Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / ed4f566a926d935ee7e2a158d75bbd050ef85778 / . / keystore / IKeystoreService.cpp
blob: 2ab4ac421c6ee44b7eebbecf0b6685f4157ca55a [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
19#include <sys/types.h>
20
21#define LOG_TAG "KeystoreService"
22#include <utils/Log.h>
23
24#include <binder/Parcel.h>
25#include <binder/IPCThreadState.h>
26#include <binder/IServiceManager.h>
27
28#include <keystore/IKeystoreService.h>
29
30namespace android {
31
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]32const ssize_t MAX_GENERATE_ARGS = 3;
33
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]34KeystoreArg::KeystoreArg(const void* data, size_t len)
35 : mData(data), mSize(len) {
36}
37
38KeystoreArg::~KeystoreArg() {
39}
40
41const void *KeystoreArg::data() const {
42 return mData;
43}
44
45size_t KeystoreArg::size() const {
46 return mSize;
47}
48
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]49class BpKeystoreService: public BpInterface<IKeystoreService>
50{
51public:
52 BpKeystoreService(const sp<IBinder>& impl)
53 : BpInterface<IKeystoreService>(impl)
54 {
55 }
56
57 // test ping
58 virtual int32_t test()
59 {
60 Parcel data, reply;
61 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
62 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
63 if (status != NO_ERROR) {
64 ALOGD("test() could not contact remote: %d\n", status);
65 return -1;
66 }
67 int32_t err = reply.readExceptionCode();
68 int32_t ret = reply.readInt32();
69 if (err < 0) {
70 ALOGD("test() caught exception %d\n", err);
71 return -1;
72 }
73 return ret;
74 }
75
76 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
77 {
78 Parcel data, reply;
79 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
80 data.writeString16(name);
81 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
82 if (status != NO_ERROR) {
83 ALOGD("get() could not contact remote: %d\n", status);
84 return -1;
85 }
86 int32_t err = reply.readExceptionCode();
87 ssize_t len = reply.readInt32();
88 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
89 size_t ulen = (size_t) len;
90 const void* buf = reply.readInplace(ulen);
91 *item = (uint8_t*) malloc(ulen);
92 if (*item != NULL) {
93 memcpy(*item, buf, ulen);
94 *itemLength = ulen;
95 } else {
96 ALOGE("out of memory allocating output array in get");
97 *itemLength = 0;
98 }
99 } else {
100 *itemLength = 0;
101 }
102 if (err < 0) {
103 ALOGD("get() caught exception %d\n", err);
104 return -1;
105 }
106 return 0;
107 }
108
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]109 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
110 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]111 {
112 Parcel data, reply;
113 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
114 data.writeString16(name);
115 data.writeInt32(itemLength);
116 void* buf = data.writeInplace(itemLength);
117 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]118 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]119 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]120 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
121 if (status != NO_ERROR) {
122 ALOGD("import() could not contact remote: %d\n", status);
123 return -1;
124 }
125 int32_t err = reply.readExceptionCode();
126 int32_t ret = reply.readInt32();
127 if (err < 0) {
128 ALOGD("import() caught exception %d\n", err);
129 return -1;
130 }
131 return ret;
132 }
133
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]134 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]135 {
136 Parcel data, reply;
137 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
138 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]139 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]140 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
141 if (status != NO_ERROR) {
142 ALOGD("del() could not contact remote: %d\n", status);
143 return -1;
144 }
145 int32_t err = reply.readExceptionCode();
146 int32_t ret = reply.readInt32();
147 if (err < 0) {
148 ALOGD("del() caught exception %d\n", err);
149 return -1;
150 }
151 return ret;
152 }
153
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]154 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]155 {
156 Parcel data, reply;
157 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
158 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]159 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]160 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
