1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef KEYSTORE_KEYSTORE_SERVICE_H_ 18 #define KEYSTORE_KEYSTORE_SERVICE_H_ 19 20 #include <android/security/keystore/BnKeystoreService.h> 21 22 #include "auth_token_table.h" 23 #include "confirmation_manager.h" 24 25 #include "KeyStore.h" 26 #include "keystore_keymaster_enforcement.h" 27 #include "operation.h" 28 #include "permissions.h" 29 30 #include <keystore/ExportResult.h> 31 #include <keystore/KeyCharacteristics.h> 32 #include <keystore/KeymasterArguments.h> 33 #include <keystore/KeymasterBlob.h> 34 #include <keystore/KeymasterCertificateChain.h> 35 #include <keystore/OperationResult.h> 36 #include <keystore/keystore_return_types.h> 37 38 #include <mutex> 39 40 namespace keystore { 41 42 // Class provides implementation for generated BnKeystoreService.h based on 43 // gen/aidl/android/security/BnKeystoreService.h generated from 44 // java/android/security/IKeystoreService.aidl Note that all generated methods return binder::Status 45 // and use last arguments to send actual result to the caller. Private methods don't need to handle 46 // binder::Status. Input parameters cannot be null unless annotated with @nullable in .aidl file. 47 class KeyStoreService : public android::security::keystore::BnKeystoreService { 48 public: KeyStoreService(sp<KeyStore> keyStore)49 explicit KeyStoreService(sp<KeyStore> keyStore) : mKeyStore(keyStore) {} 50 virtual ~KeyStoreService() = default; 51 52 void binderDied(const android::wp<android::IBinder>& who); 53 54 ::android::binder::Status getState(int32_t userId, int32_t* _aidl_return) override; 55 ::android::binder::Status get(const ::android::String16& name, int32_t uid, 56 ::std::vector<uint8_t>* _aidl_return) override; 57 ::android::binder::Status insert(const ::android::String16& name, 58 const ::std::vector<uint8_t>& item, int32_t uid, int32_t flags, 59 int32_t* _aidl_return) override; 60 ::android::binder::Status del(const ::android::String16& name, int32_t uid, 61 int32_t* _aidl_return) override; 62 ::android::binder::Status exist(const ::android::String16& name, int32_t uid, 63 int32_t* _aidl_return) override; 64 ::android::binder::Status list(const ::android::String16& namePrefix, int32_t uid, 65 ::std::vector<::android::String16>* _aidl_return) override; 66 ::android::binder::Status listUidsOfAuthBoundKeys(std::vector<::std::string>* uids, 67 int32_t* _aidl_return) override; 68 69 ::android::binder::Status onUserPasswordChanged(int32_t userId, 70 const ::android::String16& newPassword, 71 int32_t* _aidl_return) override; 72 ::android::binder::Status lock(int32_t userId, int32_t* _aidl_return) override; 73 ::android::binder::Status unlock(int32_t userId, const ::android::String16& userPassword, 74 int32_t* _aidl_return) override; 75 ::android::binder::Status isEmpty(int32_t userId, int32_t* _aidl_return) override; 76 ::android::binder::Status grant(const ::android::String16& name, int32_t granteeUid, 77 ::android::String16* _aidl_return) override; 78 ::android::binder::Status ungrant(const ::android::String16& name, int32_t granteeUid, 79 int32_t* _aidl_return) override; 80 ::android::binder::Status getmtime(const ::android::String16& name, int32_t uid, 81 int64_t* _aidl_return) override; 82 ::android::binder::Status is_hardware_backed(const ::android::String16& string, 83 int32_t* _aidl_return) override; 84 ::android::binder::Status clear_uid(int64_t uid, int32_t* _aidl_return) override; 85 ::android::binder::Status 86 addRngEntropy(const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb, 87 const ::std::vector<uint8_t>& data, int32_t flags, 88 int32_t* _aidl_return) override; 89 ::android::binder::Status generateKey( 90 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb, 91 const ::android::String16& alias, 92 const ::android::security::keymaster::KeymasterArguments& arguments, 93 const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t flags, 94 int32_t* _aidl_return) override; 95 ::android::binder::Status getKeyCharacteristics( 96 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb, 97 const ::android::String16& alias, 98 const ::android::security::keymaster::KeymasterBlob& clientId, 99 const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid, 100 int32_t* _aidl_return) override; 101 ::android::binder::Status importKey( 102 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb, 103 const ::android::String16& alias, 104 const ::android::security::keymaster::KeymasterArguments& arguments, int32_t format, 105 const ::std::vector<uint8_t>& keyData, int32_t uid, int32_t flags, 106 int32_t* _aidl_return) override; 107 ::android::binder::Status 108 exportKey(const ::android::sp<::android::security::keystore::IKeystoreExportKeyCallback>& cb, 109 const ::android::String16& alias, int32_t format, 110 const ::android::security::keymaster::KeymasterBlob& clientId, 111 const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid, 112 int32_t* _aidl_return) override; 113 ::android::binder::Status 114 begin(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb, 115 const ::android::sp<::android::IBinder>& appToken, const ::android::String16& alias, 116 int32_t purpose, bool pruneable, 117 const ::android::security::keymaster::KeymasterArguments& params, 118 const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t* _aidl_return) override; 119 ::android::binder::Status 120 