diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2018-01-18 10:26:44 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2018-01-18 10:26:44 +0000 |
commit | 64b967b99b49efacd5f849354a42771ef1cb5a29 (patch) | |
tree | 024d1a36cef6f9599ea61c1b22b90f54d9cfe7b7 | |
parent | c8cdf0ec734ec181bf705b1d4f1a6a787bcd2054 (diff) | |
parent | a4dd994ee170dfd3339817a6c398f2e1be41ed83 (diff) | |
download | security-64b967b99b49efacd5f849354a42771ef1cb5a29.tar.gz |
Merge "Keystore: Remove duplicate method."
-rw-r--r-- | keystore/key_store_service.cpp | 71 | ||||
-rw-r--r-- | keystore/key_store_service.h | 3 |
2 files changed, 0 insertions, 74 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index b13441b6..e5f14701 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -666,77 +666,6 @@ Status KeyStoreService::getmtime(const String16& name, int32_t uid, int64_t* tim return Status::ok(); } -// TODO(tuckeris): This is dead code, remove it. Don't bother copying over key characteristics here -Status KeyStoreService::duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, - int32_t destUid, int32_t* aidl_return) { - uid_t callingUid = IPCThreadState::self()->getCallingUid(); - pid_t spid = IPCThreadState::self()->getCallingPid(); - if (!has_permission(callingUid, P_DUPLICATE, spid)) { - ALOGW("permission denied for %d: duplicate", callingUid); - *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED); - return Status::ok(); - } - - State state = mKeyStore->getState(get_user_id(callingUid)); - if (!isKeystoreUnlocked(state)) { - ALOGD("calling duplicate in state: %d", state); - *aidl_return = static_cast<int32_t>(ResponseCode(state)); - return Status::ok(); - } - - if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) { - srcUid = callingUid; - } else if (!is_granted_to(callingUid, srcUid)) { - ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid); - *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED); - return Status::ok(); - } - - if (destUid == -1) { - destUid = callingUid; - } - - if (srcUid != destUid) { - if (static_cast<uid_t>(srcUid) != callingUid) { - ALOGD("can only duplicate from caller to other or to same uid: " - "calling=%d, srcUid=%d, destUid=%d", - callingUid, srcUid, destUid); - *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED); - return Status::ok(); - } - - if (!is_granted_to(callingUid, destUid)) { - ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid); - *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED); - return Status::ok(); - } - } - - String8 source8(srcKey); - String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid, ::TYPE_ANY)); - - String8 target8(destKey); - String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid, ::TYPE_ANY)); - - if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) { - ALOGD("destination already exists: %s", targetFile.string()); - *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR); - return Status::ok(); - } - - Blob keyBlob; - ResponseCode responseCode = - mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, get_user_id(srcUid)); - if (responseCode != ResponseCode::NO_ERROR) { - *aidl_return = static_cast<int32_t>(responseCode); - return Status::ok(); - } - - *aidl_return = - static_cast<int32_t>(mKeyStore->put(targetFile.string(), &keyBlob, get_user_id(destUid))); - return Status::ok(); -} - Status KeyStoreService::is_hardware_backed(const String16& keyType, int32_t* aidl_return) { *aidl_return = static_cast<int32_t>(mKeyStore->isHardwareBacked(keyType) ? 1 : 0); return Status::ok(); diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h index fec44ec6..79edff27 100644 --- a/keystore/key_store_service.h +++ b/keystore/key_store_service.h @@ -94,9 +94,6 @@ class KeyStoreService : public android::security::BnKeystoreService, int32_t* _aidl_return) override; ::android::binder::Status getmtime(const ::android::String16& name, int32_t uid, int64_t* _aidl_return) override; - ::android::binder::Status duplicate(const ::android::String16& srcKey, int32_t srcUid, - const ::android::String16& destKey, int32_t destUid, - int32_t* _aidl_return) override; ::android::binder::Status is_hardware_backed(const ::android::String16& string, int32_t* _aidl_return) override; ::android::binder::Status clear_uid(int64_t uid, int32_t* _aidl_return) override; |