161 if (status != NO_ERROR) {
162 ALOGD("exist() could not contact remote: %d\n", status);
163 return -1;
164 }
165 int32_t err = reply.readExceptionCode();
166 int32_t ret = reply.readInt32();
167 if (err < 0) {
168 ALOGD("exist() caught exception %d\n", err);
169 return -1;
170 }
171 return ret;
172 }
173
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]174 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]175 {
176 Parcel data, reply;
177 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
178 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]179 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]180 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
181 if (status != NO_ERROR) {
182 ALOGD("saw() could not contact remote: %d\n", status);
183 return -1;
184 }
185 int32_t err = reply.readExceptionCode();
186 int32_t numMatches = reply.readInt32();
187 for (int32_t i = 0; i < numMatches; i++) {
188 matches->push(reply.readString16());
189 }
190 int32_t ret = reply.readInt32();
191 if (err < 0) {
192 ALOGD("saw() caught exception %d\n", err);
193 return -1;
194 }
195 return ret;
196 }
197
198 virtual int32_t reset()
199 {
200 Parcel data, reply;
201 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
202 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
203 if (status != NO_ERROR) {
204 ALOGD("reset() could not contact remote: %d\n", status);
205 return -1;
206 }
207 int32_t err = reply.readExceptionCode();
208 int32_t ret = reply.readInt32();
209 if (err < 0) {
210 ALOGD("reset() caught exception %d\n", err);
211 return -1;
212 }
213 return ret;
214 }
215
216 virtual int32_t password(const String16& password)
217 {
218 Parcel data, reply;
219 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
220 data.writeString16(password);
221 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
222 if (status != NO_ERROR) {
223 ALOGD("password() could not contact remote: %d\n", status);
224 return -1;
225 }
226 int32_t err = reply.readExceptionCode();
227 int32_t ret = reply.readInt32();
228 if (err < 0) {
229 ALOGD("password() caught exception %d\n", err);
230 return -1;
231 }
232 return ret;
233 }
234
235 virtual int32_t lock()
236 {
237 Parcel data, reply;
238 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
239 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
240 if (status != NO_ERROR) {
241 ALOGD("lock() could not contact remote: %d\n", status);
242 return -1;
243 }
244 int32_t err = reply.readExceptionCode();
245 int32_t ret = reply.readInt32();
246 if (err < 0) {
247 ALOGD("lock() caught exception %d\n", err);
248 return -1;
249 }
250 return ret;
251 }
252
253 virtual int32_t unlock(const String16& password)
254 {
255 Parcel data, reply;
256 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
257 data.writeString16(password);
258 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
259 if (status != NO_ERROR) {
260 ALOGD("unlock() could not contact remote: %d\n", status);
261 return -1;
262 }
263 int32_t err = reply.readExceptionCode();
264 int32_t ret = reply.readInt32();
265 if (err < 0) {
266 ALOGD("unlock() caught exception %d\n", err);
267 return -1;
268 }
269 return ret;
270 }
271
272 virtual int32_t zero()
273 {
274 Parcel data, reply;
275 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
276 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
277 if (status != NO_ERROR) {
278 ALOGD("zero() could not contact remote: %d\n", status);
279 return -1;
280 }
281 int32_t err = reply.readExceptionCode();
282 int32_t ret = reply.readInt32();
283 if (err < 0) {
284 ALOGD("zero() caught exception %d\n", err);
285 return -1;
286 }
287 return ret;
288 }
289
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]290 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
291 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]292 {
293 Parcel data, reply;
294 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
295 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]296 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]297 data.writeInt32(keyType);
298 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]299 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]300 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]301 data.writeInt32(args->size());
302 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
