Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 69c434aee7a02f66e9a7bcf8ce014f8c48066eb6 / . / keystore / keystore_main.cpp
blob: c5b36fddd86b7117277de17d1a0e6a41a815fa69 [file] [log] [blame]
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17//#define LOG_NDEBUG 0
18#define LOG_TAG "keystore"
19
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]20#include <binder/IPCThreadState.h>
21#include <binder/IServiceManager.h>
22
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]23#include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h>
24
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]25#include <cutils/log.h>
26
27#include "entropy.h"
28#include "key_store_service.h"
29#include "keystore.h"
30#include "permissions.h"
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]31#include "legacy_keymaster_device_wrapper.h"
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]32
33/* KeyStore is a secured storage for key-value pairs. In this implementation,
34 * each file stores one key-value pair. Keys are encoded in file names, and
35 * values are encrypted with checksums. The encryption key is protected by a
36 * user-defined password. To keep things simple, buffers are always larger than
37 * the maximum space we needed, so boundary checks on buffers are omitted. */
38
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]39/**
40 * TODO implement keystore daemon using binderized keymaster HAL.
41 */
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]42
43int main(int argc, char* argv[]) {
44 if (argc < 2) {
45 ALOGE("A directory must be specified!");
46 return 1;
47 }
48 if (chdir(argv[1]) == -1) {
49 ALOGE("chdir: %s: %s", argv[1], strerror(errno));
50 return 1;
51 }
52
53 Entropy entropy;
54 if (!entropy.open()) {
55 return 1;
56 }
57
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]58 auto dev = android::hardware::keymaster::V3_0::IKeymasterDevice::getService("keymaster");
59 if (dev.get() == nullptr) {
60 return -1;
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]61 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]62 auto fallback = android::keystore::makeSoftwareKeymasterDevice();
63 if (dev.get() == nullptr) {
64 return -1;
Shawn Willden814a6e72016-03-15 08:37:29 -0600[diff] [blame]65 }
66
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]67 if (configure_selinux() == -1) {
68 return -1;
69 }
70
71 KeyStore keyStore(&entropy, dev, fallback);
72 keyStore.initialize();
73 android::sp<android::IServiceManager> sm = android::defaultServiceManager();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]74 android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore);
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]75 android::status_t ret = sm->addService(android::String16("android.security.keystore"), service);
76 if (ret != android::OK) {
77 ALOGE("Couldn't register binder service!");
78 return -1;
79 }
80
81 /*
82 * We're the only thread in existence, so we're just going to process
83 * Binder transaction as a single-threaded program.
84 */
85 android::IPCThreadState::self()->joinThreadPool();
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]86 return 1;
87}