fix: skip system uid when trying to get non-exist key

qwq233 · qwq233 · commit 464ee9f932f3 · 2025-10-26T16:33:35.000+08:00
diff --git a/module/template/keybox.xml b/module/template/keybox.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <AndroidAttestation>
-    <NumberOfKeyboxes>1</NumberOfKeyboxes>
+    <NumberOfKeyboxes>2</NumberOfKeyboxes>
     <Keybox DeviceID="sw">
         <Key algorithm="ecdsa">
             <PrivateKey format="pem">
diff --git a/service/src/main/java/io/github/a13e300/tricky_store/KeystoreInterceptor.kt b/service/src/main/java/io/github/a13e300/tricky_store/KeystoreInterceptor.kt
@@ -75,19 +75,31 @@ object KeystoreInterceptor : BinderInterceptor() {
                             return Skip
                         }
 
-                        val response = if (omk != null) {
-                            omk.getKeyEntry(ctx, descriptor)
-                        } else {
-                            Cache.getKeyResponse(callingUid, descriptor.alias)
+                        val p = Parcel.obtain()
+
+                        if (omk != null) {
+                            val response = omk.getKeyEntry(ctx, descriptor)
+                            p.writeNoException()
+                            p.writeTypedObject(response, 0)
+                            return OverrideReply(0, p)
                         }
 
-                        val p = Parcel.obtain()
+                        val response =
+                            Cache.getKeyResponse(callingUid, descriptor.alias)
+
                         if (response != null) {
                             Logger.i("generate key for uid=$callingUid alias=${descriptor.alias}")
                             p.writeNoException()
                             p.writeTypedObject(response, 0)
                         } else {
                             Logger.d("key not found for uid=$callingUid alias=${descriptor.alias}")
+                            // We skip system uid requests because tricky store obviously does not store every keys
+                            // and it may cause issues with system services expecting certain keys to be present.
+                            // like lockscreen keys.
+                            if (callingUid == 1000) {
+                                Logger.d("system uid requesting generated key alias=${descriptor.alias}")
+                                return Skip
+                            }
                             p.writeException(
                                 ServiceSpecificException(
                                     ResponseCode.KEY_NOT_FOUND,
diff --git a/service/src/main/java/io/github/a13e300/tricky_store/SecurityLevelInterceptor.kt b/service/src/main/java/io/github/a13e300/tricky_store/SecurityLevelInterceptor.kt
@@ -252,6 +252,19 @@ class SecurityLevelInterceptor(
                     return OverrideReply(0, p)
                 }
             }
+
+            deleteKeyTransaction -> runCatching {
+                data.enforceInterface(IKeystoreSecurityLevel.DESCRIPTOR)
+                val key = data.readTypedObject(KeyDescriptor.CREATOR) ?: return Skip
+
+                if (securityLevel != null) {
+                    securityLevel.deleteKey(key)
+
+                    val p = Parcel.obtain()
+                    p.writeNoException()
+                    return OverrideReply(0, p)
+                }
+            }
         }
         return Skip
     }
diff --git a/service/src/main/java/io/github/a13e300/tricky_store/binder/BinderInterceptor.kt b/service/src/main/java/io/github/a13e300/tricky_store/binder/BinderInterceptor.kt
@@ -75,7 +75,7 @@ open class BinderInterceptor : Binder() {
                 val theCode = data.readInt()
                 val theFlags = data.readInt()
                 val callingUid = data.readInt()
-                val callingSid = data.readString()
+                // val callingSid = data.readString()
                 val callingPid = data.readInt()
                 val resultCode = data.readInt()
                 val theData = Parcel.obtain()
@@ -94,7 +94,7 @@ open class BinderInterceptor : Binder() {
                     val ctx = CallerInfo().apply {
                         this.callingUid = callingUid.toLong()
                         this.callingPid = callingPid.toLong()
-                        this.callingSid = callingSid
+                        this.callingSid = "reserved"
                     }
 
                     onPostTransact(target, theCode, theFlags, ctx, theData, if (sz2 == 0) null else theReply, resultCode)

Original file line number	Diff line number	Diff line change
`@@ -252,6 +252,19 @@ class SecurityLevelInterceptor(`
`252`	`252`	`return OverrideReply(0, p)`
`253`	`253`	`}`
`254`	`254`	`}`
	`255`	`+`
	`256`	`+ deleteKeyTransaction -> runCatching {`
	`257`	`+ data.enforceInterface(IKeystoreSecurityLevel.DESCRIPTOR)`
	`258`	`+ val key = data.readTypedObject(KeyDescriptor.CREATOR) ?: return Skip`
	`259`	`+`
	`260`	`+ if (securityLevel != null) {`
	`261`	`+ securityLevel.deleteKey(key)`
	`262`	`+`
	`263`	`+ val p = Parcel.obtain()`
	`264`	`+ p.writeNoException()`
	`265`	`+ return OverrideReply(0, p)`
	`266`	`+ }`
	`267`	`+ }`
`255`	`268`	`}`
`256`	`269`	`return Skip`
`257`	`270`	`}`