Blame - keystore2/legacykeystore/lib.rs - android_system_security

2021-01-20 15:36:30 -0800

[diff] [blame]

1

2

//

3

// Licensed under the Apache License, Version 2.0 (the "License");

4

// you may not use this file except in compliance with the License.

5

// You may obtain a copy of the License at

6

//

7

// http://www.apache.org/licenses/LICENSE-2.0

8

//

9

// Unless required by applicable law or agreed to in writing, software

10

// distributed under the License is distributed on an "AS IS" BASIS,

11

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

12

// See the License for the specific language governing permissions and

13

// limitations under the License.

14

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

15

//! Implements the android.security.legacykeystore interface.

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

16

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

17

use android_security_legacykeystore::aidl::android::security::legacykeystore::{

18

ILegacyKeystore::BnLegacyKeystore, ILegacyKeystore::ILegacyKeystore,

19

ILegacyKeystore::ERROR_ENTRY_NOT_FOUND, ILegacyKeystore::ERROR_PERMISSION_DENIED,

20

ILegacyKeystore::ERROR_SYSTEM_ERROR, ILegacyKeystore::UID_SELF,

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

21

};

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

22

use android_security_legacykeystore::binder::{

Andrew Walbran

de45c8b

2021-04-13 14:42:38 +0000

[diff] [blame]

23

BinderFeatures, ExceptionCode, Result as BinderResult, Status as BinderStatus, Strong,

24

ThreadState,

25

};

Seth Moore

fbe5cf5

2021-06-09 15:59:00 -0700

[diff] [blame]

26

use anyhow::{Context, Result};

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

27

use keystore2::{

Janis Danisevskis

ea03cff

2021-12-16 08:10:17 -0800

[diff] [blame^]

28

async_task::AsyncTask, error::anyhow_error_to_cstring, legacy_blob::LegacyBlobLoader,

29

maintenance::DeleteListener, maintenance::Domain, utils::watchdog as wd,

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

30

};

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

31

use rusqlite::{

32

params, Connection, OptionalExtension, Transaction, TransactionBehavior, NO_PARAMS,

33

};

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

34

use std::sync::Arc;

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

35

use std::{

36

collections::HashSet,

37

path::{Path, PathBuf},

38

};

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

struct DB {

conn: Connection,

}

impl DB {

fn new(db_file: &Path) -> Result<Self> {

46

let mut db = Self {

47

conn: Connection::open(db_file).context("Failed to initialize SQLite connection.")?,

48

};

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

49

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

50

db.init_tables().context("Trying to initialize legacy keystore db.")?;

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

Ok(db)

}

fn with_transaction<T, F>(&mut self, behavior: TransactionBehavior, f: F) -> Result<T>

55

where

56

F: Fn(&Transaction) -> Result<T>,

{

loop {

match self

.conn

.transaction_with_behavior(behavior)

62

.context("In with_transaction.")

63

.and_then(|tx| f(&tx).map(|result| (result, tx)))

64

.and_then(|(result, tx)| {

65

tx.commit().context("In with_transaction: Failed to commit transaction.")?;

66

Ok(result)

67

}) {

68

Ok(result) => break Ok(result),

69

Err(e) => {

70

if Self::is_locked_error(&e) {

71

std::thread::sleep(std::time::Duration::from_micros(500));

72

continue;

73

} else {

74

return Err(e).context("In with_transaction.");

}

}

}

}

}

fn is_locked_error(e: &anyhow::Error) -> bool {

Janis Danisevskis

13f0915

2021-04-19 09:55:15 -0700

[diff] [blame]

82

matches!(

83

e.root_cause().downcast_ref::<rusqlite::ffi::Error>(),

84

Some(rusqlite::ffi::Error { code: rusqlite::ErrorCode::DatabaseBusy, .. })

85

| Some(rusqlite::ffi::Error { code: rusqlite::ErrorCode::DatabaseLocked, .. })

86

)

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

87

}

88

89

fn init_tables(&mut self) -> Result<()> {

90

self.with_transaction(TransactionBehavior::Immediate, |tx| {

91

tx.execute(

92

"CREATE TABLE IF NOT EXISTS profiles (

owner INTEGER,

alias BLOB,

profile BLOB,

UNIQUE(owner, alias));",

97

NO_PARAMS,

98

)

