Switch to sqlcipher library
Prior to this change, a modified sqlcipher 1.1.9 amalgamation bundled
with key-manager was being used. A push to externalize sqlcipher has
emerged as a result of wise men running SAM (a metrics tool) on the
entire key-manager repo to find that a 130k loc file scores badly.
Problem is, the bundled 1.1.9 sqlcipher had meta-tables renamed as
a result of an oversight, ex. sqlite_master was renamed to
sqlcipher_master. Result: binary incompatibility with upstream.
Running upstream sqlcipher on our legacy db files was found to corrupt
the files after running a single query.
Backward compatibility with existing db files is achieved by:
* bundling sqlcipher 4.3.0 amalgamation with key-manager
* renaming meta tables in the bundled sqlcipher so it's capable of
opening legacy db files
* adding a textual sql db dump functionality to the bundled sqlcipher,
based on an upstream extension; it would not work correctly with
1.1.9, thus the bump to upstream version 4.3.0
* correcting meta table names on the fly when dumping, for instance
printing sqlite_sequence instead of sqlcipher_sequence
* keeping legacy db filenames as db-$uid
* introducing upstream db filenames as db0-$uid
* converting legacy db files to upstream by using sql dumps of legacy
files to seed freshly created upstream files
* removing respective legacy files after successful conversion
The bundled amalgamation is factored out into a separate .so library
exporting only one function: dumpLegacyDb. The library is huge and never
needed once the initial conversion is done, thus dlopen/dlsym/dlclose
are employed to mitigate the overhead.
Room for improvement:
* sqlcipher_master meta table contains arbitrary sql that is output
verbatim when dumping; I have not been able able to prove that those
statements are free of misnamed meta table references; key-manager
database dumps appear to be clean
* the entire thing seems fragile; author of the upstream sql dump code
very nearly disclaims responsibility for its correctness so I believe
I should too; no sqlcipher tests were imported, just the amalgamation;
however, a few migration tests were added to ckm-tests-internal
* as before, no additional preprocessor definitions were specified when
compiling bundled amalgamation; it may be possible to make the
resulting binary leaner by judicious use of optimization options;
regardless, that falls out of scope of this change, i.e. doing the
bare minimum to make things work
* the current solution is unlikely to satisfy the SAM crowd - the
amalgamation is still here and it's grown to 230k loc
Change-Id: Ia6b25e29151f7957598b68657d083c064cc44ac9
21 files changed:
projects / platform / core / security / key-manager.git / commit