Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #ifndef KEYSTORE_KEYSTORE_SERVICE_H_ |
| 18 | #define KEYSTORE_KEYSTORE_SERVICE_H_ |
| 19 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 20 | #include <android/security/BnKeystoreService.h> |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 21 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 22 | #include "auth_token_table.h" |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 23 | #include "confirmation_manager.h" |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 24 | |
Shawn Willden | fa5702f | 2017-12-03 15:14:58 -0700 | [diff] [blame] | 25 | #include "KeyStore.h" |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 26 | #include "keystore_keymaster_enforcement.h" |
| 27 | #include "operation.h" |
| 28 | #include "permissions.h" |
| 29 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 30 | namespace keystore { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 31 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 32 | // Class provides implementation for generated BnKeystoreService.h based on |
| 33 | // gen/aidl/android/security/BnKeystoreService.h generated from |
| 34 | // java/android/security/IKeystoreService.aidl Note that all generated methods return binder::Status |
| 35 | // and use last arguments to send actual result to the caller. Private methods don't need to handle |
| 36 | // binder::Status. Input parameters cannot be null unless annotated with @nullable in .aidl file. |
| 37 | class KeyStoreService : public android::security::BnKeystoreService, |
| 38 | android::IBinder::DeathRecipient { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 39 | public: |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 40 | explicit KeyStoreService(KeyStore* keyStore) |
| 41 | : mKeyStore(keyStore), mOperationMap(this), |
Brian C. Young | 78daac2 | 2018-03-31 15:02:34 -0700 | [diff] [blame] | 42 | mConfirmationManager(new ConfirmationManager(this)), mActiveUserId(0) {} |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 43 | virtual ~KeyStoreService() = default; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 44 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 45 | void binderDied(const android::wp<android::IBinder>& who); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 46 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 47 | ::android::binder::Status getState(int32_t userId, int32_t* _aidl_return) override; |
| 48 | ::android::binder::Status get(const ::android::String16& name, int32_t uid, |
| 49 | ::std::vector<uint8_t>* _aidl_return) override; |
| 50 | ::android::binder::Status insert(const ::android::String16& name, |
| 51 | const ::std::vector<uint8_t>& item, int32_t uid, int32_t flags, |
| 52 | int32_t* _aidl_return) override; |
| 53 | ::android::binder::Status del(const ::android::String16& name, int32_t uid, |
| 54 | int32_t* _aidl_return) override; |
| 55 | ::android::binder::Status exist(const ::android::String16& name, int32_t uid, |
| 56 | int32_t* _aidl_return) override; |
| 57 | ::android::binder::Status list(const ::android::String16& namePrefix, int32_t uid, |
| 58 | ::std::vector<::android::String16>* _aidl_return) override; |
| 59 | ::android::binder::Status reset(int32_t* _aidl_return) override; |
| 60 | ::android::binder::Status onUserPasswordChanged(int32_t userId, |
| 61 | const ::android::String16& newPassword, |
| 62 | int32_t* _aidl_return) override; |
| 63 | ::android::binder::Status lock(int32_t userId, int32_t* _aidl_return) override; |
| 64 | ::android::binder::Status unlock(int32_t userId, const ::android::String16& userPassword, |
| 65 | int32_t* _aidl_return) override; |
| 66 | ::android::binder::Status isEmpty(int32_t userId, int32_t* _aidl_return) override; |
| 67 | ::android::binder::Status generate(const ::android::String16& name, int32_t uid, |
| 68 | int32_t keyType, int32_t keySize, int32_t flags, |
| 69 | const ::android::security::KeystoreArguments& args, |
| 70 | int32_t* _aidl_return) override; |
| 71 | ::android::binder::Status import_key(const ::android::String16& name, |
| 72 | const ::std::vector<uint8_t>& data, int32_t uid, |
| 73 | int32_t flags, int32_t* _aidl_return) override; |
| 74 | ::android::binder::Status sign(const ::android::String16& name, |
| 75 | const ::std::vector<uint8_t>& data, |
| 76 | ::std::vector<uint8_t>* _aidl_return) override; |
| 77 | ::android::binder::Status verify(const ::android::String16& name, |
| 78 | const ::std::vector<uint8_t>& data, |
| 79 | const ::std::vector<uint8_t>& signature, |
| 80 | int32_t* _aidl_return) override; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 81 | /* |
| 82 | * TODO: The abstraction between things stored in hardware and regular blobs |
| 83 | * of data stored on the filesystem should be moved down to keystore itself. |
| 84 | * Unfortunately the Java code that calls this has naming conventions that it |
| 85 | * knows about. Ideally keystore shouldn't be used to store random blobs of |
| 86 | * data. |
| 87 | * |
