Merge cherrypicks of [3297237, 3297257, 3297258, 3297277, 3297278, 3297279, 3297280, 3297297, 3297298, 3297299, 3297300, 3297301, 3297302, 3297303, 3297304, 3297305, 3297306, 3297238, 3297281, 3297259, 3297260, 3297261, 3297262, 3297263, 3297264, 3297337, 3297338, 3297339, 3297357, 3297358, 3297359, 3297360, 3297282, 3297265, 3297283, 3297284] into nyc-bugfix-releaseandroid-7.0.0_r36 nougat-mr0.5-release

Change-Id: I7b9f3ec42f9129de9a62521680c3bb6b7d88f910
author: android-build-team Robot <android-build-team-robot@google.com> 2017-12-01 00:20:50 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> 2017-12-01 00:20:50 +0000
commit: 8d10b36e52c8d439ecc88ffba192f6031e5dc61b (patch)
tree: 11bbea0acf1e4738ec0e4b516459b3d00b0368f3
parent: 04c5e5ae37102cdada2cc9ff082a464248058768 (diff)
parent: 05e8927e9e17036c4507db4e20bb62a83baa8250 (diff)
download: security-8d10b36e52c8d439ecc88ffba192f6031e5dc61b.tar.gz
3 files changed, 56 insertions, 48 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index ba0182cd..5cf5e63a 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -14,6 +14,8 @@
  * limitations under the License.
  */
 
+#define LOG_TAG "keystore"
+
 #include "key_store_service.h"
 
 #include <fcntl.h>
@@ -111,7 +113,9 @@ int32_t KeyStoreService::del(const String16& name, int targetUid) {
         return ::PERMISSION_DENIED;
     }
     String8 name8(name);
-    String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
+    String8 filename = mKeyStore->getBlobFileNameIfExists(name8, targetUid);
+    if (filename.isEmpty()) return ResponseCode::KEY_NOT_FOUND;
+
     return mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid));
 }
 
@@ -121,13 +125,8 @@ int32_t KeyStoreService::exist(const String16& name, int targetUid) {
         return ::PERMISSION_DENIED;
     }
 
-    String8 name8(name);
-    String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
-
-    if (access(filename.string(), R_OK) == -1) {
-        return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND;
-    }
-    return ::NO_ERROR;
+    String8 filename = mKeyStore->getBlobFileNameIfExists(String8(name), targetUid);
+    return (!filename.isEmpty()) ? ResponseCode::NO_ERROR : ResponseCode::KEY_NOT_FOUND;
 }
 
 int32_t KeyStoreService::list(const String16& prefix, int targetUid, Vector<String16>* matches) {
@@ -459,10 +458,9 @@ int64_t KeyStoreService::getmtime(const String16& name, int32_t uid) {
         return -1L;
     }
 
-    String8 name8(name);
-    String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
+    String8 filename = mKeyStore->getBlobFileNameIfExists(String8(name), targetUid);
 
-    if (access(filename.string(), R_OK) == -1) {
+    if (filename.isEmpty()) {
         ALOGW("could not access %s for getmtime", filename.string());
         return -1L;
     }
@@ -1555,12 +1553,17 @@ int32_t KeyStoreService::upgradeKeyBlob(const String16& name, uid_t uid,
     UniquePtr<uint8_t, Malloc_Delete> upgraded_key_deleter(
         const_cast<uint8_t*>(upgraded_key.key_material));
 
-    rc = del(name, uid);
+    String8 filename = mKeyStore->getBlobFileNameIfExists(name8, uid);
+    if (filename.isEmpty()) {
+        ALOGI("trying to upgrade a non existing blob");
+        return KEY_NOT_FOUND;
+    }
+    rc = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(uid));
     if (rc != ::NO_ERROR) {
+        ALOGI("upgradeKeyBlob keystore->del failed %d", rc);
         return rc;
     }
 
-    String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid));
     Blob newBlob(upgraded_key.key_material, upgraded_key.key_material_size, nullptr /* info */,
                  0 /* infoLength */, ::TYPE_KEYMASTER_10);
     newBlob.setFallback(blob->isFallback());
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 90cfdb11..5675e91f 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -134,6 +134,36 @@ android::String8 KeyStore::getKeyNameForUidWithDir(const android::String8& keyNa
                                     encoded);
 }
 
+android::String8 KeyStore::getBlobFileNameIfExists(const android::String8& alias, uid_t uid) {
+    android::String8 filepath8(getKeyNameForUidWithDir(alias, uid));
+
+    if (!access(filepath8.string(), R_OK | W_OK)) return filepath8;
+
+    // If this is one of the legacy UID->UID mappings, use it.
+    uid_t euid = get_keystore_euid(uid);
+    if (euid != uid) {
+        filepath8 = getKeyNameForUidWithDir(alias, euid);
+        if (!access(filepath8.string(), R_OK | W_OK)) return filepath8;
+    }
+
+    // They might be using a granted key (<uid>_<granted_alias>), try parsing the alias.
+    char* end;
+    uid_t granter_uid = strtoul(alias, &end, 10);
+    // Does the alias look like a granted key?
+    if (end[0] != '_' || end[1] == 0 || (!granter_uid)) {
+        return android::String8();
+    }
+    android::String8 granted_alias(end + 1);
+
+    filepath8 = getKeyNameForUidWithDir(granted_alias, granter_uid);
+    if (hasGrant(filepath8.string(), uid)) {
+        if (!access(filepath8.string(), R_OK | W_OK)) return filepath8;
+    }
+
+    return android::String8();
+}
+
+
 void KeyStore::resetUser(uid_t userId, bool keepUnenryptedEntries) {
     android::String8 prefix("");
     android::Vector<android::String16> aliases;
@@ -485,39 +515,13 @@ bool KeyStore::isHardwareBacked(const android::String16& keyType) const {
 
