Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 15e3c698255f32d68177a0c69e0872b2a96dd046 / . / keystore2 / src / maintenance.rs
blob: 43d99d189b89749a28bbbc6c4d10fdaf08f7b069 [file] [log] [blame]
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]1// Copyright 2021, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
Janis Danisevskis34a0cf22021-03-08 09:19:03 -0800[diff] [blame]15//! This module implements IKeystoreMaintenance AIDL interface.
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]16
Eric Biggersb5613da2024-03-13 19:31:42 +0000[diff] [blame]17use crate::database::{KeyEntryLoadBits, KeyType};
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]18use crate::error::into_logged_binder;
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]19use crate::error::map_km_error;
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]20use crate::error::Error;
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]21use crate::globals::get_keymint_device;
Janis Danisevskis0ffb8a82022-02-06 22:37:21 -0800[diff] [blame]22use crate::globals::{DB, LEGACY_IMPORTER, SUPER_KEY};
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]23use crate::ks_err;
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]24use crate::permission::{KeyPerm, KeystorePerm};
Eric Biggers9f7ebeb2024-06-20 14:59:32 +0000[diff] [blame]25use crate::super_key::SuperKeyManager;
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]26use crate::utils::{
Eran Messericfe79f12024-02-05 17:50:41 +0000[diff] [blame]27 check_get_app_uids_affected_by_sid_permissions, check_key_permission,
28 check_keystore_permission, uid_to_android_user, watchdog as wd,
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]29};
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]30use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
31 IKeyMintDevice::IKeyMintDevice, SecurityLevel::SecurityLevel,
32};
Eric Biggers2f9498a2023-10-09 23:16:05 +0000[diff] [blame]33use android_security_maintenance::aidl::android::security::maintenance::IKeystoreMaintenance::{
34 BnKeystoreMaintenance, IKeystoreMaintenance,
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]35};
Andrew Walbrande45c8b2021-04-13 14:42:38 +0000[diff] [blame]36use android_security_maintenance::binder::{
37 BinderFeatures, Interface, Result as BinderResult, Strong, ThreadState,
38};
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]39use android_system_keystore2::aidl::android::system::keystore2::KeyDescriptor::KeyDescriptor;
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]40use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode;
41use anyhow::{Context, Result};
Paul Crowleyf61fee72021-03-17 14:38:44 -0700[diff] [blame]42use keystore2_crypto::Password;
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]43
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]44/// Reexport Domain for the benefit of DeleteListener
45pub use android_system_keystore2::aidl::android::system::keystore2::Domain::Domain;
46
47/// The Maintenance module takes a delete listener argument which observes user and namespace
48/// deletion events.
49pub trait DeleteListener {
50 /// Called by the maintenance module when an app/namespace is deleted.
51 fn delete_namespace(&self, domain: Domain, namespace: i64) -> Result<()>;
52 /// Called by the maintenance module when a user is deleted.
53 fn delete_user(&self, user_id: u32) -> Result<()>;
54}
55
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]56/// This struct is defined to implement the aforementioned AIDL interface.
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]57pub struct Maintenance {
58 delete_listener: Box<dyn DeleteListener + Send + Sync + 'static>,
59}
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]60
Janis Danisevskis34a0cf22021-03-08 09:19:03 -0800[diff] [blame]61impl Maintenance {
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]62 /// Create a new instance of Keystore Maintenance service.
63 pub fn new_native_binder(
64 delete_listener: Box<dyn DeleteListener + Send + Sync + 'static>,
65 ) -> Result<Strong<dyn IKeystoreMaintenance>> {
Andrew Walbrande45c8b2021-04-13 14:42:38 +0000[diff] [blame]66 Ok(BnKeystoreMaintenance::new_binder(
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]67 Self { delete_listener },
Andrew Walbrande45c8b2021-04-13 14:42:38 +0000[diff] [blame]68 BinderFeatures { set_requesting_sid: true, ..BinderFeatures::default() },
69 ))
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]70 }
71
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]72 fn add_or_remove_user(&self, user_id: i32) -> Result<()> {
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]73 // Check permission. Function should return if this failed. Therefore having '?' at the end
74 // is very important.
