Commit graph

18 commits

Author SHA1 Message Date
Chris Wailes
263de9f8d7 Update source for Rust 1.63.0
Test: m rust
Bug: 241303140
Change-Id: I3b4d8c1c3101941258e366279bfd2a4a3ab1b948
2022-08-12 10:36:10 -07:00
Janis Danisevskis
a916d9998f Keystore 2.0: Refactor permissions. 4/5
Remove obsolete constructor functions for permissions.

Test: keystore2_test
Bug: 203555519
Change-Id: I4ff3ff91d8a5dcca99db02ddbd5894c91c405389
2021-10-21 08:39:57 -07:00
Janis Danisevskis
56af03141f Keystore 2.0: Refactor permissions. 3/5
* Add trait ClassPermission and fn check_permission. This binds
  together permission names and their class name.
* Rename implement_permission! to implement_class!.
* Add #[selinux(class_name = <name>)] stanza to the syntax of
  implement_class!.

Test: keystore2_test for regressions.
Bug: 203555519

This reverts commit b8fd77fba016c4c908d371d546a5d86aff4a78d7.

Change-Id: I6863269ea4af5a6d0b36cf17e0238c81bc713d48
2021-10-21 08:39:57 -07:00
Janis Danisevskis
a2f4850e6f Keystore 2.0: Refactor permissions. 2/5
Move implement_permission macro to libkeystore2_selinux.

Test: keystore2_test
Bug: 203555519

Change-Id: I85d2411872aecaaa12876f848e9205431a8b0fa4
2021-10-21 08:14:33 -07:00
Janis Danisevskis
a578d3998f Keystore 2.0: Add run_as to keystore2_test_utils
The run_as function allows a test with sufficient privileges to run a
closure as different identity given by a tuple of UID, GID, and SELinux
context. This is infrastructure in preparation for the keystore2 vts
test.

Test: keystore2_test_utils_test
Bug: 182508302
Change-Id: Ic1923028e5bc4ca4b1112e34669d52687450fd14
2021-09-21 13:29:39 -07:00
Chris Wailes
d5aaaef8df Fix warnings in preparation for Rust 1.54.0
This CL fixes several new warnings generated by rustc 1.54.0.

Bug: 194812675
Test: m rust
Change-Id: I3076313ea51c6f4e74029ad9fb45d6f0b6dea460
2021-07-27 16:10:08 -07:00
Joel Galenson
97ac914cf9 Fix typo
Test: Run test
Change-Id: I5affbfe0f8b58eb3f75c7e0dbcbae23b6d8e4752
2021-05-25 10:09:36 -07:00
Seth Moore
597acfb3ab Improve selinux concurrency test reliability
With these changes, the test easily identifies threading issues by
calling selinux concurrenly. With no locking in the selinux rust module,
this test causes hard locks very quickly (usually within 2 iterations).

Fixed test hangs (false positives) by adding an explicit "complete" to
all all threads instead of using the turnpike for both test start and
test complete.

Added some debug output and increased the iteration count to run the
test longer, getting more confidence in passing tests.

Lastly, use synthetically generated categories (CatCount) for all test
threads instead of just one thread. This seems to both make the test
more "abusive" of selinux as well as reduces test code size.

Test: Remove selinux lock and run keystore2_selinux_concurrency_test
Test: keystore2_selinux_concurrency_test with selinux lock
Change-Id: I796147397da021ca5c78fe8b60aa3853d1a882a3
2021-05-17 12:46:28 -07:00
Janis Danisevskis
d746a0d039 Keystore 2.0: Test libselinux concurrent access.
This test attempts to corrupt the access vector cache of libselinux by
calling selinux_check_access concurrently. The test will fail if the
cache gets corrupted in such a way that selinux_check_access ends up in
an infinite loop.

