diff options
author | Shaquille Johnson <ssjohnson@google.com> | 2023-11-28 17:41:16 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-11-28 17:41:16 +0000 |
commit | abfc6f99d13121026b41da69bc01a8ea8a67d0bc (patch) | |
tree | ab80fd9a90d13f2358e6f557d674a8f054c9e167 | |
parent | c705c146ba17aaafbaed56a1bafa8c352b9c3aa3 (diff) | |
parent | 2dc300aee07133e4c3c9c3e1871f9280658f9e0a (diff) | |
download | security-abfc6f99d13121026b41da69bc01a8ea8a67d0bc.tar.gz |
Merge "Deprecate put and return error in ILegacyKeystore" into main am: 2dc300aee0
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2797796
Change-Id: I0c99eff2ad660c565b2dba1c8e41293c33a7394d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | keystore2/aconfig/flags.aconfig | 2 | ||||
-rw-r--r-- | keystore2/legacykeystore/Android.bp | 3 | ||||
-rw-r--r-- | keystore2/legacykeystore/lib.rs | 17 |
3 files changed, 21 insertions, 1 deletions
diff --git a/keystore2/aconfig/flags.aconfig b/keystore2/aconfig/flags.aconfig index 725df2a9..7bdb0074 100644 --- a/keystore2/aconfig/flags.aconfig +++ b/keystore2/aconfig/flags.aconfig @@ -9,7 +9,7 @@ flag { } flag { - name: "disable_legacy_keystore_put" + name: "disable_legacy_keystore_put_v2" namespace: "hardware_backed_security" description: "This flag disables legacy keystore put and makes it so that command returns an error" bug: "307460850" diff --git a/keystore2/legacykeystore/Android.bp b/keystore2/legacykeystore/Android.bp index accc8b2c..8cb7289b 100644 --- a/keystore2/legacykeystore/Android.bp +++ b/keystore2/legacykeystore/Android.bp @@ -31,6 +31,7 @@ rust_defaults { "android.security.legacykeystore-rust", "libanyhow", "libbinder_rs", + "libkeystore2_flags_rust", "liblog_rust", "libkeystore2_flags_rust", "librusqlite", @@ -44,6 +45,7 @@ rust_library { defaults: ["liblegacykeystore-rust_defaults"], rustlibs: [ "libkeystore2", + "libkeystore2_flags_rust", "librusqlite", ], } @@ -61,6 +63,7 @@ rust_test { "libkeystore2", "libkeystore2_flags_rust", "libkeystore2_test_utils", + "libkeystore2_flags_rust", "liblog_rust", "librusqlite", "librustutils", diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs index edc530a8..cf61482b 100644 --- a/keystore2/legacykeystore/lib.rs +++ b/keystore2/legacykeystore/lib.rs @@ -127,6 +127,12 @@ impl DB { } fn put(&mut self, caller_uid: u32, alias: &str, entry: &[u8]) -> Result<()> { + if keystore2_flags::disable_legacy_keystore_put_v2() { + return Err(Error::deprecated()).context(concat!( + "Storing into Keystore's legacy database is ", + "no longer supported, store in an app-specific database instead" + )); + } self.with_transaction(TransactionBehavior::Immediate, |tx| { tx.execute( "INSERT OR REPLACE INTO profiles (owner, alias, profile) values (?, ?, ?)", @@ -207,6 +213,11 @@ impl Error { pub fn perm() -> Self { Error::Error(ERROR_PERMISSION_DENIED) } + + /// Short hand for `Error::Error(ERROR_SYSTEM_ERROR)` + pub fn deprecated() -> Self { + Error::Error(ERROR_SYSTEM_ERROR) + } } /// This function should be used by legacykeystore service calls to translate error conditions @@ -338,6 +349,12 @@ impl LegacyKeystore { } fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> Result<()> { + if keystore2_flags::disable_legacy_keystore_put_v2() { + return Err(Error::deprecated()).context(concat!( + "Storing into Keystore's legacy database is ", + "no longer supported, store in an app-specific database instead" + )); + } let uid = Self::get_effective_uid(uid).context("In put.")?; let mut db = self.open_db().context("In put.")?; db.put(uid, alias, entry).context("In put: Trying to insert entry into DB.")?; |