1 // Copyright 2020, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! This module holds global state of Keystore such as the thread local
16 //! database connections and connections to services that Keystore needs
17 //! to talk to.
18
19 use crate::async_task::AsyncTask;
20 use crate::gc::Gc;
21 use crate::km_compat::{BacklevelKeyMintWrapper, KeyMintV1};
22 use crate::ks_err;
23 use crate::legacy_blob::LegacyBlobLoader;
24 use crate::legacy_importer::LegacyImporter;
25 use crate::super_key::SuperKeyManager;
26 use crate::utils::{retry_get_interface, watchdog as wd};
27 use crate::{
28 database::KeystoreDB,
29 database::Uuid,
30 error::{map_binder_status, map_binder_status_code, Error, ErrorCode},
31 };
32 use crate::{enforcements::Enforcements, error::map_km_error};
33 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
34 IKeyMintDevice::BpKeyMintDevice, IKeyMintDevice::IKeyMintDevice,
35 KeyMintHardwareInfo::KeyMintHardwareInfo, SecurityLevel::SecurityLevel,
36 };
37 use android_hardware_security_keymint::binder::{StatusCode, Strong};
38 use android_hardware_security_rkp::aidl::android::hardware::security::keymint::{
39 IRemotelyProvisionedComponent::BpRemotelyProvisionedComponent,
40 IRemotelyProvisionedComponent::IRemotelyProvisionedComponent,
41 };
42 use android_hardware_security_secureclock::aidl::android::hardware::security::secureclock::{
43 ISecureClock::BpSecureClock, ISecureClock::ISecureClock,
44 };
45 use android_security_compat::aidl::android::security::compat::IKeystoreCompatService::IKeystoreCompatService;
46 use anyhow::{Context, Result};
47 use binder::FromIBinder;
48 use binder::{get_declared_instances, is_declared};
49 use rustutils::system_properties::PropertyWatcher;
50 use std::sync::{
51 atomic::{AtomicBool, Ordering},
52 Arc, LazyLock, Mutex, RwLock,
53 };
54 use std::{cell::RefCell, sync::Once};
55 use std::{collections::HashMap, path::Path, path::PathBuf};
56
57 static DB_INIT: Once = Once::new();
58
59 /// Open a connection to the Keystore 2.0 database. This is called during the initialization of
60 /// the thread local DB field. It should never be called directly. The first time this is called
61 /// we also call KeystoreDB::cleanup_leftovers to restore the key lifecycle invariant. See the
62 /// documentation of cleanup_leftovers for more details. The function also constructs a blob
63 /// garbage collector. The initializing closure constructs another database connection without
64 /// a gc. Although one GC is created for each thread local database connection, this closure
65 /// is run only once, as long as the ASYNC_TASK instance is the same. So only one additional
66 /// database connection is created for the garbage collector worker.
create_thread_local_db() -> KeystoreDB67 pub fn create_thread_local_db() -> KeystoreDB {
68 let db_path = DB_PATH.read().expect("Could not get the database directory");
69
70 let result = KeystoreDB::new(&db_path, Some(GC.clone()));
71 let mut db = match result {
72 Ok(db) => db,
73 Err(e) => {
74 log::error!("Failed to open Keystore database at {db_path:?}: {e:?}");
75 log::error!("Has /data been mounted correctly?");
76 panic!("Failed to open database for Keystore, cannot continue: {e:?}")
77 }
78 };
79
80 DB_INIT.call_once(|| {
81 log::info!("Touching Keystore 2.0 database for this first time since boot.");
82 log::info!("Calling cleanup leftovers.");
83 let n = db.cleanup_leftovers().expect("Failed to cleanup database on startup");
84 if n != 0 {
85 log::info!(
86 "Cleaned up {n} failed entries, indicating keystore crash on key generation"
87 );
88 }
89 });
90 db
91 }
92
93 thread_local! {
94 /// Database connections are not thread safe, but connecting to the
95 /// same database multiple times is safe as long as each connection is
96 /// used by only one thread. So we store one database connection per
97 /// thread in this thread local key.
