Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / d9f8ae5004661bb210d381b37af29e991d677846 / . / keystore / key_store_service.cpp
blob: 76db1d9a809d35f9490adf18591462214b5331a5 [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Janis Danisevskis011675d2016-09-01 11:41:29 +0100[diff] [blame]17#define LOG_TAG "keystore"
18
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]19#include "key_store_service.h"
20
21#include <fcntl.h>
22#include <sys/stat.h>
23
Janis Danisevskis7612fd42016-09-01 11:50:02 +0100[diff] [blame]24#include <algorithm>
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]25#include <atomic>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]26#include <sstream>
27
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]28#include <android-base/scopeguard.h>
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]29#include <binder/IInterface.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]30#include <binder/IPCThreadState.h>
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]31#include <binder/IPermissionController.h>
32#include <binder/IServiceManager.h>
Brian Claire Young3133c452018-08-31 13:56:49 -0700[diff] [blame]33#include <cutils/multiuser.h>
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]34#include <log/log_event_list.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]35
36#include <private/android_filesystem_config.h>
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]37#include <private/android_logger.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]38
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]39#include <android/hardware/confirmationui/1.0/IConfirmationUI.h>
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]40#include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]41
42#include "defaults.h"
Max Bires33aac2d2018-02-23 10:53:10 -0800[diff] [blame]43#include "key_proto_handler.h"
Janis Danisevskis18f27ad2016-06-01 13:57:40 -0700[diff] [blame]44#include "keystore_attestation_id.h"
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]45#include "keystore_keymaster_enforcement.h"
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]46#include "keystore_utils.h"
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]47#include <keystore/keystore_hidl_support.h>
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]48#include <keystore/keystore_return_types.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]49
Janis Danisevskis8f737ad2017-11-21 12:30:15 -0800[diff] [blame]50#include <hardware/hw_auth_token.h>
51
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]52namespace keystore {
Shawn Willdend5a24e62017-02-28 13:53:24 -0700[diff] [blame]53
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]54using namespace android;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]55
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]56namespace {
57
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]58using ::android::binder::Status;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]59using android::security::keymaster::ExportResult;
60using android::security::keymaster::KeymasterArguments;
61using android::security::keymaster::KeymasterBlob;
62using android::security::keymaster::KeymasterCertificateChain;
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]63using android::security::keymaster::operationFailed;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]64using android::security::keymaster::OperationResult;
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]65using ConfirmationResponseCode = android::hardware::confirmationui::V1_0::ResponseCode;
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]66using ::android::security::keystore::IKeystoreOperationResultCallback;
67using ::android::security::keystore::IKeystoreResponseCallback;
68using ::android::security::keystore::KeystoreResponse;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]69
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]70constexpr double kIdRotationPeriod = 30 * 24 * 60 * 60; /* Thirty days, in seconds */
71const char* kTimestampFilePath = "timestamp";
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]72
73struct BIGNUM_Delete {
74 void operator()(BIGNUM* p) const { BN_free(p); }
75};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame]76typedef std::unique_ptr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]77
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]78bool containsTag(const hidl_vec<KeyParameter>& params, Tag tag) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]79 return params.end() !=
80 std::find_if(params.begin(), params.end(),
81 [&](const KeyParameter& param) { return param.tag == tag; });
Shawn Willdend5a24e62017-02-28 13:53:24 -0700[diff] [blame]82}
83
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]84#define AIDL_RETURN(rc) \
85 (*_aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(rc)), Status::ok())
86
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]87std::pair<KeyStoreServiceReturnCode, bool> hadFactoryResetSinceIdRotation() {
88 struct stat sbuf;
89 if (stat(kTimestampFilePath, &sbuf) == 0) {
Yi Konge353f252018-07-30 01:38:39 -0700[diff] [blame]90 double diff_secs = difftime(time(nullptr), sbuf.st_ctime);
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]91 return {ResponseCode::NO_ERROR, diff_secs < kIdRotationPeriod};
92 }
93
94 if (errno != ENOENT) {
95 ALOGE("Failed to stat \"timestamp\" file, with error %d", errno);
96 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
97 }
98
99 int fd = creat(kTimestampFilePath, 0600);
100 if (fd < 0) {
101 ALOGE("Couldn't create \"timestamp\" file, with error %d", errno);
102 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
103 }
104
105 if (close(fd)) {
106 ALOGE("Couldn't close \"timestamp\" file, with error %d", errno);
107 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
108 }
109
110 return {ResponseCode::NO_ERROR, true};
111}
112
Eran Messeri03fc4c82018-08-16 18:53:15 +0100[diff] [blame]113using ::android::security::KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE;
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]114
115KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, AuthorizationSet* params) {
116 KeyStoreServiceReturnCode responseCode;
117 bool factoryResetSinceIdRotation;
118 std::tie(responseCode, factoryResetSinceIdRotation) = hadFactoryResetSinceIdRotation();
119
120 if (!responseCode.isOk()) return responseCode;
121 if (factoryResetSinceIdRotation) params->push_back(TAG_RESET_SINCE_ID_ROTATION);
122
123 auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
124 if (!asn1_attestation_id_result.isOk()) {
125 ALOGE("failed to gather attestation_id");
126 return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
127 }
128 std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
129
130 /*
Eran Messeri03fc4c82018-08-16 18:53:15 +0100[diff] [blame]131 * The attestation application ID must not be longer than
132 * KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE, error out if gather_attestation_application_id
133 * returned such an invalid vector.
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]134 */
135 if (asn1_attestation_id.size() > KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE) {
Eran Messeri03fc4c82018-08-16 18:53:15 +0100[diff] [blame]136 ALOGE("BUG: Gathered Attestation Application ID is too big (%d)",
137 static_cast<int32_t>(asn1_attestation_id.size()));
138 return ErrorCode::CANNOT_ATTEST_IDS;
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]139 }
140
141 params->push_back(TAG_ATTESTATION_APPLICATION_ID, asn1_attestation_id);
142
143 return ResponseCode::NO_ERROR;
144}
145
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]146} // anonymous namespace
147
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]148Status KeyStoreService::getState(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]149 if (!checkBinderPermission(P_GET_STATE)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]150 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
151 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]152 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]153 *aidl_return = mKeyStore->getState(userId);
154 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]155}
156
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]157Status KeyStoreService::get(const String16& name, int32_t uid, ::std::vector<uint8_t>* item) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]158 uid_t targetUid = getEffectiveUid(uid);
159 if (!checkBinderPermission(P_GET, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]160 // see keystore/keystore.h
161 return Status::fromServiceSpecificError(
162 static_cast<int32_t>(ResponseCode::PERMISSION_DENIED));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]163 }
164
165 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]166 ResponseCode rc;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]167 Blob keyBlob;
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]168 Blob charBlob;
169 LockedKeyBlobEntry lockedEntry;
170
171 std::tie(rc, keyBlob, charBlob, lockedEntry) =
172 mKeyStore->getKeyForName(name8, targetUid, TYPE_GENERIC);
173 if (rc != ResponseCode::NO_ERROR) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]174 *item = ::std::vector<uint8_t>();
175 // Return empty array if key is not found
176 // TODO: consider having returned value nullable or parse exception on the client.
