
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]836Status KeyStoreService::finish(const ::android::sp<IKeystoreOperationResultCallback>& cb,
837 const ::android::sp<::android::IBinder>& token,
838 const ::android::security::keymaster::KeymasterArguments& params,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]839 const ::std::vector<uint8_t>& signature,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]840 const ::std::vector<uint8_t>& entropy, int32_t* _aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]841 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]842 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]843 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]844
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]845 auto dev = getOperationDevice(token);
846 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]847 return AIDL_RETURN(ErrorCode::INVALID_OPERATION_HANDLE);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]848 }
849
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]850 dev->finish(token, params.getParameters(), {}, signature, entropy,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]851 [this, cb, token](OperationResult result_) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]852 if (!result_.resultCode.isOk()) {
853 removeOperationDevice(token);
854 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]855 cb->onFinished(result_);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]856 });
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]857
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]858 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]859}
860
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]861Status KeyStoreService::abort(const ::android::sp<IKeystoreResponseCallback>& cb,
862 const ::android::sp<::android::IBinder>& token,
863 int32_t* _aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]864 auto dev = getOperationDevice(token);
865 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]866 return AIDL_RETURN(ErrorCode::INVALID_OPERATION_HANDLE);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]867 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]868
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]869 dev->abort(token, [cb](KeyStoreServiceReturnCode rc) { cb->onFinished(rc); });
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]870
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]871 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]872}
873
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]874Status KeyStoreService::addAuthToken(const ::std::vector<uint8_t>& authTokenAsVector,
Brian Youngccb492d2018-02-22 23:36:01 +0000[diff] [blame]875 int32_t* aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]876
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]877 // TODO(swillden): When gatekeeper and fingerprint are ready, this should be updated to
878 // receive a HardwareAuthToken, rather than an opaque byte array.
879
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]880 if (!checkBinderPermission(P_ADD_AUTH)) {
881 ALOGW("addAuthToken: permission denied for %d", IPCThreadState::self()->getCallingUid());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]882 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
883 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]884 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]885 if (authTokenAsVector.size() != sizeof(hw_auth_token_t)) {
886 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
887 return Status::ok();
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]888 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]889
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]890 hw_auth_token_t authToken;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]891 memcpy(reinterpret_cast<void*>(&authToken), authTokenAsVector.data(), sizeof(hw_auth_token_t));
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]892 if (authToken.version != 0) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]893 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
894 return Status::ok();
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]895 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]896
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]897 mKeyStore->getAuthTokenTable().AddAuthenticationToken(
898 hidlVec2AuthToken(hidl_vec<uint8_t>(authTokenAsVector)));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]899 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
900 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]901}
902
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]903int isDeviceIdAttestationRequested(const KeymasterArguments& params) {
Chih-Hung Hsiehb81e68b2018-07-13 11:37:45 -0700[diff] [blame]904 const hardware::hidl_vec<KeyParameter>& paramsVec = params.getParameters();
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]905 int result = 0;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]906 for (size_t i = 0; i < paramsVec.size(); ++i) {
907 switch (paramsVec[i].tag) {
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]908 case Tag::ATTESTATION_ID_BRAND:
909 case Tag::ATTESTATION_ID_DEVICE:
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]910 case Tag::ATTESTATION_ID_MANUFACTURER:
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]911 case Tag::ATTESTATION_ID_MODEL:
912 case Tag::ATTESTATION_ID_PRODUCT:
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]913 result |= ID_ATTESTATION_REQUEST_GENERIC_INFO;
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]914 break;
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]915 case Tag::ATTESTATION_ID_IMEI:
916 case Tag::ATTESTATION_ID_MEID:
917 case Tag::ATTESTATION_ID_SERIAL:
918 result |= ID_ATTESTATION_REQUEST_UNIQUE_DEVICE_ID;
919 break;
920 default:
921 continue;
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]922 }
923 }
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]924 return result;
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]925}
926
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]927Status KeyStoreService::attestKey(
928 const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb,
929 const String16& name, const KeymasterArguments& params, int32_t* _aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]930 // check null output if method signature is updated and return ErrorCode::OUTPUT_PARAMETER_NULL
931 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]932 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]933 }
934
Eran Messerie2c34152017-12-21 21:01:22 +0000[diff] [blame]935 uid_t callingUid = IPCThreadState::self()->getCallingUid();
936
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]937 int needsIdAttestation = isDeviceIdAttestationRequested(params);
938 bool needsUniqueIdAttestation = needsIdAttestation & ID_ATTESTATION_REQUEST_UNIQUE_DEVICE_ID;
939 bool isPrimaryUserSystemUid = (callingUid == AID_SYSTEM);
940 bool isSomeUserSystemUid = (get_app_id(callingUid) == AID_SYSTEM);
941 // Allow system context from any user to request attestation with basic device information,
942 // while only allow system context from user 0 (device owner) to request attestation with
943 // unique device ID.
