summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--gatekeeperd/IGateKeeperService.cpp7
-rw-r--r--gatekeeperd/IGateKeeperService.h6
-rw-r--r--gatekeeperd/gatekeeperd.cpp11
3 files changed, 24 insertions, 0 deletions
diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp
index d4ed53377..f5bbbf1f2 100644
--- a/gatekeeperd/IGateKeeperService.cpp
+++ b/gatekeeperd/IGateKeeperService.cpp
@@ -123,6 +123,13 @@ status_t BnGateKeeperService::onTransact(
123 reply->writeInt64(sid); 123 reply->writeInt64(sid);
124 return NO_ERROR; 124 return NO_ERROR;
125 } 125 }
126 case CLEAR_SECURE_USER_ID: {
127 CHECK_INTERFACE(IGateKeeperService, data, reply);
128 uint32_t uid = data.readInt32();
129 clearSecureUserId(uid);
130 reply->writeNoException();
131 return NO_ERROR;
132 }
126 default: 133 default:
127 return BBinder::onTransact(code, data, reply, flags); 134 return BBinder::onTransact(code, data, reply, flags);
128 } 135 }
diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h
index 51e179d10..a7773187e 100644
--- a/gatekeeperd/IGateKeeperService.h
+++ b/gatekeeperd/IGateKeeperService.h
@@ -32,6 +32,7 @@ public:
32 VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1, 32 VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1,
33 VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2, 33 VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2,
34 GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3, 34 GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3,
35 CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4,
35 }; 36 };
36 37
37 // DECLARE_META_INTERFACE - C++ client interface not needed 38 // DECLARE_META_INTERFACE - C++ client interface not needed
@@ -70,6 +71,11 @@ public:
70 * Returns the secure user ID for the provided android user 71 * Returns the secure user ID for the provided android user
71 */ 72 */
72 virtual uint64_t getSecureUserId(uint32_t uid) = 0; 73 virtual uint64_t getSecureUserId(uint32_t uid) = 0;
74
75 /**
76 * Clears the secure user ID associated with the user.
77 */
78 virtual void clearSecureUserId(uint32_t uid) = 0;
73}; 79};
74 80
75// ---------------------------------------------------------------------------- 81// ----------------------------------------------------------------------------
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 82aa422dd..a24250464 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -173,6 +173,17 @@ public:
173 return read_sid(uid); 173 return read_sid(uid);
174 } 174 }
175 175
176 virtual void clearSecureUserId(uint32_t uid) {
177 IPCThreadState* ipc = IPCThreadState::self();
178 const int calling_pid = ipc->getCallingPid();
179 const int calling_uid = ipc->getCallingUid();
180 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
181 ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
182 return;
183 }
184 store_sid(uid, 0);
185 }
186
176 virtual status_t dump(int fd, const Vector<String16> &) { 187 virtual status_t dump(int fd, const Vector<String16> &) {
177 IPCThreadState* ipc = IPCThreadState::self(); 188 IPCThreadState* ipc = IPCThreadState::self();
178 const int pid = ipc->getCallingPid(); 189 const int pid = ipc->getCallingPid();