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]75 check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]76
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]77 DB.with(|db| {
Nathan Huckleberry204a0442023-03-30 17:27:47 +0000[diff] [blame]78 SUPER_KEY.write().unwrap().remove_user(
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]79 &mut db.borrow_mut(),
Janis Danisevskis0ffb8a82022-02-06 22:37:21 -0800[diff] [blame]80 &LEGACY_IMPORTER,
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]81 user_id as u32,
Janis Danisevskiseed69842021-02-18 20:04:10 -0800[diff] [blame]82 )
83 })
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]84 .context(ks_err!("Trying to delete keys from db."))?;
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]85 self.delete_listener
86 .delete_user(user_id as u32)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]87 .context(ks_err!("While invoking the delete listener."))
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]88 }
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]89
Eric Biggersb0478cf2023-10-27 03:55:29 +0000[diff] [blame]90 fn init_user_super_keys(
91 &self,
92 user_id: i32,
93 password: Password,
94 allow_existing: bool,
95 ) -> Result<()> {
96 // Permission check. Must return on error. Do not touch the '?'.
97 check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;
98
99 let mut skm = SUPER_KEY.write().unwrap();
100 DB.with(|db| {
101 skm.initialize_user(
102 &mut db.borrow_mut(),
103 &LEGACY_IMPORTER,
104 user_id as u32,
105 &password,
106 allow_existing,
107 )
108 })
109 .context(ks_err!("Failed to initialize user super keys"))
110 }
111
112 // Deletes all auth-bound keys when the user's LSKF is removed.
113 fn on_user_lskf_removed(user_id: i32) -> Result<()> {
114 // Permission check. Must return on error. Do not touch the '?'.
115 check_keystore_permission(KeystorePerm::ChangePassword).context(ks_err!())?;
116
117 LEGACY_IMPORTER
118 .bulk_delete_user(user_id as u32, true)
119 .context(ks_err!("Failed to delete legacy keys."))?;
120
121 DB.with(|db| db.borrow_mut().unbind_auth_bound_keys_for_user(user_id as u32))
122 .context(ks_err!("Failed to delete auth-bound keys."))
123 }
124
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]125 fn clear_namespace(&self, domain: Domain, nspace: i64) -> Result<()> {
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]126 // Permission check. Must return on error. Do not touch the '?'.
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]127 check_keystore_permission(KeystorePerm::ClearUID).context("In clear_namespace.")?;
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]128
Janis Danisevskis0ffb8a82022-02-06 22:37:21 -0800[diff] [blame]129 LEGACY_IMPORTER
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]130 .bulk_delete_uid(domain, nspace)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]131 .context(ks_err!("Trying to delete legacy keys."))?;
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]132 DB.with(|db| db.borrow_mut().unbind_keys_for_namespace(domain, nspace))
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]133 .context(ks_err!("Trying to delete keys from db."))?;
Janis Danisevskis5898d152021-06-15 08:23:46 -0700[diff] [blame]134 self.delete_listener
135 .delete_namespace(domain, nspace)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]136 .context(ks_err!("While invoking the delete listener."))