177 return Status::fromServiceSpecificError(static_cast<int32_t>(rc));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]178 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]179 auto resultBlob = blob2hidlVec(keyBlob);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]180 // The static_cast here is needed to prevent a move, forcing a deep copy.
181 if (item) *item = static_cast<const hidl_vec<uint8_t>&>(blob2hidlVec(keyBlob));
182 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]183}
184
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]185Status KeyStoreService::insert(const String16& name, const ::std::vector<uint8_t>& item,
186 int targetUid, int32_t flags, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]187 targetUid = getEffectiveUid(targetUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]188 KeyStoreServiceReturnCode result =
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]189 checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]190 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]191 *aidl_return = static_cast<int32_t>(result);
192 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]193 }
194
195 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]196 auto lockedEntry = mKeyStore->getLockedBlobEntryIfNotExists(name8.string(), targetUid);
197
198 if (!lockedEntry) {
199 ALOGE("failed to grab lock on blob entry %u_%s", targetUid, name8.string());
200 *aidl_return = static_cast<int32_t>(ResponseCode::KEY_ALREADY_EXISTS);
201 return Status::ok();
202 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]203
Yi Konge353f252018-07-30 01:38:39 -0700[diff] [blame]204 Blob keyBlob(&item[0], item.size(), nullptr, 0, ::TYPE_GENERIC);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]205 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
206
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]207 *aidl_return = static_cast<int32_t>(mKeyStore->put(lockedEntry, keyBlob, {}));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]208 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]209}
210
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]211Status KeyStoreService::del(const String16& name, int targetUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]212 targetUid = getEffectiveUid(targetUid);
213 if (!checkBinderPermission(P_DELETE, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]214 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
215 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]216 }
217 String8 name8(name);
Rubin Xu7675c9f2017-03-15 19:26:52 +0000[diff] [blame]218 ALOGI("del %s %d", name8.string(), targetUid);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]219 auto lockedEntry = mKeyStore->getLockedBlobEntryIfExists(name8.string(), targetUid);
220 if (!lockedEntry) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]221 *aidl_return = static_cast<int32_t>(ResponseCode::KEY_NOT_FOUND);
222 return Status::ok();
223 }
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700[diff] [blame]224
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]225 ResponseCode result = mKeyStore->del(lockedEntry);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]226
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]227 *aidl_return = static_cast<int32_t>(result);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]228 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]229}
230
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]231Status KeyStoreService::exist(const String16& name, int targetUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]232 targetUid = getEffectiveUid(targetUid);
233 if (!checkBinderPermission(P_EXIST, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]234 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
235 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]236 }
237
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]238 LockedKeyBlobEntry lockedEntry =
239 mKeyStore->getLockedBlobEntryIfExists(String8(name).string(), targetUid);
240 *aidl_return =
241 static_cast<int32_t>(lockedEntry ? ResponseCode::NO_ERROR : ResponseCode::KEY_NOT_FOUND);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]242 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]243}
244
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]245Status KeyStoreService::list(const String16& prefix, int32_t targetUid,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]246 ::std::vector<::android::String16>* matches) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]247 targetUid = getEffectiveUid(targetUid);
248 if (!checkBinderPermission(P_LIST, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]249 return Status::fromServiceSpecificError(
250 static_cast<int32_t>(ResponseCode::PERMISSION_DENIED));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]251 }
252 const String8 prefix8(prefix);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]253 const std::string stdPrefix(prefix8.string());
254
255 ResponseCode rc;
256 std::list<LockedKeyBlobEntry> internal_matches;
257
258 std::tie(rc, internal_matches) = LockedKeyBlobEntry::list(
259 mKeyStore->getUserStateDB().getUserStateByUid(targetUid)->getUserDirName(),
260 [&](uid_t uid, const std::string& alias) {
261 std::mismatch(stdPrefix.begin(), stdPrefix.end(), alias.begin(), alias.end());
262 return uid == static_cast<uid_t>(targetUid) &&
263 std::mismatch(stdPrefix.begin(), stdPrefix.end(), alias.begin(), alias.end())
264 .first == stdPrefix.end();
265 });
266
267 if (rc != ResponseCode::NO_ERROR) {
268 return Status::fromServiceSpecificError(static_cast<int32_t>(rc));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]269 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]270
271 for (LockedKeyBlobEntry& entry : internal_matches) {
272 matches->push_back(String16(entry->alias().substr(prefix8.size()).c_str()));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]273 }
274 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]275}
276
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]277Status KeyStoreService::reset(int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]278 if (!checkBinderPermission(P_RESET)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]279 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
280 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]281 }
282
283 uid_t callingUid = IPCThreadState::self()->getCallingUid();
284 mKeyStore->resetUser(get_user_id(callingUid), false);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]285 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
286 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]287}
288
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]289Status KeyStoreService::onUserPasswordChanged(int32_t userId, const String16& password,
290 int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]291 if (!checkBinderPermission(P_PASSWORD)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]292 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
293 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]294 }
295
296 const String8 password8(password);
297 // Flush the auth token table to prevent stale tokens from sticking
298 // around.
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]299 mKeyStore->getAuthTokenTable().Clear();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]300
301 if (password.size() == 0) {
302 ALOGI("Secure lockscreen for user %d removed, deleting encrypted entries", userId);
303 mKeyStore->resetUser(userId, true);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]304 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
305 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]306 } else {
307 switch (mKeyStore->getState(userId)) {
308 case ::STATE_UNINITIALIZED: {
309 // generate master key, encrypt with password, write to file,
310 // initialize mMasterKey*.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]311 *aidl_return = static_cast<int32_t>(mKeyStore->initializeUser(password8, userId));
312 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]313 }
314 case ::STATE_NO_ERROR: {
315 // rewrite master key with new password.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]316 *aidl_return = static_cast<int32_t>(mKeyStore->writeMasterKey(password8, userId));
317 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]318 }
319 case ::STATE_LOCKED: {
320 ALOGE("Changing user %d's password while locked, clearing old encryption", userId);
321 mKeyStore->resetUser(userId, true);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]322 *aidl_return = static_cast<int32_t>(mKeyStore->initializeUser(password8, userId));
323 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]324 }
325 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]326 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
327 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]328 }
329}
330
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]331Status KeyStoreService::onUserAdded(int32_t userId, int32_t parentId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]332 if (!checkBinderPermission(P_USER_CHANGED)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]333 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
334 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]335 }
336
337 // Sanity check that the new user has an empty keystore.
