From be6e91d15f27a9cdf82623ed3605e0a81fb49c8f Mon Sep 17 00:00:00 2001 From: Shaquille Johnson Date: Sat, 21 Oct 2023 19:09:17 +0100 Subject: Deprecate put and return error in ILegacyKeystore Legacy keystore is a old relic that was suppoed to be disabled a while ago. It has enabled functionality that was supposed to be removed but wasn't because it would break changes in the VPN and WIFI code. This would begin the process of permanently removing it. Test: atest CtsKeystoreTestCases Change-Id: Iedc1dca24a40eb0cf30c5280fc2842ff79cf7f17 --- keystore2/aconfig/flags.aconfig | 2 +- keystore2/legacykeystore/Android.bp | 3 +++ keystore2/legacykeystore/lib.rs | 17 +++++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) (limited to 'keystore2') diff --git a/keystore2/aconfig/flags.aconfig b/keystore2/aconfig/flags.aconfig index 41e1a92b..1ed1d9aa 100644 --- a/keystore2/aconfig/flags.aconfig +++ b/keystore2/aconfig/flags.aconfig @@ -9,7 +9,7 @@ flag { } flag { - name: "disable_legacy_keystore_put" + name: "disable_legacy_keystore_put_v2" namespace: "hardware_backed_security" description: "This flag disables legacy keystore put and makes it so that command returns an error" bug: "307460850" diff --git a/keystore2/legacykeystore/Android.bp b/keystore2/legacykeystore/Android.bp index 505b1653..7a613789 100644 --- a/keystore2/legacykeystore/Android.bp +++ b/keystore2/legacykeystore/Android.bp @@ -31,6 +31,7 @@ rust_defaults { "android.security.legacykeystore-rust", "libanyhow", "libbinder_rs", + "libkeystore2_flags_rust", "liblog_rust", "librusqlite", "librustutils", @@ -43,6 +44,7 @@ rust_library { defaults: ["liblegacykeystore-rust_defaults"], rustlibs: [ "libkeystore2", + "libkeystore2_flags_rust", "librusqlite", ], } @@ -59,6 +61,7 @@ rust_test { "libbinder_rs", "libkeystore2", "libkeystore2_test_utils", + "libkeystore2_flags_rust", "liblog_rust", "librusqlite", "librustutils", diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs index 55224f72..6be272bb 100644 --- a/keystore2/legacykeystore/lib.rs +++ b/keystore2/legacykeystore/lib.rs @@ -121,6 +121,12 @@ impl DB { } fn put(&mut self, caller_uid: u32, alias: &str, entry: &[u8]) -> Result<()> { + if keystore2_flags::disable_legacy_keystore_put_v2() { + return Err(Error::deprecated()).context(concat!( + "Storing into Keystore's legacy database is ", + "no longer supported, store in an app-specific database instead" + )); + } self.with_transaction(TransactionBehavior::Immediate, |tx| { tx.execute( "INSERT OR REPLACE INTO profiles (owner, alias, profile) values (?, ?, ?)", @@ -201,6 +207,11 @@ impl Error { pub fn perm() -> Self { Error::Error(ERROR_PERMISSION_DENIED) } + + /// Short hand for `Error::Error(ERROR_SYSTEM_ERROR)` + pub fn deprecated() -> Self { + Error::Error(ERROR_SYSTEM_ERROR) + } } /// This function should be used by legacykeystore service calls to translate error conditions @@ -332,6 +343,12 @@ impl LegacyKeystore { } fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> Result<()> { + if keystore2_flags::disable_legacy_keystore_put_v2() { + return Err(Error::deprecated()).context(concat!( + "Storing into Keystore's legacy database is ", + "no longer supported, store in an app-specific database instead" + )); + } let uid = Self::get_effective_uid(uid).context("In put.")?; let mut db = self.open_db().context("In put.")?; db.put(uid, alias, entry).context("In put: Trying to insert entry into DB.")?; -- cgit v1.2.3