99

.context("Failed to initialize \"profiles\" table.")?;

Ok(())

})

}

fn list(&mut self, caller_uid: u32) -> Result<Vec<String>> {

105

self.with_transaction(TransactionBehavior::Deferred, |tx| {

106

let mut stmt = tx

107

.prepare("SELECT alias FROM profiles WHERE owner = ? ORDER BY alias ASC;")

108

.context("In list: Failed to prepare statement.")?;

109

110

let aliases = stmt

111

.query_map(params![caller_uid], |row| row.get(0))?

112

.collect::<rusqlite::Result<Vec<String>>>()

113

.context("In list: query_map failed.");

aliases

})

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

118

fn put(&mut self, caller_uid: u32, alias: &str, entry: &[u8]) -> Result<()> {

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

119

self.with_transaction(TransactionBehavior::Immediate, |tx| {

120

tx.execute(

121

"INSERT OR REPLACE INTO profiles (owner, alias, profile) values (?, ?, ?)",

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

122

params![caller_uid, alias, entry,],

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

123

)

124

.context("In put: Failed to insert or replace.")?;

Ok(())

})

}

fn get(&mut self, caller_uid: u32, alias: &str) -> Result<Option<Vec<u8>>> {

130

self.with_transaction(TransactionBehavior::Deferred, |tx| {

131

tx.query_row(

132

"SELECT profile FROM profiles WHERE owner = ? AND alias = ?;",

133

params![caller_uid, alias],

134

|row| row.get(0),

135

)

136

.optional()

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

137

.context("In get: failed loading entry.")

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

})

}

fn remove(&mut self, caller_uid: u32, alias: &str) -> Result<bool> {

142

let removed = self.with_transaction(TransactionBehavior::Immediate, |tx| {

143

tx.execute(

144

"DELETE FROM profiles WHERE owner = ? AND alias = ?;",

145

params![caller_uid, alias],

146

)

147

.context("In remove: Failed to delete row.")

148

})?;

149

Ok(removed == 1)

150

}

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

151

152

fn remove_uid(&mut self, uid: u32) -> Result<()> {

153

self.with_transaction(TransactionBehavior::Immediate, |tx| {

154

tx.execute("DELETE FROM profiles WHERE owner = ?;", params![uid])

155

.context("In remove_uid: Failed to delete.")

})?;

Ok(())

}

fn remove_user(&mut self, user_id: u32) -> Result<()> {

161

self.with_transaction(TransactionBehavior::Immediate, |tx| {

162

tx.execute(

163

"DELETE FROM profiles WHERE cast ( ( owner/? ) as int) = ?;",

Joel Galenson

2021-07-29 15:39:10 -0700

[diff] [blame]

164

params![rustutils::users::AID_USER_OFFSET, user_id],

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

165

)

166

.context("In remove_uid: Failed to delete.")

167

})?;

168

Ok(())

169

}

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

170

}

171

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

172

/// This is the main LegacyKeystore error type, it wraps binder exceptions and the

173

/// LegacyKeystore errors.

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

174

#[derive(Debug, thiserror::Error, PartialEq)]

175

pub enum Error {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

176

/// Wraps a LegacyKeystore error code.

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

177

#[error("Error::Error({0:?})")]

178

Error(i32),

179

/// Wraps a Binder exception code other than a service specific exception.

180

#[error("Binder exception code {0:?}, {1:?}")]

181

Binder(ExceptionCode, i32),

}

impl Error {

/// Short hand for `Error::Error(ERROR_SYSTEM_ERROR)`

186

pub fn sys() -> Self {

187

Error::Error(ERROR_SYSTEM_ERROR)

188

}

189

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

190

/// Short hand for `Error::Error(ERROR_ENTRY_NOT_FOUND)`

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

191

pub fn not_found() -> Self {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

192

Error::Error(ERROR_ENTRY_NOT_FOUND)

193

}

194

195

/// Short hand for `Error::Error(ERROR_PERMISSION_DENIED)`

196

pub fn perm() -> Self {

197

Error::Error(ERROR_PERMISSION_DENIED)

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

}

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

201

/// This function should be used by legacykeystore service calls to translate error conditions

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

202

/// into service specific exceptions.

