In the previous entry, nosotros constitute how Android's
Browsing the
The
As tin endure expected, the
In this example, the application amongst UID
Each telephone vociferation upwardly to
Besides controlling private commutation storage, the
The terminal constituent of the
ICS introduces a novel service that grants access to both the organisation commutation shop (managed past times the keystore daemon) in addition to trust shop (manged past times the
keystore daemon manages keys in addition to certificates, in addition to how to connect to it using the provided keystore_cli utility. Now nosotros volition expression at the intermediate layers betwixt the OS daemon in addition to Blue Planet KeyChain API introduced inward ICS.Browsing the
android.security package, nosotros notice 2 AIDL files: IKeyChainService.aidl in addition to IKeyChainAliasCallback.aidl. This is a hint that the actual commutation shop functionality, similar most Android OS services, is implemented every bit a remote service that Blue Planet API's bind to. IKeyChainAliasCallback is precisely the callback called when y'all select a commutation via KeyStore#choosePrivateKeyAlias(), so it's of niggling interest. IKeyChainService has the actual methods KeyChain uses to larn a grip to a private commutation or a certificate, plus approximately internal API's used past times the Settings in addition to certificate installer applications. Naturally, the whole interface is marked every bit hidden, so SDK applications cannot straight bind to the service.The
IKeyChainService interface has ane implementation, the KeyChainService inward the KeyChain.apk organisation package. We notice the origin inward packages/apps/KeyChain, so let's explore the app's configuration. Looking at the manifest reveals that it consists of iii components: the KeyChainService, a KeyChainActivity, in addition to a broadcast receiver, y'all guessed it, KeyChainBroadcastReceiver. The bundle is com.android.keychain in addition to its sharedUserId is prepare to 'android.uid.system', which, every bit nosotros saw inward the previous article, is necessary to endure able to shipping administration commands to the native keystore daemon. Let's outset examine the service.As tin endure expected, the
KeyChainService is a wrapper for the android.security.KeyStore shape that straight communicates amongst the native keystore daemon. It provides iv sets of functionality: - key shop management: methods for getting private keys in addition to certificates
- trust shop management: methods for installing in addition to deleting CA certificates inward the user trust store
- key in addition to trust shop initialization: a
reset()method that deletes all commutation shop entries, including the master copy key, therefore returning the commutation shop to a 'not initialized' state; it also removes all user-installed trusted certificates - methods for querying in addition to adding entries to the commutation access grant database (more on this later)
KeyChain application is running every bit the system user, whatever procedure that binds to its remote interface would technically endure able to perform all commutation in addition to trust shop operations. To foreclose this, the KeyChainService imposes additional access command on its users. It employs 2 mechanisms to laissez passer this: controlling access based on the caller's UID in addition to a commutation access grant database. Deleting a CA certificate in addition to resetting the commutation in addition to trust stores are entirely allowed to the system user (those operations are typically called via the Settings app's UI, which runs every bit system), in addition to installing a trusted CA certificate is entirely allowed to the system user or the certificate installer application (com.android.certinstaller package). Controlling access to the commutation shop is a niggling fleck to a greater extent than interesting: KeyChainService maintains a grants database (in /data/data/com.android.keychain/databases/grants.db) that maps UID's to the commutation aliases they are allowed to use. Let's bring a expression inside:# cd /data/data/com.android.keychain/databases cd /data/data/com.android.keychain/databases # ls ls grants.db grants.db-journal # sqlite3 grants.db sqlite3 grants.db sqlite> .schema .schema CREATE TABLE android_metadata (locale TEXT); CREATE TABLE grants ( alias STRING NOT NULL, uid INTEGER NOT NULL, UNIQUE (al ias,uid)); sqlite> select * from grants; select * from grants; test|10044 key1|10044 In this example, the application amongst UID
10044 (our bear witness application) is granted access to the keys amongst the test in addition to key1 aliases.Each telephone vociferation upwardly to
getPrivateKey() or getCertificate() is dependent champaign to a banking concern stand upwardly for against the grants database, in addition to results inward a exception if a grant for the required alias is non found. As stated before, KeyChainService has API's for adding in addition to querying grants, in addition to entirely the system user is allowed to telephone vociferation upwardly them. But who is responsible for truly granting in addition to revoking access? Remember the private commutation alternative dialog from the outset article? When y'all telephone vociferation upwardly KeyChain#choosePrivateKeyAlias(), it volition start the KeyChainActivity introduced above, which volition banking concern stand upwardly for if the commutation shop is unlocked, in addition to if so, demonstrate they commutation alternative dialog. Clicking the 'Allow' push volition render to the KeyChainActivity, which volition in addition to so telephone vociferation upwardly KeyChainService#setGrant() amongst the selected alias, adding it to the grants database. Thus, fifty-fifty if the activity requesting access to a private commutation has the needed permissions, the user has to unlock the commutation shop in addition to explicitly authorize access to each private key.Besides controlling private commutation storage, the
KeyChainService also offers trust shop administration past times using the newly added TrustedCertificateStore shape (part of libcore). This shape provides both the might to add together user-installed trusted CA certificates in addition to take (mark every bit non trusted) organisation (pre-installed) CA's. Since the implementation is fairly complex in addition to rather interesting, it volition endure the theme of approximately other post.The terminal constituent of the
KeyChain app is the KeyChainBroadcastReceiver. It listens for a android.intent.action.PACKAGE_REMOVED broadcast in addition to only forwards command to the KeyChainService. On receiving the PACKAGE_REMOVED action, the service does approximately grant database maintenance: it goes through all entries in addition to deletes those referencing packages that are no longer available (i.e., uninstalled ones). With this nosotros right away bring the (almost) consummate flick (click to enlarge):
ICS introduces a novel service that grants access to both the organisation commutation shop (managed past times the keystore daemon) in addition to trust shop (manged past times the
TrustedCertificateStore class) that backs the KeyChain API exposed inward Blue Planet SDK. That makes it possible to command access to keys based on both the calling process's UID in addition to the commutation access grant database, therefore allowing for fine-grained, user-driven command over what keys each application tin access. We've discussed most of the components this framework consists of inward this in addition to the previous entry. What remains is to expression into the novel trust shop implementation introduced inward Android 4.0. That volition endure the focus of the next post of this series.
Tag :
android security
0 Komentar untuk "Droidcedas : Ics Credential Storage Implementation, Business Office 2"