summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndres Morales2015-04-16 15:16:24 -0500
committerAndres Morales2015-04-16 15:17:54 -0500
commit6a49c2fa4371cad600f4a96da3d1644df862d2a5 (patch)
treede675d63c6cf4d3577512a8805db0f82f1e5fe33 /gatekeeperd
parent5134cc0139f8c9e5657487f386b11803df284818 (diff)
downloadplatform-system-core-6a49c2fa4371cad600f4a96da3d1644df862d2a5.tar.gz
platform-system-core-6a49c2fa4371cad600f4a96da3d1644df862d2a5.tar.xz
platform-system-core-6a49c2fa4371cad600f4a96da3d1644df862d2a5.zip
Implement SID API
Change-Id: Id11632a6b4b9cab6f08f97026dd65fdf49a46491
Diffstat (limited to 'gatekeeperd')
-rw-r--r--gatekeeperd/Android.mk2
-rw-r--r--gatekeeperd/IGateKeeperService.cpp8
-rw-r--r--gatekeeperd/IGateKeeperService.h6
-rw-r--r--gatekeeperd/gatekeeperd.cpp69
4 files changed, 82 insertions, 3 deletions
diff --git a/gatekeeperd/Android.mk b/gatekeeperd/Android.mk
index 195367241..f743cc3b1 100644
--- a/gatekeeperd/Android.mk
+++ b/gatekeeperd/Android.mk
@@ -26,4 +26,6 @@ LOCAL_SHARED_LIBRARIES := \
26 libhardware \ 26 libhardware \
27 libutils \ 27 libutils \
28 libkeystore_binder 28 libkeystore_binder
29LOCAL_C_INCLUDES := \
30 system/gatekeeper/include
29include $(BUILD_EXECUTABLE) 31include $(BUILD_EXECUTABLE)
diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp
index b1e4811a9..d4ed53377 100644
--- a/gatekeeperd/IGateKeeperService.cpp
+++ b/gatekeeperd/IGateKeeperService.cpp
@@ -115,6 +115,14 @@ status_t BnGateKeeperService::onTransact(
115 } 115 }
116 return NO_ERROR; 116 return NO_ERROR;
117 } 117 }
118 case GET_SECURE_USER_ID: {
119 CHECK_INTERFACE(IGateKeeperService, data, reply);
120 uint32_t uid = data.readInt32();
121 uint64_t sid = getSecureUserId(uid);
122 reply->writeNoException();
123 reply->writeInt64(sid);
124 return NO_ERROR;
125 }
118 default: 126 default:
119 return BBinder::onTransact(code, data, reply, flags); 127 return BBinder::onTransact(code, data, reply, flags);
120 } 128 }
diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h
index 10b1b4310..51e179d10 100644
--- a/gatekeeperd/IGateKeeperService.h
+++ b/gatekeeperd/IGateKeeperService.h
@@ -31,6 +31,7 @@ public:
31 ENROLL = IBinder::FIRST_CALL_TRANSACTION + 0, 31 ENROLL = IBinder::FIRST_CALL_TRANSACTION + 0,
32 VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1, 32 VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1,
33 VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2, 33 VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2,
34 GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3,
34 }; 35 };
35 36
36 // DECLARE_META_INTERFACE - C++ client interface not needed 37 // DECLARE_META_INTERFACE - C++ client interface not needed
@@ -64,6 +65,11 @@ public:
64 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, 65 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
65 const uint8_t *provided_password, uint32_t provided_password_length, 66 const uint8_t *provided_password, uint32_t provided_password_length,
66 uint8_t **auth_token, uint32_t *auth_token_length) = 0; 67 uint8_t **auth_token, uint32_t *auth_token_length) = 0;
68
69 /**
70 * Returns the secure user ID for the provided android user
71 */
72 virtual uint64_t getSecureUserId(uint32_t uid) = 0;
67}; 73};
68 74
69// ---------------------------------------------------------------------------- 75// ----------------------------------------------------------------------------
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index d59e6fe57..82aa422dd 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -18,6 +18,12 @@
18 18
19#include "IGateKeeperService.h" 19#include "IGateKeeperService.h"
20 20
21#include <errno.h>
22#include <stdint.h>
23#include <inttypes.h>
24#include <fcntl.h>
25#include <unistd.h>
26
21#include <cutils/log.h> 27#include <cutils/log.h>