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]137 }
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]138
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]139 fn call_with_watchdog<F>(sec_level: SecurityLevel, name: &'static str, op: &F) -> Result<()>
140 where
Stephen Crane23cf7242022-01-19 17:49:46 +0000[diff] [blame]141 F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]142 {
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]143 let (km_dev, _, _) =
144 get_keymint_device(&sec_level).context(ks_err!("getting keymint device"))?;
Janis Danisevskis2ee014b2021-05-05 14:29:08 -0700[diff] [blame]145
David Drysdale387c85b2024-06-10 14:40:45 +0100[diff] [blame]146 let _wp = wd::watch_millis_with("In call_with_watchdog", 500, (sec_level, name));
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]147 map_km_error(op(km_dev)).with_context(|| ks_err!("calling {}", name))?;
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]148 Ok(())
149 }
150
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]151 fn call_on_all_security_levels<F>(name: &'static str, op: F) -> Result<()>
152 where
Stephen Crane23cf7242022-01-19 17:49:46 +0000[diff] [blame]153 F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]154 {
155 let sec_levels = [
156 (SecurityLevel::TRUSTED_ENVIRONMENT, "TRUSTED_ENVIRONMENT"),
157 (SecurityLevel::STRONGBOX, "STRONGBOX"),
158 ];
James Farrelld77b97f2023-08-15 20:03:38 +0000[diff] [blame]159 sec_levels.iter().try_fold((), |_result, (sec_level, sec_level_string)| {
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]160 let curr_result = Maintenance::call_with_watchdog(*sec_level, name, &op);
161 match curr_result {
162 Ok(()) => log::info!(
163 "Call to {} succeeded for security level {}.",
164 name,
165 &sec_level_string
166 ),
167 Err(ref e) => log::error!(
168 "Call to {} failed for security level {}: {}.",
169 name,
170 &sec_level_string,
171 e
172 ),
173 }
James Farrelld77b97f2023-08-15 20:03:38 +0000[diff] [blame]174 curr_result
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]175 })
176 }
177
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]178 fn early_boot_ended() -> Result<()> {
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]179 check_keystore_permission(KeystorePerm::EarlyBootEnded)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]180 .context(ks_err!("Checking permission"))?;
Paul Crowley44c02da2021-04-08 17:04:43 +0000[diff] [blame]181 log::info!("In early_boot_ended.");
182
Janis Danisevskis0fd25a62022-01-04 19:53:37 -0800[diff] [blame]183 if let Err(e) =
184 DB.with(|db| SuperKeyManager::set_up_boot_level_cache(&SUPER_KEY, &mut db.borrow_mut()))
185 {
Paul Crowley44c02da2021-04-08 17:04:43 +0000[diff] [blame]186 log::error!("SUPER_KEY.set_up_boot_level_cache failed:\n{:?}\n:(", e);
187 }
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]188 Maintenance::call_on_all_security_levels("earlyBootEnded", |dev| dev.earlyBootEnded())
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]189 }
190
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]191 fn migrate_key_namespace(source: &KeyDescriptor, destination: &KeyDescriptor) -> Result<()> {
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]192 let calling_uid = ThreadState::get_calling_uid();
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]193
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]194 match source.domain {
195 Domain::SELINUX | Domain::KEY_ID | Domain::APP => (),
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]196 _ => {
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]197 return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))
198 .context(ks_err!("Source domain must be one of APP, SELINUX, or KEY_ID."));
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]199 }
200 };
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]201
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]202 match destination.domain {
203 Domain::SELINUX | Domain::APP => (),
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]204 _ => {
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]205 return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))
206 .context(ks_err!("Destination domain must be one of APP or SELINUX."));
John Wu16db29e2022-01-13 15:21:43 -0800[diff] [blame]207 }
208 };
209
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]210 let user_id = uid_to_android_user(calling_uid);
Janis Danisevskisf84d0b02022-01-26 14:11:14 -0800[diff] [blame]211
Eric Biggers673d34a2023-10-18 01:54:18 +0000[diff] [blame]212 let super_key = SUPER_KEY.read().unwrap().get_after_first_unlock_key_by_user_id(user_id);
Janis Danisevskisf84d0b02022-01-26 14:11:14 -0800[diff] [blame]213
214 DB.with(|db| {
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]215 let (key_id_guard, _) = LEGACY_IMPORTER
216 .with_try_import(source, calling_uid, super_key, || {
217 db.borrow_mut().load_key_entry(
218 source,
219 KeyType::Client,
220 KeyEntryLoadBits::NONE,
221 calling_uid,
222 |k, av| {
223 check_key_permission(KeyPerm::Use, k, &av)?;
224 check_key_permission(KeyPerm::Delete, k, &av)?;
225 check_key_permission(KeyPerm::Grant, k, &av)
226 },
227 )
Janis Danisevskisf84d0b02022-01-26 14:11:14 -0800[diff] [blame]228 })
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]229 .context(ks_err!("Failed to load key blob."))?;
John Wu889c1cc2022-03-14 16:02:56 -0700[diff] [blame]230 {
231 db.borrow_mut().migrate_key_namespace(key_id_guard, destination, calling_uid, |k| {
232 check_key_permission(KeyPerm::Rebind, k, &None)
233 })
Janis Danisevskisf84d0b02022-01-26 14:11:14 -0800[diff] [blame]234 }
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]235 })
236 }
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]237
238 fn delete_all_keys() -> Result<()> {
239 // Security critical permission check. This statement must return on fail.