| 88 | * Until that happens, it's necessary to have a separate "get_pubkey" and |
| 89 | * "del_key" since the Java code doesn't really communicate what it's |
| 90 | * intentions are. |
| 91 | */ |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 92 | ::android::binder::Status get_pubkey(const ::android::String16& name, |
| 93 | ::std::vector<uint8_t>* _aidl_return) override; |
| 94 | ::android::binder::Status grant(const ::android::String16& name, int32_t granteeUid, |
| 95 | ::android::String16* _aidl_return) override; |
| 96 | ::android::binder::Status ungrant(const ::android::String16& name, int32_t granteeUid, |
| 97 | int32_t* _aidl_return) override; |
| 98 | ::android::binder::Status getmtime(const ::android::String16& name, int32_t uid, |
| 99 | int64_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 100 | ::android::binder::Status is_hardware_backed(const ::android::String16& string, |
| 101 | int32_t* _aidl_return) override; |
| 102 | ::android::binder::Status clear_uid(int64_t uid, int32_t* _aidl_return) override; |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 103 | ::android::binder::Status addRngEntropy(const ::std::vector<uint8_t>& data, int32_t flags, |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 104 | int32_t* _aidl_return) override; |
| 105 | ::android::binder::Status |
| 106 | generateKey(const ::android::String16& alias, |
| 107 | const ::android::security::keymaster::KeymasterArguments& arguments, |
| 108 | const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t flags, |
| 109 | ::android::security::keymaster::KeyCharacteristics* characteristics, |
| 110 | int32_t* _aidl_return) override; |
| 111 | ::android::binder::Status |
| 112 | getKeyCharacteristics(const ::android::String16& alias, |
| 113 | const ::android::security::keymaster::KeymasterBlob& clientId, |
| 114 | const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid, |
| 115 | ::android::security::keymaster::KeyCharacteristics* characteristics, |
| 116 | int32_t* _aidl_return) override; |
| 117 | ::android::binder::Status |
| 118 | importKey(const ::android::String16& alias, |
| 119 | const ::android::security::keymaster::KeymasterArguments& arguments, int32_t format, |
| 120 | const ::std::vector<uint8_t>& keyData, int32_t uid, int32_t flags, |
| 121 | ::android::security::keymaster::KeyCharacteristics* characteristics, |
| 122 | int32_t* _aidl_return) override; |
| 123 | ::android::binder::Status |
| 124 | exportKey(const ::android::String16& alias, int32_t format, |
| 125 | const ::android::security::keymaster::KeymasterBlob& clientId, |
| 126 | const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid, |
| 127 | ::android::security::keymaster::ExportResult* _aidl_return) override; |
| 128 | ::android::binder::Status |
| 129 | begin(const ::android::sp<::android::IBinder>& appToken, const ::android::String16& alias, |
| 130 | int32_t purpose, bool pruneable, |
| 131 | const ::android::security::keymaster::KeymasterArguments& params, |
| 132 | const ::std::vector<uint8_t>& entropy, int32_t uid, |
| 133 | ::android::security::keymaster::OperationResult* _aidl_return) override; |
| 134 | ::android::binder::Status |
| 135 | update(const ::android::sp<::android::IBinder>& token, |
| 136 | const ::android::security::keymaster::KeymasterArguments& params, |
| 137 | const ::std::vector<uint8_t>& input, |
| 138 | ::android::security::keymaster::OperationResult* _aidl_return) override; |
| 139 | ::android::binder::Status |
| 140 | finish(const ::android::sp<::android::IBinder>& token, |
| 141 | const ::android::security::keymaster::KeymasterArguments& params, |
| 142 | const ::std::vector<uint8_t>& signature, const ::std::vector<uint8_t>& entropy, |
| 143 | ::android::security::keymaster::OperationResult* _aidl_return) override; |
| 144 | ::android::binder::Status abort(const ::android::sp<::android::IBinder>& handle, |
| 145 | int32_t* _aidl_return) override; |
| 146 | ::android::binder::Status isOperationAuthorized(const ::android::sp<::android::IBinder>& token, |
| 147 | bool* _aidl_return) override; |
Brian Young | ccb492d | 2018-02-22 23:36:01 +0000 | [diff] [blame] | 148 | ::android::binder::Status addAuthToken(const ::std::vector<uint8_t>& authToken, |
Brian Young | 1b75929 | 2018-01-29 23:57:29 +0000 | [diff] [blame] | 149 | int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 150 | ::android::binder::Status onUserAdded(int32_t userId, int32_t parentId, |
| 151 | int32_t* _aidl_return) override; |
| 152 | ::android::binder::Status onUserRemoved(int32_t userId, int32_t* _aidl_return) override; |
| 153 | ::android::binder::Status |
| 154 | attestKey(const ::android::String16& alias, |
| 155 | const ::android::security::keymaster::KeymasterArguments& params, |
| 156 | ::android::security::keymaster::KeymasterCertificateChain* chain, |
| 157 | int32_t* _aidl_return) override; |
| 158 | ::android::binder::Status |
| 159 | attestDeviceIds(const ::android::security::keymaster::KeymasterArguments& params, |