303 sp<KeystoreArg> item = *it;
304 size_t keyLength = item->size();
305 data.writeInt32(keyLength);
306 void* buf = data.writeInplace(keyLength);
307 memcpy(buf, item->data(), keyLength);
308 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]309 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
310 if (status != NO_ERROR) {
311 ALOGD("generate() could not contact remote: %d\n", status);
312 return -1;
313 }
314 int32_t err = reply.readExceptionCode();
315 int32_t ret = reply.readInt32();
316 if (err < 0) {
317 ALOGD("generate() caught exception %d\n", err);
318 return -1;
319 }
320 return ret;
321 }
322
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]323 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
324 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]325 {
326 Parcel data, reply;
327 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
328 data.writeString16(name);
329 data.writeInt32(keyLength);
330 void* buf = data.writeInplace(keyLength);
331 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]332 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]333 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]334 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
335 if (status != NO_ERROR) {
336 ALOGD("import() could not contact remote: %d\n", status);
337 return -1;
338 }
339 int32_t err = reply.readExceptionCode();
340 int32_t ret = reply.readInt32();
341 if (err < 0) {
342 ALOGD("import() caught exception %d\n", err);
343 return -1;
344 }
345 return ret;
346 }
347
348 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
349 size_t* outLength)
350 {
351 Parcel data, reply;
352 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
353 data.writeString16(name);
354 data.writeInt32(inLength);
355 void* buf = data.writeInplace(inLength);
356 memcpy(buf, in, inLength);
357 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
358 if (status != NO_ERROR) {
359 ALOGD("import() could not contact remote: %d\n", status);
360 return -1;
361 }
362 int32_t err = reply.readExceptionCode();
363 ssize_t len = reply.readInt32();
364 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
365 size_t ulen = (size_t) len;
366 const void* outBuf = reply.readInplace(ulen);
367 *out = (uint8_t*) malloc(ulen);
368 if (*out != NULL) {
369 memcpy((void*) *out, outBuf, ulen);
370 *outLength = ulen;
371 } else {
372 ALOGE("out of memory allocating output array in sign");
373 *outLength = 0;
374 }
375 } else {
376 *outLength = 0;
377 }
378 if (err < 0) {
379 ALOGD("import() caught exception %d\n", err);
380 return -1;
381 }
382 return 0;
383 }
384
385 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
386 const uint8_t* signature, size_t signatureLength)
387 {
388 Parcel data, reply;
389 void* buf;
390
391 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
392 data.writeString16(name);
393 data.writeInt32(inLength);
394 buf = data.writeInplace(inLength);
395 memcpy(buf, in, inLength);
396 data.writeInt32(signatureLength);
397 buf = data.writeInplace(signatureLength);
398 memcpy(buf, signature, signatureLength);
399 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
400 if (status != NO_ERROR) {
401 ALOGD("verify() could not contact remote: %d\n", status);
402 return -1;
403 }
404 int32_t err = reply.readExceptionCode();
405 int32_t ret = reply.readInt32();
406 if (err < 0) {
407 ALOGD("verify() caught exception %d\n", err);
408 return -1;
409 }
410 return ret;
411 }
412
413 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
414 {
415 Parcel data, reply;
416 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
417 data.writeString16(name);
418 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
419 if (status != NO_ERROR) {
420 ALOGD("get_pubkey() could not contact remote: %d\n", status);
421 return -1;
422 }
423 int32_t err = reply.readExceptionCode();
424 ssize_t len = reply.readInt32();
425 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
426 size_t ulen = (size_t) len;
427 const void* buf = reply.readInplace(ulen);
428 *pubkey = (uint8_t*) malloc(ulen);
429 if (*pubkey != NULL) {
430 memcpy(*pubkey, buf, ulen);
431 *pubkeyLength = ulen;
432 } else {
433 ALOGE("out of memory allocating output array in get_pubkey");
434 *pubkeyLength = 0;
435 }
436 } else {
437 *pubkeyLength = 0;
438 }
439 if (err < 0) {
440 ALOGD("get_pubkey() caught exception %d\n", err);
441 return -1;
442 }
443 return 0;
