keystore/keystore_main.cpp - platform/system/security - Gitiles

 /*
  * Copyright (C) 2009 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 //#define LOG_NDEBUG 0
 #define LOG_TAG "keystore"

 #include <binder/IPCThreadState.h>
 #include <binder/IServiceManager.h>

 #include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h>

 #include <cutils/log.h>

 #include "entropy.h"
 #include "key_store_service.h"
 #include "keystore.h"
 #include "permissions.h"
 #include "legacy_keymaster_device_wrapper.h"

 /* KeyStore is a secured storage for key-value pairs. In this implementation,
  * each file stores one key-value pair. Keys are encoded in file names, and
  * values are encrypted with checksums. The encryption key is protected by a
  * user-defined password. To keep things simple, buffers are always larger than
  * the maximum space we needed, so boundary checks on buffers are omitted. */

 /**
  * TODO implement keystore daemon using binderized keymaster HAL.
  */

 int main(int argc, char* argv[]) {
     if (argc < 2) {
         ALOGE("A directory must be specified!");
         return 1;
     }
     if (chdir(argv[1]) == -1) {
         ALOGE("chdir: %s: %s", argv[1], strerror(errno));
         return 1;
     }

     Entropy entropy;
     if (!entropy.open()) {
         return 1;
     }

     auto dev = android::hardware::keymaster::V3_0::IKeymasterDevice::getService("keymaster");
     if (dev.get() == nullptr) {
         return -1;
     }
     auto fallback = android::keystore::makeSoftwareKeymasterDevice();
     if (dev.get() == nullptr) {
         return -1;
     }

     if (configure_selinux() == -1) {
         return -1;
     }

     KeyStore keyStore(&entropy, dev, fallback);
     keyStore.initialize();
     android::sp<android::IServiceManager> sm = android::defaultServiceManager();
     android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore);
     android::status_t ret = sm->addService(android::String16("android.security.keystore"), service);
     if (ret != android::OK) {
         ALOGE("Couldn't register binder service!");
         return -1;
     }

     /*
      * We're the only thread in existence, so we're just going to process
      * Binder transaction as a single-threaded program.
      */
     android::IPCThreadState::self()->joinThreadPool();
     return 1;
 }
	/*
	* Copyright (C) 2009 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	//#define LOG_NDEBUG 0
	#define LOG_TAG "keystore"

	#include <binder/IPCThreadState.h>
	#include <binder/IServiceManager.h>

	#include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h>

	#include <cutils/log.h>

	#include "entropy.h"
	#include "key_store_service.h"
	#include "keystore.h"
	#include "permissions.h"
	#include "legacy_keymaster_device_wrapper.h"

	/* KeyStore is a secured storage for key-value pairs. In this implementation,
	* each file stores one key-value pair. Keys are encoded in file names, and
	* values are encrypted with checksums. The encryption key is protected by a
	* user-defined password. To keep things simple, buffers are always larger than
	* the maximum space we needed, so boundary checks on buffers are omitted. */

	/**
	* TODO implement keystore daemon using binderized keymaster HAL.
	*/

	int main(int argc, char* argv[]) {
	if (argc < 2) {
	ALOGE("A directory must be specified!");
	return 1;
	}
	if (chdir(argv[1]) == -1) {
	ALOGE("chdir: %s: %s", argv[1], strerror(errno));
	return 1;
	}

	Entropy entropy;
	if (!entropy.open()) {
	return 1;
	}

	auto dev = android::hardware::keymaster::V3_0::IKeymasterDevice::getService("keymaster");
	if (dev.get() == nullptr) {
	return -1;
	}
	auto fallback = android::keystore::makeSoftwareKeymasterDevice();
	if (dev.get() == nullptr) {
	return -1;
	}

	if (configure_selinux() == -1) {
	return -1;
	}

	KeyStore keyStore(&entropy, dev, fallback);
	keyStore.initialize();
	android::sp<android::IServiceManager> sm = android::defaultServiceManager();
	android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore);
	android::status_t ret = sm->addService(android::String16("android.security.keystore"), service);
	if (ret != android::OK) {
	ALOGE("Couldn't register binder service!");
	return -1;
	}

	/*
	* We're the only thread in existence, so we're just going to process
	* Binder transaction as a single-threaded program.
	*/
	android::IPCThreadState::self()->joinThreadPool();
	return 1;
	}