22#include <utils/Log.h> 28#include <utils/Log.h>
23 29
@@ -28,7 +34,9 @@
28 34
29#include <keystore/IKeystoreService.h> 35#include <keystore/IKeystoreService.h>
30#include <keystore/keystore.h> // For error code 36#include <keystore/keystore.h> // For error code
37#include <gatekeeper/password_handle.h> // for password_handle_t
31#include <hardware/gatekeeper.h> 38#include <hardware/gatekeeper.h>
39#include <hardware/hw_auth_token.h>
32 40
33namespace android { 41namespace android {
34 42
@@ -50,6 +58,36 @@ public:
50 gatekeeper_close(device); 58 gatekeeper_close(device);
51 } 59 }
52 60
61 void store_sid(uint32_t uid, uint64_t sid) {
62 char filename[21];
63 sprintf(filename, "%u", uid);
64 int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
65 if (fd < 0) {
66 ALOGW("could not open file: %s: %s", filename, strerror(errno));
67 return;
68 }
69 write(fd, &sid, sizeof(sid));
70 close(fd);
71 }
72
73 void maybe_store_sid(uint32_t uid, uint64_t sid) {
74 char filename[21];
75 sprintf(filename, "%u", uid);
76 if (access(filename, F_OK) == -1) {
77 store_sid(uid, sid);
78 }
79 }
80
81 uint64_t read_sid(uint32_t uid) {
82 char filename[21];
83 uint64_t sid;
84 sprintf(filename, "%u", uid);
85 int fd = open(filename, O_RDONLY);
86 if (fd < 0) return 0;
87 read(fd, &sid, sizeof(sid));
88 return sid;
89 }
90
53 virtual status_t enroll(uint32_t uid, 91 virtual status_t enroll(uint32_t uid,
54 const uint8_t *current_password_handle, uint32_t current_password_handle_length, 92 const uint8_t *current_password_handle, uint32_t current_password_handle_length,
55 const uint8_t *current_password, uint32_t current_password_length, 93 const uint8_t *current_password, uint32_t current_password_length,
@@ -69,7 +107,13 @@ public:
69 current_password, current_password_length, 107 current_password, current_password_length,
70 desired_password, desired_password_length, 108 desired_password, desired_password_length,
71 enrolled_password_handle, enrolled_password_handle_length); 109 enrolled_password_handle, enrolled_password_handle_length);
72 return ret >= 0 ? NO_ERROR : UNKNOWN_ERROR; 110 if (ret >= 0) {
111 gatekeeper::password_handle_t *handle =
112 reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
113 store_sid(uid, handle->user_id);
114 return NO_ERROR;
115 }
116 return UNKNOWN_ERROR;
73 } 117 }
74 118
75 virtual status_t verify(uint32_t uid, 119 virtual status_t verify(uint32_t uid,
@@ -116,7 +160,17 @@ public:
116 } 160 }
117 } 161 }
118 162
119 return ret >= 0 ? NO_ERROR : UNKNOWN_ERROR; 163 if (ret >= 0) {
164 maybe_store_sid(uid, reinterpret_cast<const gatekeeper::password_handle_t *>(
165 enrolled_password_handle)->user_id);
166 return NO_ERROR;
167 }
168
169 return UNKNOWN_ERROR;
170 }
171
172 virtual uint64_t getSecureUserId(uint32_t uid) {
173 return read_sid(uid);
120 } 174 }
121 175
122 virtual status_t dump(int fd, const Vector<String16> &) { 176 virtual status_t dump(int fd, const Vector<String16> &) {
@@ -144,8 +198,17 @@ private:
144}; 198};
145}// namespace android 199}// namespace android
146 200
147int main() { 201int main(int argc, char* argv[]) {
148 ALOGI("Starting gatekeeperd..."); 202 ALOGI("Starting gatekeeperd...");
203 if (argc < 2) {
204 ALOGE("A directory must be specified!");
205 return 1;
206 }
207 if (chdir(argv[1]) == -1) {
208 ALOGE("chdir: %s: %s", argv[1], strerror(errno));
209 return 1;
210 }
211
149 android::sp<android::IServiceManager> sm = android::defaultServiceManager(); 212 android::sp<android::IServiceManager> sm = android::defaultServiceManager();
150 android::sp<android::GateKeeperProxy> proxy = new android::GateKeeperProxy(); 213 android::sp<android::GateKeeperProxy> proxy = new android::GateKeeperProxy();
151 android::status_t ret = sm->addService( 214 android::status_t ret = sm->addService(