444 }
445
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]446 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]447 {
448 Parcel data, reply;
449 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
450 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]451 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]452 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
453 if (status != NO_ERROR) {
454 ALOGD("del_key() could not contact remote: %d\n", status);
455 return -1;
456 }
457 int32_t err = reply.readExceptionCode();
458 int32_t ret = reply.readInt32();
459 if (err < 0) {
460 ALOGD("del_key() caught exception %d\n", err);
461 return -1;
462 }
463 return ret;
464 }
465
466 virtual int32_t grant(const String16& name, int32_t granteeUid)
467 {
468 Parcel data, reply;
469 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
470 data.writeString16(name);
471 data.writeInt32(granteeUid);
472 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
473 if (status != NO_ERROR) {
474 ALOGD("grant() could not contact remote: %d\n", status);
475 return -1;
476 }
477 int32_t err = reply.readExceptionCode();
478 int32_t ret = reply.readInt32();
479 if (err < 0) {
480 ALOGD("grant() caught exception %d\n", err);
481 return -1;
482 }
483 return ret;
484 }
485
486 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
487 {
488 Parcel data, reply;
489 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
490 data.writeString16(name);
491 data.writeInt32(granteeUid);
492 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
493 if (status != NO_ERROR) {
494 ALOGD("ungrant() could not contact remote: %d\n", status);
495 return -1;
496 }
497 int32_t err = reply.readExceptionCode();
498 int32_t ret = reply.readInt32();
499 if (err < 0) {
500 ALOGD("ungrant() caught exception %d\n", err);
501 return -1;
502 }
503 return ret;
504 }
505
506 int64_t getmtime(const String16& name)
507 {
508 Parcel data, reply;
509 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
510 data.writeString16(name);
511 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
512 if (status != NO_ERROR) {
513 ALOGD("getmtime() could not contact remote: %d\n", status);
514 return -1;
515 }
516 int32_t err = reply.readExceptionCode();
517 int64_t ret = reply.readInt64();
518 if (err < 0) {
519 ALOGD("getmtime() caught exception %d\n", err);
520 return -1;
521 }
522 return ret;
523 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]524
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]525 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
526 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]527 {
528 Parcel data, reply;
529 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]530 data.writeString16(srcKey);
531 data.writeInt32(srcUid);
532 data.writeString16(destKey);
533 data.writeInt32(destUid);
534 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]535 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]536 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]537 return -1;
538 }
539 int32_t err = reply.readExceptionCode();
540 int32_t ret = reply.readInt32();
541 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]542 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]543 return -1;
544 }
545 return ret;
546 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]547
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]548 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]549 {
550 Parcel data, reply;
551 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]552 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]553 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
554 if (status != NO_ERROR) {
555 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
556 return -1;
557 }
558 int32_t err = reply.readExceptionCode();
559 int32_t ret = reply.readInt32();
560 if (err < 0) {
561 ALOGD("is_hardware_backed() caught exception %d\n", err);
562 return -1;
563 }
564 return ret;
565 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]566
567 virtual int32_t clear_uid(int64_t uid)
568 {
569 Parcel data, reply;
570 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
571 data.writeInt64(uid);
572 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
573 if (status != NO_ERROR) {
574 ALOGD("clear_uid() could not contact remote: %d\n", status);
575 return -1;
576 }
577 int32_t err = reply.readExceptionCode();
578 int32_t ret = reply.readInt32();