Test: atest keystore2_selinux_concurrency_test
Bug: 184006658
Change-Id: I357a4454281bdec9865ac1d8a8343378bac1698d
2021-05-17 10:40:16 -07:00
Janis Danisevskis
ff188d3a6c Keystore 2.0: Protect libselinux against concurrent access.
Bug: 184006658
Test: Regression test with CtsKeystoreTestCases and keystore2_test
Change-Id: Ifeb1d8ec83c3c16491a7f7cfd53862557fe8e5f7
2021-05-13 13:38:23 -07:00
Janis Danisevskis
1bb595e3b9 Keystore 2.0: Allow apps to get keystore state.
Bug: 171305684
Test: keystore2_test
Change-Id: I371068ac4364e4bf919fe52d17e72cdecbfb8c10
2021-03-17 03:04:45 +00:00
Bob Badour
4c7858c848 [LSC] Add LOCAL_LICENSE_KINDS to system/security
Added SPDX-license-identifier-Apache-2.0 to:
  fsverity_init/Android.bp
  identity/Android.bp
  keystore/tests/Android.bp
  keystore2/Android.bp
  keystore2/aaid/Android.bp
  keystore2/aidl/Android.bp
  keystore2/apc_compat/Android.bp
  keystore2/selinux/Android.bp
  keystore2/src/crypto/Android.bp
  keystore2/src/km_compat/Android.bp
  ondevice-signing/Android.bp
  provisioner/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD to:
  Android.bp
  keystore/Android.bp

Added SPDX-license-identifier-BSD to:
  keystore-engine/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: Ic9e19695bd19c3f127dfd545df60e4c9df89af77
2021-02-14 10:37:25 -08:00
Janis Danisevskis
5ed8c53960 Keystore 2.0: Revisit Enforcements.
This patch revisits the Keystore 2.0 enforcements module to support
KM4.1 hardware enforced device locked keys.
* Consolidate the background handler into async_task.
* The auth token handler became AuthInfo and was moved into
  enforcements.rs.
* The auth token validity check moved from database.rs to
  enforcements.rs.

Bug: 171503362
Test: Keystore CTS tests
Change-Id: If37d38183901b356242079af812c7a0e1e79abf3
2021-01-25 10:54:32 -08:00
Janis Danisevskis
3d72aad0bc Keystore 2.0: Remove list permission from keystore2_key security class.
The list permission is special keystore2 permission that allows
callers to list arbitrary namespaces. It is not a key or namespace
specific permission.

Ignore-AOSP-First: This needs to land in googleplex first to updated
                   prebuilt vendor images. Otherwise it breaks
		   aosp-with-phone builds.
Test: N/A
Change-Id: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
2020-10-01 05:33:29 +00:00
Janis Danisevskis
935e6c6d1b Keystore selinux and permission modules accept CStr instead of Context.
The libselinux wrapper provides a Context struct, that conveniently
wraps and owns a context string as returned by libselinux. However,
libbinder_rs provides a non owned string with a lifetime bounded
by the currently ongoing transaction. So instead of accepting
a reference to an owning Context, the check_access function in the
libselinux wrapper as well as the higher level permission function in
the permission module accept &CStr now which Context can also deref
into.

Test: keystore2_test
Bug: 160623310
Change-Id: Ib99435134bcabfd9c7f3217f719f8ac21d0fd84e
2020-09-03 10:20:58 -07:00
Janis Danisevskis
63c4fb0df6 Add getpidcon to libselinux bindings and fix a typo.
Bug: 158500146
Test: None
Change-Id: Ia5e58933eff3766e2aa0a7b072107aeec294aa2f
2020-09-02 09:52:17 -07:00
Janis Danisevskis
4ad056ffad Cache the KeystoreKeyBackend with a lazy static.
This patch makes KeystoreKeyBackend Sync and uses a lazy static to cache
the back end in the permissions module.

Test: atest keystore2_test
Bug: 159466840
Change-Id: Ibc7851baede3506acbdf962e59c281fa16cfaf0e
2020-08-13 20:21:17 -07:00
Janis Danisevskis
ce99543bb0 Keystore libselinux rust bindings.
Provide safe wrappers around the libselinux API needed for keystore.
 * getcon
 * selinux_check_acces
 * selabel_lookup

Test: keystore2_selinux_test
Test: keystore2_selinux_rust_bindings_host_test
Bug: 159466840
Change-Id: I73b4aa2e1da9b477965b10927eba069e6346ce6e
2020-08-13 12:47:50 -07:00