github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/secret_store_android.go

github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/secret_store_android.go (about)

     1  // Copyright 2019 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  //go:build android
     5  // +build android
     6  
     7  package libkb
     8  
     9  import "strconv"
    10  
    11  func NewSecretStoreAll(mctx MetaContext) SecretStoreAll {
    12  	secFile := NewSecretStoreFile(mctx.G().Env.GetDataDir())
    13  	// Note: do not set up notifySecretStoreCreate for secret store file on
    14  	// Android, as it's only related to relevant to PGP key management.
    15  
    16  	if mctx.G().Env.ForceSecretStoreFile() {
    17  		// Allow use of file secret store on Android, for debugging or use with
    18  		// Termux (https://termux.com/).
    19  		return secFile
    20  	}
    21  
    22  	secAndroid := &secretStoreAndroid{}
    23  
    24  	mctx.Debug("NewSecretStoreAll on Android (ver=%s): creating upgradeable secret store", mctx.G().MobileOsVersion)
    25  
    26  	var androidOsVersion int64
    27  	if v, err := strconv.ParseInt(mctx.G().MobileOsVersion, 10, 32); err == nil {
    28  		androidOsVersion = v
    29  	} else {
    30  		mctx.Debug("Unable to figure out Android version. MobileOsVersion is: %s, errors was: %s",
    31  			mctx.G().MobileOsVersion, err)
    32  	}
    33  
    34  	shouldUpgradeOpportunistically := func() bool {
    35  		return true
    36  	}
    37  	shouldStoreInFallback := func(options *SecretStoreOptions) SecretStoreFallbackBehavior {
    38  		if androidOsVersion <= 22 {
    39  			// Use file based secret store on old Android version (22 or less)
    40  			// or when Android version is unknown (0). Not detecting Android
    41  			// version properly would be highly unusual - either a bug in our
    42  			// binding code (where we pass MobileOsVersion), or some custom
    43  			// operating system that did not report its version properly
    44  			// thorugh the API that we use.
    45  
    46  			// Do not even try to use external secret store (so no
    47  			// SecretStoreFallbackBehaviorOnError) - we've found that on older
    48  			// systems, secret store would often work for some time and then
    49  			// start failing with errors. That could leave users stuck.
    50  
    51  			return SecretStoreFallbackBehaviorAlways
    52  		}
    53  
    54  		// Fallback to file store on error - when external store is not
    55  		// available. This may be the case when user does not have lock screen
    56  		// or pin code set up.
    57  		return SecretStoreFallbackBehaviorOnError
    58  
    59  	}
    60  	return NewSecretStoreUpgradeable(secAndroid, secFile, "android secret store", "file-based secret store",
    61  		shouldUpgradeOpportunistically, shouldStoreInFallback)
    62  }