update(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb, 121 const ::android::sp<::android::IBinder>& token, 122 const ::android::security::keymaster::KeymasterArguments& params, 123 const ::std::vector<uint8_t>& input, int32_t* _aidl_return) override; 124 ::android::binder::Status 125 finish(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb, 126 const ::android::sp<::android::IBinder>& token, 127 const ::android::security::keymaster::KeymasterArguments& params, 128 const ::std::vector<uint8_t>& input, const ::std::vector<uint8_t>& signature, 129 const ::std::vector<uint8_t>& entropy, int32_t* _aidl_return) override; 130 ::android::binder::Status 131 abort(const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb, 132 const ::android::sp<::android::IBinder>& token, int32_t* _aidl_return) override; 133 ::android::binder::Status addAuthToken(const ::std::vector<uint8_t>& authToken, 134 int32_t* _aidl_return) override; 135 ::android::binder::Status getTokensForCredstore( 136 int64_t challenge, int64_t secureUserId, int32_t authTokenMaxAge, 137 const ::android::sp<::android::security::keystore::ICredstoreTokenCallback>& cb) override; 138 ::android::binder::Status onUserAdded(int32_t userId, int32_t parentId, 139 int32_t* _aidl_return) override; 140 ::android::binder::Status onUserRemoved(int32_t userId, int32_t* _aidl_return) override; 141 ::android::binder::Status attestKey( 142 const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb, 143 const ::android::String16& alias, 144 const ::android::security::keymaster::KeymasterArguments& params, 145 int32_t* _aidl_return) override; 146 ::android::binder::Status attestDeviceIds( 147 const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb, 148 const ::android::security::keymaster::KeymasterArguments& params, 149 int32_t* _aidl_return) override; 150 ::android::binder::Status onDeviceOffBody(int32_t* _aidl_return) override; 151 152 ::android::binder::Status importWrappedKey( 153 const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb, 154 const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey, 155 const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey, 156 const ::android::security::keymaster::KeymasterArguments& params, int64_t rootSid, 157 int64_t fingerprintSid, int32_t* _aidl_return) override; 158 159 ::android::binder::Status presentConfirmationPrompt( 160 const ::android::sp<::android::IBinder>& listener, const ::android::String16& promptText, 161 const ::std::vector<uint8_t>& extraData, const ::android::String16& locale, 162 int32_t uiOptionsAsFlags, int32_t* _aidl_return) override; 163 ::android::binder::Status 164 cancelConfirmationPrompt(const ::android::sp<::android::IBinder>& listener, 165 int32_t* _aidl_return) override; 166 ::android::binder::Status isConfirmationPromptSupported(bool* _aidl_return) override; 167 168 ::android::binder::Status onKeyguardVisibilityChanged(bool isShowing, int32_t userId, 169 int32_t* _aidl_return) override; 170 171 private: 172 static const int32_t UID_SELF = -1; 173 174 /** 175 * Get the effective target uid for a binder operation that takes an 176 * optional uid as the target. 177 */ 178 uid_t getEffectiveUid(int32_t targetUid); 179 180 /** 181 * Check if the caller of the current binder method has the required 182 * permission and if acting on other uids the grants to do so. 183 */ 184 bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF); 185 186 /** 187 * Check if the caller of the current binder method has the required 188 * permission and the target uid is the caller or the caller is system. 189 */ 190 bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid); 191 192 /** 193 * Check if the caller of the current binder method has the required 194 * permission or the target of the operation is the caller's uid. This is 195 * for operation where the permission is only for cross-uid activity and all 196 * uids are allowed to act on their own (ie: clearing all entries for a 197 * given uid). 198 */ 199 bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid); 200 201 /** 202 * Helper method to check that the caller has the required permission as 203 * well as the keystore is in the unlocked state if checkUnlocked is true. 204 * 205 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and 206 * otherwise the state of keystore when not unlocked and checkUnlocked is 207 * true. 208 */ 209 KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission, 210 int32_t targetUid = -1, 211 bool checkUnlocked = true); 212 213 bool isKeystoreUnlocked(State state); 214 215 /** 216 * Check that all keymaster_key_param_t's provided by the application are 217 * allowed. Any parameter that keystore adds itself should be disallowed here. 218 */ 219 bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params); 220 221 void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params); 222 223 KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name, 224 const hidl_vec<uint8_t>& data, 225 hidl_vec<uint8_t>* out, 226 const hidl_vec<uint8_t>& signature, 227 KeyPurpose purpose); 228 229 /** 230 * Adds a Confirmation Token to the key parameters if needed. 231 */ 232 void appendConfirmationTokenIfNeeded(const KeyCharacteristics& keyCharacteristics, 233 std::vector<KeyParameter>* params); 234 235 sp<KeyStore> mKeyStore; 236 }; 237 238 }; // namespace keystore 239 240 #endif // KEYSTORE_KEYSTORE_SERVICE_H_ 241