338 if (!mKeyStore->isEmpty(userId)) {
339 ALOGW("New user %d's keystore not empty. Clearing old entries.", userId);
340 }
341 // Unconditionally clear the keystore, just to be safe.
342 mKeyStore->resetUser(userId, false);
343 if (parentId != -1) {
344 // This profile must share the same master key password as the parent profile. Because the
345 // password of the parent profile is not known here, the best we can do is copy the parent's
346 // master key and master key file. This makes this profile use the same master key as the
347 // parent profile, forever.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]348 *aidl_return = static_cast<int32_t>(mKeyStore->copyMasterKey(parentId, userId));
349 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]350 } else {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]351 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
352 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]353 }
354}
355
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]356Status KeyStoreService::onUserRemoved(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]357 if (!checkBinderPermission(P_USER_CHANGED)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]358 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
359 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]360 }
361
362 mKeyStore->resetUser(userId, false);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]363 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
364 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]365}
366
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]367Status KeyStoreService::lock(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]368 if (!checkBinderPermission(P_LOCK)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]369 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
370 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]371 }
372
373 State state = mKeyStore->getState(userId);
374 if (state != ::STATE_NO_ERROR) {
375 ALOGD("calling lock in state: %d", state);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]376 *aidl_return = static_cast<int32_t>(ResponseCode(state));
377 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]378 }
379
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]380 mKeyStore->getEnforcementPolicy().set_device_locked(true, userId);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]381 mKeyStore->lock(userId);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]382 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
383 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]384}
385
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]386Status KeyStoreService::unlock(int32_t userId, const String16& pw, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]387 if (!checkBinderPermission(P_UNLOCK)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]388 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
389 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]390 }
391
392 State state = mKeyStore->getState(userId);
393 if (state != ::STATE_LOCKED) {
394 switch (state) {
395 case ::STATE_NO_ERROR:
396 ALOGI("calling unlock when already unlocked, ignoring.");
397 break;
398 case ::STATE_UNINITIALIZED:
399 ALOGE("unlock called on uninitialized keystore.");
400 break;
401 default:
402 ALOGE("unlock called on keystore in unknown state: %d", state);
403 break;
404 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]405 *aidl_return = static_cast<int32_t>(ResponseCode(state));
406 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]407 }
408
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]409 mKeyStore->getEnforcementPolicy().set_device_locked(false, userId);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]410 const String8 password8(pw);
411 // read master key, decrypt with password, initialize mMasterKey*.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]412 *aidl_return = static_cast<int32_t>(mKeyStore->readMasterKey(password8, userId));
413 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]414}
415
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]416Status KeyStoreService::isEmpty(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]417 if (!checkBinderPermission(P_IS_EMPTY)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]418 *aidl_return = static_cast<int32_t>(false);
419 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]420 }
421
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]422 *aidl_return = static_cast<int32_t>(mKeyStore->isEmpty(userId));
423 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]424}
425
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]426Status KeyStoreService::grant(const String16& name, int32_t granteeUid,
427 ::android::String16* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]428 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Bo Zhu91de6db2018-03-20 12:52:13 -0700[diff] [blame]429 auto result =
430 checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]431 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]432 *aidl_return = String16();
433 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]434 }
435
436 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]437 auto lockedEntry = mKeyStore->getLockedBlobEntryIfExists(name8.string(), callingUid);
438 if (!lockedEntry) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]439 *aidl_return = String16();
440 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]441 }
442
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]443 *aidl_return = String16(mKeyStore->addGrant(lockedEntry, granteeUid).c_str());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]444 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]445}
446
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]447Status KeyStoreService::ungrant(const String16& name, int32_t granteeUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]448 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Bo Zhu91de6db2018-03-20 12:52:13 -0700[diff] [blame]449 KeyStoreServiceReturnCode result =
450 checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]451 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]452 *aidl_return = static_cast<int32_t>(result);
453 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]454 }
455
456 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]457
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]458 auto lockedEntry = mKeyStore->getLockedBlobEntryIfExists(name8.string(), callingUid);
459 if (!lockedEntry) {
460 *aidl_return = static_cast<int32_t>(ResponseCode::KEY_NOT_FOUND);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]461 }
462
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]463 *aidl_return = mKeyStore->removeGrant(lockedEntry, granteeUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]464 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]465}
466
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]467Status KeyStoreService::getmtime(const String16& name, int32_t uid, int64_t* time) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]468 uid_t targetUid = getEffectiveUid(uid);
469 if (!checkBinderPermission(P_GET, targetUid)) {
470 ALOGW("permission denied for %d: getmtime", targetUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]471 *time = -1L;
472 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]473 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]474 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]475
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]476 auto lockedEntry = mKeyStore->getLockedBlobEntryIfExists(name8.string(), targetUid);
477 if (!lockedEntry) {
478 ALOGW("could not access key with alias %s for getmtime", name8.string());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]479 *time = -1L;
480 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]481 }
482
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]483 std::string filename = lockedEntry->getKeyBlobPath();
484
485 int fd = TEMP_FAILURE_RETRY(open(filename.c_str(), O_NOFOLLOW, O_RDONLY));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]486 if (fd < 0) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]487 ALOGW("could not open %s for getmtime", filename.c_str());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]488 *time = -1L;
489 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]490 }
491
492 struct stat s;
493 int ret = fstat(fd, &s);
494 close(fd);
495 if (ret == -1) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]496 ALOGW("could not stat %s for getmtime", filename.c_str());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]497 *time = -1L;
498 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]499 }
500
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]501 *time = static_cast<int64_t>(s.st_mtime);
502 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]503}
504
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]505Status KeyStoreService::is_hardware_backed(const String16& keyType, int32_t* aidl_return) {
506 *aidl_return = static_cast<int32_t>(mKeyStore->isHardwareBacked(keyType) ? 1 : 0);
507 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]508}
509
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]510Status KeyStoreService::clear_uid(int64_t targetUid64, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]511 uid_t targetUid = getEffectiveUid(targetUid64);
512 if (!checkBinderPermissionSelfOrSystem(P_CLEAR_UID, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]513 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
514 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]515 }
Rubin Xu7675c9f2017-03-15 19:26:52 +0000[diff] [blame]516 ALOGI("clear_uid %" PRId64, targetUid64);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]517
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700[diff] [blame]518 mKeyStore->removeAllGrantsToUid(targetUid);
519
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]520 ResponseCode rc;
521 std::list<LockedKeyBlobEntry> entries;
522
523 // list has a fence making sure no workers are modifying blob files before iterating the
524 // data base. All returned entries are locked.