| 160 | ::android::security::keymaster::KeymasterCertificateChain* chain, |
| 161 | int32_t* _aidl_return) override; |
| 162 | ::android::binder::Status onDeviceOffBody(int32_t* _aidl_return) override; |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 163 | |
Janis Danisevskis | cb9267d | 2017-12-19 16:27:52 -0800 | [diff] [blame] | 164 | ::android::binder::Status importWrappedKey( |
| 165 | const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey, |
| 166 | const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey, |
| 167 | const ::android::security::keymaster::KeymasterArguments& params, int64_t rootSid, |
| 168 | int64_t fingerprintSid, ::android::security::keymaster::KeyCharacteristics* characteristics, |
| 169 | int32_t* _aidl_return) override; |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 170 | |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 171 | ::android::binder::Status presentConfirmationPrompt( |
| 172 | const ::android::sp<::android::IBinder>& listener, const ::android::String16& promptText, |
| 173 | const ::std::vector<uint8_t>& extraData, const ::android::String16& locale, |
| 174 | int32_t uiOptionsAsFlags, int32_t* _aidl_return) override; |
| 175 | ::android::binder::Status |
| 176 | cancelConfirmationPrompt(const ::android::sp<::android::IBinder>& listener, |
| 177 | int32_t* _aidl_return) override; |
David Zeuthen | 1a49231 | 2018-02-26 11:00:30 -0500 | [diff] [blame] | 178 | ::android::binder::Status isConfirmationPromptSupported(bool* _aidl_return) override; |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 179 | |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 180 | ::android::binder::Status onKeyguardVisibilityChanged(bool isShowing, int32_t userId, |
| 181 | int32_t* _aidl_return); |
| 182 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 183 | private: |
| 184 | static const int32_t UID_SELF = -1; |
| 185 | |
| 186 | /** |
| 187 | * Prune the oldest pruneable operation. |
| 188 | */ |
| 189 | bool pruneOperation(); |
| 190 | |
| 191 | /** |
| 192 | * Get the effective target uid for a binder operation that takes an |
| 193 | * optional uid as the target. |
| 194 | */ |
| 195 | uid_t getEffectiveUid(int32_t targetUid); |
| 196 | |
| 197 | /** |
| 198 | * Check if the caller of the current binder method has the required |
| 199 | * permission and if acting on other uids the grants to do so. |
| 200 | */ |
| 201 | bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF); |
| 202 | |
| 203 | /** |
| 204 | * Check if the caller of the current binder method has the required |
| 205 | * permission and the target uid is the caller or the caller is system. |
| 206 | */ |
| 207 | bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid); |
| 208 | |
| 209 | /** |
| 210 | * Check if the caller of the current binder method has the required |
| 211 | * permission or the target of the operation is the caller's uid. This is |
| 212 | * for operation where the permission is only for cross-uid activity and all |
| 213 | * uids are allowed to act on their own (ie: clearing all entries for a |
| 214 | * given uid). |
| 215 | */ |
| 216 | bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid); |
| 217 | |
| 218 | /** |
| 219 | * Helper method to check that the caller has the required permission as |
| 220 | * well as the keystore is in the unlocked state if checkUnlocked is true. |
| 221 | * |
| 222 | * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and |
| 223 | * otherwise the state of keystore when not unlocked and checkUnlocked is |
| 224 | * true. |
| 225 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 226 | KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission, |
| 227 | int32_t targetUid = -1, |
| 228 | bool checkUnlocked = true); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 229 | |
| 230 | bool isKeystoreUnlocked(State state); |
| 231 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 232 | /** |
| 233 | * Check that all keymaster_key_param_t's provided by the application are |
| 234 | * allowed. Any parameter that keystore adds itself should be disallowed here. |
| 235 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 236 | bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 237 | |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 238 | ErrorCode getOperationCharacteristics(const hidl_vec<uint8_t>& key, sp<Keymaster>* dev, |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 239 | const AuthorizationSet& params, KeyCharacteristics* out); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 240 | |
| 241 | /** |
| 242 | * Get the auth token for this operation from the auth token table. |
| 243 | * |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 244 | * Returns NO_ERROR if the auth token was found or none was required. If not needed, the |
| 245 | * token will be empty (which keymaster interprets as no auth token). |
| 246 | * OP_AUTH_NEEDED if it is a per op authorization, no authorization token exists for |
| 247 | * that operation and failOnTokenMissing is false. |