203

///

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

204

/// All error conditions get logged by this function, except for ERROR_ENTRY_NOT_FOUND error.

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

205

///

206

/// `Error::Error(x)` variants get mapped onto a service specific error code of `x`.

207

///

208

/// All non `Error` error conditions get mapped onto `ERROR_SYSTEM_ERROR`.

209

///

210

/// `handle_ok` will be called if `result` is `Ok(value)` where `value` will be passed

211

/// as argument to `handle_ok`. `handle_ok` must generate a `BinderResult<T>`, but it

212

/// typically returns Ok(value).

213

fn map_or_log_err<T, U, F>(result: Result<U>, handle_ok: F) -> BinderResult<T>

214

where

215

F: FnOnce(U) -> BinderResult<T>,

216

{

217

result.map_or_else(

218

|e| {

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

219

let root_cause = e.root_cause();

Hasini Gunasinghe

e1d1bbd

2021-04-20 18:13:25 +0000

[diff] [blame]

220

let (rc, log_error) = match root_cause.downcast_ref::<Error>() {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

221

// Make the entry not found errors silent.

222

Some(Error::Error(ERROR_ENTRY_NOT_FOUND)) => (ERROR_ENTRY_NOT_FOUND, false),

Hasini Gunasinghe

e1d1bbd

2021-04-20 18:13:25 +0000

[diff] [blame]

223

Some(Error::Error(e)) => (*e, true),

224

Some(Error::Binder(_, _)) | None => (ERROR_SYSTEM_ERROR, true),

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

225

};

Hasini Gunasinghe

e1d1bbd

2021-04-20 18:13:25 +0000

[diff] [blame]

226

if log_error {

227

log::error!("{:?}", e);

228

}

Janis Danisevskis

ea03cff

2021-12-16 08:10:17 -0800

[diff] [blame^]

229

Err(BinderStatus::new_service_specific_error(

230

rc,

231

anyhow_error_to_cstring(&e).as_deref(),

232

))

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

},

handle_ok,

)

}

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

238

struct LegacyKeystoreDeleteListener {

239

legacy_keystore: Arc<LegacyKeystore>,

240

}

241

242

impl DeleteListener for LegacyKeystoreDeleteListener {

243

fn delete_namespace(&self, domain: Domain, namespace: i64) -> Result<()> {

244

self.legacy_keystore.delete_namespace(domain, namespace)

245

}

246

fn delete_user(&self, user_id: u32) -> Result<()> {

247

self.legacy_keystore.delete_user(user_id)

}

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

251

/// Implements ILegacyKeystore AIDL interface.

252

pub struct LegacyKeystore {

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

253

db_path: PathBuf,

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

254

async_task: AsyncTask,

}

struct AsyncState {

recently_imported: HashSet<(u32, String)>,

259

legacy_loader: LegacyBlobLoader,

260

db_path: PathBuf,

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

261

}

262

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

263

impl LegacyKeystore {

264

/// Note: The filename was chosen before the purpose of this module was extended.

265

/// It is kept for backward compatibility with early adopters.

266

const LEGACY_KEYSTORE_FILE_NAME: &'static str = "vpnprofilestore.sqlite";

267

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

268

const WIFI_NAMESPACE: i64 = 102;

269

const AID_WIFI: u32 = 1010;

270

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

271

/// Creates a new LegacyKeystore instance.

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

272

pub fn new_native_binder(

273

path: &Path,

274

) -> (Box<dyn DeleteListener + Send + Sync + 'static>, Strong<dyn ILegacyKeystore>) {

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

275

let mut db_path = path.to_path_buf();

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

276

db_path.push(Self::LEGACY_KEYSTORE_FILE_NAME);

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

277

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

278

let legacy_keystore = Arc::new(Self { db_path, async_task: Default::default() });

279

legacy_keystore.init_shelf(path);

280

let service = LegacyKeystoreService { legacy_keystore: legacy_keystore.clone() };

281

(

282

Box::new(LegacyKeystoreDeleteListener { legacy_keystore }),

283

BnLegacyKeystore::new_binder(service, BinderFeatures::default()),

284

)

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

285

}

286

287

fn open_db(&self) -> Result<DB> {

288

DB::new(&self.db_path).context("In open_db: Failed to open db.")

