Swift gives us an alternative to if let called guard let, which also unwraps optionals if they contain a value, but works slightly differently: guard let is designed to exit the current function, loop, or condition if the check fails, so any values you unwrap using it will stay around after the check.

To demonstrate the difference, here’s a function that returns the meaning of life as an optional integer:

func getMeaningOfLife() -> Int? {
    42
}

And here’s that function being used inside another function, called printMeaningOfLife():

func printMeaningOfLife() {
    if let name = getMeaningOfLife() {
        print(name)
    }
}

That uses if let, so that the result of getMeaningOfLife() will only be printed if it returned an integer rather than nil.

If we had written that using guard let, it would look like this:

func printMeaningOfLife() {
    guard let name = getMeaningOfLife() else {
        return
    }

    print(name)
}

Yes, that’s a little longer, but two important things have changed:

  1. It lets us focus on the “happy path” – the behavior of our function when everything has gone to plan, which is to print the meaning of life.
  2. guard requires that we exit the current scope when it’s used, which in this case means we must return from the function if it fails. This is not optional: Swift won’t compile our code without the return.

It’s common to see guard used one or more times at the start of methods, because it’s used to verify some conditions are correct up front. This makes our code easier to read than if we tried to check a condition then run some code, then check another condition and run some different code.

So, use if let if you just want to unwrap some optionals, but prefer guard let if you’re specifically checking that conditions are correct before continuing.

Trusty is a secure Operating System (OS) that provides a Trusted Execution Environment (TEE) for Android. The Trusty OS runs on the same processor as the Android OS, but Trusty is isolated from the rest of the system by both hardware and software. Trusty and Android run parallel to each other. Trusty has access to the full power of a device’s main processor and memory but is completely isolated. Trusty's isolation protects it from malicious apps installed by the user and potential vulnerabilities that may be discovered in Android.

Trusty is compatible with ARM and Intel processors. On ARM systems, Trusty uses ARM’s Trustzone™ to virtualize the main processor and create a secure trusted execution environment. Similar support is also available on Intel x86 platforms using Intel’s Virtualization Technology.

Figure 1. Trusty overview diagram.

Trusty consists of:

  • A small OS kernel derived from Little Kernel
  • A Linux kernel driver to transfer data between the secure environment and Android
  • An Android userspace library to communicate with trusted applications (that is, secure tasks/services) via the kernel driver

Note: Trusty and the Trusty API are subject to change. For information about the Trusty API, see the API Reference.

Why Trusty?

Other TEE operating systems are traditionally supplied as binary blobs by third-party vendors or developed internally. Developing internal TEE systems or licensing a TEE from a third-party can be costly to System-on-Chip (SoC) vendors and OEMs. The monetary cost combined with unreliable third-party systems creates an unstable ecosystem for Android. Trusty is being provided to its partners as a reliable and free open source alternative for their Trusted Execution Environment. Trusty offers a level of transparency that is just not possible with closed source systems.

Android supports various TEE implementations so you are not restricted to using Trusty. Each TEE OS has its own unique way of deploying trusted applications. This fragmentation can be a problem for trusted application developers trying to ensure their apps work on every Android device. Using Trusty as a standard helps application developers to easily create and deploy applications without accounting for the fragmentation of multiple TEE systems. Trusty TEE provides developers and partners with transparency, collaboration, inspectability of code, and ease of debugging. Trusted application developers can converge around common tools and APIs to reduce the risk of introducing security vulnerabilities. These developers will have the confidence that they can develop an application and have it reused across multiple devices without further development.

Applications and services

A Trusty application is defined as a collection of binary files (executables and resource files), a binary manifest, and a cryptographic signature. At runtime, Trusty applications run as isolated processes in unprivileged mode under the Trusty kernel. Each process runs in its own virtual memory sandbox utilizing the memory management unit capabilities of the TEE processor. The build of the hardware changes the exact process that Trusty follows, but for example, the kernel schedules these processes using a priority-based, round-robin scheduler driven by a secure timer tick. All Trusty applications share the same priority.

Figure 2. Trusty application overview.

Third-party Trusty applications

Currently all Trusty applications are developed by a single party and packaged with the Trusty kernel image. The entire image is signed and verified by the bootloader during boot. Third-party application development is not supported in Trusty at this time. Although Trusty enables the development of new applications, doing so must be exercised with extreme care; each new application increases the area of the trusted computing base (TCB) of the system. Trusted applications can access device secrets and can perform computations or data transformations using them. The ability to develop new applications that run in the TEE opens up many possibilities for innovation. However, due to the very definition of a TEE, these applications cannot be distributed without some form of trust attached. Typically this comes in the form of a digital signature by an entity trusted by the user of the product on which the application runs.