Janis Danisevskisa916d992021-10-19 15:46:09 -0700[diff] [blame]240 check_keystore_permission(KeystorePerm::DeleteAllKeys)
Shaquille Johnson9da2e1c2022-09-19 12:39:01 +0000[diff] [blame]241 .context(ks_err!("Checking permission"))?;
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]242 log::info!("In delete_all_keys.");
243
244 Maintenance::call_on_all_security_levels("deleteAllKeys", |dev| dev.deleteAllKeys())
245 }
Eran Messeri4dc27b52024-01-09 12:43:31 +0000[diff] [blame]246
247 fn get_app_uids_affected_by_sid(
248 user_id: i32,
249 secure_user_id: i64,
250 ) -> Result<std::vec::Vec<i64>> {
251 // This method is intended to be called by Settings and discloses a list of apps
Eran Messericfe79f12024-02-05 17:50:41 +0000[diff] [blame]252 // associated with a user, so it requires the "android.permission.MANAGE_USERS"
253 // permission (to avoid leaking list of apps to unauthorized callers).
254 check_get_app_uids_affected_by_sid_permissions().context(ks_err!())?;
Eran Messeri4dc27b52024-01-09 12:43:31 +0000[diff] [blame]255 DB.with(|db| db.borrow_mut().get_app_uids_affected_by_sid(user_id, secure_user_id))
256 .context(ks_err!("Failed to get app UIDs affected by SID"))
257 }
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]258}
259
Janis Danisevskis34a0cf22021-03-08 09:19:03 -0800[diff] [blame]260impl Interface for Maintenance {}
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]261
Janis Danisevskis34a0cf22021-03-08 09:19:03 -0800[diff] [blame]262impl IKeystoreMaintenance for Maintenance {
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]263 fn onUserAdded(&self, user_id: i32) -> BinderResult<()> {
David Drysdalee85523f2023-06-19 12:28:53 +0100[diff] [blame]264 log::info!("onUserAdded(user={user_id})");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]265 let _wp = wd::watch("IKeystoreMaintenance::onUserAdded");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]266 self.add_or_remove_user(user_id).map_err(into_logged_binder)
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]267 }
268
Eric Biggersb0478cf2023-10-27 03:55:29 +0000[diff] [blame]269 fn initUserSuperKeys(
270 &self,
271 user_id: i32,
272 password: &[u8],
273 allow_existing: bool,
274 ) -> BinderResult<()> {
275 log::info!("initUserSuperKeys(user={user_id}, allow_existing={allow_existing})");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]276 let _wp = wd::watch("IKeystoreMaintenance::initUserSuperKeys");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]277 self.init_user_super_keys(user_id, password.into(), allow_existing)
278 .map_err(into_logged_binder)
Eric Biggersb0478cf2023-10-27 03:55:29 +0000[diff] [blame]279 }
280
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]281 fn onUserRemoved(&self, user_id: i32) -> BinderResult<()> {
David Drysdalee85523f2023-06-19 12:28:53 +0100[diff] [blame]282 log::info!("onUserRemoved(user={user_id})");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]283 let _wp = wd::watch("IKeystoreMaintenance::onUserRemoved");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]284 self.add_or_remove_user(user_id).map_err(into_logged_binder)
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]285 }
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]286
Eric Biggersb0478cf2023-10-27 03:55:29 +0000[diff] [blame]287 fn onUserLskfRemoved(&self, user_id: i32) -> BinderResult<()> {