289

}

290

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

291

fn get_effective_uid(uid: i32) -> Result<u32> {

292

const AID_SYSTEM: u32 = 1000;

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

293

let calling_uid = ThreadState::get_calling_uid();

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

294

let uid = uid as u32;

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

295

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

296

if uid == UID_SELF as u32 || uid == calling_uid {

297

Ok(calling_uid)

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

298

} else if calling_uid == AID_SYSTEM && uid == Self::AID_WIFI {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

299

// The only exception for legacy reasons is allowing SYSTEM to access

300

// the WIFI namespace.

301

// IMPORTANT: If you attempt to add more exceptions, it means you are adding

302

// more callers to this deprecated feature. DON'T!

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

303

Ok(Self::AID_WIFI)

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

304

} else {

305

Err(Error::perm()).with_context(|| {

306

format!("In get_effective_uid: caller: {}, requested uid: {}.", calling_uid, uid)

307

})

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

308

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

309

}

310

311

fn get(&self, alias: &str, uid: i32) -> Result<Vec<u8>> {

312

let mut db = self.open_db().context("In get.")?;

313

let uid = Self::get_effective_uid(uid).context("In get.")?;

314

315

if let Some(entry) = db.get(uid, alias).context("In get: Trying to load entry from DB.")? {

316

return Ok(entry);

317

}

318

if self.get_legacy(uid, alias).context("In get: Trying to migrate legacy blob.")? {

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

319

// If we were able to migrate a legacy blob try again.

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

320

if let Some(entry) =

321

db.get(uid, alias).context("In get: Trying to load entry from DB.")?

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

322

{

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

323

return Ok(entry);

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

324

}

325

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

326

Err(Error::not_found()).context("In get: No such entry.")

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

327

}

328

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

329

fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> Result<()> {

330

let uid = Self::get_effective_uid(uid).context("In put.")?;

331

// In order to make sure that we don't have stale legacy entries, make sure they are

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

332

// migrated before replacing them.

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

333

let _ = self.get_legacy(uid, alias);

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

334

let mut db = self.open_db().context("In put.")?;

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

335

db.put(uid, alias, entry).context("In put: Trying to insert entry into DB.")

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

336

}

337

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

338

fn remove(&self, alias: &str, uid: i32) -> Result<()> {

339

let uid = Self::get_effective_uid(uid).context("In remove.")?;

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

340

let mut db = self.open_db().context("In remove.")?;

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

341

// In order to make sure that we don't have stale legacy entries, make sure they are

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

342

// migrated before removing them.

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

343

let _ = self.get_legacy(uid, alias);

344

let removed =

345

db.remove(uid, alias).context("In remove: Trying to remove entry from DB.")?;

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

346

if removed {

347

Ok(())

348

} else {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

349

Err(Error::not_found()).context("In remove: No such entry.")

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

}

}

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

353

fn delete_namespace(&self, domain: Domain, namespace: i64) -> Result<()> {

354

let uid = match domain {

355

Domain::APP => namespace as u32,

356

Domain::SELINUX => {

357

if namespace == Self::WIFI_NAMESPACE {

358

// Namespace WIFI gets mapped to AID_WIFI.

359

Self::AID_WIFI

360

} else {

361

// Nothing to do for any other namespace.

return Ok(());

}

}

_ => return Ok(()),

};

if let Err(e) = self.bulk_delete_uid(uid) {

369

log::warn!("In LegacyKeystore::delete_namespace: {:?}", e);

370

}

371

let mut db = self.open_db().context("In LegacyKeystore::delete_namespace.")?;

372

db.remove_uid(uid).context("In LegacyKeystore::delete_namespace.")

373

}

374

375

fn delete_user(&self, user_id: u32) -> Result<()> {

376

if let Err(e) = self.bulk_delete_user(user_id) {

377

log::warn!("In LegacyKeystore::delete_user: {:?}", e);

378

}

379

let mut db = self.open_db().context("In LegacyKeystore::delete_user.")?;

380

db.remove_user(user_id).context("In LegacyKeystore::delete_user.")