944 if ((needsIdAttestation && !isSomeUserSystemUid) ||
945 (needsUniqueIdAttestation && !isPrimaryUserSystemUid)) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]946 return AIDL_RETURN(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]947 }
948
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]949 AuthorizationSet mutableParams = params.getParameters();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]950 KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
951 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]952 return AIDL_RETURN(rc);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]953 }
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]954
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]955 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]956 Blob keyBlob;
957 Blob charBlob;
958 LockedKeyBlobEntry lockedEntry;
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]959
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]960 std::tie(rc, keyBlob, charBlob, lockedEntry) =
961 mKeyStore->getKeyForName(name8, callingUid, TYPE_KEYMASTER_10);
962
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]963 auto dev = mKeyStore->getDevice(keyBlob);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]964 auto hidlKey = blob2hidlVec(keyBlob);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]965 dev->attestKey(
966 std::move(hidlKey), mutableParams.hidl_data(),
967 [cb](Return<void> rc, std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) {
968 auto& [ret, certChain] = hidlResult;
969 if (!rc.isOk()) {
970 cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
971 } else if (ret != ErrorCode::OK) {
972 cb->onFinished(KeyStoreServiceReturnCode(ret), {});
973 } else {
974 cb->onFinished(KeyStoreServiceReturnCode(ret),
975 KeymasterCertificateChain(std::move(certChain)));
976 }
977 });
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]978
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]979 return AIDL_RETURN(ResponseCode::NO_ERROR);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]980}
981
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]982// My IDE defines "CAPTURE_MOVE(x) x" because it does not understand generalized lambda captures.
983// It should never be redefined by a build system though.
984#ifndef CAPTURE_MOVE
985#define CAPTURE_MOVE(x) x = std::move(x)
986#endif
987
988Status KeyStoreService::attestDeviceIds(
989 const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb,
990 const KeymasterArguments& params, int32_t* _aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]991 // check null output if method signature is updated and return ErrorCode::OUTPUT_PARAMETER_NULL
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]992
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]993 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]994 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]995 }
996
997 if (!isDeviceIdAttestationRequested(params)) {
998 // There is an attestKey() method for attesting keys without device ID attestation.
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]999 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1000 }
1001
1002 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1003 sp<IBinder> binder = defaultServiceManager()->getService(String16("permission"));
Yi Konge353f252018-07-30 01:38:39 -0700[diff] [blame]1004 if (binder == nullptr) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1005 return AIDL_RETURN(ErrorCode::CANNOT_ATTEST_IDS);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1006 }
1007 if (!interface_cast<IPermissionController>(binder)->checkPermission(
1008 String16("android.permission.READ_PRIVILEGED_PHONE_STATE"),
1009 IPCThreadState::self()->getCallingPid(), callingUid)) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1010 return AIDL_RETURN(ErrorCode::CANNOT_ATTEST_IDS);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1011 }
1012
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]1013 AuthorizationSet mutableParams = params.getParameters();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1014 KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
1015 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1016 return AIDL_RETURN(rc);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1017 }
1018
1019 // Generate temporary key.