525 std::tie(rc, entries) = LockedKeyBlobEntry::list(
526 mKeyStore->getUserStateDB().getUserStateByUid(targetUid)->getUserDirName(),
527 [&](uid_t uid, const std::string&) -> bool { return uid == targetUid; });
528
529 if (rc != ResponseCode::NO_ERROR) {
530 *aidl_return = static_cast<int32_t>(rc);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]531 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]532 }
533
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]534 for (LockedKeyBlobEntry& lockedEntry : entries) {
Rubin Xu85c85e92017-04-26 20:07:30 +0100[diff] [blame]535 if (get_app_id(targetUid) == AID_SYSTEM) {
536 Blob keyBlob;
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]537 Blob charBlob;
538 std::tie(rc, keyBlob, charBlob) = mKeyStore->get(lockedEntry);
539 if (rc == ResponseCode::NO_ERROR && keyBlob.isCriticalToDeviceEncryption()) {
Rubin Xu85c85e92017-04-26 20:07:30 +0100[diff] [blame]540 // Do not clear keys critical to device encryption under system uid.
541 continue;
542 }
543 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]544 mKeyStore->del(lockedEntry);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]545 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]546 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
547 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]548}
549
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]550Status KeyStoreService::addRngEntropy(
551 const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb,
552 const ::std::vector<uint8_t>& entropy, int32_t flags, int32_t* _aidl_return) {
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]553 auto device = mKeyStore->getDevice(flagsToSecurityLevel(flags));
554 if (!device) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]555 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]556 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]557
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]558 device->addRngEntropy(entropy, [cb](Return<ErrorCode> rc) {
559 cb->onFinished(KeyStoreServiceReturnCode(KS_HANDLE_HIDL_ERROR(rc)));
560 });
561
562 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]563}
564
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]565Status KeyStoreService::generateKey(
566 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
567 const String16& name, const KeymasterArguments& params, const ::std::vector<uint8_t>& entropy,
568 int uid, int flags, int32_t* _aidl_return) {
Max Biresef4f0672017-11-29 14:38:48 -0800[diff] [blame]569 // TODO(jbires): remove this getCallingUid call upon implementation of b/25646100
570 uid_t originalUid = IPCThreadState::self()->getCallingUid();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]571 uid = getEffectiveUid(uid);
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]572 auto logOnScopeExit = android::base::make_scope_guard([&] {
573 if (__android_log_security()) {
574 android_log_event_list(SEC_TAG_AUTH_KEY_GENERATED)
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]575 << int32_t(*_aidl_return == static_cast<int32_t>(ResponseCode::NO_ERROR))
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]576 << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
577 }
578 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]579 KeyStoreServiceReturnCode rc =
580 checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
581 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]582 return AIDL_RETURN(rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]583 }
Rubin Xu67899de2017-04-21 19:15:13 +0100[diff] [blame]584 if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) {
585 ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]586 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Rubin Xu67899de2017-04-21 19:15:13 +0100[diff] [blame]587 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]588
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]589 if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]590 // TODO(jbires): remove uid checking upon implementation of b/25646100
Max Bires670467d2017-12-12 11:16:43 -0800[diff] [blame]591 if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
Max Biresef4f0672017-11-29 14:38:48 -0800[diff] [blame]592 originalUid != IPCThreadState::self()->getCallingUid()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]593 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]594 }
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]595 }
596
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]597 SecurityLevel securityLevel = flagsToSecurityLevel(flags);
598 auto dev = mKeyStore->getDevice(securityLevel);
599 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]600 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]601 }
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]602
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]603 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]604 auto lockedEntry = mKeyStore->getLockedBlobEntryIfNotExists(name8.string(), uid);
605 if (!lockedEntry) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]606 return AIDL_RETURN(ResponseCode::KEY_ALREADY_EXISTS);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]607 }
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]608
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]609 logOnScopeExit.Disable();
610
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]611 dev->generateKey(
612 std::move(lockedEntry), params.getParameters(), entropy, flags,
613 [cb, uid, name](KeyStoreServiceReturnCode rc, KeyCharacteristics keyCharacteristics) {
614 if (__android_log_security()) {
615 android_log_event_list(SEC_TAG_AUTH_KEY_GENERATED)
616 << rc.isOk() << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
617 }
618 cb->onFinished(rc,
619 android::security::keymaster::KeyCharacteristics(keyCharacteristics));
620 });
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]621
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]622 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]623}
624
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]625Status KeyStoreService::getKeyCharacteristics(
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]626 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]627 const String16& name, const ::android::security::keymaster::KeymasterBlob& clientId,
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -0800[diff] [blame]628 const ::android::security::keymaster::KeymasterBlob& appData, int32_t uid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]629 int32_t* _aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]630
631 uid_t targetUid = getEffectiveUid(uid);
632 uid_t callingUid = IPCThreadState::self()->getCallingUid();
633 if (!is_granted_to(callingUid, targetUid)) {
634 ALOGW("uid %d not permitted to act for uid %d in getKeyCharacteristics", callingUid,
635 targetUid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]636 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]637 }
638
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]639 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]640
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]641 ResponseCode rc;
642 Blob keyBlob;
643 Blob charBlob;
644 LockedKeyBlobEntry lockedEntry;
Janis Danisevskisd714a672017-09-01 14:31:36 -0700[diff] [blame]645
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]646 std::tie(rc, keyBlob, charBlob, lockedEntry) =
647 mKeyStore->getKeyForName(name8, targetUid, TYPE_KEYMASTER_10);
648
649 if (rc != ResponseCode::NO_ERROR) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]650 return AIDL_RETURN(rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]651 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]652
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]653 auto dev = mKeyStore->getDevice(keyBlob);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]654 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]655 return AIDL_RETURN(ResponseCode::SYSTEM_ERROR);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]656 }
657
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]658 // If the charBlob is up to date, it simply moves the argument blobs to the returned blobs
659 // and extracts the characteristics on the way. Otherwise it updates the cache file with data
660 // from keymaster. It may also upgrade the key blob.
