Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / eb7f79b8325eb5d7abf973d40a44dfde25585abd / . / keystore / key_store_service.h
blob: 5a3586f1e153a1af61e5fc4feea6f70ac6130b43 [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYSTORE_SERVICE_H_
18#define KEYSTORE_KEYSTORE_SERVICE_H_
19
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]20#include <android/security/keystore/BnKeystoreService.h>
Shawn Willden98c59162016-03-20 09:10:18 -0600[diff] [blame]21
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]22#include "auth_token_table.h"
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]23#include "confirmation_manager.h"
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]24
Shawn Willdenfa5702f2017-12-03 15:14:58 -0700[diff] [blame]25#include "KeyStore.h"
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]26#include "keystore_keymaster_enforcement.h"
27#include "operation.h"
28#include "permissions.h"
29
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]30#include <keystore/ExportResult.h>
31#include <keystore/KeyCharacteristics.h>
32#include <keystore/KeymasterArguments.h>
33#include <keystore/KeymasterBlob.h>
34#include <keystore/KeymasterCertificateChain.h>
35#include <keystore/OperationResult.h>
36#include <keystore/keystore_return_types.h>
37
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]38namespace keystore {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]39
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]40// Class provides implementation for generated BnKeystoreService.h based on
41// gen/aidl/android/security/BnKeystoreService.h generated from
42// java/android/security/IKeystoreService.aidl Note that all generated methods return binder::Status
43// and use last arguments to send actual result to the caller. Private methods don't need to handle
44// binder::Status. Input parameters cannot be null unless annotated with @nullable in .aidl file.
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]45class KeyStoreService : public android::security::keystore::BnKeystoreService {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]46 public:
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]47 explicit KeyStoreService(sp<KeyStore> keyStore) : mKeyStore(keyStore) {}
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]48 virtual ~KeyStoreService() = default;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]49
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]50 void binderDied(const android::wp<android::IBinder>& who);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]51
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]52 ::android::binder::Status getState(int32_t userId, int32_t* _aidl_return) override;
53 ::android::binder::Status get(const ::android::String16& name, int32_t uid,
54 ::std::vector<uint8_t>* _aidl_return) override;
55 ::android::binder::Status insert(const ::android::String16& name,
56 const ::std::vector<uint8_t>& item, int32_t uid, int32_t flags,
57 int32_t* _aidl_return) override;
58 ::android::binder::Status del(const ::android::String16& name, int32_t uid,
59 int32_t* _aidl_return) override;
60 ::android::binder::Status exist(const ::android::String16& name, int32_t uid,
61 int32_t* _aidl_return) override;
62 ::android::binder::Status list(const ::android::String16& namePrefix, int32_t uid,
63 ::std::vector<::android::String16>* _aidl_return) override;
Rob Barneseb7f79b2018-11-08 15:44:10 -0700[diff] [blame^]64 ::android::binder::Status listUidsOfAuthBoundKeys(::std::vector<int32_t>* uids,
65 int32_t* _aidl_return) override;
66
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]67 ::android::binder::Status reset(int32_t* _aidl_return) override;
68 ::android::binder::Status onUserPasswordChanged(int32_t userId,
69 const ::android::String16& newPassword,
70 int32_t* _aidl_return) override;
71 ::android::binder::Status lock(int32_t userId, int32_t* _aidl_return) override;
72 ::android::binder::Status unlock(int32_t userId, const ::android::String16& userPassword,
73 int32_t* _aidl_return) override;
74 ::android::binder::Status isEmpty(int32_t userId, int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]75 ::android::binder::Status grant(const ::android::String16& name, int32_t granteeUid,
76 ::android::String16* _aidl_return) override;
77 ::android::binder::Status ungrant(const ::android::String16& name, int32_t granteeUid,
78 int32_t* _aidl_return) override;
79 ::android::binder::Status getmtime(const ::android::String16& name, int32_t uid,
80 int64_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]81 ::android::binder::Status is_hardware_backed(const ::android::String16& string,
82 int32_t* _aidl_return) override;
83 ::android::binder::Status clear_uid(int64_t uid, int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]84 ::android::binder::Status
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]85 addRngEntropy(const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb,
86 const ::std::vector<uint8_t>& data, int32_t flags,
87 int32_t* _aidl_return) override;
88 ::android::binder::Status generateKey(
89 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
90 const ::android::String16& alias,
91 const ::android::security::keymaster::KeymasterArguments& arguments,
92 const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t flags,
93 int32_t* _aidl_return) override;
94 ::android::binder::Status getKeyCharacteristics(
95 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
96 const ::android::String16& alias,
97 const ::android::security::keymaster::KeymasterBlob& clientId,
98 const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid,
99 int32_t* _aidl_return) override;
100 ::android::binder::Status importKey(
101 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
102 const ::android::String16& alias,
103 const ::android::security::keymaster::KeymasterArguments& arguments, int32_t format,
104 const ::std::vector<uint8_t>& keyData, int32_t uid, int32_t flags,
105 int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]106 ::android::binder::Status
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]107 exportKey(const ::android::sp<::android::security::keystore::IKeystoreExportKeyCallback>& cb,
108 const ::android::String16& alias, int32_t format,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]109 const ::android::security::keymaster::KeymasterBlob& clientId,
110 const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]111 int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]112 ::android::binder::Status
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]113 begin(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb,
114 const ::android::sp<::android::IBinder>& appToken, const ::android::String16& alias,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]115 int32_t purpose, bool pruneable,
116 const ::android::security::keymaster::KeymasterArguments& params,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]117 const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]118 ::android::binder::Status
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]119 update(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb,
120 const ::android::sp<::android::IBinder>& token,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]121 const ::android::security::keymaster::KeymasterArguments& params,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]122 const ::std::vector<uint8_t>& input, int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]123 ::android::binder::Status
