1*4d7e907cSAndroid Build Coastguard Worker /*
2*4d7e907cSAndroid Build Coastguard Worker * Copyright (C) 2016 The Android Open Source Project
3*4d7e907cSAndroid Build Coastguard Worker *
4*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*4d7e907cSAndroid Build Coastguard Worker *
8*4d7e907cSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*4d7e907cSAndroid Build Coastguard Worker *
10*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*4d7e907cSAndroid Build Coastguard Worker * limitations under the License.
15*4d7e907cSAndroid Build Coastguard Worker */
16*4d7e907cSAndroid Build Coastguard Worker #define LOG_TAG "[email protected]"
17*4d7e907cSAndroid Build Coastguard Worker
18*4d7e907cSAndroid Build Coastguard Worker #include <dlfcn.h>
19*4d7e907cSAndroid Build Coastguard Worker
20*4d7e907cSAndroid Build Coastguard Worker #include <log/log.h>
21*4d7e907cSAndroid Build Coastguard Worker
22*4d7e907cSAndroid Build Coastguard Worker #include "Gatekeeper.h"
23*4d7e907cSAndroid Build Coastguard Worker
24*4d7e907cSAndroid Build Coastguard Worker namespace android {
25*4d7e907cSAndroid Build Coastguard Worker namespace hardware {
26*4d7e907cSAndroid Build Coastguard Worker namespace gatekeeper {
27*4d7e907cSAndroid Build Coastguard Worker namespace V1_0 {
28*4d7e907cSAndroid Build Coastguard Worker namespace implementation {
29*4d7e907cSAndroid Build Coastguard Worker
Gatekeeper()30*4d7e907cSAndroid Build Coastguard Worker Gatekeeper::Gatekeeper()
31*4d7e907cSAndroid Build Coastguard Worker {
32*4d7e907cSAndroid Build Coastguard Worker int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module);
33*4d7e907cSAndroid Build Coastguard Worker device = NULL;
34*4d7e907cSAndroid Build Coastguard Worker
35*4d7e907cSAndroid Build Coastguard Worker if (!ret) {
36*4d7e907cSAndroid Build Coastguard Worker ret = gatekeeper_open(module, &device);
37*4d7e907cSAndroid Build Coastguard Worker }
38*4d7e907cSAndroid Build Coastguard Worker if (ret < 0) {
39*4d7e907cSAndroid Build Coastguard Worker LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
40*4d7e907cSAndroid Build Coastguard Worker }
41*4d7e907cSAndroid Build Coastguard Worker }
42*4d7e907cSAndroid Build Coastguard Worker
~Gatekeeper()43*4d7e907cSAndroid Build Coastguard Worker Gatekeeper::~Gatekeeper()
44*4d7e907cSAndroid Build Coastguard Worker {
45*4d7e907cSAndroid Build Coastguard Worker if (device != nullptr) {
46*4d7e907cSAndroid Build Coastguard Worker int ret = gatekeeper_close(device);
47*4d7e907cSAndroid Build Coastguard Worker if (ret < 0) {
48*4d7e907cSAndroid Build Coastguard Worker ALOGE("Unable to close GateKeeper HAL");
49*4d7e907cSAndroid Build Coastguard Worker }
50*4d7e907cSAndroid Build Coastguard Worker }
51*4d7e907cSAndroid Build Coastguard Worker dlclose(module->dso);
52*4d7e907cSAndroid Build Coastguard Worker }
53*4d7e907cSAndroid Build Coastguard Worker
54*4d7e907cSAndroid Build Coastguard Worker // Methods from ::android::hardware::gatekeeper::V1_0::IGatekeeper follow.