288 log::info!("onUserLskfRemoved(user={user_id})");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]289 let _wp = wd::watch("IKeystoreMaintenance::onUserLskfRemoved");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]290 Self::on_user_lskf_removed(user_id).map_err(into_logged_binder)
Eric Biggersb0478cf2023-10-27 03:55:29 +0000[diff] [blame]291 }
292
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]293 fn clearNamespace(&self, domain: Domain, nspace: i64) -> BinderResult<()> {
David Drysdalee85523f2023-06-19 12:28:53 +0100[diff] [blame]294 log::info!("clearNamespace({domain:?}, nspace={nspace})");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]295 let _wp = wd::watch("IKeystoreMaintenance::clearNamespace");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]296 self.clear_namespace(domain, nspace).map_err(into_logged_binder)
Janis Danisevskisddd6e752021-02-22 18:46:55 -0800[diff] [blame]297 }
Hasini Gunasinghe9ee18412021-03-11 20:12:44 +0000[diff] [blame]298
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]299 fn earlyBootEnded(&self) -> BinderResult<()> {
David Drysdalee85523f2023-06-19 12:28:53 +0100[diff] [blame]300 log::info!("earlyBootEnded()");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]301 let _wp = wd::watch("IKeystoreMaintenance::earlyBootEnded");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]302 Self::early_boot_ended().map_err(into_logged_binder)
Satya Tangirala5b9e5b12021-03-09 12:54:21 -0800[diff] [blame]303 }
304
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]305 fn migrateKeyNamespace(
306 &self,
307 source: &KeyDescriptor,
308 destination: &KeyDescriptor,
309 ) -> BinderResult<()> {
David Drysdalee85523f2023-06-19 12:28:53 +0100[diff] [blame]310 log::info!("migrateKeyNamespace(src={source:?}, dest={destination:?})");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]311 let _wp = wd::watch("IKeystoreMaintenance::migrateKeyNamespace");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]312 Self::migrate_key_namespace(source, destination).map_err(into_logged_binder)
Janis Danisevskiscdcf4e52021-04-14 15:44:36 -0700[diff] [blame]313 }
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]314
315 fn deleteAllKeys(&self) -> BinderResult<()> {
David Drysdalee85523f2023-06-19 12:28:53 +0100[diff] [blame]316 log::warn!("deleteAllKeys()");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]317 let _wp = wd::watch("IKeystoreMaintenance::deleteAllKeys");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]318 Self::delete_all_keys().map_err(into_logged_binder)
Paul Crowley46c703e2021-08-06 15:13:53 -0700[diff] [blame]319 }
Eran Messeri4dc27b52024-01-09 12:43:31 +0000[diff] [blame]320
321 fn getAppUidsAffectedBySid(
322 &self,
323 user_id: i32,
324 secure_user_id: i64,
325 ) -> BinderResult<std::vec::Vec<i64>> {
326 log::info!("getAppUidsAffectedBySid(secure_user_id={secure_user_id:?})");
David Drysdale541846b2024-05-23 13:16:07 +0100[diff] [blame]327 let _wp = wd::watch("IKeystoreMaintenance::getAppUidsAffectedBySid");
David Drysdaledb7ddde2024-06-07 16:22:49 +0100[diff] [blame]328 Self::get_app_uids_affected_by_sid(user_id, secure_user_id).map_err(into_logged_binder)
Eran Messeri4dc27b52024-01-09 12:43:31 +0000[diff] [blame]329 }
Hasini Gunasingheda895552021-01-27 19:34:37 +0000[diff] [blame]330}