579 if (err < 0) {
580 ALOGD("clear_uid() caught exception %d\n", err);
581 return -1;
582 }
583 return ret;
584 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]585
586 virtual int32_t reset_uid(int32_t uid) {
587 Parcel data, reply;
588 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
589 data.writeInt32(uid);
590 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
591 if (status != NO_ERROR) {
592 ALOGD("reset_uid() could not contact remote: %d\n", status);
593 return -1;
594 }
595 int32_t err = reply.readExceptionCode();
596 int32_t ret = reply.readInt32();
597 if (err < 0) {
598 ALOGD("reset_uid() caught exception %d\n", err);
599 return -1;
600 }
601 return ret;
602
603 }
604
605 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
606 {
607 Parcel data, reply;
608 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
609 data.writeInt32(sourceUid);
610 data.writeInt32(targetUid);
611 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
612 if (status != NO_ERROR) {
613 ALOGD("sync_uid() could not contact remote: %d\n", status);
614 return -1;
615 }
616 int32_t err = reply.readExceptionCode();
617 int32_t ret = reply.readInt32();
618 if (err < 0) {
619 ALOGD("sync_uid() caught exception %d\n", err);
620 return -1;
621 }
622 return ret;
623 }
624
625 virtual int32_t password_uid(const String16& password, int32_t uid)
626 {
627 Parcel data, reply;
628 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
629 data.writeString16(password);
630 data.writeInt32(uid);
631 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
632 if (status != NO_ERROR) {
633 ALOGD("password_uid() could not contact remote: %d\n", status);
634 return -1;
635 }
636 int32_t err = reply.readExceptionCode();
637 int32_t ret = reply.readInt32();
638 if (err < 0) {
639 ALOGD("password_uid() caught exception %d\n", err);
640 return -1;
641 }
642 return ret;
643 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]644};
645
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]646IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]647
648// ----------------------------------------------------------------------
649
650status_t BnKeystoreService::onTransact(
651 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
652{
653 switch(code) {
654 case TEST: {
655 CHECK_INTERFACE(IKeystoreService, data, reply);
656 int32_t ret = test();
657 reply->writeNoException();
658 reply->writeInt32(ret);
659 return NO_ERROR;
660 } break;
661 case GET: {
662 CHECK_INTERFACE(IKeystoreService, data, reply);
663 String16 name = data.readString16();
664 void* out = NULL;
665 size_t outSize = 0;
666 int32_t ret = get(name, (uint8_t**) &out, &outSize);
667 reply->writeNoException();
668 if (ret == 1) {
669 reply->writeInt32(outSize);
670 void* buf = reply->writeInplace(outSize);
671 memcpy(buf, out, outSize);
672 free(out);
673 } else {
674 reply->writeInt32(-1);
675 }
676 return NO_ERROR;
677 } break;
678 case INSERT: {
679 CHECK_INTERFACE(IKeystoreService, data, reply);
680 String16 name = data.readString16();
681 ssize_t inSize = data.readInt32();
682 const void* in;
683 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
684 in = data.readInplace(inSize);
685 } else {
686 in = NULL;
687 inSize = 0;
688 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]689 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]690 int32_t flags = data.readInt32();
691 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]692 reply->writeNoException();
693 reply->writeInt32(ret);
694 return NO_ERROR;
695 } break;
696 case DEL: {
697 CHECK_INTERFACE(IKeystoreService, data, reply);
698 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]699 int uid = data.readInt32();
700 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]701 reply->writeNoException();
702 reply->writeInt32(ret);
703 return NO_ERROR;
704 } break;
705 case EXIST: {
706 CHECK_INTERFACE(IKeystoreService, data, reply);
707 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]708 int uid = data.readInt32();
709 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]710 reply->writeNoException();
711 reply->writeInt32(ret);
712 return NO_ERROR;
713 } break;
714 case SAW: {
715 CHECK_INTERFACE(IKeystoreService, data, reply);
716 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]717 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]718 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]719 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]720 reply->writeNoException();