98 pub static DB: RefCell<KeystoreDB> = RefCell::new(create_thread_local_db());
99 }
100
101 struct DevicesMap<T: FromIBinder + ?Sized> {
102 devices_by_uuid: HashMap<Uuid, (Strong<T>, KeyMintHardwareInfo)>,
103 uuid_by_sec_level: HashMap<SecurityLevel, Uuid>,
104 }
105
106 impl<T: FromIBinder + ?Sized> DevicesMap<T> {
dev_by_sec_level( &self, sec_level: &SecurityLevel, ) -> Option<(Strong<T>, KeyMintHardwareInfo, Uuid)>107 fn dev_by_sec_level(
108 &self,
109 sec_level: &SecurityLevel,
110 ) -> Option<(Strong<T>, KeyMintHardwareInfo, Uuid)> {
111 self.uuid_by_sec_level.get(sec_level).and_then(|uuid| self.dev_by_uuid(uuid))
112 }
113
dev_by_uuid(&self, uuid: &Uuid) -> Option<(Strong<T>, KeyMintHardwareInfo, Uuid)>114 fn dev_by_uuid(&self, uuid: &Uuid) -> Option<(Strong<T>, KeyMintHardwareInfo, Uuid)> {
115 self.devices_by_uuid
116 .get(uuid)
117 .map(|(dev, hw_info)| ((*dev).clone(), (*hw_info).clone(), *uuid))
118 }
119
devices(&self) -> Vec<Strong<T>>120 fn devices(&self) -> Vec<Strong<T>> {
121 self.devices_by_uuid.values().map(|(dev, _)| dev.clone()).collect()
122 }
123
124 /// The requested security level and the security level of the actual implementation may
125 /// differ. So we map the requested security level to the uuid of the implementation
126 /// so that there cannot be any confusion as to which KeyMint instance is requested.
insert(&mut self, sec_level: SecurityLevel, dev: Strong<T>, hw_info: KeyMintHardwareInfo)127 fn insert(&mut self, sec_level: SecurityLevel, dev: Strong<T>, hw_info: KeyMintHardwareInfo) {
128 // For now we use the reported security level of the KM instance as UUID.
129 // TODO update this section once UUID was added to the KM hardware info.
130 let uuid: Uuid = sec_level.into();
131 self.devices_by_uuid.insert(uuid, (dev, hw_info));
132 self.uuid_by_sec_level.insert(sec_level, uuid);
133 }
134 }
135
136 impl<T: FromIBinder + ?Sized> Default for DevicesMap<T> {
default() -> Self137 fn default() -> Self {
138 Self {
139 devices_by_uuid: HashMap::<Uuid, (Strong<T>, KeyMintHardwareInfo)>::new(),
140 uuid_by_sec_level: Default::default(),
141 }
142 }
143 }
144
145 /// The path where keystore stores all its keys.
146 pub static DB_PATH: LazyLock<RwLock<PathBuf>> =
147 LazyLock::new(|| RwLock::new(Path::new("/data/misc/keystore").to_path_buf()));
148 /// Runtime database of unwrapped super keys.
149 pub static SUPER_KEY: LazyLock<Arc<RwLock<SuperKeyManager>>> = LazyLock::new(Default::default);
150 /// Map of KeyMint devices.
151 static KEY_MINT_DEVICES: LazyLock<Mutex<DevicesMap<dyn IKeyMintDevice>>> =
152 LazyLock::new(Default::default);
153 /// Timestamp service.
154 static TIME_STAMP_DEVICE: Mutex<Option<Strong<dyn ISecureClock>>> = Mutex::new(None);
155 /// A single on-demand worker thread that handles deferred tasks with two different
156 /// priorities.
157 pub static ASYNC_TASK: LazyLock<Arc<AsyncTask>> = LazyLock::new(Default::default);
158 /// Singleton for enforcements.