| 248 | * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth token for the operation |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 249 | */ |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 250 | std::pair<KeyStoreServiceReturnCode, HardwareAuthToken> |
| 251 | getAuthToken(const KeyCharacteristics& characteristics, uint64_t handle, KeyPurpose purpose, |
| 252 | bool failOnTokenMissing = true); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 253 | |
| 254 | /** |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 255 | * Get the auth token for the operation if the operation requires authorization. Uses the cached |
| 256 | * result in the OperationMap if available otherwise gets the token from the AuthTokenTable and |
| 257 | * caches the result. |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 258 | * |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 259 | * Returns NO_ERROR if the auth token was found or not needed. If not needed, the token will |
| 260 | * be empty (which keymaster interprets as no auth token). |
| 261 | * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not authenticated. |
| 262 | * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid operation token. |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 263 | */ |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 264 | std::pair<KeyStoreServiceReturnCode, const HardwareAuthToken&> |
| 265 | getOperationAuthTokenIfNeeded(const sp<android::IBinder>& token); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 266 | |
| 267 | /** |
| 268 | * Translate a result value to a legacy return value. All keystore errors are |
| 269 | * preserved and keymaster errors become SYSTEM_ERRORs |
| 270 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 271 | KeyStoreServiceReturnCode translateResultToLegacyResult(int32_t result); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 272 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 273 | void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 274 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 275 | KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name, |
| 276 | const hidl_vec<uint8_t>& data, |
| 277 | hidl_vec<uint8_t>* out, |
| 278 | const hidl_vec<uint8_t>& signature, |
| 279 | KeyPurpose purpose); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 280 | |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 281 | /** |
| 282 | * Upgrade a key blob under alias "name", returning the new blob in "blob". If "blob" |
| 283 | * previously contained data, it will be overwritten. |
| 284 | * |
| 285 | * Returns ::NO_ERROR if the key was upgraded successfully. |
| 286 | * KM_ERROR_VERSION_MISMATCH if called on a key whose patch level is greater than or |
| 287 | * equal to the current system patch level. |
| 288 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 289 | KeyStoreServiceReturnCode upgradeKeyBlob(const android::String16& name, uid_t targetUid, |
| 290 | const AuthorizationSet& params, Blob* blob); |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 291 | |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 292 | /** |
| 293 | * Adds a Confirmation Token to the key parameters if needed. |
| 294 | */ |
| 295 | void appendConfirmationTokenIfNeeded(const KeyCharacteristics& keyCharacteristics, |
| 296 | std::vector<KeyParameter>* params); |
| 297 | |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 298 | KeyStore* mKeyStore; |
Janis Danisevskis | 12370c8 | 2019-03-25 10:26:30 -0700 | [diff] [blame^] | 299 | |
| 300 | /** |
| 301 | * This mutex locks keystore operations from concurrent execution. |
| 302 | * The keystore service has always been conceptually single threaded. Even with the introduction |
| 303 | * of keymaster workers, it was assumed that the dispatcher thread executes exclusively on |
| 304 | * certain code paths. With the introduction of wifi Keystore service in the keystore process |
| 305 | * this assumption no longer holds as the hwbinder thread servicing this interface makes |
| 306 | * functions (rather than IPC) calls into keystore. This mutex protects the keystore logic |
| 307 | * from concurrent execution. |
| 308 | */ |
| 309 | std::recursive_mutex keystoreServiceMutex_; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 310 | OperationMap mOperationMap; |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 311 | android::sp<ConfirmationManager> mConfirmationManager; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 312 | keystore::AuthTokenTable mAuthTokenTable; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 313 | KeystoreKeymasterEnforcement enforcement_policy; |
Brian C. Young | 78daac2 | 2018-03-31 15:02:34 -0700 | [diff] [blame] | 314 | int32_t mActiveUserId; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 315 | }; |
| 316 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 317 | }; // namespace keystore |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 318 | |
| 319 | #endif // KEYSTORE_KEYSTORE_SERVICE_H_ |