721 reply->writeInt32(matches.size());
722 Vector<String16>::const_iterator it = matches.begin();
723 for (; it != matches.end(); ++it) {
724 reply->writeString16(*it);
725 }
726 reply->writeInt32(ret);
727 return NO_ERROR;
728 } break;
729 case RESET: {
730 CHECK_INTERFACE(IKeystoreService, data, reply);
731 int32_t ret = reset();
732 reply->writeNoException();
733 reply->writeInt32(ret);
734 return NO_ERROR;
735 } break;
736 case PASSWORD: {
737 CHECK_INTERFACE(IKeystoreService, data, reply);
738 String16 pass = data.readString16();
739 int32_t ret = password(pass);
740 reply->writeNoException();
741 reply->writeInt32(ret);
742 return NO_ERROR;
743 } break;
744 case LOCK: {
745 CHECK_INTERFACE(IKeystoreService, data, reply);
746 int32_t ret = lock();
747 reply->writeNoException();
748 reply->writeInt32(ret);
749 return NO_ERROR;
750 } break;
751 case UNLOCK: {
752 CHECK_INTERFACE(IKeystoreService, data, reply);
753 String16 pass = data.readString16();
754 int32_t ret = unlock(pass);
755 reply->writeNoException();
756 reply->writeInt32(ret);
757 return NO_ERROR;
758 } break;
759 case ZERO: {
760 CHECK_INTERFACE(IKeystoreService, data, reply);
761 int32_t ret = zero();
762 reply->writeNoException();
763 reply->writeInt32(ret);
764 return NO_ERROR;
765 } break;
766 case GENERATE: {
767 CHECK_INTERFACE(IKeystoreService, data, reply);
768 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]769 int32_t uid = data.readInt32();
770 int32_t keyType = data.readInt32();
771 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]772 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]773 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]774 int32_t argsPresent = data.readInt32();
775 if (argsPresent == 1) {
776 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame^]777 if (numArgs > MAX_GENERATE_ARGS) {
778 return BAD_VALUE;
779 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]780 if (numArgs > 0) {
781 for (size_t i = 0; i < (size_t) numArgs; i++) {
782 ssize_t inSize = data.readInt32();
783 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
784 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
785 inSize);
786 args.push_back(arg);
787 } else {
788 args.push_back(NULL);
789 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]790 }
791 }
792 }
793 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]794 reply->writeNoException();
795 reply->writeInt32(ret);
796 return NO_ERROR;
797 } break;
798 case IMPORT: {
799 CHECK_INTERFACE(IKeystoreService, data, reply);
800 String16 name = data.readString16();
801 ssize_t inSize = data.readInt32();
802 const void* in;
803 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
804 in = data.readInplace(inSize);
805 } else {
806 in = NULL;
807 inSize = 0;
808 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]809 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]810 int32_t flags = data.readInt32();
811 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]812 reply->writeNoException();
813 reply->writeInt32(ret);
814 return NO_ERROR;
815 } break;
816 case SIGN: {
817 CHECK_INTERFACE(IKeystoreService, data, reply);
818 String16 name = data.readString16();
819 ssize_t inSize = data.readInt32();
820 const void* in;
821 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
822 in = data.readInplace(inSize);
823 } else {
824 in = NULL;
825 inSize = 0;
826 }
827 void* out = NULL;
828 size_t outSize = 0;
829 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
830 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]831 if (outSize > 0 && out != NULL) {
832 reply->writeInt32(outSize);
833 void* buf = reply->writeInplace(outSize);
834 memcpy(buf, out, outSize);
835 free(out);
836 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]837 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]838 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]839 reply->writeInt32(ret);
840 return NO_ERROR;
841 } break;
842 case VERIFY: {
843 CHECK_INTERFACE(IKeystoreService, data, reply);
844 String16 name = data.readString16();
845 ssize_t inSize = data.readInt32();
846 const void* in;
847 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
848 in = data.readInplace(inSize);
849 } else {
850 in = NULL;
851 inSize = 0;
852 }
853 ssize_t sigSize = data.readInt32();
854 const void* sig;