Uses and examples

Trusted execution environments are fast becoming a standard in mobile devices. Users are relying more and more on their mobile devices for their everyday lives and the need for security is always growing. Mobile devices with a TEE are more secure than devices without a TEE.

On devices with a TEE implementation, the main processor is often referred to as “untrusted”, meaning it cannot access certain areas of RAM, hardware registers, and write-once fuses where secret data (such as, device-specific cryptographic keys) are stored by the manufacturer. Software running on the main processor delegates any operations that require use of secret data to the TEE processor.

The most widely known example of this in the Android ecosystem is the DRM framework for protected content. Software running on the TEE processor can access device-specific keys required to decrypt protected content. The main processor sees only the encrypted content, providing a high level of security and protection against software-based attacks.

There are many other uses for a TEE such as mobile payments, secure banking, multi-factor authentication, device reset protection, replay-protected persistent storage, secure PIN and fingerprint processing, and even malware detection.

 

 

아 빡세다 빡세...

 

'ANDROID' 카테고리의 다른 글

When to use guard let rather than if let  (0) 2024.03.11
Trusty TEE  (0) 2024.03.11
[Trouble Shooting] AccessToken 의 특이점 발견  (0) 2023.08.08
[Android] Classpath 문제 해결하기  (0) 2023.06.26
[Android Update] access_token  (0) 2023.06.20
2023-08-08 01:59:23.917  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  --> POST https://api.moyamo.co.kr/v2/auth/login/naver h2
2023-08-08 01:59:23.917  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  User-Agent: Android_OS_SDK:31, App_Version:6.4.31, Cell_Info:google sdk_gphone64_x86_64, Android_Id:a36b82c18eae80e3
2023-08-08 01:59:23.917  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  Content-Type: application/json; charset=UTF-8
2023-08-08 01:59:23.918  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  Content-Length: 129
2023-08-08 01:59:23.918  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  Host: api.moyamo.co.kr
2023-08-08 01:59:23.918  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  Connection: Keep-Alive
2023-08-08 01:59:23.918  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  Accept-Encoding: gzip
2023-08-08 01:59:23.918  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  {"accessToken":"AAAAN+ME0ogHKhm5mMYvvy3GPYJMMI0QFFsDdDOVLU1BdCC8tnx6qrSIBQt8LssW4SkMpisQ7cZ0qoizv5U/SwK4QK8=","nickName":"naver"}
2023-08-08 01:59:23.918  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  --> END POST (129-byte body)
2023-08-08 01:59:24.135  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  <-- 200 https://api.moyamo.co.kr/v2/auth/login/naver (216ms)
2023-08-08 01:59:24.135  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  date: Mon, 07 Aug 2023 16:59:24 GMT
2023-08-08 01:59:24.135  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  content-type: application/json
2023-08-08 01:59:24.136  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Origin
2023-08-08 01:59:24.136  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Access-Control-Request-Method
2023-08-08 01:59:24.137  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Access-Control-Request-Headers
2023-08-08 01:59:24.137  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-content-type-options: nosniff
2023-08-08 01:59:24.137  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-xss-protection: 1; mode=block
2023-08-08 01:59:24.137  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  cache-control: no-cache, no-store, max-age=0, must-revalidate
2023-08-08 01:59:24.138  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  pragma: no-cache
2023-08-08 01:59:24.138  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  expires: 0
2023-08-08 01:59:24.138  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-frame-options: DENY
2023-08-08 01:59:24.139  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  {"resultCode":1000,"resultData":{"userInfo":{"id":1799455,"nickname":"남한강오리2","photoUrl":null,"level":1,"role":"user","status":"normal","levelInfo":{"badge":"http://1758717c88a515aa.kinxzone.com/commons/badges/badge0.png","level":1,"name":"일반"},"activity":{"postingCount":0,"commentCount":0,"adoptedCount":0},"provider":"naver","createdAt":"2023-05-26T04:18:25Z","badgeCount":0,"representBadge":null,"totalPhotosCnt":0,"totalPhotosLikeCnt":0,"security":{"email":null,"phoneNumber":null,"authIdKey":null,"authIdKeySendedAt":null},"newbie":true},"userAccessHistory":null,"userToken":"0a1e66c494184b2ca244866232b8c0e5","userTokenExpireAt":"2023-09-06 16:59:24","refreshToken":"8127b59f64434627aa91357c3bc317a9","refreshTokenExpireAt":"2023-10-07 16:59:24","adNotiAgreement":null,"adNotiConfirmedAt":null},"resultMsg":"성공."}
2023-08-08 01:59:24.139  9052-10245 okhttp.OkHttpClient     com.atlas.moyamo                     I  <-- END HTTP (838-byte body)
2023-08-08 01:59:24.217  9052-9052  DataBinding             com.atlas.moyamo                     W  Setting the fragment as the LifecycleOwner might cause memory leaks because views lives shorter than the Fragment. Consider using Fragment's view lifecycle