381

}

382

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

383

fn list(&self, prefix: &str, uid: i32) -> Result<Vec<String>> {

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

384

let mut db = self.open_db().context("In list.")?;

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

385

let uid = Self::get_effective_uid(uid).context("In list.")?;

386

let mut result = self.list_legacy(uid).context("In list.")?;

387

result.append(&mut db.list(uid).context("In list: Trying to get list of entries.")?);

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

388

result = result.into_iter().filter(|s| s.starts_with(prefix)).collect();

389

result.sort_unstable();

result.dedup();

Ok(result)

}

fn init_shelf(&self, path: &Path) {

395

let mut db_path = path.to_path_buf();

396

self.async_task.queue_hi(move |shelf| {

397

let legacy_loader = LegacyBlobLoader::new(&db_path);

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

398

db_path.push(Self::LEGACY_KEYSTORE_FILE_NAME);

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

399

400

shelf.put(AsyncState { legacy_loader, db_path, recently_imported: Default::default() });

})

}

fn do_serialized<F, T: Send + 'static>(&self, f: F) -> Result<T>

405

where

406

F: FnOnce(&mut AsyncState) -> Result<T> + Send + 'static,

407

{

408

let (sender, receiver) = std::sync::mpsc::channel::<Result<T>>();

409

self.async_task.queue_hi(move |shelf| {

410

let state = shelf.get_downcast_mut::<AsyncState>().expect("Failed to get shelf.");

411

sender.send(f(state)).expect("Failed to send result.");

412

});

413

receiver.recv().context("In do_serialized: Failed to receive result.")?

414

}

415

416

fn list_legacy(&self, uid: u32) -> Result<Vec<String>> {

417

self.do_serialized(move |state| {

418

state

419

.legacy_loader

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

420

.list_legacy_keystore_entries_for_uid(uid)

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

421

.context("Trying to list legacy keystore entries.")

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

422

})

423

.context("In list_legacy.")

424

}

425

426

fn get_legacy(&self, uid: u32, alias: &str) -> Result<bool> {

427

let alias = alias.to_string();

428

self.do_serialized(move |state| {

429

if state.recently_imported.contains(&(uid, alias.clone())) {

430

return Ok(true);

431

}

432

let mut db = DB::new(&state.db_path).context("In open_db: Failed to open db.")?;

433

let migrated =

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

434

Self::migrate_one_legacy_entry(uid, &alias, &state.legacy_loader, &mut db)

435

.context("Trying to migrate legacy keystore entries.")?;

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

436

if migrated {

437

state.recently_imported.insert((uid, alias));

}

Ok(migrated)

})

.context("In get_legacy.")

442

}

443

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

444

fn bulk_delete_uid(&self, uid: u32) -> Result<()> {

445

self.do_serialized(move |state| {

446

let entries = state

447

.legacy_loader

448

.list_legacy_keystore_entries_for_uid(uid)

449

.context("In bulk_delete_uid: Trying to list entries.")?;

450

for alias in entries.iter() {

451

if let Err(e) = state.legacy_loader.remove_legacy_keystore_entry(uid, alias) {

452

log::warn!("In bulk_delete_uid: Failed to delete legacy entry. {:?}", e);

}

}

Ok(())

})

}

fn bulk_delete_user(&self, user_id: u32) -> Result<()> {

460

self.do_serialized(move |state| {

461

let entries = state

462

.legacy_loader

463

.list_legacy_keystore_entries_for_user(user_id)

464

.context("In bulk_delete_user: Trying to list entries.")?;

465

for (uid, entries) in entries.iter() {

466

for alias in entries.iter() {

467

if let Err(e) = state.legacy_loader.remove_legacy_keystore_entry(*uid, alias) {

468

log::warn!("In bulk_delete_user: Failed to delete legacy entry. {:?}", e);

}

}

}

Ok(())

})

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

476

fn migrate_one_legacy_entry(

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

477

uid: u32,

478

alias: &str,

479

legacy_loader: &LegacyBlobLoader,

480

db: &mut DB,

481

) -> Result<bool> {

482

let blob = legacy_loader

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

483

.read_legacy_keystore_entry(uid, alias)