159 pub static ENFORCEMENTS: LazyLock<Enforcements> = LazyLock::new(Default::default);
160 /// LegacyBlobLoader is initialized and exists globally.
161 /// The same directory used by the database is used by the LegacyBlobLoader as well.
162 pub static LEGACY_BLOB_LOADER: LazyLock<Arc<LegacyBlobLoader>> = LazyLock::new(|| {
163 Arc::new(LegacyBlobLoader::new(
164 &DB_PATH.read().expect("Could not determine database path for legacy blob loader"),
165 ))
166 });
167 /// Legacy migrator. Atomically migrates legacy blobs to the database.
168 pub static LEGACY_IMPORTER: LazyLock<Arc<LegacyImporter>> =
169 LazyLock::new(|| Arc::new(LegacyImporter::new(Arc::new(Default::default()))));
170 /// Background thread which handles logging via statsd and logd
171 pub static LOGS_HANDLER: LazyLock<Arc<AsyncTask>> = LazyLock::new(Default::default);
172 /// DER-encoded module information returned by `getSupplementaryAttestationInfo(Tag.MODULE_HASH)`.
173 pub static ENCODED_MODULE_INFO: RwLock<Option<Vec<u8>>> = RwLock::new(None);
174
175 static GC: LazyLock<Arc<Gc>> = LazyLock::new(|| {
176 Arc::new(Gc::new_init_with(ASYNC_TASK.clone(), || {
177 (
178 Box::new(|uuid, blob| {
179 let km_dev = get_keymint_dev_by_uuid(uuid).map(|(dev, _)| dev)?;
180 let _wp = wd::watch("invalidate key closure: calling IKeyMintDevice::deleteKey");
181 map_km_error(km_dev.deleteKey(blob))
182 .context(ks_err!("Trying to invalidate key blob."))
183 }),
184 KeystoreDB::new(
185 &DB_PATH.read().expect("Could not determine database path for GC"),
186 None,
187 )
188 .expect("Failed to open database"),
189 SUPER_KEY.clone(),
190 )
191 }))
192 });
193
194 /// Determine the service name for a KeyMint device of the given security level
195 /// gotten by binder service from the device and determining what services
196 /// are available.
keymint_service_name(security_level: &SecurityLevel) -> Result<Option<String>>197 fn keymint_service_name(security_level: &SecurityLevel) -> Result<Option<String>> {
198 let keymint_descriptor: &str = <BpKeyMintDevice as IKeyMintDevice>::get_descriptor();
199 let keymint_instances = get_declared_instances(keymint_descriptor).unwrap();
200
201 let service_name = match *security_level {
202 SecurityLevel::TRUSTED_ENVIRONMENT => {
203 if keymint_instances.iter().any(|instance| *instance == "default") {
204 Some(format!("{}/default", keymint_descriptor))
205 } else {
206 None
207 }
208 }
209 SecurityLevel::STRONGBOX => {
210 if keymint_instances.iter().any(|instance| *instance == "strongbox") {
211 Some(format!("{}/strongbox", keymint_descriptor))
212 } else {
213 None
214 }
215 }
216 _ => {
217 return Err(Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE)).context(ks_err!(
218 "Trying to find keymint for security level: {:?}",
219 security_level
220 ));
221 }
222 };
223
224 Ok(service_name)
225 }
226
227 /// Make a new connection to a KeyMint device of the given security level.
228 /// If no native KeyMint device can be found this function also brings
229 /// up the compatibility service and attempts to connect to the legacy wrapper.
connect_keymint( security_level: &SecurityLevel, ) -> Result<(Strong<dyn IKeyMintDevice>, KeyMintHardwareInfo)>230 fn connect_keymint(
231 security_level: &SecurityLevel,
232 ) -> Result<(Strong<dyn IKeyMintDevice>, KeyMintHardwareInfo)> {
233 // Show the keymint interface that is registered in the binder
234 // service and use the security level to get the service name.