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]661 dev->getKeyCharacteristics(
662 std::move(lockedEntry), clientId.getData(), appData.getData(), std::move(keyBlob),
663 std::move(charBlob),
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]664 [cb](KeyStoreServiceReturnCode rc, KeyCharacteristics keyCharacteristics) {
665 cb->onFinished(rc,
666 android::security::keymaster::KeyCharacteristics(keyCharacteristics));
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]667 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]668
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]669 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]670}
671
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]672Status KeyStoreService::importKey(
673 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
674 const String16& name, const KeymasterArguments& params, int32_t format,
675 const ::std::vector<uint8_t>& keyData, int uid, int flags, int32_t* _aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]676 uid = getEffectiveUid(uid);
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]677 auto logOnScopeExit = android::base::make_scope_guard([&] {
678 if (__android_log_security()) {
679 android_log_event_list(SEC_TAG_KEY_IMPORTED)
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]680 << int32_t(*_aidl_return == static_cast<int32_t>(ResponseCode::NO_ERROR))
Pavel Grafovff311b42018-01-24 20:34:37 +0000[diff] [blame]681 << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
682 }
683 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]684 KeyStoreServiceReturnCode rc =
685 checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
686 if (!rc.isOk()) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]687 LOG(ERROR) << "permissission denied";
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]688 return AIDL_RETURN(rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]689 }
Rubin Xu67899de2017-04-21 19:15:13 +0100[diff] [blame]690 if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) {
691 ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]692 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Rubin Xu67899de2017-04-21 19:15:13 +0100[diff] [blame]693 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]694
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]695 SecurityLevel securityLevel = flagsToSecurityLevel(flags);
696 auto dev = mKeyStore->getDevice(securityLevel);
697 if (!dev) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]698 LOG(ERROR) << "importKey - cound not get keymaster device";
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]699 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]700 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]701
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]702 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]703 auto lockedEntry = mKeyStore->getLockedBlobEntryIfNotExists(name8.string(), uid);
704 if (!lockedEntry) {
705 LOG(ERROR) << "importKey - key: " << name8.string() << " " << int(uid)
706 << " already exists.";
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]707 return AIDL_RETURN(ResponseCode::KEY_ALREADY_EXISTS);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]708 }
Janis Danisevskis4a1da2f2018-03-26 15:02:38 -0700[diff] [blame]709
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]710 logOnScopeExit.Disable();
Janis Danisevskis4a1da2f2018-03-26 15:02:38 -0700[diff] [blame]711
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]712 dev->importKey(
713 std::move(lockedEntry), params.getParameters(), KeyFormat(format), keyData, flags,
714 [cb, uid, name](KeyStoreServiceReturnCode rc, KeyCharacteristics keyCharacteristics) {
715 if (__android_log_security()) {
716 android_log_event_list(SEC_TAG_KEY_IMPORTED)
717 << rc.isOk() << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
718 }
719 cb->onFinished(rc,
720 android::security::keymaster::KeyCharacteristics(keyCharacteristics));
721 });
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]722
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]723 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]724}
725
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]726Status KeyStoreService::exportKey(
727 const ::android::sp<::android::security::keystore::IKeystoreExportKeyCallback>& cb,
728 const String16& name, int32_t format,
729 const ::android::security::keymaster::KeymasterBlob& clientId,
730 const ::android::security::keymaster::KeymasterBlob& appData, int32_t uid,
731 int32_t* _aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]732
733 uid_t targetUid = getEffectiveUid(uid);
734 uid_t callingUid = IPCThreadState::self()->getCallingUid();
735 if (!is_granted_to(callingUid, targetUid)) {
736 ALOGW("uid %d not permitted to act for uid %d in exportKey", callingUid, targetUid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]737 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]738 }
739
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]740 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]741
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]742 KeyStoreServiceReturnCode rc;
743 Blob keyBlob;
744 Blob charBlob;
745 LockedKeyBlobEntry lockedEntry;
746
747 std::tie(rc, keyBlob, charBlob, lockedEntry) =
748 mKeyStore->getKeyForName(name8, targetUid, TYPE_KEYMASTER_10);
749 if (!rc) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]750 return AIDL_RETURN(rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]751 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]752
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]753 auto dev = mKeyStore->getDevice(keyBlob);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]754
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]755 dev->exportKey(std::move(lockedEntry), KeyFormat(format), clientId.getData(), appData.getData(),
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]756 std::move(keyBlob), std::move(charBlob),
757 [cb](ExportResult exportResult) { cb->onFinished(exportResult); });
Ji Wang2c142312016-10-14 17:21:10 +0800[diff] [blame]758
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]759 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]760}
761
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]762Status KeyStoreService::begin(const sp<IKeystoreOperationResultCallback>& cb,
763 const sp<IBinder>& appToken, const String16& name, int32_t purpose,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]764 bool pruneable, const KeymasterArguments& params,
765 const ::std::vector<uint8_t>& entropy, int32_t uid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]766 int32_t* _aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]767 uid_t callingUid = IPCThreadState::self()->getCallingUid();
768 uid_t targetUid = getEffectiveUid(uid);
769 if (!is_granted_to(callingUid, targetUid)) {
770 ALOGW("uid %d not permitted to act for uid %d in begin", callingUid, targetUid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]771 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]772 }
773 if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) {
774 ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]775 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]776 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]777 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]778 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]779 }
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]780
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]781 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]782 Blob keyBlob;
783 Blob charBlob;
784 LockedKeyBlobEntry lockedEntry;
785 ResponseCode rc;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]786
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]787 std::tie(rc, keyBlob, charBlob, lockedEntry) =
788 mKeyStore->getKeyForName(name8, targetUid, TYPE_KEYMASTER_10);
789
790 if (rc == ResponseCode::LOCKED && keyBlob.isSuperEncrypted()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]791 return AIDL_RETURN(ErrorCode::KEY_USER_NOT_AUTHENTICATED);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]792 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]793 if (rc != ResponseCode::NO_ERROR) return AIDL_RETURN(rc);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]794
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]795 auto dev = mKeyStore->getDevice(keyBlob);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]796 AuthorizationSet opParams = params.getParameters();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]797
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]798 dev->begin(std::move(lockedEntry), appToken, std::move(keyBlob), std::move(charBlob), pruneable,
799 static_cast<KeyPurpose>(purpose), std::move(opParams), entropy,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]800 [this, cb, dev](OperationResult result_) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]801 if (result_.resultCode.isOk() ||
802 result_.resultCode == ResponseCode::OP_AUTH_NEEDED) {
803 addOperationDevice(result_.token, dev);
804 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]805 cb->onFinished(result_);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]806 });
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]807
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]808 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]809}
810
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]811Status KeyStoreService::update(const ::android::sp<IKeystoreOperationResultCallback>& cb,
812 const ::android::sp<::android::IBinder>& token,
813 const ::android::security::keymaster::KeymasterArguments& params,
814 const ::std::vector<uint8_t>& input, int32_t* _aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]815 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]816 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]817 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]818
