90 lines
3.2 KiB
Diff
90 lines
3.2 KiB
Diff
From 6a5de80447aff949100a4f02ceb9e3fef902113c Mon Sep 17 00:00:00 2001
|
|
From: harvey186 <harvey186@hotmail.com>
|
|
Date: Wed, 16 Oct 2024 08:41:02 +0200
|
|
Subject: [PATCH] system_security_legacy
|
|
|
|
Change-Id: I1e93c352038cd2287563882025b1b41818b5e78f
|
|
---
|
|
keystore2/src/utils.rs | 26 +++++++++++++++-----------
|
|
1 file changed, 15 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
|
|
index 196cac5..3353f24 100644
|
|
--- a/keystore2/src/utils.rs
|
|
+++ b/keystore2/src/utils.rs
|
|
@@ -18,7 +18,7 @@
|
|
use crate::error::{map_binder_status, map_km_error, Error, ErrorCode};
|
|
use crate::key_parameter::KeyParameter;
|
|
use crate::ks_err;
|
|
-use crate::permission;
|
|
+//use crate::permission;
|
|
use crate::permission::{KeyPerm, KeyPermSet, KeystorePerm};
|
|
pub use crate::watchdog_helper::watchdog;
|
|
use crate::{
|
|
@@ -56,22 +56,23 @@ pub const UNDEFINED_NOT_AFTER: i64 = 253402300799000i64;
|
|
/// This function uses its namesake in the permission module and in
|
|
/// combination with with_calling_sid from the binder crate to check
|
|
/// if the caller has the given keystore permission.
|
|
-pub fn check_keystore_permission(perm: KeystorePerm) -> anyhow::Result<()> {
|
|
- ThreadState::with_calling_sid(|calling_sid| {
|
|
+pub fn check_keystore_permission(_perm: KeystorePerm) -> anyhow::Result<()> {
|
|
+ /*ThreadState::with_calling_sid(|calling_sid| {
|
|
permission::check_keystore_permission(
|
|
calling_sid
|
|
.ok_or_else(Error::sys)
|
|
.context(ks_err!("Cannot check permission without calling_sid."))?,
|
|
perm,
|
|
)
|
|
- })
|
|
+ })*/
|
|
+ Ok(())
|
|
}
|
|
|
|
/// This function uses its namesake in the permission module and in
|
|
/// combination with with_calling_sid from the binder crate to check
|
|
/// if the caller has the given grant permission.
|
|
-pub fn check_grant_permission(access_vec: KeyPermSet, key: &KeyDescriptor) -> anyhow::Result<()> {
|
|
- ThreadState::with_calling_sid(|calling_sid| {
|
|
+pub fn check_grant_permission(_access_vec: KeyPermSet, _key: &KeyDescriptor) -> anyhow::Result<()> {
|
|
+ /*ThreadState::with_calling_sid(|calling_sid| {
|
|
permission::check_grant_permission(
|
|
calling_sid
|
|
.ok_or_else(Error::sys)
|
|
@@ -79,17 +80,20 @@ pub fn check_grant_permission(access_vec: KeyPermSet, key: &KeyDescriptor) -> an
|
|
access_vec,
|
|
key,
|
|
)
|
|
- })
|
|
+ })*/
|
|
+ Ok(())
|
|
}
|
|
|
|
/// This function uses its namesake in the permission module and in
|
|
/// combination with with_calling_sid from the binder crate to check
|
|
/// if the caller has the given key permission.
|
|
pub fn check_key_permission(
|
|
- perm: KeyPerm,
|
|
- key: &KeyDescriptor,
|
|
- access_vector: &Option<KeyPermSet>,
|
|
+ _perm: KeyPerm,
|
|
+ _key: &KeyDescriptor,
|
|
+ _access_vector: &Option<KeyPermSet>,
|
|
) -> anyhow::Result<()> {
|
|
+ Ok(())
|
|
+ /*
|
|
ThreadState::with_calling_sid(|calling_sid| {
|
|
permission::check_key_permission(
|
|
ThreadState::get_calling_uid(),
|
|
@@ -100,7 +104,7 @@ pub fn check_key_permission(
|
|
key,
|
|
access_vector,
|
|
)
|
|
- })
|
|
+ })*/
|
|
}
|
|
|
|
/// This function checks whether a given tag corresponds to the access of device identifiers.
|
|
--
|
|
2.34.1
|
|
|