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1020 auto dev = mKeyStore->getDevice(SecurityLevel::TRUSTED_ENVIRONMENT);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]1021
Shawn Willden70c1a782018-07-11 15:13:20 -0600[diff] [blame]1022 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1023 return AIDL_RETURN(ResponseCode::SYSTEM_ERROR);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]1024 }
1025
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1026
1027 AuthorizationSet keyCharacteristics;
1028 keyCharacteristics.push_back(TAG_PURPOSE, KeyPurpose::VERIFY);
1029 keyCharacteristics.push_back(TAG_ALGORITHM, Algorithm::EC);
1030 keyCharacteristics.push_back(TAG_DIGEST, Digest::SHA_2_256);
1031 keyCharacteristics.push_back(TAG_NO_AUTH_REQUIRED);
1032 keyCharacteristics.push_back(TAG_EC_CURVE, EcCurve::P_256);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1033
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1034 std::promise<KeyStoreServiceReturnCode> resultPromise;
1035 auto resultFuture = resultPromise.get_future();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1036
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1037 dev->generateKey(
1038 keyCharacteristics.hidl_data(),
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1039 [cb, dev, CAPTURE_MOVE(mutableParams)](
1040 Return<void> rc,
1041 std::tuple<ErrorCode, ::std::vector<uint8_t>, KeyCharacteristics>&& hidlResult) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1042 auto& [ret, hidlKeyBlob_, dummyCharacteristics] = hidlResult;
1043 auto hidlKeyBlob = std::move(hidlKeyBlob_);
1044 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1045 cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1046 return;
1047 }
1048 if (ret != ErrorCode::OK) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1049 cb->onFinished(KeyStoreServiceReturnCode(ret), {});
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1050 return;
1051 }
1052 dev->attestKey(
1053 hidlKeyBlob, mutableParams.hidl_data(),
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1054 [cb, dev,
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1055 hidlKeyBlob](Return<void> rc,
1056 std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) {
1057 auto& [ret, certChain] = hidlResult;
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1058 // schedule temp key for deletion
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1059 dev->deleteKey(std::move(hidlKeyBlob), [](Return<ErrorCode> rc) {
1060 // log error but don't return an error
1061 KS_HANDLE_HIDL_ERROR(rc);
1062 });
1063 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1064 cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1065 return;
1066 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1067 if (ret == ErrorCode::OK) {
1068 cb->onFinished(
1069 KeyStoreServiceReturnCode(ret),
1070 ::android::security::keymaster::KeymasterCertificateChain(certChain));
1071 } else {
1072 cb->onFinished(KeyStoreServiceReturnCode(ret), {});
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1073 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1074 });
1075 });
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1076
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1077 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]1078}
1079
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]1080Status KeyStoreService::onDeviceOffBody(int32_t* aidl_return) {
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]1081 // TODO(tuckeris): add permission check. This should be callable from ClockworkHome only.
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1082 mKeyStore->getAuthTokenTable().onDeviceOffBody();
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]1083 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
1084 return Status::ok();
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]1085}
1086
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1087Status KeyStoreService::importWrappedKey(
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1088 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1089 const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey,
1090 const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey,
1091 const KeymasterArguments& params, int64_t rootSid, int64_t fingerprintSid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1092 int32_t* _aidl_return) {
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1093
1094 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1095
1096 if (!checkBinderPermission(P_INSERT, callingUid)) {
1097 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
1098 }
1099
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1100 String8 wrappingKeyName8(wrappingKeyAlias);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1101
1102 KeyStoreServiceReturnCode rc;
1103 Blob wrappingKeyBlob;
1104 Blob wrappingCharBlob;
1105 LockedKeyBlobEntry wrappingLockedEntry;
1106
1107 std::tie(rc, wrappingKeyBlob, wrappingCharBlob, wrappingLockedEntry) =
1108 mKeyStore->getKeyForName(wrappingKeyName8, callingUid, TYPE_KEYMASTER_10);
1109 if (!rc) {
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1110 return AIDL_RETURN(rc);
1111 }
1112
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1113 String8 wrappedKeyName8(wrappedKeyAlias);
1114 auto wrappedLockedEntry =
1115 mKeyStore->getLockedBlobEntryIfNotExists(wrappedKeyName8.string(), callingUid);
1116 if (!wrappedLockedEntry) {
1117 return AIDL_RETURN(ResponseCode::KEY_ALREADY_EXISTS);
1118 }
1119
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1120 SecurityLevel securityLevel = wrappingKeyBlob.getSecurityLevel();
1121 auto dev = mKeyStore->getDevice(securityLevel);
1122 if (!dev) {
1123 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
1124 }
1125
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1126 dev->importWrappedKey(
1127 std::move(wrappingLockedEntry), std::move(wrappedLockedEntry), wrappedKey, maskingKey,
1128 params.getParameters(), std::move(wrappingKeyBlob), std::move(wrappingCharBlob), rootSid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1129 fingerprintSid, [cb](KeyStoreServiceReturnCode rc, KeyCharacteristics keyCharacteristics) {
1130 cb->onFinished(rc,
1131 ::android::security::keymaster::KeyCharacteristics(keyCharacteristics));
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1132 });
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1133
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame^]1134 return AIDL_RETURN(ResponseCode::NO_ERROR);
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1135}
1136
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]1137Status KeyStoreService::presentConfirmationPrompt(const sp<IBinder>& listener,
1138 const String16& promptText,
1139 const ::std::vector<uint8_t>& extraData,
1140 const String16& locale, int32_t uiOptionsAsFlags,
1141 int32_t* aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1142 return mKeyStore->getConfirmationManager().presentConfirmationPrompt(
1143 listener, promptText, extraData, locale, uiOptionsAsFlags, aidl_return);
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]1144}
1145
1146Status KeyStoreService::cancelConfirmationPrompt(const sp<IBinder>& listener,
1147 int32_t* aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1148 return mKeyStore->getConfirmationManager().cancelConfirmationPrompt(listener, aidl_return);
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]1149}
1150
David Zeuthen1a492312018-02-26 11:00:30 -0500[diff] [blame]1151Status KeyStoreService::isConfirmationPromptSupported(bool* aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1152 return mKeyStore->getConfirmationManager().isConfirmationPromptSupported(aidl_return);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1153}
1154
1155/**
1156 * Get the effective target uid for a binder operation that takes an
1157 * optional uid as the target.