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]819 auto dev = getOperationDevice(token);
820 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]821 return AIDL_RETURN(ErrorCode::INVALID_OPERATION_HANDLE);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]822 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]823
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]824 dev->update(token, params.getParameters(), input, [this, cb, token](OperationResult result_) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]825 if (!result_.resultCode.isOk()) {
826 removeOperationDevice(token);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]827 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]828 cb->onFinished(result_);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]829 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]830
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]831 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]832}
833
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]834Status KeyStoreService::finish(const ::android::sp<IKeystoreOperationResultCallback>& cb,
835 const ::android::sp<::android::IBinder>& token,
836 const ::android::security::keymaster::KeymasterArguments& params,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]837 const ::std::vector<uint8_t>& signature,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]838 const ::std::vector<uint8_t>& entropy, int32_t* _aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]839 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]840 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]841 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]842
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]843 auto dev = getOperationDevice(token);
844 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]845 return AIDL_RETURN(ErrorCode::INVALID_OPERATION_HANDLE);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]846 }
847
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]848 dev->finish(token, params.getParameters(), {}, signature, entropy,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]849 [this, cb, token](OperationResult result_) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]850 if (!result_.resultCode.isOk()) {
851 removeOperationDevice(token);
852 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]853 cb->onFinished(result_);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]854 });
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700[diff] [blame]855
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]856 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]857}
858
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]859Status KeyStoreService::abort(const ::android::sp<IKeystoreResponseCallback>& cb,
860 const ::android::sp<::android::IBinder>& token,
861 int32_t* _aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]862 auto dev = getOperationDevice(token);
863 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]864 return AIDL_RETURN(ErrorCode::INVALID_OPERATION_HANDLE);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]865 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]866
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]867 dev->abort(token, [cb](KeyStoreServiceReturnCode rc) { cb->onFinished(rc); });
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]868
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]869 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]870}
871
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]872Status KeyStoreService::addAuthToken(const ::std::vector<uint8_t>& authTokenAsVector,
Brian Youngccb492d2018-02-22 23:36:01 +0000[diff] [blame]873 int32_t* aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]874
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]875 // TODO(swillden): When gatekeeper and fingerprint are ready, this should be updated to
876 // receive a HardwareAuthToken, rather than an opaque byte array.
877
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]878 if (!checkBinderPermission(P_ADD_AUTH)) {
879 ALOGW("addAuthToken: permission denied for %d", IPCThreadState::self()->getCallingUid());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]880 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
881 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]882 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]883 if (authTokenAsVector.size() != sizeof(hw_auth_token_t)) {
884 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
885 return Status::ok();
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]886 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]887
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]888 hw_auth_token_t authToken;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]889 memcpy(reinterpret_cast<void*>(&authToken), authTokenAsVector.data(), sizeof(hw_auth_token_t));
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]890 if (authToken.version != 0) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]891 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
892 return Status::ok();
Shawn Willdend3ed3a22017-03-28 00:39:16 +0000[diff] [blame]893 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]894
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]895 mKeyStore->getAuthTokenTable().AddAuthenticationToken(
896 hidlVec2AuthToken(hidl_vec<uint8_t>(authTokenAsVector)));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]897 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
898 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]899}
900
Eran Messerid9f8ae52018-10-24 13:54:00 +0100[diff] [blame^]901bool isDeviceIdAttestationRequested(const KeymasterArguments& params) {
Chih-Hung Hsiehb81e68b2018-07-13 11:37:45 -0700[diff] [blame]902 const hardware::hidl_vec<KeyParameter>& paramsVec = params.getParameters();
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]903 for (size_t i = 0; i < paramsVec.size(); ++i) {
904 switch (paramsVec[i].tag) {
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]905 case Tag::ATTESTATION_ID_BRAND:
906 case Tag::ATTESTATION_ID_DEVICE:
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]907 case Tag::ATTESTATION_ID_MANUFACTURER:
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]908 case Tag::ATTESTATION_ID_MODEL:
909 case Tag::ATTESTATION_ID_PRODUCT:
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]910 case Tag::ATTESTATION_ID_IMEI:
911 case Tag::ATTESTATION_ID_MEID:
912 case Tag::ATTESTATION_ID_SERIAL:
Eran Messerid9f8ae52018-10-24 13:54:00 +0100[diff] [blame^]913 return true;
Rubin Xu1a203e32018-05-08 14:25:21 +0100[diff] [blame]914 default:
915 continue;
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]916 }
917 }
Eran Messerid9f8ae52018-10-24 13:54:00 +0100[diff] [blame^]918 return false;
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]919}
920
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]921Status KeyStoreService::attestKey(
922 const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb,
923 const String16& name, const KeymasterArguments& params, int32_t* _aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]924 // check null output if method signature is updated and return ErrorCode::OUTPUT_PARAMETER_NULL
925 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]926 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]927 }
928
Eran Messerie2c34152017-12-21 21:01:22 +0000[diff] [blame]929 uid_t callingUid = IPCThreadState::self()->getCallingUid();
930
Eran Messerid9f8ae52018-10-24 13:54:00 +0100[diff] [blame^]931 if (isDeviceIdAttestationRequested(params) && (get_app_id(callingUid) != AID_SYSTEM)) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]932 return AIDL_RETURN(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]933 }
934
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]935 AuthorizationSet mutableParams = params.getParameters();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]936 KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
937 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]938 return AIDL_RETURN(rc);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]939 }
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]940
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]941 String8 name8(name);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]942 Blob keyBlob;
943 Blob charBlob;
944 LockedKeyBlobEntry lockedEntry;
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]945
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]946 std::tie(rc, keyBlob, charBlob, lockedEntry) =
947 mKeyStore->getKeyForName(name8, callingUid, TYPE_KEYMASTER_10);
948
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]949 auto dev = mKeyStore->getDevice(keyBlob);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]950 auto hidlKey = blob2hidlVec(keyBlob);
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]951 dev->attestKey(
952 std::move(hidlKey), mutableParams.hidl_data(),
953 [cb](Return<void> rc, std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) {
954 auto& [ret, certChain] = hidlResult;
955 if (!rc.isOk()) {
956 cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
957 } else if (ret != ErrorCode::OK) {
958 cb->onFinished(KeyStoreServiceReturnCode(ret), {});
959 } else {
960 cb->onFinished(KeyStoreServiceReturnCode(ret),
961 KeymasterCertificateChain(std::move(certChain)));
962 }
963 });
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]964
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]965 return AIDL_RETURN(ResponseCode::NO_ERROR);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]966}
967
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]968// My IDE defines "CAPTURE_MOVE(x) x" because it does not understand generalized lambda captures.