235 let service_name = keymint_service_name(security_level)
236 .context(ks_err!("Get service name from binder service"))?;
237
238 let (keymint, hal_version) = if let Some(service_name) = service_name {
239 let km: Strong<dyn IKeyMintDevice> =
240 if SecurityLevel::TRUSTED_ENVIRONMENT == *security_level {
241 map_binder_status_code(retry_get_interface(&service_name))
242 } else {
243 map_binder_status_code(binder::get_interface(&service_name))
244 }
245 .context(ks_err!("Trying to connect to genuine KeyMint service."))?;
246 // Map the HAL version code for KeyMint to be <AIDL version> * 100, so
247 // - V1 is 100
248 // - V2 is 200
249 // - V3 is 300
250 // etc.
251 let km_version = km.getInterfaceVersion()?;
252 (km, Some(km_version * 100))
253 } else {
254 // This is a no-op if it was called before.
255 keystore2_km_compat::add_keymint_device_service();
256
257 let keystore_compat_service: Strong<dyn IKeystoreCompatService> =
258 map_binder_status_code(binder::get_interface("android.security.compat"))
259 .context(ks_err!("Trying to connect to compat service."))?;
260 (
261 map_binder_status(keystore_compat_service.getKeyMintDevice(*security_level))
262 .map_err(|e| match e {
263 Error::BinderTransaction(StatusCode::NAME_NOT_FOUND) => {
264 Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE)
265 }
266 e => e,
267 })
268 .context(ks_err!(
269 "Trying to get Legacy wrapper. Attempt to get keystore \
270 compat service for security level {:?}",
271 *security_level
272 ))?,
273 None,
274 )
275 };
276
277 // If the KeyMint device is back-level, use a wrapper that intercepts and
278 // emulates things that are not supported by the hardware.
279 let keymint = match hal_version {
280 Some(400) | Some(300) | Some(200) => {
281 // KeyMint v2+: use as-is (we don't have any software emulation of v3 or v4-specific KeyMint features).
282 log::info!(
283 "KeyMint device is current version ({:?}) for security level: {:?}",
284 hal_version,
285 security_level
286 );
287 keymint
288 }
289 Some(100) => {
290 // KeyMint v1: perform software emulation.
291 log::info!(
292 "Add emulation wrapper around {:?} device for security level: {:?}",
293 hal_version,
294 security_level
295 );
296 BacklevelKeyMintWrapper::wrap(KeyMintV1::new(*security_level), keymint)
297 .context(ks_err!("Trying to create V1 compatibility wrapper."))?
298 }
299 None => {
300 // Compatibility wrapper around a KeyMaster device: this roughly
301 // behaves like KeyMint V1 (e.g. it includes AGREE_KEY support,
302 // albeit in software.)
303 log::info!(
304 "Add emulation wrapper around Keymaster device for security level: {:?}",
305 security_level
306 );
307 BacklevelKeyMintWrapper::wrap(KeyMintV1::new(*security_level), keymint)
308 .context(ks_err!("Trying to create km_compat V1 compatibility wrapper ."))?
309 }
310 _ => {
311 return Err(Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE)).context(ks_err!(
312 "unexpected hal_version {:?} for security level: {:?}",
313 hal_version,
314 security_level
315 ));
316 }
317 };
318
319 let wp = wd::watch("connect_keymint: calling IKeyMintDevice::getHardwareInfo()");
320 let mut hw_info =
321 map_km_error(keymint.getHardwareInfo()).context(ks_err!("Failed to get hardware info."))?;
322 drop(wp);
323
324 // The legacy wrapper sets hw_info.versionNumber to the underlying HAL version like so:
325 // 10 * <major> + <minor>, e.g., KM 3.0 = 30. So 30, 40, and 41 are the only viable values.
326 //
327 // For KeyMint the returned versionNumber is implementation defined and thus completely
328 // meaningless to Keystore 2.0. So set the versionNumber field that is returned to
329 // the rest of the code to be the <AIDL version> * 100, so KeyMint V1 is 100, KeyMint V2 is 200
330 // and so on.
