summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndres Morales2015-04-03 18:40:15 -0500
committerAndres Morales2015-04-08 17:20:22 -0500
commit2d08dce0beedcfc63b2a837045d1be7d49157555 (patch)
tree0a74bf6cd5b25138d1fc63ae8c0df389912efb0f /gatekeeperd/IGateKeeperService.cpp
parent56b8a6a59f6e86ba88ede9719e3445e8eb3187ae (diff)
downloadplatform-system-core-2d08dce0beedcfc63b2a837045d1be7d49157555.tar.gz
platform-system-core-2d08dce0beedcfc63b2a837045d1be7d49157555.tar.xz
platform-system-core-2d08dce0beedcfc63b2a837045d1be7d49157555.zip
GateKeeper proxy service
Until we have SELinux support for gating access to individual TEE services, we will proxy TEE requests to GateKeeper via this daemon. Change-Id: Ifa316b75f75bff79bdae613a112c8c3c2e7189a8
Diffstat (limited to 'gatekeeperd/IGateKeeperService.cpp')
-rw-r--r--gatekeeperd/IGateKeeperService.cpp93
1 files changed, 93 insertions, 0 deletions
diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp
new file mode 100644
index 000000000..133df4cbd
--- /dev/null
+++ b/gatekeeperd/IGateKeeperService.cpp
@@ -0,0 +1,93 @@
1/*
2 * Copyright 2015, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15*/
16
17#define LOG_TAG "GateKeeperService"
18#include <utils/Log.h>
19
20#include "IGateKeeperService.h"
21
22namespace android {
23
24const android::String16 IGateKeeperService::descriptor("android.service.gatekeeper.IGateKeeperService");
25const android::String16& IGateKeeperService::getInterfaceDescriptor() const {
26 return IGateKeeperService::descriptor;
27}
28
29status_t BnGateKeeperService::onTransact(
30 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) {
31 switch(code) {
32 case ENROLL: {
33 CHECK_INTERFACE(IGateKeeperService, data, reply);
34 uint32_t uid = data.readInt32();
35
36 ssize_t currentPasswordHandleSize = data.readInt32();
37 const uint8_t *currentPasswordHandle =
38 static_cast<const uint8_t *>(data.readInplace(currentPasswordHandleSize));
39 if (!currentPasswordHandle) currentPasswordHandleSize = 0;
40
41 ssize_t currentPasswordSize = data.readInt32();
42 const uint8_t *currentPassword =
43 static_cast<const uint8_t *>(data.readInplace(currentPasswordSize));
44 if (!currentPassword) currentPasswordSize = 0;
45
46 ssize_t desiredPasswordSize = data.readInt32();
47 const uint8_t *desiredPassword =
48 static_cast<const uint8_t *>(data.readInplace(desiredPasswordSize));
49 if (!desiredPassword) desiredPasswordSize = 0;
50
51 uint8_t *out = NULL;
52 uint32_t outSize = 0;
53 status_t ret = enroll(uid, currentPasswordHandle, currentPasswordHandleSize,
54 currentPassword, currentPasswordSize, desiredPassword,
55 desiredPasswordSize, &out, &outSize);
56
57 reply->writeNoException();
58 if (ret == NO_ERROR && outSize > 0 && out != NULL) {
59 reply->writeInt32(outSize);
60 void *buf = reply->writeInplace(outSize);
61 memcpy(buf, out, outSize);
62 free(out);
63 } else {
64 reply->writeInt32(-1);
65 }
66 return NO_ERROR;
67 }
68 case VERIFY: {
69 CHECK_INTERFACE(IGateKeeperService, data, reply);
70 uint32_t uid = data.readInt32();
71 ssize_t currentPasswordHandleSize = data.readInt32();
72 const uint8_t *currentPasswordHandle =
73 static_cast<const uint8_t *>(data.readInplace(currentPasswordHandleSize));
74 if (!currentPasswordHandle) currentPasswordHandleSize = 0;
75
76 ssize_t currentPasswordSize = data.readInt32();
77 const uint8_t *currentPassword =
78 static_cast<const uint8_t *>(data.readInplace(currentPasswordSize));
79 if (!currentPassword) currentPasswordSize = 0;
80
81 status_t ret = verify(uid, (uint8_t *) currentPasswordHandle, currentPasswordHandleSize,
82 (uint8_t *) currentPassword, currentPasswordSize);
83 reply->writeNoException();
84 reply->writeInt32(ret == NO_ERROR ? 1 : 0);
85 return NO_ERROR;
86 }
87 default:
88 return BBinder::onTransact(code, data, reply, flags);
89 }
90};
91
92
93}; // namespace android