Merge "Fix retreiving characteristics file for grant key" into oc-mr1-dev

5 files changed, 34 insertions, 22 deletions

diff --git a/keystore/grant_store.cpp b/keystore/grant_store.cpp
index 9c2e591e..2fb09c17 100644
--- a/keystore/grant_store.cpp
+++ b/keystore/grant_store.cpp
@@ -25,8 +25,10 @@ static constexpr uint64_t kInvalidGrantNo = std::numeric_limits<uint64_t>::max()
 static const char* kKeystoreGrantInfix = "_KEYSTOREGRANT_";
 static constexpr size_t kKeystoreGrantInfixLength = 15;
 
-Grant::Grant(const std::string& alias, const std::string& key_file, const uint64_t grant_no)
-        : alias_(alias), key_file_(key_file), grant_no_(grant_no) {}
+Grant::Grant(const std::string& alias, const std::string& owner_dir_name, const uid_t owner_uid,
+             const uint64_t grant_no)
+        : alias_(alias), owner_dir_name_(owner_dir_name), owner_uid_(owner_uid),
+          grant_no_(grant_no) {}
 
 static std::pair<uint64_t, std::string> parseGrantAlias(const std::string& grantAlias) {
     auto pos = grantAlias.rfind(kKeystoreGrantInfix);
@@ -39,7 +41,8 @@ static std::pair<uint64_t, std::string> parseGrantAlias(const std::string& grant
     return {grant_no, wrapped_alias};
 }
 
-std::string GrantStore::put(const uid_t uid, const std::string& alias, const std::string& key_file) {
+std::string GrantStore::put(const uid_t uid, const std::string& alias,
+                            const std::string& owner_dir_name, const uid_t owner_uid) {
     std::stringstream s;
     s << alias << kKeystoreGrantInfix;
     auto& uid_grant_list = grants_[uid];
@@ -47,10 +50,12 @@ std::string GrantStore::put(const uid_t uid, const std::string& alias, const std
     bool success = false;
     auto iterator = std::find_if(uid_grant_list.begin(), uid_grant_list.end(),
             [&](auto& entry) {
-                return success = entry.alias_ == alias && entry.key_file_ == key_file;
+                return success = entry.alias_ == alias && entry.owner_dir_name_ == owner_dir_name
+                        && entry.owner_uid_ == owner_uid;
             });
     while (!success) {
-        std::tie(iterator, success) = uid_grant_list.emplace(alias, key_file, std::rand());
+        std::tie(iterator, success) = uid_grant_list.emplace(alias, owner_dir_name, owner_uid,
+                                                             std::rand());
     }
     s << iterator->grant_no_;
     return s.str();
@@ -70,10 +75,10 @@ const Grant* GrantStore::get(const uid_t uid, const std::string& alias) const {
     return &(*grant);
 }
 
-bool GrantStore::removeByFileName(const uid_t uid, const std::string& fileName) {
-    auto& uid_grant_list = grants_.operator[](uid);
+bool GrantStore::removeByFileAlias(const uid_t uid, const std::string& alias) {
+    auto& uid_grant_list = grants_[uid];
     for (auto i = uid_grant_list.begin(); i != uid_grant_list.end(); ++i) {
-        if (i->key_file_ == fileName) {
+        if (i->alias_ == alias) {
             uid_grant_list.erase(i);
             return true;
         }
diff --git a/keystore/grant_store.h b/keystore/grant_store.h
index 43e814ed..ab03630e 100644
--- a/keystore/grant_store.h
+++ b/keystore/grant_store.h
@@ -32,9 +32,11 @@ namespace keystore {
  */
 class Grant {
 public:
-    Grant(const std::string& alias, const std::string& key_file, const uint64_t grant_no);
+    Grant(const std::string& alias, const std::string& owner_dir_name, const uid_t owner_uid,
+          const uint64_t grant_no);
     std::string alias_;
-    std::string key_file_;
+    std::string owner_dir_name_;
+    uid_t owner_uid_;
     uint64_t grant_no_;
 
     operator const uint64_t&() const { return grant_no_; }
@@ -52,9 +54,10 @@ public:
 class GrantStore {
 public:
     GrantStore() : grants_() {}
-    std::string put(const uid_t uid, const std::string& alias, const std::string& key_file);
+    std::string put(const uid_t uid, const std::string& alias, const std::string& owner_dir_name,
+                    const uid_t owner_uid);
     const Grant* get(const uid_t uid, const std::string& alias) const;
-    bool removeByFileName(const uid_t uid, const std::string& filename);
+    bool removeByFileAlias(const uid_t uid, const std::string& alias);
 