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]124 finish(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb,
125 const ::android::sp<::android::IBinder>& token,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]126 const ::android::security::keymaster::KeymasterArguments& params,
127 const ::std::vector<uint8_t>& signature, const ::std::vector<uint8_t>& entropy,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]128 int32_t* _aidl_return) override;
129 ::android::binder::Status
130 abort(const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb,
131 const ::android::sp<::android::IBinder>& token, int32_t* _aidl_return) override;
Brian Youngccb492d2018-02-22 23:36:01 +0000[diff] [blame]132 ::android::binder::Status addAuthToken(const ::std::vector<uint8_t>& authToken,
Brian Young1b759292018-01-29 23:57:29 +0000[diff] [blame]133 int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]134 ::android::binder::Status onUserAdded(int32_t userId, int32_t parentId,
135 int32_t* _aidl_return) override;
136 ::android::binder::Status onUserRemoved(int32_t userId, int32_t* _aidl_return) override;
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]137 ::android::binder::Status attestKey(
138 const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb,
139 const ::android::String16& alias,
140 const ::android::security::keymaster::KeymasterArguments& params,
141 int32_t* _aidl_return) override;
142 ::android::binder::Status attestDeviceIds(
143 const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb,
144 const ::android::security::keymaster::KeymasterArguments& params,
145 int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]146 ::android::binder::Status onDeviceOffBody(int32_t* _aidl_return) override;
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]147
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]148 ::android::binder::Status importWrappedKey(
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]149 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]150 const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey,
151 const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey,
152 const ::android::security::keymaster::KeymasterArguments& params, int64_t rootSid,
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]153 int64_t fingerprintSid, int32_t* _aidl_return) override;
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]154
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]155 ::android::binder::Status presentConfirmationPrompt(
156 const ::android::sp<::android::IBinder>& listener, const ::android::String16& promptText,
157 const ::std::vector<uint8_t>& extraData, const ::android::String16& locale,
158 int32_t uiOptionsAsFlags, int32_t* _aidl_return) override;
159 ::android::binder::Status
160 cancelConfirmationPrompt(const ::android::sp<::android::IBinder>& listener,
161 int32_t* _aidl_return) override;
David Zeuthen1a492312018-02-26 11:00:30 -0500[diff] [blame]162 ::android::binder::Status isConfirmationPromptSupported(bool* _aidl_return) override;
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]163
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]164 ::android::binder::Status onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]165 int32_t* _aidl_return) override;
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]166
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]167 private:
168 static const int32_t UID_SELF = -1;
169
170 /**
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]171 * Get the effective target uid for a binder operation that takes an
172 * optional uid as the target.
173 */
174 uid_t getEffectiveUid(int32_t targetUid);
175
176 /**
177 * Check if the caller of the current binder method has the required
178 * permission and if acting on other uids the grants to do so.
179 */
180 bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF);
181
182 /**
183 * Check if the caller of the current binder method has the required
184 * permission and the target uid is the caller or the caller is system.
185 */
186 bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid);
187
188 /**
189 * Check if the caller of the current binder method has the required
190 * permission or the target of the operation is the caller's uid. This is
191 * for operation where the permission is only for cross-uid activity and all
192 * uids are allowed to act on their own (ie: clearing all entries for a
193 * given uid).
194 */
195 bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid);
196
197 /**
198 * Helper method to check that the caller has the required permission as
199 * well as the keystore is in the unlocked state if checkUnlocked is true.
200 *
201 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
202 * otherwise the state of keystore when not unlocked and checkUnlocked is
203 * true.
204 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]205 KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission,
206 int32_t targetUid = -1,
207 bool checkUnlocked = true);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]208
209 bool isKeystoreUnlocked(State state);
210
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]211 /**
212 * Check that all keymaster_key_param_t's provided by the application are
213 * allowed. Any parameter that keystore adds itself should be disallowed here.
214 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]215 bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]216
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]217 void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]218
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]219 KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name,
220 const hidl_vec<uint8_t>& data,
221 hidl_vec<uint8_t>* out,
222 const hidl_vec<uint8_t>& signature,
223 KeyPurpose purpose);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]224
Shawn Willden98c59162016-03-20 09:10:18 -0600[diff] [blame]225 /**
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]226 * Adds a Confirmation Token to the key parameters if needed.
227 */
228 void appendConfirmationTokenIfNeeded(const KeyCharacteristics& keyCharacteristics,
229 std::vector<KeyParameter>* params);
230
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]231 sp<KeyStore> mKeyStore;
232
233 std::mutex operationDeviceMapMutex_;
234 std::map<sp<IBinder>, std::shared_ptr<KeymasterWorker>> operationDeviceMap_;
235
236 void addOperationDevice(sp<IBinder> token, std::shared_ptr<KeymasterWorker> dev) {
237 std::lock_guard<std::mutex> lock(operationDeviceMapMutex_);
238 operationDeviceMap_.emplace(std::move(token), std::move(dev));
239 }
240 std::shared_ptr<KeymasterWorker> getOperationDevice(const sp<IBinder>& token) {
241 std::lock_guard<std::mutex> lock(operationDeviceMapMutex_);
242 auto it = operationDeviceMap_.find(token);
243 if (it != operationDeviceMap_.end()) {
244 return it->second;
245 }
246 return {};
247 }
248 void removeOperationDevice(const sp<IBinder>& token) {
249 std::lock_guard<std::mutex> lock(operationDeviceMapMutex_);
250 operationDeviceMap_.erase(token);
251 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]252};
253
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]254}; // namespace keystore
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]255
256#endif // KEYSTORE_KEYSTORE_SERVICE_H_