2023-08-08 01:59:24.220  9052-9052  Glide                   com.atlas.moyamo                     W  Load failed for null with size [0x0]
                                                                                                    class com.bumptech.glide.load.engine.GlideException: Received null model
2023-08-08 01:59:24.220  9052-9052  System.out              com.atlas.moyamo                     I  imageProfileAdapter 1799455
2023-08-08 01:59:24.228  9052-10256 System.out              com.atlas.moyamo                     I  okhttp ResponseInterceptor pre synchronized - http://v2/users/me
2023-08-08 01:59:24.229  9052-10256 System.out              com.atlas.moyamo                     I  ResponseInterceptor isExpiredTime 2023-09-06 16:59:24 - 1 - http://v2/users/me
2023-08-08 01:59:24.234  9052-10256 System.out              com.atlas.moyamo                     I  call bearer token Bearer e5d087a4a4264b0eafdd681b8935edc5
2023-08-08 01:59:24.234  9052-10256 System.out              com.atlas.moyamo                     I  call bearer token2 Bearer 0a1e66c494184b2ca244866232b8c0e5
2023-08-08 01:59:24.235  9052-9052  System.out              com.atlas.moyamo                     I  check init viewModel
2023-08-08 01:59:24.235  9052-9052  DataBinding             com.atlas.moyamo                     W  Setting the fragment as the LifecycleOwner might cause memory leaks because views lives shorter than the Fragment. Consider using Fragment's view lifecycle
2023-08-08 01:59:24.238  9052-9052  Glide                   com.atlas.moyamo                     W  Load failed for null with size [0x0]
                                                                                                    class com.bumptech.glide.load.engine.GlideException: Received null model
2023-08-08 01:59:24.238  9052-9052  System.out              com.atlas.moyamo                     I  imageProfileAdapter 0
2023-08-08 01:59:24.238  9052-9052  Glide                   com.atlas.moyamo                     W  Load failed for null with size [0x0]
                                                                                                    class com.bumptech.glide.load.engine.GlideException: Received null model
2023-08-08 01:59:24.241  9052-10257 System.out              com.atlas.moyamo                     I  okhttp ResponseInterceptor pre synchronized - http://v2/users/me
2023-08-08 01:59:24.244  9052-10257 System.out              com.atlas.moyamo                     I  ResponseInterceptor isExpiredTime 2023-09-06 16:59:24 - 1 - http://v2/users/me
2023-08-08 01:59:24.248  9052-10257 System.out              com.atlas.moyamo                     I  call bearer token Bearer 0a1e66c494184b2ca244866232b8c0e5
2023-08-08 01:59:24.249  9052-10257 System.out              com.atlas.moyamo                     I  call bearer token2 Bearer 0a1e66c494184b2ca244866232b8c0e5
2023-08-08 01:59:24.250  9052-9323  System.out              com.atlas.moyamo                     I  Print Throw Stack 
2023-08-08 01:59:24.253  9052-9052  Glide                   com.atlas.moyamo                     W  Load failed for null with size [0x0]
                                                                                                    class com.bumptech.glide.load.engine.GlideException: Received null model
2023-08-08 01:59:24.254  9052-9052  Glide                   com.atlas.moyamo                     W  Load failed for null with size [0x0]
                                                                                                    class com.bumptech.glide.load.engine.GlideException: Received null model
2023-08-08 01:59:24.254  9052-9052  Glide                   com.atlas.moyamo                     W  Load failed for null with size [0x0]
                                                                                                    class com.bumptech.glide.load.engine.GlideException: Received null model
2023-08-08 01:59:24.254  9052-9323  System.out              com.atlas.moyamo                     I  error Job was cancelled
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  --> POST https://api.moyamo.co.kr/v2/logs h2
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  User-Agent: Android_OS_SDK:31, App_Version:6.4.31, Cell_Info:google sdk_gphone64_x86_64, Android_Id:a36b82c18eae80e3
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  Content-Type: application/json; charset=UTF-8
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  Content-Length: 165
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  Host: api.moyamo.co.kr
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  Connection: Keep-Alive
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  Accept-Encoding: gzip
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  {"androidOS":31,"androidid":"a36b82c18eae80e3","appVersion":"6.4.31","cellInfo":"google sdk_gphone64_x86_64","stack":"","timestamp":"1691427564250","userid":1799455}
2023-08-08 01:59:24.258  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  --> END POST (165-byte body)
2023-08-08 01:59:24.273  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  <-- 200 https://api.moyamo.co.kr/v2/logs (14ms)