     // GrantStore is neither copyable nor movable.
     GrantStore(const GrantStore&) = delete;
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 621c5058..310d8e2d 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -526,7 +526,7 @@ String16 KeyStoreService::grant(const String16& name, int32_t granteeUid) {
         return String16();
     }
 
-    return String16(mKeyStore->addGrant(filename.string(), String8(name).string(), granteeUid).c_str());
+    return String16(mKeyStore->addGrant(String8(name).string(), granteeUid, callingUid).c_str());
 }
 
 KeyStoreServiceReturnCode KeyStoreService::ungrant(const String16& name, int32_t granteeUid) {
@@ -543,8 +543,8 @@ KeyStoreServiceReturnCode KeyStoreService::ungrant(const String16& name, int32_t
         return (errno != ENOENT) ? ResponseCode::SYSTEM_ERROR : ResponseCode::KEY_NOT_FOUND;
     }
 
-    return mKeyStore->removeGrant(filename.string(), granteeUid) ? ResponseCode::NO_ERROR
-                                                                 : ResponseCode::KEY_NOT_FOUND;
+    return mKeyStore->removeGrant(name8, granteeUid) ? ResponseCode::NO_ERROR
+                                                     : ResponseCode::KEY_NOT_FOUND;
 }
 
 int64_t KeyStoreService::getmtime(const String16& name, int32_t uid) {
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 1564a641..8037335f 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -24,6 +24,7 @@
 #include <openssl/bio.h>
 
 #include <utils/String16.h>
+#include <utils/String8.h>
 
 #include <keystore/IKeystoreService.h>
 
@@ -39,6 +40,7 @@ const char* KeyStore::sMetaDataFile = ".metadata";
 const android::String16 KeyStore::sRSAKeyType("RSA");
 
 using namespace keystore;
+using android::String8;
 
 KeyStore::KeyStore(Entropy* entropy, const km_device_t& device, const km_device_t& fallback,
                    bool allowNewFallback)
@@ -414,12 +416,13 @@ ResponseCode KeyStore::list(const android::String8& prefix,
     return ResponseCode::NO_ERROR;
 }
 
-std::string KeyStore::addGrant(const char* filename, const char* alias, uid_t granteeUid) {
-    return mGrants.put(granteeUid, alias, filename);
+std::string KeyStore::addGrant(const char* alias, uid_t granterUid, uid_t granteeUid) {
+    return mGrants.put(granteeUid, alias, getUserStateByUid(granterUid)->getUserDirName(),
+                       granterUid);
 }
 
-bool KeyStore::removeGrant(const char* filename, uid_t granteeUid) {
-    return mGrants.removeByFileName(granteeUid, filename);
+bool KeyStore::removeGrant(const char* alias, uid_t granteeUid) {
+    return mGrants.removeByFileAlias(granteeUid, alias);
 }
 
 ResponseCode KeyStore::importKey(const uint8_t* key, size_t keyLen, const char* filename,
@@ -519,7 +522,8 @@ ResponseCode KeyStore::getKeyForName(Blob* keyBlob, const android::String8& keyN
     // They might be using a granted key.
     auto grant = mGrants.get(uid, keyName.string());
     if (!grant) return ResponseCode::KEY_NOT_FOUND;
-    filepath8 = grant->key_file_.c_str();
+    filepath8.format("%s/%s", grant->owner_dir_name_.c_str(),
+            getKeyNameForUid(String8(grant->alias_.c_str()), grant->owner_uid_, type).c_str());
 
     // It is a granted key. Try to load it.
     return get(filepath8.string(), keyBlob, type, userId);
diff --git a/keystore/keystore.h b/keystore/keystore.h
index a08508ff..39761bbc 100644
--- a/keystore/keystore.h
+++ b/keystore/keystore.h
@@ -87,8 +87,8 @@ class KeyStore {
     ResponseCode list(const android::String8& prefix, android::Vector<android::String16>* matches,
                       uid_t userId);
 
-    std::string addGrant(const char* filename, const char* alias, uid_t granteeUid);
-    bool removeGrant(const char* filename, uid_t granteeUid);
+    std::string addGrant(const char* alias, uid_t granterUid, uid_t granteeUid);
+    bool removeGrant(const char* alias, uid_t granteeUid);
 
     ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t userId,
                            int32_t flags);