| /* |
| * Copyright (C) 2016 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #ifndef KEYSTORE_PERMISSIONS_H_ |
| #define KEYSTORE_PERMISSIONS_H_ |
| |
| #include <unistd.h> |
| |
| /* Here are the permissions, actions, users, and the main function. */ |
| enum perm_t { |
| P_GET_STATE = 1 << 0, |
| P_GET = 1 << 1, |
| P_INSERT = 1 << 2, |
| P_DELETE = 1 << 3, |
| P_EXIST = 1 << 4, |
| P_LIST = 1 << 5, |
| P_RESET = 1 << 6, |
| P_PASSWORD = 1 << 7, |
| P_LOCK = 1 << 8, |
| P_UNLOCK = 1 << 9, |
| P_IS_EMPTY = 1 << 10, |
| P_SIGN = 1 << 11, |
| P_VERIFY = 1 << 12, |
| P_GRANT = 1 << 13, |
| P_DUPLICATE = 1 << 14, |
| P_CLEAR_UID = 1 << 15, |
| P_ADD_AUTH = 1 << 16, |
| P_USER_CHANGED = 1 << 17, |
| P_GEN_UNIQUE_ID = 1 << 18, |
| }; |
| |
| const char* get_perm_label(perm_t perm); |
| |
| /** |
| * Returns the UID that the callingUid should act as. This is here for |
| * legacy support of the WiFi and VPN systems and should be removed |
| * when WiFi can operate in its own namespace. |
| */ |
| uid_t get_keystore_euid(uid_t uid); |
| |
| bool has_permission(uid_t uid, perm_t perm, pid_t spid); |
| |
| /** |
| * Returns true if the callingUid is allowed to interact in the targetUid's |
| * namespace. |
| */ |
| bool is_granted_to(uid_t callingUid, uid_t targetUid); |
| |
| int configure_selinux(); |
| |
| /* |
| * Keystore grants. |
| * |
| * What are keystore grants? |
| * |
| * Keystore grants are a mechanism that allows an app to grant the permission to use one of its |
| * keys to an other app. |
| * |
| * Liftime of a grant: |
| * |
| * A keystore grant is ephemeral in that is never persistently stored. When the keystore process |
| * exits, all grants are lost. Also, grants can be explicitly revoked by the granter by invoking |
| * the ungrant operation. |
| * |
| * What happens when a grant is created? |
| * |
| * The grant operation expects a valid key alias and the uid of the grantee, i.e., the app that |
| * shall be allowed to use the key denoted by the alias. It then makes an entry in the grant store |
| * which generates a new alias of the form <alias>_KEYSTOREGRANT_<random_grant_no_>. This grant |
| * alias is returned to the caller which can pass the new alias to the grantee. For every grantee, |
| * the grant store keeps a set of grants, an entry of which holds the following information: |
| * - the owner of the key by uid, aka granter uid, |
| * - the original alias of the granted key, and |
| * - the random grant number. |
| * (See "grant_store.h:class Grant") |
| * |
| * What happens when a grant is used? |
| * |
| * Upon any keystore operation that expects an alias, the alias and the caller's uid are used |
| * to retrieve a key file. If that fails some operations try to retrieve a key file indirectly |
| * through a grant. These operations include: |
| * - attestKey |
| * - begin |
| * - exportKey |
| * - get |
| * - getKeyCharacteristics |
| * - del |
| * - exist |
| * - getmtime |
| * Operations that DO NOT follow the grant indirection are: |
| * - import |
| * - generate |
| * - grant |
| * - ungrant |
| * Especially, the latter two mean that neither can a grantee transitively grant a granted key |
| * to a third, nor can they relinquish access to the key or revoke access to the key by a third. |
| */ |
| |
| #endif // KEYSTORE_PERMISSIONS_H_ |