969// It should never be redefined by a build system though.
970#ifndef CAPTURE_MOVE
971#define CAPTURE_MOVE(x) x = std::move(x)
972#endif
973
974Status KeyStoreService::attestDeviceIds(
975 const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb,
976 const KeymasterArguments& params, int32_t* _aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]977 // check null output if method signature is updated and return ErrorCode::OUTPUT_PARAMETER_NULL
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]978
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]979 if (!checkAllowedOperationParams(params.getParameters())) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]980 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]981 }
982
983 if (!isDeviceIdAttestationRequested(params)) {
984 // There is an attestKey() method for attesting keys without device ID attestation.
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]985 return AIDL_RETURN(ErrorCode::INVALID_ARGUMENT);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]986 }
987
988 uid_t callingUid = IPCThreadState::self()->getCallingUid();
989 sp<IBinder> binder = defaultServiceManager()->getService(String16("permission"));
Yi Konge353f252018-07-30 01:38:39 -0700[diff] [blame]990 if (binder == nullptr) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]991 return AIDL_RETURN(ErrorCode::CANNOT_ATTEST_IDS);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]992 }
993 if (!interface_cast<IPermissionController>(binder)->checkPermission(
994 String16("android.permission.READ_PRIVILEGED_PHONE_STATE"),
995 IPCThreadState::self()->getCallingPid(), callingUid)) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]996 return AIDL_RETURN(ErrorCode::CANNOT_ATTEST_IDS);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]997 }
998
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]999 AuthorizationSet mutableParams = params.getParameters();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1000 KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
1001 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1002 return AIDL_RETURN(rc);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1003 }
1004
1005 // Generate temporary key.
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1006 auto dev = mKeyStore->getDevice(SecurityLevel::TRUSTED_ENVIRONMENT);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]1007
Shawn Willden70c1a782018-07-11 15:13:20 -0600[diff] [blame]1008 if (!dev) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1009 return AIDL_RETURN(ResponseCode::SYSTEM_ERROR);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]1010 }
1011
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1012
1013 AuthorizationSet keyCharacteristics;
1014 keyCharacteristics.push_back(TAG_PURPOSE, KeyPurpose::VERIFY);
1015 keyCharacteristics.push_back(TAG_ALGORITHM, Algorithm::EC);
1016 keyCharacteristics.push_back(TAG_DIGEST, Digest::SHA_2_256);
1017 keyCharacteristics.push_back(TAG_NO_AUTH_REQUIRED);
1018 keyCharacteristics.push_back(TAG_EC_CURVE, EcCurve::P_256);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1019
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1020 std::promise<KeyStoreServiceReturnCode> resultPromise;
1021 auto resultFuture = resultPromise.get_future();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1022
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1023 dev->generateKey(
1024 keyCharacteristics.hidl_data(),
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1025 [cb, dev, CAPTURE_MOVE(mutableParams)](
1026 Return<void> rc,
1027 std::tuple<ErrorCode, ::std::vector<uint8_t>, KeyCharacteristics>&& hidlResult) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1028 auto& [ret, hidlKeyBlob_, dummyCharacteristics] = hidlResult;
1029 auto hidlKeyBlob = std::move(hidlKeyBlob_);
1030 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1031 cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1032 return;
1033 }
1034 if (ret != ErrorCode::OK) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1035 cb->onFinished(KeyStoreServiceReturnCode(ret), {});
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1036 return;
1037 }
1038 dev->attestKey(
1039 hidlKeyBlob, mutableParams.hidl_data(),
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1040 [cb, dev,
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1041 hidlKeyBlob](Return<void> rc,
1042 std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) {
1043 auto& [ret, certChain] = hidlResult;
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1044 // schedule temp key for deletion
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1045 dev->deleteKey(std::move(hidlKeyBlob), [](Return<ErrorCode> rc) {
1046 // log error but don't return an error
1047 KS_HANDLE_HIDL_ERROR(rc);
1048 });
1049 if (!rc.isOk()) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1050 cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1051 return;
1052 }
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1053 if (ret == ErrorCode::OK) {
1054 cb->onFinished(
1055 KeyStoreServiceReturnCode(ret),
1056 ::android::security::keymaster::KeymasterCertificateChain(certChain));
1057 } else {
1058 cb->onFinished(KeyStoreServiceReturnCode(ret), {});
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1059 }
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1060 });
1061 });
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200[diff] [blame]1062
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1063 return AIDL_RETURN(ResponseCode::NO_ERROR);
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]1064}
1065
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]1066Status KeyStoreService::onDeviceOffBody(int32_t* aidl_return) {
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]1067 // TODO(tuckeris): add permission check. This should be callable from ClockworkHome only.
