diff options
author | Chung-yih Wang <cywang@google.com> | 2009-06-08 16:34:54 +0800 |
---|---|---|
committer | Chung-yih Wang <cywang@google.com> | 2009-06-08 16:34:54 +0800 |
commit | a92d5dc0f6d3aadbc64a029ecfacca2f19a661e7 (patch) | |
tree | 12af6c9bb70c3f732500ea2be64543c69a4fbcc3 /cmds/keystore/keystore.c | |
parent | 383bce90737871de0b80082eb3a7925528aae754 (diff) | |
download | frameworks_native-a92d5dc0f6d3aadbc64a029ecfacca2f19a661e7.zip frameworks_native-a92d5dc0f6d3aadbc64a029ecfacca2f19a661e7.tar.gz frameworks_native-a92d5dc0f6d3aadbc64a029ecfacca2f19a661e7.tar.bz2 |
First version of the keystore service.
The keystore service is protected by the user 'keystore'. Only keystore
user/group can access the key content. All users are able to do the
following commands from shell as well:
listcerts
listuserkeys
installcert
removecert
installuserkey
removeuserkey
Diffstat (limited to 'cmds/keystore/keystore.c')
-rw-r--r-- | cmds/keystore/keystore.c | 248 |
1 files changed, 248 insertions, 0 deletions
diff --git a/cmds/keystore/keystore.c b/cmds/keystore/keystore.c new file mode 100644 index 0000000..dbb62b3 --- /dev/null +++ b/cmds/keystore/keystore.c @@ -0,0 +1,248 @@ +/* +** Copyright 2009, The Android Open Source Project +** +** Licensed under the Apache License, Version 2.0 (the "License"); +** you may not use this file except in compliance with the License. +** You may obtain a copy of the License at +** +** http://www.apache.org/licenses/LICENSE-2.0 +** +** Unless required by applicable law or agreed to in writing, software +** distributed under the License is distributed on an "AS IS" BASIS, +** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +** See the License for the specific language governing permissions and +** limitations under the License. +*/ + +#include "keystore.h" + + +static int do_list_certs(char **arg, char reply[REPLY_MAX]) +{ + return list_certs(reply); +} + +static int do_list_userkeys(char **arg, char reply[REPLY_MAX]) +{ + return list_userkeys(reply); +} + +static int do_install_cert(char **arg, char reply[REPLY_MAX]) +{ + return install_cert(arg[0]); /* move the certificate to keystore */ +} + +static int do_remove_cert(char **arg, char reply[REPLY_MAX]) +{ + return remove_cert(arg[0]); /* certificate */ +} + +static int do_install_userkey(char **arg, char reply[REPLY_MAX]) +{ + return install_userkey(arg[0]); /* move the certificate to keystore */ +} + +static int do_remove_userkey(char **arg, char reply[REPLY_MAX]) +{ + return remove_userkey(arg[0]); /* userkey */ +} + +struct cmdinfo { + const char *name; + unsigned numargs; + int (*func)(char **arg, char reply[REPLY_MAX]); +}; + + +struct cmdinfo cmds[] = { + { "listcerts", 0, do_list_certs }, + { "listuserkeys", 0, do_list_userkeys }, + { "installcert", 1, do_install_cert }, + { "removecert", 1, do_remove_cert }, + { "installuserkey", 1, do_install_userkey }, + { "removeuserkey", 1, do_remove_userkey }, +}; + +static int readx(int s, void *_buf, int count) +{ + char *buf = _buf; + int n = 0, r; + if (count < 0) return -1; + while (n < count) { + r = read(s, buf + n, count - n); + if (r < 0) { + if (errno == EINTR) continue; + LOGE("read error: %s\n", strerror(errno)); + return -1; + } + if (r == 0) { + LOGE("eof\n"); + return -1; /* EOF */ + } + n += r; + } + return 0; +} + +static int writex(int s, const void *_buf, int count) +{ + const char *buf = _buf; + int n = 0, r; + if (count < 0) return -1; + while (n < count) { + r = write(s, buf + n, count - n); + if (r < 0) { + if (errno == EINTR) continue; + LOGE("write error: %s\n", strerror(errno)); + return -1; + } + n += r; + } + return 0; +} + + +/* Tokenize the command buffer, locate a matching command, + * ensure that the required number of arguments are provided, + * call the function(), return the result. + */ +static int execute(int s, char cmd[BUFFER_MAX]) +{ + char reply[REPLY_MAX]; + char *arg[TOKEN_MAX+1]; + unsigned i; + unsigned n = 0; + unsigned short count; + int ret = -1; + + /* default reply is "" */ + reply[0] = 0; + + /* n is number of args (not counting arg[0]) */ + arg[0] = cmd; + while (*cmd) { + if (isspace(*cmd)) { + *cmd++ = 0; + n++; + arg[n] = cmd; + if (n == TOKEN_MAX) { + LOGE("too many arguments\n"); + goto done; + } + } + cmd++; + } + + for (i = 0; i < sizeof(cmds) / sizeof(cmds[0]); i++) { + if (!strcmp(cmds[i].name,arg[0])) { + if (n != cmds[i].numargs) { + LOGE("%s requires %d arguments (%d given)\n", + cmds[i].name, cmds[i].numargs, n); + } else { + ret = cmds[i].func(arg + 1, reply); + } + goto done; + } + } + LOGE("unsupported command '%s'\n", arg[0]); + +done: + if (reply[0]) { + n = snprintf(cmd, BUFFER_MAX, "%d %s", ret, reply); + } else { + n = snprintf(cmd, BUFFER_MAX, "%d", ret); + } + if (n > BUFFER_MAX) n = BUFFER_MAX; + count = n; + + if (writex(s, &count, sizeof(count))) return -1; + if (writex(s, cmd, count)) return -1; + + return 0; +} + +int shell_command(const int argc, const char **argv) +{ + int fd, i, r; + unsigned short count; + char cmd[BUFFER_MAX]=""; + + fd = socket_local_client(SOCKET_PATH, + ANDROID_SOCKET_NAMESPACE_RESERVED, + SOCK_STREAM); + if (fd == -1) { + fprintf(stderr, "Keystore service is not up and running\n"); + exit(1); + } + for(i = 0; i < argc; i++) { + if (i > 0) strlcat(cmd, " ", BUFFER_MAX); + if(strlcat(cmd, argv[i], BUFFER_MAX) >= BUFFER_MAX) { + fprintf(stderr, "Arguments are too long\n"); + exit(1); + } + } + count = strlen(cmd); + if (writex(fd, &count, sizeof(count))) return -1; + if (writex(fd, cmd, strlen(cmd))) return -1; + if (readx(fd, &count, sizeof(count))) return -1; + if (readx(fd, cmd, count)) return -1; + cmd[count]=0; + fprintf(stdout, "%s\n", cmd); + return 0; +} + +int main(const int argc, const char *argv[]) +{ + char buf[BUFFER_MAX]; + struct sockaddr addr; + socklen_t alen; + int lsocket, s, count; + + if (argc > 1) { + return shell_command(argc - 1, argv + 1); + } + + lsocket = android_get_control_socket(SOCKET_PATH); + if (lsocket < 0) { + LOGE("Failed to get socket from environment: %s\n", strerror(errno)); + exit(1); + } + if (listen(lsocket, 5)) { + LOGE("Listen on socket failed: %s\n", strerror(errno)); + exit(1); + } + fcntl(lsocket, F_SETFD, FD_CLOEXEC); + + for (;;) { + alen = sizeof(addr); + s = accept(lsocket, &addr, &alen); + if (s < 0) { + LOGE("Accept failed: %s\n", strerror(errno)); + continue; + } + fcntl(s, F_SETFD, FD_CLOEXEC); + + LOGI("new connection\n"); + for (;;) { + unsigned short count; + if (readx(s, &count, sizeof(count))) { + LOGE("failed to read size\n"); + break; + } + if ((count < 1) || (count >= BUFFER_MAX)) { + LOGE("invalid size %d\n", count); + break; + } + if (readx(s, buf, count)) { + LOGE("failed to read command\n"); + break; + } + buf[count] = 0; + if (execute(s, buf)) break; + } + LOGI("closing connection\n"); + close(s); + } + + return 0; +} |