1158 */
1159uid_t KeyStoreService::getEffectiveUid(int32_t targetUid) {
1160 if (targetUid == UID_SELF) {
1161 return IPCThreadState::self()->getCallingUid();
1162 }
1163 return static_cast<uid_t>(targetUid);
1164}
1165
1166/**
1167 * Check if the caller of the current binder method has the required
1168 * permission and if acting on other uids the grants to do so.
1169 */
1170bool KeyStoreService::checkBinderPermission(perm_t permission, int32_t targetUid) {
1171 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1172 pid_t spid = IPCThreadState::self()->getCallingPid();
1173 if (!has_permission(callingUid, permission, spid)) {
1174 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
1175 return false;
1176 }
1177 if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) {
1178 ALOGW("uid %d not granted to act for %d", callingUid, targetUid);
1179 return false;
1180 }
1181 return true;
1182}
1183
1184/**
1185 * Check if the caller of the current binder method has the required
1186 * permission and the target uid is the caller or the caller is system.
1187 */
1188bool KeyStoreService::checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid) {
1189 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1190 pid_t spid = IPCThreadState::self()->getCallingPid();
1191 if (!has_permission(callingUid, permission, spid)) {
1192 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
1193 return false;
1194 }
1195 return getEffectiveUid(targetUid) == callingUid || callingUid == AID_SYSTEM;
1196}
1197
1198/**
1199 * Check if the caller of the current binder method has the required
1200 * permission or the target of the operation is the caller's uid. This is
1201 * for operation where the permission is only for cross-uid activity and all
1202 * uids are allowed to act on their own (ie: clearing all entries for a
1203 * given uid).
1204 */
1205bool KeyStoreService::checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) {
1206 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1207 if (getEffectiveUid(targetUid) == callingUid) {
1208 return true;
1209 } else {
1210 return checkBinderPermission(permission, targetUid);
1211 }
1212}
1213
1214/**
1215 * Helper method to check that the caller has the required permission as
1216 * well as the keystore is in the unlocked state if checkUnlocked is true.
1217 *
1218 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
1219 * otherwise the state of keystore when not unlocked and checkUnlocked is
1220 * true.
1221 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1222KeyStoreServiceReturnCode
1223KeyStoreService::checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid,
1224 bool checkUnlocked) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1225 if (!checkBinderPermission(permission, targetUid)) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1226 return ResponseCode::PERMISSION_DENIED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1227 }
1228 State state = mKeyStore->getState(get_user_id(getEffectiveUid(targetUid)));
1229 if (checkUnlocked && !isKeystoreUnlocked(state)) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1230 // All State values coincide with ResponseCodes
1231 return static_cast<ResponseCode>(state);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1232 }
1233
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1234 return ResponseCode::NO_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1235}
1236
1237bool KeyStoreService::isKeystoreUnlocked(State state) {
1238 switch (state) {
1239 case ::STATE_NO_ERROR:
1240 return true;
1241 case ::STATE_UNINITIALIZED:
1242 case ::STATE_LOCKED:
1243 return false;
1244 }
1245 return false;
1246}
1247
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1248/**
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]1249 * Check that all KeyParameters provided by the application are allowed. Any parameter that keystore
1250 * adds itself should be disallowed here.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1251 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1252bool KeyStoreService::checkAllowedOperationParams(const hidl_vec<KeyParameter>& params) {
1253 for (size_t i = 0; i < params.size(); ++i) {
1254 switch (params[i].tag) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1255 case Tag::ATTESTATION_APPLICATION_ID:
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]1256 case Tag::RESET_SINCE_ID_ROTATION:
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1257 return false;
1258 default:
1259 break;
1260 }
1261 }
1262 return true;
1263}
1264
Brian Young9a947d52018-02-23 18:03:14 +0000[diff] [blame]1265Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
1266 int32_t* aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1267 mKeyStore->getEnforcementPolicy().set_device_locked(isShowing, userId);
Brian Young9a947d52018-02-23 18:03:14 +0000[diff] [blame]1268 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]1269
1270 return Status::ok();
1271}
1272
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]1273} // namespace keystore