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1068 mKeyStore->getAuthTokenTable().onDeviceOffBody();
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]1069 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
1070 return Status::ok();
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]1071}
1072
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1073Status KeyStoreService::importWrappedKey(
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1074 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1075 const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey,
1076 const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey,
1077 const KeymasterArguments& params, int64_t rootSid, int64_t fingerprintSid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1078 int32_t* _aidl_return) {
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1079
1080 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1081
1082 if (!checkBinderPermission(P_INSERT, callingUid)) {
1083 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
1084 }
1085
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1086 String8 wrappingKeyName8(wrappingKeyAlias);
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1087
1088 KeyStoreServiceReturnCode rc;
1089 Blob wrappingKeyBlob;
1090 Blob wrappingCharBlob;
1091 LockedKeyBlobEntry wrappingLockedEntry;
1092
1093 std::tie(rc, wrappingKeyBlob, wrappingCharBlob, wrappingLockedEntry) =
1094 mKeyStore->getKeyForName(wrappingKeyName8, callingUid, TYPE_KEYMASTER_10);
1095 if (!rc) {
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1096 return AIDL_RETURN(rc);
1097 }
1098
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1099 String8 wrappedKeyName8(wrappedKeyAlias);
1100 auto wrappedLockedEntry =
1101 mKeyStore->getLockedBlobEntryIfNotExists(wrappedKeyName8.string(), callingUid);
1102 if (!wrappedLockedEntry) {
1103 return AIDL_RETURN(ResponseCode::KEY_ALREADY_EXISTS);
1104 }
1105
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1106 SecurityLevel securityLevel = wrappingKeyBlob.getSecurityLevel();
1107 auto dev = mKeyStore->getDevice(securityLevel);
1108 if (!dev) {
1109 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
1110 }
1111
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1112 dev->importWrappedKey(
1113 std::move(wrappingLockedEntry), std::move(wrappedLockedEntry), wrappedKey, maskingKey,
1114 params.getParameters(), std::move(wrappingKeyBlob), std::move(wrappingCharBlob), rootSid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1115 fingerprintSid, [cb](KeyStoreServiceReturnCode rc, KeyCharacteristics keyCharacteristics) {
1116 cb->onFinished(rc,
1117 ::android::security::keymaster::KeyCharacteristics(keyCharacteristics));
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1118 });
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1119
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]1120 return AIDL_RETURN(ResponseCode::NO_ERROR);
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]1121}
1122
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]1123Status KeyStoreService::presentConfirmationPrompt(const sp<IBinder>& listener,
1124 const String16& promptText,
1125 const ::std::vector<uint8_t>& extraData,
1126 const String16& locale, int32_t uiOptionsAsFlags,
1127 int32_t* aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1128 return mKeyStore->getConfirmationManager().presentConfirmationPrompt(
1129 listener, promptText, extraData, locale, uiOptionsAsFlags, aidl_return);
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]1130}
1131
1132Status KeyStoreService::cancelConfirmationPrompt(const sp<IBinder>& listener,
1133 int32_t* aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1134 return mKeyStore->getConfirmationManager().cancelConfirmationPrompt(listener, aidl_return);
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]1135}
1136
David Zeuthen1a492312018-02-26 11:00:30 -0500[diff] [blame]1137Status KeyStoreService::isConfirmationPromptSupported(bool* aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1138 return mKeyStore->getConfirmationManager().isConfirmationPromptSupported(aidl_return);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1139}
1140
1141/**
1142 * Get the effective target uid for a binder operation that takes an
1143 * optional uid as the target.
1144 */
1145uid_t KeyStoreService::getEffectiveUid(int32_t targetUid) {
1146 if (targetUid == UID_SELF) {
1147 return IPCThreadState::self()->getCallingUid();
1148 }
1149 return static_cast<uid_t>(targetUid);
1150}
1151
1152/**
1153 * Check if the caller of the current binder method has the required
1154 * permission and if acting on other uids the grants to do so.
1155 */
1156bool KeyStoreService::checkBinderPermission(perm_t permission, int32_t targetUid) {
1157 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1158 pid_t spid = IPCThreadState::self()->getCallingPid();
1159 if (!has_permission(callingUid, permission, spid)) {
1160 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
1161 return false;
1162 }
1163 if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) {
1164 ALOGW("uid %d not granted to act for %d", callingUid, targetUid);
1165 return false;
1166 }
1167 return true;
1168}
1169
1170/**
1171 * Check if the caller of the current binder method has the required
1172 * permission and the target uid is the caller or the caller is system.
1173 */
1174bool KeyStoreService::checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid) {
1175 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1176 pid_t spid = IPCThreadState::self()->getCallingPid();
1177 if (!has_permission(callingUid, permission, spid)) {
1178 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
1179 return false;
1180 }
1181 return getEffectiveUid(targetUid) == callingUid || callingUid == AID_SYSTEM;
1182}
1183
1184/**
1185 * Check if the caller of the current binder method has the required
1186 * permission or the target of the operation is the caller's uid. This is
1187 * for operation where the permission is only for cross-uid activity and all
1188 * uids are allowed to act on their own (ie: clearing all entries for a
1189 * given uid).
1190 */
1191bool KeyStoreService::checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) {
1192 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1193 if (getEffectiveUid(targetUid) == callingUid) {
1194 return true;
1195 } else {
1196 return checkBinderPermission(permission, targetUid);
1197 }
1198}
1199
1200/**
1201 * Helper method to check that the caller has the required permission as
1202 * well as the keystore is in the unlocked state if checkUnlocked is true.
1203 *
1204 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
1205 * otherwise the state of keystore when not unlocked and checkUnlocked is
1206 * true.
1207 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1208KeyStoreServiceReturnCode
1209KeyStoreService::checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid,
1210 bool checkUnlocked) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1211 if (!checkBinderPermission(permission, targetUid)) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1212 return ResponseCode::PERMISSION_DENIED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1213 }
1214 State state = mKeyStore->getState(get_user_id(getEffectiveUid(targetUid)));
1215 if (checkUnlocked && !isKeystoreUnlocked(state)) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1216 // All State values coincide with ResponseCodes
1217 return static_cast<ResponseCode>(state);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1218 }
1219
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1220 return ResponseCode::NO_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1221}
1222
1223bool KeyStoreService::isKeystoreUnlocked(State state) {
1224 switch (state) {
1225 case ::STATE_NO_ERROR:
1226 return true;
1227 case ::STATE_UNINITIALIZED:
1228 case ::STATE_LOCKED:
1229 return false;
1230 }
1231 return false;
1232}
1233
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1234/**
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]1235 * Check that all KeyParameters provided by the application are allowed. Any parameter that keystore
1236 * adds itself should be disallowed here.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1237 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1238bool KeyStoreService::checkAllowedOperationParams(const hidl_vec<KeyParameter>& params) {
1239 for (size_t i = 0; i < params.size(); ++i) {
1240 switch (params[i].tag) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1241 case Tag::ATTESTATION_APPLICATION_ID:
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]1242 case Tag::RESET_SINCE_ID_ROTATION:
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1243 return false;
1244 default:
1245 break;
1246 }
1247 }
1248 return true;
1249}
1250
Brian Young9a947d52018-02-23 18:03:14 +0000[diff] [blame]1251Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
1252 int32_t* aidl_return) {
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]1253 mKeyStore->getEnforcementPolicy().set_device_locked(isShowing, userId);
Brian Young9a947d52018-02-23 18:03:14 +0000[diff] [blame]1254 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]1255
1256 return Status::ok();
1257}
1258
Shawn Willdene2a7b522017-04-11 09:27:40 -0600[diff] [blame]1259} // namespace keystore