331 //
332 // This ensures that versionNumber value across KeyMaster and KeyMint is monotonically
333 // increasing (and so comparisons like `versionNumber >= KEY_MINT_1` are valid).
334 if let Some(hal_version) = hal_version {
335 hw_info.versionNumber = hal_version;
336 }
337
338 Ok((keymint, hw_info))
339 }
340
341 /// Get a keymint device for the given security level either from our cache or
342 /// by making a new connection. Returns the device, the hardware info and the uuid.
343 /// TODO the latter can be removed when the uuid is part of the hardware info.
get_keymint_device( security_level: &SecurityLevel, ) -> Result<(Strong<dyn IKeyMintDevice>, KeyMintHardwareInfo, Uuid)>344 pub fn get_keymint_device(
345 security_level: &SecurityLevel,
346 ) -> Result<(Strong<dyn IKeyMintDevice>, KeyMintHardwareInfo, Uuid)> {
347 let mut devices_map = KEY_MINT_DEVICES.lock().unwrap();
348 if let Some((dev, hw_info, uuid)) = devices_map.dev_by_sec_level(security_level) {
349 Ok((dev, hw_info, uuid))
350 } else {
351 let (dev, hw_info) =
352 connect_keymint(security_level).context(ks_err!("Cannot connect to Keymint"))?;
353 devices_map.insert(*security_level, dev, hw_info);
354 // Unwrap must succeed because we just inserted it.
355 Ok(devices_map.dev_by_sec_level(security_level).unwrap())
356 }
357 }
358
359 /// Get a keymint device for the given uuid. This will only access the cache, but will not
360 /// attempt to establish a new connection. It is assumed that the cache is already populated
361 /// when this is called. This is a fair assumption, because service.rs iterates through all
362 /// security levels when it gets instantiated.
get_keymint_dev_by_uuid( uuid: &Uuid, ) -> Result<(Strong<dyn IKeyMintDevice>, KeyMintHardwareInfo)>363 pub fn get_keymint_dev_by_uuid(
364 uuid: &Uuid,
365 ) -> Result<(Strong<dyn IKeyMintDevice>, KeyMintHardwareInfo)> {
366 let devices_map = KEY_MINT_DEVICES.lock().unwrap();
367 if let Some((dev, hw_info, _)) = devices_map.dev_by_uuid(uuid) {
368 Ok((dev, hw_info))
369 } else {
370 Err(Error::sys()).context(ks_err!("No KeyMint instance found."))
371 }
372 }
373
374 /// Return all known keymint devices.
get_keymint_devices() -> Vec<Strong<dyn IKeyMintDevice>>375 pub fn get_keymint_devices() -> Vec<Strong<dyn IKeyMintDevice>> {
376 KEY_MINT_DEVICES.lock().unwrap().devices()
377 }
378
379 /// Make a new connection to a secure clock service.
380 /// If no native SecureClock device can be found brings up the compatibility service and attempts
381 /// to connect to the legacy wrapper.
connect_secureclock() -> Result<Strong<dyn ISecureClock>>382 fn connect_secureclock() -> Result<Strong<dyn ISecureClock>> {
383 let secure_clock_descriptor: &str = <BpSecureClock as ISecureClock>::get_descriptor();
384 let secureclock_instances = get_declared_instances(secure_clock_descriptor).unwrap();
385
386 let secure_clock_available =
387 secureclock_instances.iter().any(|instance| *instance == "default");
388
389 let default_time_stamp_service_name = format!("{}/default", secure_clock_descriptor);
390
391 let secureclock = if secure_clock_available {
392 map_binder_status_code(binder::get_interface(&default_time_stamp_service_name))
393 .context(ks_err!("Trying to connect to genuine secure clock service."))
394 } else {
395 // This is a no-op if it was called before.
396 keystore2_km_compat::add_keymint_device_service();
397
398 let keystore_compat_service: Strong<dyn IKeystoreCompatService> =
399 map_binder_status_code(binder::get_interface("android.security.compat"))
400 .context(ks_err!("Trying to connect to compat service."))?;
401
402 // Legacy secure clock services were only implemented by TEE.