484

.context("In migrate_one_legacy_entry: Trying to read legacy keystore entry.")?;

485

if let Some(entry) = blob {

486

db.put(uid, alias, &entry)

487

.context("In migrate_one_legacy_entry: Trying to insert entry into DB.")?;

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

488

legacy_loader

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

489

.remove_legacy_keystore_entry(uid, alias)

490

.context("In migrate_one_legacy_entry: Trying to delete legacy keystore entry.")?;

Janis Danisevskis

2021-02-11 10:28:17 -0800

[diff] [blame]

Ok(true)

} else {

Ok(false)

}

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

}

}

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

498

struct LegacyKeystoreService {

499

legacy_keystore: Arc<LegacyKeystore>,

500

}

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

501

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

502

impl binder::Interface for LegacyKeystoreService {}

503

504

impl ILegacyKeystore for LegacyKeystoreService {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

505

fn get(&self, alias: &str, uid: i32) -> BinderResult<Vec<u8>> {

506

let _wp = wd::watch_millis("ILegacyKeystore::get", 500);

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

507

map_or_log_err(self.legacy_keystore.get(alias, uid), Ok)

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

508

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

509

fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> BinderResult<()> {

510

let _wp = wd::watch_millis("ILegacyKeystore::put", 500);

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

511

map_or_log_err(self.legacy_keystore.put(alias, uid, entry), Ok)

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

512

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

513

fn remove(&self, alias: &str, uid: i32) -> BinderResult<()> {

514

let _wp = wd::watch_millis("ILegacyKeystore::remove", 500);

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

515

map_or_log_err(self.legacy_keystore.remove(alias, uid), Ok)

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

516

}

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

517

fn list(&self, prefix: &str, uid: i32) -> BinderResult<Vec<String>> {

518

let _wp = wd::watch_millis("ILegacyKeystore::list", 500);

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

519

map_or_log_err(self.legacy_keystore.list(prefix, uid), Ok)

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

}

}

#[cfg(test)]

mod db_test {

use super::*;

use keystore2_test_utils::TempDir;

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

527

use std::sync::Arc;

528

use std::thread;

529

use std::time::Duration;

530

use std::time::Instant;

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

531

Chris Wailes

2021-07-27 16:04:33 -0700

[diff] [blame]

532

static TEST_ALIAS: &str = "test_alias";

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

533

static TEST_BLOB1: &[u8] = &[1, 2, 3, 4, 5, 6, 7, 8, 9, 0];

534

static TEST_BLOB2: &[u8] = &[2, 2, 3, 4, 5, 6, 7, 8, 9, 0];

535

static TEST_BLOB3: &[u8] = &[3, 2, 3, 4, 5, 6, 7, 8, 9, 0];

536

static TEST_BLOB4: &[u8] = &[3, 2, 3, 4, 5, 6, 7, 8, 9, 0];

537

538

#[test]

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

539

fn test_entry_db() {

540

let test_dir = TempDir::new("entrydb_test_").expect("Failed to create temp dir.");

541

let mut db = DB::new(&test_dir.build().push(LegacyKeystore::LEGACY_KEYSTORE_FILE_NAME))

542

.expect("Failed to open database.");

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

543

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

544

// Insert three entries for owner 2.

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

545

db.put(2, "test1", TEST_BLOB1).expect("Failed to insert test1.");

546

db.put(2, "test2", TEST_BLOB2).expect("Failed to insert test2.");

547

db.put(2, "test3", TEST_BLOB3).expect("Failed to insert test3.");

548

549

// Check list returns all inserted aliases.

550

assert_eq!(

551

vec!["test1".to_string(), "test2".to_string(), "test3".to_string(),],

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

552

db.list(2).expect("Failed to list entries.")

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

553

);

554

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

555

// There should be no entries for owner 1.

556

assert_eq!(Vec::<String>::new(), db.list(1).expect("Failed to list entries."));

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

557

558

// Check the content of the three entries.

