| /* |
| * Copyright (C) 2009 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| //#define LOG_NDEBUG 0 |
| #define LOG_TAG "keystore" |
| |
| #include <binder/IPCThreadState.h> |
| #include <binder/IServiceManager.h> |
| |
| #include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h> |
| |
| #include <cutils/log.h> |
| |
| #include "entropy.h" |
| #include "key_store_service.h" |
| #include "keystore.h" |
| #include "permissions.h" |
| #include "legacy_keymaster_device_wrapper.h" |
| |
| /* KeyStore is a secured storage for key-value pairs. In this implementation, |
| * each file stores one key-value pair. Keys are encoded in file names, and |
| * values are encrypted with checksums. The encryption key is protected by a |
| * user-defined password. To keep things simple, buffers are always larger than |
| * the maximum space we needed, so boundary checks on buffers are omitted. */ |
| |
| /** |
| * TODO implement keystore daemon using binderized keymaster HAL. |
| */ |
| |
| int main(int argc, char* argv[]) { |
| if (argc < 2) { |
| ALOGE("A directory must be specified!"); |
| return 1; |
| } |
| if (chdir(argv[1]) == -1) { |
| ALOGE("chdir: %s: %s", argv[1], strerror(errno)); |
| return 1; |
| } |
| |
| Entropy entropy; |
| if (!entropy.open()) { |
| return 1; |
| } |
| |
| auto dev = android::hardware::keymaster::V3_0::IKeymasterDevice::getService("keymaster"); |
| if (dev.get() == nullptr) { |
| return -1; |
| } |
| auto fallback = android::keystore::makeSoftwareKeymasterDevice(); |
| if (dev.get() == nullptr) { |
| return -1; |
| } |
| |
| if (configure_selinux() == -1) { |
| return -1; |
| } |
| |
| KeyStore keyStore(&entropy, dev, fallback); |
| keyStore.initialize(); |
| android::sp<android::IServiceManager> sm = android::defaultServiceManager(); |
| android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore); |
| android::status_t ret = sm->addService(android::String16("android.security.keystore"), service); |
| if (ret != android::OK) { |
| ALOGE("Couldn't register binder service!"); |
| return -1; |
| } |
| |
| /* |
| * We're the only thread in existence, so we're just going to process |
| * Binder transaction as a single-threaded program. |
| */ |
| android::IPCThreadState::self()->joinThreadPool(); |
| return 1; |
| } |