403 map_binder_status(keystore_compat_service.getSecureClock())
404 .map_err(|e| match e {
405 Error::BinderTransaction(StatusCode::NAME_NOT_FOUND) => {
406 Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE)
407 }
408 e => e,
409 })
410 .context(ks_err!("Failed attempt to get legacy secure clock."))
411 }?;
412
413 Ok(secureclock)
414 }
415
416 /// Get the timestamp service that verifies auth token timeliness towards security levels with
417 /// different clocks.
get_timestamp_service() -> Result<Strong<dyn ISecureClock>>418 pub fn get_timestamp_service() -> Result<Strong<dyn ISecureClock>> {
419 let mut ts_device = TIME_STAMP_DEVICE.lock().unwrap();
420 if let Some(dev) = &*ts_device {
421 Ok(dev.clone())
422 } else {
423 let dev = connect_secureclock().context(ks_err!())?;
424 *ts_device = Some(dev.clone());
425 Ok(dev)
426 }
427 }
428
429 /// Get the service name of a remotely provisioned component corresponding to given security level.
get_remotely_provisioned_component_name(security_level: &SecurityLevel) -> Result<String>430 pub fn get_remotely_provisioned_component_name(security_level: &SecurityLevel) -> Result<String> {
431 let remote_prov_descriptor: &str =
432 <BpRemotelyProvisionedComponent as IRemotelyProvisionedComponent>::get_descriptor();
433
434 match *security_level {
435 SecurityLevel::TRUSTED_ENVIRONMENT => {
436 let instance = format!("{}/default", remote_prov_descriptor);
437 if is_declared(&instance)? {
438 Some(instance)
439 } else {
440 None
441 }
442 }
443 SecurityLevel::STRONGBOX => {
444 let instance = format!("{}/strongbox", remote_prov_descriptor);
445 if is_declared(&instance)? {
446 Some(instance)
447 } else {
448 None
449 }
450 }
451 _ => None,
452 }
453 .ok_or(Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE))
454 .context(ks_err!("Failed to get rpc for sec level {:?}", *security_level))
455 }
456
457 /// Whether boot is complete.
458 static BOOT_COMPLETED: AtomicBool = AtomicBool::new(false);
459
460 /// Indicate whether boot is complete.
461 ///
462 /// This in turn indicates whether it is safe to make permanent changes to state.
boot_completed() -> bool463 pub fn boot_completed() -> bool {
464 BOOT_COMPLETED.load(Ordering::Acquire)
465 }
466
467 /// Monitor the system property for boot complete. This blocks and so needs to be run in a separate
468 /// thread.
await_boot_completed()469 pub fn await_boot_completed() {
470 // Use a fairly long watchdog timeout of 5 minutes here. This blocks until the device
471 // boots, which on a very slow device (e.g., emulator for a non-native architecture) can
472 // take minutes. Blocking here would be unexpected only if it never finishes.
473 let _wp = wd::watch_millis("await_boot_completed", 300_000);
474 log::info!("monitoring for sys.boot_completed=1");
475 while let Err(e) = watch_for_boot_completed() {
476 log::error!("failed to watch for boot_completed: {e:?}");
477 std::thread::sleep(std::time::Duration::from_secs(5));
478 }
479
480 BOOT_COMPLETED.store(true, Ordering::Release);
481 log::info!("wait_for_boot_completed done, triggering GC");
482
483 // Garbage collection may have been skipped until now, so trigger a check.
484 GC.notify_gc();
485 }
486
watch_for_boot_completed() -> Result<()>487 fn watch_for_boot_completed() -> Result<()> {
488 let mut w = PropertyWatcher::new("sys.boot_completed")
489 .context(ks_err!("PropertyWatcher::new failed"))?;
490 w.wait_for_value("1", None).context(ks_err!("Failed to wait for sys.boot_completed"))?;
491 Ok(())
492 }
493