 ResponseCode KeyStore::getKeyForName(Blob* keyBlob, const android::String8& keyName,
                                      const uid_t uid, const BlobType type) {
-    android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid));
+    auto filepath8 = getBlobFileNameIfExists(keyName, uid);
     uid_t userId = get_user_id(uid);
 
-    ResponseCode responseCode = get(filepath8.string(), keyBlob, type, userId);
-    if (responseCode == NO_ERROR) {
-        return responseCode;
-    }
-
-    // If this is one of the legacy UID->UID mappings, use it.
-    uid_t euid = get_keystore_euid(uid);
-    if (euid != uid) {
-        filepath8 = getKeyNameForUidWithDir(keyName, euid);
-        responseCode = get(filepath8.string(), keyBlob, type, userId);
-        if (responseCode == NO_ERROR) {
-            return responseCode;
-        }
-    }
-
-    // They might be using a granted key.
-    android::String8 filename8 = getKeyName(keyName);
-    char* end;
-    strtoul(filename8.string(), &end, 10);
-    if (end[0] != '_' || end[1] == 0) {
-        return KEY_NOT_FOUND;
-    }
-    filepath8 = android::String8::format("%s/%s", getUserState(userId)->getUserDirName(),
-                                         filename8.string());
-    if (!hasGrant(filepath8.string(), uid)) {
-        return responseCode;
-    }
+    if (!filepath8.isEmpty())
+        return get(filepath8.string(), keyBlob, type, userId);
 
-    // It is a granted key. Try to load it.
-    return get(filepath8.string(), keyBlob, type, userId);
+    return ResponseCode::KEY_NOT_FOUND;
 }
 
 UserState* KeyStore::getUserState(uid_t userId) {
@@ -575,7 +579,7 @@ const grant_t* KeyStore::getGrant(const char* filename, uid_t uid) const {
 }
 
 bool KeyStore::upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion,
-                           const BlobType type, uid_t uid) {
+                           const BlobType type, uid_t userId) {
     bool updated = false;
     uint8_t version = oldVersion;
 
@@ -585,7 +589,7 @@ bool KeyStore::upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVe
 
         blob->setType(type);
         if (type == TYPE_KEY_PAIR) {
-            importBlobAsKey(blob, filename, uid);
+            importBlobAsKey(blob, filename, userId);
         }
         version = 1;
         updated = true;
@@ -617,7 +621,7 @@ struct BIO_Delete {
 };
 typedef UniquePtr<BIO, BIO_Delete> Unique_BIO;
 
-ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t uid) {
+ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t userId) {
     // We won't even write to the blob directly with this BIO, so const_cast is okay.
     Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength()));
     if (b.get() == NULL) {
@@ -645,13 +649,13 @@ ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t u
         return SYSTEM_ERROR;
     }
 
-    ResponseCode rc = importKey(pkcs8key.get(), len, filename, get_user_id(uid),
+    ResponseCode rc = importKey(pkcs8key.get(), len, filename, userId,
                                 blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE);
     if (rc != NO_ERROR) {
         return rc;
     }
 
-    return get(filename, blob, TYPE_KEY_PAIR, uid);
+    return get(filename, blob, TYPE_KEY_PAIR, userId);
 }
 
 void KeyStore::readMetaData() {
diff --git a/keystore/keystore.h b/keystore/keystore.h
index b15d00f4..b842841f 100644
--- a/keystore/keystore.h
+++ b/keystore/keystore.h
@@ -56,6 +56,7 @@ class KeyStore {
     android::String8 getKeyName(const android::String8& keyName);
     android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid);
     android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid);
+    android::String8 getBlobFileNameIfExists(const android::String8& alias, uid_t uid);
 
     /*
      * Delete entries owned by userId. If keepUnencryptedEntries is true
author	android-build-team Robot <android-build-team-robot@google.com>	2017-12-01 00:20:50 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	2017-12-01 00:20:50 +0000
commit	8d10b36e52c8d439ecc88ffba192f6031e5dc61b (patch)
tree	11bbea0acf1e4738ec0e4b516459b3d00b0368f3
parent	04c5e5ae37102cdada2cc9ff082a464248058768 (diff)
parent	05e8927e9e17036c4507db4e20bb62a83baa8250 (diff)
download	security-8d10b36e52c8d439ecc88ffba192f6031e5dc61b.tar.gz