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

559

assert_eq!(Some(TEST_BLOB1), db.get(2, "test1").expect("Failed to get entry.").as_deref());

560

assert_eq!(Some(TEST_BLOB2), db.get(2, "test2").expect("Failed to get entry.").as_deref());

561

assert_eq!(Some(TEST_BLOB3), db.get(2, "test3").expect("Failed to get entry.").as_deref());

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

562

563

// Remove test2 and check and check that it is no longer retrievable.

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

564

assert!(db.remove(2, "test2").expect("Failed to remove entry."));

565

assert!(db.get(2, "test2").expect("Failed to get entry.").is_none());

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

566

567

// test2 should now no longer be in the list.

568

assert_eq!(

569

vec!["test1".to_string(), "test3".to_string(),],

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

570

db.list(2).expect("Failed to list entries.")

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

571

);

572

573

// Put on existing alias replaces it.

574

// Verify test1 is TEST_BLOB1.

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

575

assert_eq!(Some(TEST_BLOB1), db.get(2, "test1").expect("Failed to get entry.").as_deref());

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

576

db.put(2, "test1", TEST_BLOB4).expect("Failed to replace test1.");

577

// Verify test1 is TEST_BLOB4.

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

578

assert_eq!(Some(TEST_BLOB4), db.get(2, "test1").expect("Failed to get entry.").as_deref());

Janis Danisevskis

2021-01-20 15:36:30 -0800

[diff] [blame]

579

}

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

580

581

#[test]

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

582

fn test_delete_uid() {

583

let test_dir = TempDir::new("test_delete_uid_").expect("Failed to create temp dir.");

584

let mut db = DB::new(&test_dir.build().push(LegacyKeystore::LEGACY_KEYSTORE_FILE_NAME))

585

.expect("Failed to open database.");

586

587

// Insert three entries for owner 2.

588

db.put(2, "test1", TEST_BLOB1).expect("Failed to insert test1.");

589

db.put(2, "test2", TEST_BLOB2).expect("Failed to insert test2.");

590

db.put(3, "test3", TEST_BLOB3).expect("Failed to insert test3.");

591

592

db.remove_uid(2).expect("Failed to remove uid 2");

593

594

assert_eq!(Vec::<String>::new(), db.list(2).expect("Failed to list entries."));

595

596

assert_eq!(vec!["test3".to_string(),], db.list(3).expect("Failed to list entries."));

}

#[test]

fn test_delete_user() {

601

let test_dir = TempDir::new("test_delete_user_").expect("Failed to create temp dir.");

602

let mut db = DB::new(&test_dir.build().push(LegacyKeystore::LEGACY_KEYSTORE_FILE_NAME))

603

.expect("Failed to open database.");

604

605

// Insert three entries for owner 2.

Joel Galenson

2021-07-29 15:39:10 -0700

[diff] [blame]

606

db.put(2 + 2 * rustutils::users::AID_USER_OFFSET, "test1", TEST_BLOB1)

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

607

.expect("Failed to insert test1.");

Joel Galenson

2021-07-29 15:39:10 -0700

[diff] [blame]

608

db.put(4 + 2 * rustutils::users::AID_USER_OFFSET, "test2", TEST_BLOB2)

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

609

.expect("Failed to insert test2.");

610

db.put(3, "test3", TEST_BLOB3).expect("Failed to insert test3.");

611

612

db.remove_user(2).expect("Failed to remove user 2");

613

614

assert_eq!(

615

Vec::<String>::new(),

Joel Galenson

2021-07-29 15:39:10 -0700

[diff] [blame]

616

db.list(2 + 2 * rustutils::users::AID_USER_OFFSET).expect("Failed to list entries.")

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

);

assert_eq!(

Vec::<String>::new(),

Joel Galenson

2021-07-29 15:39:10 -0700

[diff] [blame]

621

db.list(4 + 2 * rustutils::users::AID_USER_OFFSET).expect("Failed to list entries.")

