keystore/keystore_main.cpp - platform/system/security - Gitiles

 /*
  * Copyright (C) 2009 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include <android-base/logging.h>
 #include <android/security/IKeystoreService.h>
 #include <android/system/wifi/keystore/1.0/IKeystore.h>
 #include <binder/IPCThreadState.h>
 #include <binder/IServiceManager.h>
 #include <hidl/HidlTransportSupport.h>
 #include <utils/StrongPointer.h>
 #include <wifikeystorehal/keystore.h>

 #include <keystore/keystore_hidl_support.h>
 #include <keystore/keystore_return_types.h>

 #include "KeyStore.h"
 #include "Keymaster3.h"
 #include "entropy.h"
 #include "key_store_service.h"
 #include "legacy_keymaster_device_wrapper.h"
 #include "permissions.h"

 /* KeyStore is a secured storage for key-value pairs. In this implementation,
  * each file stores one key-value pair. Keys are encoded in file names, and
  * values are encrypted with checksums. The encryption key is protected by a
  * user-defined password. To keep things simple, buffers are always larger than
  * the maximum space we needed, so boundary checks on buffers are omitted. */

 using ::android::sp;
 using ::android::hardware::configureRpcThreadpool;
 using ::android::system::wifi::keystore::V1_0::IKeystore;
 using ::android::system::wifi::keystore::V1_0::implementation::Keystore;

 using keystore::Keymaster;

 /**
  * TODO implement keystore daemon using binderized keymaster HAL.
  */

 int main(int argc, char* argv[]) {
     using android::hardware::hidl_string;
     CHECK(argc >= 2) << "A directory must be specified!";
     CHECK(chdir(argv[1]) != -1) << "chdir: " << argv[1] << ": " << strerror(errno);

     Entropy entropy;
     CHECK(entropy.open()) << "Failed to open entropy source.";

     auto hwdev = android::hardware::keymaster::V3_0::IKeymasterDevice::getService();
     CHECK(hwdev.get()) << "Failed to load @3.0::IKeymasterDevice";
     sp<Keymaster> dev = new keystore::Keymaster3(hwdev);

     auto fbdev = android::keystore::makeSoftwareKeymasterDevice();
     if (fbdev.get() == nullptr) return -1;
     sp<Keymaster> fallback = new keystore::Keymaster3(fbdev);

     CHECK(configure_selinux() != -1) << "Failed to configure SELinux.";

     auto halVersion = dev->halVersion();
     CHECK(halVersion.error == keystore::ErrorCode::OK)
         << "Error " << toString(halVersion.error) << " getting HAL version";

     // If the hardware is keymaster 2.0 or higher we will not allow the fallback device for import
     // or generation of keys. The fallback device is only used for legacy keys present on the
     // device.
     bool allowNewFallbackDevice = halVersion.majorVersion >= 2 && halVersion.isSecure;

     keystore::KeyStore keyStore(&entropy, dev, fallback, allowNewFallbackDevice);
     keyStore.initialize();
     android::sp<android::IServiceManager> sm = android::defaultServiceManager();
     android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore);
     android::status_t ret = sm->addService(android::String16("android.security.keystore"), service);
     CHECK(ret == android::OK) << "Couldn't register binder service!";

     /**
      * Register the wifi keystore HAL service to run in passthrough mode.
      * This will spawn off a new thread which will service the HIDL
      * transactions.
      */
     configureRpcThreadpool(1, false /* callerWillJoin */);
     android::sp<IKeystore> wifiKeystoreHalService = new Keystore();
     android::status_t err = wifiKeystoreHalService->registerAsService();
     CHECK(ret == android::OK) << "Cannot register wifi keystore HAL service: " << err;

     /*
      * This thread is just going to process Binder transactions.
      */
     android::IPCThreadState::self()->joinThreadPool();
     return 1;
 }
	/*
	* Copyright (C) 2009 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#include <android-base/logging.h>
	#include <android/security/IKeystoreService.h>
	#include <android/system/wifi/keystore/1.0/IKeystore.h>
	#include <binder/IPCThreadState.h>
	#include <binder/IServiceManager.h>
	#include <hidl/HidlTransportSupport.h>
	#include <utils/StrongPointer.h>
	#include <wifikeystorehal/keystore.h>

	#include <keystore/keystore_hidl_support.h>
	#include <keystore/keystore_return_types.h>

	#include "KeyStore.h"
	#include "Keymaster3.h"
	#include "entropy.h"
	#include "key_store_service.h"
	#include "legacy_keymaster_device_wrapper.h"
	#include "permissions.h"

	/* KeyStore is a secured storage for key-value pairs. In this implementation,
	* each file stores one key-value pair. Keys are encoded in file names, and
	* values are encrypted with checksums. The encryption key is protected by a
	* user-defined password. To keep things simple, buffers are always larger than
	* the maximum space we needed, so boundary checks on buffers are omitted. */

	using ::android::sp;
	using ::android::hardware::configureRpcThreadpool;
	using ::android::system::wifi::keystore::V1_0::IKeystore;
	using ::android::system::wifi::keystore::V1_0::implementation::Keystore;

	using keystore::Keymaster;

	/**
	* TODO implement keystore daemon using binderized keymaster HAL.
	*/

	int main(int argc, char* argv[]) {
	using android::hardware::hidl_string;
	CHECK(argc >= 2) << "A directory must be specified!";
	CHECK(chdir(argv[1]) != -1) << "chdir: " << argv[1] << ": " << strerror(errno);

	Entropy entropy;
	CHECK(entropy.open()) << "Failed to open entropy source.";

	auto hwdev = android::hardware::keymaster::V3_0::IKeymasterDevice::getService();
	CHECK(hwdev.get()) << "Failed to load @3.0::IKeymasterDevice";
	sp<Keymaster> dev = new keystore::Keymaster3(hwdev);

	auto fbdev = android::keystore::makeSoftwareKeymasterDevice();
	if (fbdev.get() == nullptr) return -1;
	sp<Keymaster> fallback = new keystore::Keymaster3(fbdev);

	CHECK(configure_selinux() != -1) << "Failed to configure SELinux.";

	auto halVersion = dev->halVersion();
	CHECK(halVersion.error == keystore::ErrorCode::OK)
	<< "Error " << toString(halVersion.error) << " getting HAL version";

	// If the hardware is keymaster 2.0 or higher we will not allow the fallback device for import
	// or generation of keys. The fallback device is only used for legacy keys present on the
	// device.
	bool allowNewFallbackDevice = halVersion.majorVersion >= 2 && halVersion.isSecure;

	keystore::KeyStore keyStore(&entropy, dev, fallback, allowNewFallbackDevice);
	keyStore.initialize();
	android::sp<android::IServiceManager> sm = android::defaultServiceManager();
	android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore);
	android::status_t ret = sm->addService(android::String16("android.security.keystore"), service);
	CHECK(ret == android::OK) << "Couldn't register binder service!";

	/**
	* Register the wifi keystore HAL service to run in passthrough mode.
	* This will spawn off a new thread which will service the HIDL
	* transactions.
	*/
	configureRpcThreadpool(1, false /* callerWillJoin */);
	android::sp<IKeystore> wifiKeystoreHalService = new Keystore();
	android::status_t err = wifiKeystoreHalService->registerAsService();
	CHECK(ret == android::OK) << "Cannot register wifi keystore HAL service: " << err;

	/*
	* This thread is just going to process Binder transactions.
	*/
	android::IPCThreadState::self()->joinThreadPool();
	return 1;
	}