855 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
856 sig = data.readInplace(sigSize);
857 } else {
858 sig = NULL;
859 sigSize = 0;
860 }
861 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
862 (size_t) sigSize);
863 reply->writeNoException();
864 reply->writeInt32(ret ? 1 : 0);
865 return NO_ERROR;
866 } break;
867 case GET_PUBKEY: {
868 CHECK_INTERFACE(IKeystoreService, data, reply);
869 String16 name = data.readString16();
870 void* out = NULL;
871 size_t outSize = 0;
872 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
873 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]874 if (outSize > 0 && out != NULL) {
875 reply->writeInt32(outSize);
876 void* buf = reply->writeInplace(outSize);
877 memcpy(buf, out, outSize);
878 free(out);
879 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]880 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]881 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]882 reply->writeInt32(ret);
883 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]884 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]885 case DEL_KEY: {
886 CHECK_INTERFACE(IKeystoreService, data, reply);
887 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]888 int uid = data.readInt32();
889 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]890 reply->writeNoException();
891 reply->writeInt32(ret);
892 return NO_ERROR;
893 } break;
894 case GRANT: {
895 CHECK_INTERFACE(IKeystoreService, data, reply);
896 String16 name = data.readString16();
897 int32_t granteeUid = data.readInt32();
898 int32_t ret = grant(name, granteeUid);
899 reply->writeNoException();
900 reply->writeInt32(ret);
901 return NO_ERROR;
902 } break;
903 case UNGRANT: {
904 CHECK_INTERFACE(IKeystoreService, data, reply);
905 String16 name = data.readString16();
906 int32_t granteeUid = data.readInt32();
907 int32_t ret = ungrant(name, granteeUid);
908 reply->writeNoException();
909 reply->writeInt32(ret);
910 return NO_ERROR;
911 } break;
912 case GETMTIME: {
913 CHECK_INTERFACE(IKeystoreService, data, reply);
914 String16 name = data.readString16();
915 int64_t ret = getmtime(name);
916 reply->writeNoException();
917 reply->writeInt64(ret);
918 return NO_ERROR;
919 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]920 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]921 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]922 String16 srcKey = data.readString16();
923 int32_t srcUid = data.readInt32();
924 String16 destKey = data.readString16();
925 int32_t destUid = data.readInt32();
926 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]927 reply->writeNoException();
928 reply->writeInt32(ret);
929 return NO_ERROR;
930 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]931 case IS_HARDWARE_BACKED: {
932 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]933 String16 keyType = data.readString16();
934 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]935 reply->writeNoException();
936 reply->writeInt32(ret);
937 return NO_ERROR;
938 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]939 case CLEAR_UID: {
940 CHECK_INTERFACE(IKeystoreService, data, reply);
941 int64_t uid = data.readInt64();
942 int32_t ret = clear_uid(uid);
943 reply->writeNoException();
944 reply->writeInt32(ret);
945 return NO_ERROR;
946 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]947 case RESET_UID: {
948 CHECK_INTERFACE(IKeystoreService, data, reply);
949 int32_t uid = data.readInt32();
950 int32_t ret = reset_uid(uid);
951 reply->writeNoException();
952 reply->writeInt32(ret);
953 return NO_ERROR;
954 }
955 case SYNC_UID: {
956 CHECK_INTERFACE(IKeystoreService, data, reply);
957 int32_t sourceUid = data.readInt32();
958 int32_t targetUid = data.readInt32();
959 int32_t ret = sync_uid(sourceUid, targetUid);
960 reply->writeNoException();
961 reply->writeInt32(ret);
962 return NO_ERROR;
963 }
964 case PASSWORD_UID: {
965 CHECK_INTERFACE(IKeystoreService, data, reply);
966 String16 password = data.readString16();
967 int32_t uid = data.readInt32();
968 int32_t ret = password_uid(password, uid);
969 reply->writeNoException();
970 reply->writeInt32(ret);
971 return NO_ERROR;
972 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]973 default:
974 return BBinder::onTransact(code, data, reply, flags);
975 }
976}
977
978// ----------------------------------------------------------------------------
979
980}; // namespace android