Janis Danisevskis

2021-06-15 08:23:46 -0700

[diff] [blame]

622

);

623

624

assert_eq!(vec!["test3".to_string(),], db.list(3).expect("Failed to list entries."));

625

}

626

627

#[test]

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

628

fn concurrent_legacy_keystore_entry_test() -> Result<()> {

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

629

let temp_dir = Arc::new(

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

630

TempDir::new("concurrent_legacy_keystore_entry_test_")

631

.expect("Failed to create temp dir."),

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

632

);

633

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

634

let db_path = temp_dir.build().push(LegacyKeystore::LEGACY_KEYSTORE_FILE_NAME).to_owned();

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

635

636

let test_begin = Instant::now();

637

638

let mut db = DB::new(&db_path).expect("Failed to open database.");

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

639

const ENTRY_COUNT: u32 = 5000u32;

640

const ENTRY_DB_COUNT: u32 = 5000u32;

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

641

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

642

let mut actual_entry_count = ENTRY_COUNT;

643

// First insert ENTRY_COUNT entries.

644

for count in 0..ENTRY_COUNT {

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

645

if Instant::now().duration_since(test_begin) >= Duration::from_secs(15) {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

646

actual_entry_count = count;

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

647

break;

648

}

649

let alias = format!("test_alias_{}", count);

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

650

db.put(1, &alias, TEST_BLOB1).expect("Failed to add entry (1).");

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

651

}

652

653

// Insert more keys from a different thread and into a different namespace.

654

let db_path1 = db_path.clone();

655

let handle1 = thread::spawn(move || {

656

let mut db = DB::new(&db_path1).expect("Failed to open database.");

657

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

658

for count in 0..actual_entry_count {

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

659

if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {

660

return;

661

}

662

let alias = format!("test_alias_{}", count);

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

663

db.put(2, &alias, TEST_BLOB2).expect("Failed to add entry (2).");

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

664

}

665

666

// Then delete them again.

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

667

for count in 0..actual_entry_count {

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

668

if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {

669

return;

670

}

671

let alias = format!("test_alias_{}", count);

672

db.remove(2, &alias).expect("Remove Failed (2).");

}

});

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

676

// And start deleting the first set of entries.

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

677

let db_path2 = db_path.clone();

678

let handle2 = thread::spawn(move || {

679

let mut db = DB::new(&db_path2).expect("Failed to open database.");

680

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

681

for count in 0..actual_entry_count {

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

682

if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {

683

return;

684

}

685

let alias = format!("test_alias_{}", count);

686

db.remove(1, &alias).expect("Remove Failed (1)).");

}

});

// While a lot of inserting and deleting is going on we have to open database connections

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

691

// successfully and then insert and delete a specific entry.

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

692

let db_path3 = db_path.clone();

693

let handle3 = thread::spawn(move || {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

694

for _count in 0..ENTRY_DB_COUNT {

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

695

if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {

696

return;

697

}

698

let mut db = DB::new(&db_path3).expect("Failed to open database.");

699

Chris Wailes

2021-07-27 16:04:33 -0700

[diff] [blame]

700

db.put(3, TEST_ALIAS, TEST_BLOB3).expect("Failed to add entry (3).");

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

701

Chris Wailes

2021-07-27 16:04:33 -0700

[diff] [blame]

702

db.remove(3, TEST_ALIAS).expect("Remove failed (3).");

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

}

});

// While thread 3 is inserting and deleting TEST_ALIAS, we try to get the alias.

707

// This may yield an entry or none, but it must not fail.

708

let handle4 = thread::spawn(move || {

Janis Danisevskis

2021-06-14 14:18:20 -0700

[diff] [blame]

709

for _count in 0..ENTRY_DB_COUNT {

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

710

if Instant::now().duration_since(test_begin) >= Duration::from_secs(40) {

711

return;

712

}

713

let mut db = DB::new(&db_path).expect("Failed to open database.");

714

715

// This may return Some or None but it must not fail.

Chris Wailes

2021-07-27 16:04:33 -0700

[diff] [blame]

716

db.get(3, TEST_ALIAS).expect("Failed to get entry (4).");

Janis Danisevskis

2021-04-12 14:31:12 -0700

[diff] [blame]

}

});

handle1.join().expect("Thread 1 panicked.");

721

handle2.join().expect("Thread 2 panicked.");

722

handle3.join().expect("Thread 3 panicked.");

723

handle4.join().expect("Thread 4 panicked.");

724

725

Ok(())

726

}

Janis Danisevskis