2023-08-08 01:59:24.273  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  date: Mon, 07 Aug 2023 16:59:24 GMT
2023-08-08 01:59:24.273  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  content-type: application/json
2023-08-08 01:59:24.273  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Origin
2023-08-08 01:59:24.273  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Access-Control-Request-Method
2023-08-08 01:59:24.273  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Access-Control-Request-Headers
2023-08-08 01:59:24.274  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-content-type-options: nosniff
2023-08-08 01:59:24.274  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-xss-protection: 1; mode=block
2023-08-08 01:59:24.274  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  cache-control: no-cache, no-store, max-age=0, must-revalidate
2023-08-08 01:59:24.274  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  pragma: no-cache
2023-08-08 01:59:24.274  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  expires: 0
2023-08-08 01:59:24.274  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-frame-options: DENY
2023-08-08 01:59:24.274  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  {"resultCode":1000,"resultData":null,"resultMsg":null}
2023-08-08 01:59:24.275  9052-10260 okhttp.OkHttpClient     com.atlas.moyamo                     I  <-- END HTTP (54-byte body)
2023-08-08 01:59:24.291  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  --> GET https://api.moyamo.co.kr/v2/users/me h2
2023-08-08 01:59:24.291  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  Authorization: Bearer 0a1e66c494184b2ca244866232b8c0e5
2023-08-08 01:59:24.292  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  User-Agent: Android_OS_SDK:31, App_Version:6.4.31, Cell_Info:google sdk_gphone64_x86_64, Android_Id:a36b82c18eae80e3
2023-08-08 01:59:24.292  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  Host: api.moyamo.co.kr
2023-08-08 01:59:24.292  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  Connection: Keep-Alive
2023-08-08 01:59:24.298  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  Accept-Encoding: gzip
2023-08-08 01:59:24.299  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  --> END GET
2023-08-08 01:59:24.325  9052-9052  System.out              com.atlas.moyamo                     I  Print Throw Stack response 1000
2023-08-08 01:59:24.331  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  <-- 200 https://api.moyamo.co.kr/v2/users/me (32ms)
2023-08-08 01:59:24.331  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  date: Mon, 07 Aug 2023 16:59:24 GMT
2023-08-08 01:59:24.331  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  content-type: application/json
2023-08-08 01:59:24.331  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Origin
2023-08-08 01:59:24.331  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Access-Control-Request-Method
2023-08-08 01:59:24.331  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  vary: Access-Control-Request-Headers
2023-08-08 01:59:24.333  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-content-type-options: nosniff
2023-08-08 01:59:24.333  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-xss-protection: 1; mode=block
2023-08-08 01:59:24.333  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  cache-control: no-cache, no-store, max-age=0, must-revalidate
2023-08-08 01:59:24.333  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  pragma: no-cache
2023-08-08 01:59:24.333  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  expires: 0
2023-08-08 01:59:24.333  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  x-frame-options: DENY
2023-08-08 01:59:24.333  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  {"resultCode":1000,"resultData":{"id":1799455,"nickname":"남한강오리2","photoUrl":null,"level":1,"role":"user","status":"normal","levelInfo":{"badge":"http://1758717c88a515aa.kinxzone.com/commons/badges/badge0.png","level":1,"name":"일반"},"activity":{"postingCount":0,"commentCount":0,"adoptedCount":0},"provider":"naver","badgeCount":0,"representBadge":null,"totalPhotosCnt":0,"totalPhotosLikeCnt":0,"photoEnable":false,"security":{"email":null,"phoneNumber":null,"authIdKey":null,"authIdKeySendedAt":null},"newbie":true},"resultMsg":null}
2023-08-08 01:59:24.335  9052-10257 okhttp.OkHttpClient     com.atlas.moyamo                     I  <-- END HTTP (548-byte body)
2023-08-08 01:59:24.335  9052-10257 System.out              com.atlas.moyamo                     I  ResponseInterceptor ........정상처리.......... - http://v2/users/me
2023-08-08 01:59:24.351  9052-9052  Glide                   com.atlas.moyamo                     W  Load failed for null with size [0x0]
                                                                                                    class com.bumptech.glide.load.engine.GlideException: Received null model
2023-08-08 01:59:24.351  9052-9052  System.out              com.atlas.moyamo                     I  imageProfileAdapter 1799455

 

result 로 반환된 accessToken 의 자릿수와, 그 이후에 사용되는 Bearer 의 다름이 확인되었다.

특히 result로 반환된 accessToken 으로는 shop 의 API가 호출이 가능해서 인증이 가능했지만, Bearer 로는 불가능했다.

아마 내가 보기엔 이 부분이 문제가 되는 것 같다!

+ Recent posts