f9f5545824
1. Ungrant did not check the callers uid which allowed any caller to remove grants to any key. 2. Grants were not removed when a key was deleted. 3. clean_uid did not clear the grant cache of the target uid. This would leave state grants that could have been used by a new app that happend to get the same uid as the one that was previously uninstalled. 4. Various paths did not respect grants: del, exist, getmtime The del path was particularly awkward because it is required by upgradeKeyBlob. This means it must work when a key that needs upgrading is accessed through a grant alias. Bug: 65851049 Merged-In: I6709b7562d47ad6156bee88a9e2d961f8a4a797d Change-Id: I6709b7562d47ad6156bee88a9e2d961f8a4a797d
75 lines
2.9 KiB
C++
75 lines
2.9 KiB
C++
/*
|
|
* Copyright (C) 2017 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef KEYSTORE_GRANT_STORE_H_
|
|
#define KEYSTORE_GRANT_STORE_H_
|
|
|
|
#include <set>
|
|
#include <string>
|
|
#include <unordered_map>
|
|
|
|
namespace keystore {
|
|
|
|
/**
|
|
* Grant represents a mapping from an alias to a key file.
|
|
* Normally, key file names are derived from the alias chosen by the client
|
|
* and the clients UID, to generate a per client name space.
|
|
* Grants allow assotiating a key file with a new name, thereby making
|
|
* it visible in another client's - the grantee's - namespace.
|
|
*/
|
|
class Grant {
|
|
public:
|
|
Grant(const std::string& alias, const std::string& owner_dir_name, const uid_t owner_uid,
|
|
const uint64_t grant_no);
|
|
// the following three field are used to recover the key filename that the grant refers to
|
|
std::string alias_; ///< original/wrapped key alias
|
|
std::string owner_dir_name_; ///< key owner key directory
|
|
uid_t owner_uid_; ///< key owner uid
|
|
|
|
uint64_t grant_no_; ///< numeric grant identifier - randomly assigned
|
|
|
|
operator const uint64_t&() const { return grant_no_; }
|
|
};
|
|
|
|
/**
|
|
* The GrantStore holds a set of sets of Grants. One set of Grants for each grantee.
|
|
* The uid parameter to each of the GrantStore function determines the grantee's
|
|
* name space. The methods put, get, and removeByAlias/ByFileName create, lookup, and
|
|
* remove a Grant, respectively.
|
|
* put also returns a new alias for the newly granted key which has to be returned
|
|
* to the granter. The grantee, and only the grantee, can use the granted key
|
|
* by this new alias.
|
|
*/
|
|
class GrantStore {
|
|
public:
|
|
GrantStore() : grants_() {}
|
|
std::string put(const uid_t uid, const std::string& alias, const std::string& owner_dir_name,
|
|
const uid_t owner_uid);
|
|
const Grant* get(const uid_t uid, const std::string& alias) const;
|
|
bool removeByFileAlias(const uid_t granteeUid, const uid_t granterUid, const std::string& alias);
|
|
void removeAllGrantsToKey(const uid_t granterUid, const std::string& alias);
|
|
void removeAllGrantsToUid(const uid_t granteeUid);
|
|
|
|
// GrantStore is neither copyable nor movable.
|
|
GrantStore(const GrantStore&) = delete;
|
|
GrantStore& operator=(const GrantStore&) = delete;
|
|
private:
|
|
std::unordered_map<uid_t, std::set<Grant, std::less<>>> grants_;
|
|
};
|
|
|
|
} // namespace keystore
|
|
|
|
#endif // KEYSTORE_GRANT_STORE_H_
|