enroll(uint32_t uid,const hidl_vec<uint8_t> & currentPasswordHandle,const hidl_vec<uint8_t> & currentPassword,const hidl_vec<uint8_t> & desiredPassword,enroll_cb cb)55*4d7e907cSAndroid Build Coastguard Worker Return<void> Gatekeeper::enroll(uint32_t uid,
56*4d7e907cSAndroid Build Coastguard Worker const hidl_vec<uint8_t>& currentPasswordHandle,
57*4d7e907cSAndroid Build Coastguard Worker const hidl_vec<uint8_t>& currentPassword,
58*4d7e907cSAndroid Build Coastguard Worker const hidl_vec<uint8_t>& desiredPassword,
59*4d7e907cSAndroid Build Coastguard Worker enroll_cb cb)
60*4d7e907cSAndroid Build Coastguard Worker {
61*4d7e907cSAndroid Build Coastguard Worker GatekeeperResponse rsp;
62*4d7e907cSAndroid Build Coastguard Worker uint8_t *enrolled_password_handle = nullptr;
63*4d7e907cSAndroid Build Coastguard Worker uint32_t enrolled_password_handle_length = 0;
64*4d7e907cSAndroid Build Coastguard Worker
65*4d7e907cSAndroid Build Coastguard Worker int ret = device->enroll(device, uid,
66*4d7e907cSAndroid Build Coastguard Worker currentPasswordHandle.data(), currentPasswordHandle.size(),
67*4d7e907cSAndroid Build Coastguard Worker currentPassword.data(), currentPassword.size(),
68*4d7e907cSAndroid Build Coastguard Worker desiredPassword.data(), desiredPassword.size(),
69*4d7e907cSAndroid Build Coastguard Worker &enrolled_password_handle, &enrolled_password_handle_length);
70*4d7e907cSAndroid Build Coastguard Worker if (!ret) {
71*4d7e907cSAndroid Build Coastguard Worker rsp.data.setToExternal(enrolled_password_handle,
72*4d7e907cSAndroid Build Coastguard Worker enrolled_password_handle_length,
73*4d7e907cSAndroid Build Coastguard Worker true);
74*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::STATUS_OK;
75*4d7e907cSAndroid Build Coastguard Worker } else if (ret > 0) {
76*4d7e907cSAndroid Build Coastguard Worker rsp.timeout = ret;
77*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
78*4d7e907cSAndroid Build Coastguard Worker } else {
79*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
80*4d7e907cSAndroid Build Coastguard Worker }
81*4d7e907cSAndroid Build Coastguard Worker cb(rsp);
82*4d7e907cSAndroid Build Coastguard Worker return Void();
83*4d7e907cSAndroid Build Coastguard Worker }
84*4d7e907cSAndroid Build Coastguard Worker
verify(uint32_t uid,uint64_t challenge,const hidl_vec<uint8_t> & enrolledPasswordHandle,const hidl_vec<uint8_t> & providedPassword,verify_cb cb)85*4d7e907cSAndroid Build Coastguard Worker Return<void> Gatekeeper::verify(uint32_t uid,
86*4d7e907cSAndroid Build Coastguard Worker uint64_t challenge,
87*4d7e907cSAndroid Build Coastguard Worker const hidl_vec<uint8_t>& enrolledPasswordHandle,
88*4d7e907cSAndroid Build Coastguard Worker const hidl_vec<uint8_t>& providedPassword,
89*4d7e907cSAndroid Build Coastguard Worker verify_cb cb)
90*4d7e907cSAndroid Build Coastguard Worker {
91*4d7e907cSAndroid Build Coastguard Worker GatekeeperResponse rsp;
92*4d7e907cSAndroid Build Coastguard Worker uint8_t *auth_token = nullptr;
93*4d7e907cSAndroid Build Coastguard Worker uint32_t auth_token_length = 0;
94*4d7e907cSAndroid Build Coastguard Worker bool request_reenroll = false;
95*4d7e907cSAndroid Build Coastguard Worker
96*4d7e907cSAndroid Build Coastguard Worker int ret = device->verify(device, uid, challenge,
97*4d7e907cSAndroid Build Coastguard Worker enrolledPasswordHandle.data(), enrolledPasswordHandle.size(),
98*4d7e907cSAndroid Build Coastguard Worker providedPassword.data(), providedPassword.size(),
99*4d7e907cSAndroid Build Coastguard Worker &auth_token, &auth_token_length,
