1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef KEYSTORE_OPERATION_H_ 18 #define KEYSTORE_OPERATION_H_ 19 20 #include <hardware/hw_auth_token.h> 21 #include <hardware/keymaster2.h> 22 #include <binder/Binder.h> 23 #include <binder/IBinder.h> 24 #include <utils/LruCache.h> 25 #include <utils/StrongPointer.h> 26 #include <map> 27 #include <vector> 28 29 namespace android { 30 31 struct keymaster_key_characteristics_t_Delete { operatorkeymaster_key_characteristics_t_Delete32 void operator()(keymaster_key_characteristics_t* characteristics) const { 33 keymaster_free_characteristics(characteristics); 34 delete characteristics; 35 } 36 }; 37 typedef std::unique_ptr<keymaster_key_characteristics_t, keymaster_key_characteristics_t_Delete> 38 Unique_keymaster_key_characteristics; 39 40 /** 41 * OperationMap handles the translation of keymaster_operation_handle_t's and 42 * keymaster2_device_t's to opaque binder tokens that can be used to reference 43 * that operation at a later time by applications. It also does LRU tracking 44 * for operation pruning and keeps a mapping of clients to operations to allow 45 * for graceful handling of application death. 46 */ 47 class OperationMap { 48 public: 49 OperationMap(IBinder::DeathRecipient* deathRecipient); 50 sp<IBinder> addOperation(keymaster_operation_handle_t handle, uint64_t keyid, 51 keymaster_purpose_t purpose, const keymaster2_device_t* dev, 52 sp<IBinder> appToken, keymaster_key_characteristics_t* characteristics, 53 bool pruneable); 54 bool getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle, 55 uint64_t* outKeyid, keymaster_purpose_t* outPurpose, 56 const keymaster2_device_t** outDev, 57 const keymaster_key_characteristics_t** outCharacteristics); 58 bool removeOperation(sp<IBinder> token); 59 bool hasPruneableOperation() const; getOperationCount()60 size_t getOperationCount() const { return mMap.size(); } 61 size_t getPruneableOperationCount() const; 62 bool getOperationAuthToken(sp<IBinder> token, const hw_auth_token_t** outToken); 63 bool setOperationAuthToken(sp<IBinder> token, const hw_auth_token_t* authToken); 64 sp<IBinder> getOldestPruneableOperation(); 65 std::vector<sp<IBinder>> getOperationsForToken(sp<IBinder> appToken); 66 67 private: 68 void updateLru(sp<IBinder> token); 69 void removeOperationTracking(sp<IBinder> token, sp<IBinder> appToken); 70 struct Operation { 71 Operation(); 72 Operation(keymaster_operation_handle_t handle, uint64_t keyid, keymaster_purpose_t purpose, 73 const keymaster2_device_t* device, 74 keymaster_key_characteristics_t* characteristics, sp<IBinder> appToken); 75 keymaster_operation_handle_t handle; 76 uint64_t keyid; 77 keymaster_purpose_t purpose; 78 const keymaster2_device_t* device; 79 Unique_keymaster_key_characteristics characteristics; 80 sp<IBinder> appToken; 81 std::unique_ptr<hw_auth_token_t> authToken; 82 }; 83 std::map<sp<IBinder>, struct Operation> mMap; 84 std::vector<sp<IBinder>> mLru; 85 std::map<sp<IBinder>, std::vector<sp<IBinder>>> mAppTokenMap; 86 IBinder::DeathRecipient* mDeathRecipient; 87 }; 88 } // namespace android 89 #endif 90