100*4d7e907cSAndroid Build Coastguard Worker &request_reenroll);
101*4d7e907cSAndroid Build Coastguard Worker if (!ret) {
102*4d7e907cSAndroid Build Coastguard Worker rsp.data.setToExternal(auth_token, auth_token_length, true);
103*4d7e907cSAndroid Build Coastguard Worker if (request_reenroll) {
104*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::STATUS_REENROLL;
105*4d7e907cSAndroid Build Coastguard Worker } else {
106*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::STATUS_OK;
107*4d7e907cSAndroid Build Coastguard Worker }
108*4d7e907cSAndroid Build Coastguard Worker } else if (ret > 0) {
109*4d7e907cSAndroid Build Coastguard Worker rsp.timeout = ret;
110*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
111*4d7e907cSAndroid Build Coastguard Worker } else {
112*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
113*4d7e907cSAndroid Build Coastguard Worker }
114*4d7e907cSAndroid Build Coastguard Worker cb(rsp);
115*4d7e907cSAndroid Build Coastguard Worker return Void();
116*4d7e907cSAndroid Build Coastguard Worker }
117*4d7e907cSAndroid Build Coastguard Worker
deleteUser(uint32_t uid,deleteUser_cb cb)118*4d7e907cSAndroid Build Coastguard Worker Return<void> Gatekeeper::deleteUser(uint32_t uid, deleteUser_cb cb) {
119*4d7e907cSAndroid Build Coastguard Worker GatekeeperResponse rsp;
120*4d7e907cSAndroid Build Coastguard Worker
121*4d7e907cSAndroid Build Coastguard Worker if (device->delete_user != nullptr) {
122*4d7e907cSAndroid Build Coastguard Worker int ret = device->delete_user(device, uid);
123*4d7e907cSAndroid Build Coastguard Worker if (!ret) {
124*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::STATUS_OK;
125*4d7e907cSAndroid Build Coastguard Worker } else if (ret > 0) {
126*4d7e907cSAndroid Build Coastguard Worker rsp.timeout = ret;
127*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
128*4d7e907cSAndroid Build Coastguard Worker } else {
129*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
130*4d7e907cSAndroid Build Coastguard Worker }
131*4d7e907cSAndroid Build Coastguard Worker } else {
132*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
133*4d7e907cSAndroid Build Coastguard Worker }
134*4d7e907cSAndroid Build Coastguard Worker cb(rsp);
135*4d7e907cSAndroid Build Coastguard Worker return Void();
136*4d7e907cSAndroid Build Coastguard Worker }
137*4d7e907cSAndroid Build Coastguard Worker
deleteAllUsers(deleteAllUsers_cb cb)138*4d7e907cSAndroid Build Coastguard Worker Return<void> Gatekeeper::deleteAllUsers(deleteAllUsers_cb cb) {
139*4d7e907cSAndroid Build Coastguard Worker GatekeeperResponse rsp;
140*4d7e907cSAndroid Build Coastguard Worker if (device->delete_all_users != nullptr) {
141*4d7e907cSAndroid Build Coastguard Worker int ret = device->delete_all_users(device);
142*4d7e907cSAndroid Build Coastguard Worker if (!ret) {
143*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::STATUS_OK;
144*4d7e907cSAndroid Build Coastguard Worker } else if (ret > 0) {
145*4d7e907cSAndroid Build Coastguard Worker rsp.timeout = ret;
146*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
147*4d7e907cSAndroid Build Coastguard Worker } else {
148*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
149*4d7e907cSAndroid Build Coastguard Worker }
150*4d7e907cSAndroid Build Coastguard Worker } else {
151*4d7e907cSAndroid Build Coastguard Worker rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
152*4d7e907cSAndroid Build Coastguard Worker }
153*4d7e907cSAndroid Build Coastguard Worker cb(rsp);
154*4d7e907cSAndroid Build Coastguard Worker return Void();
155*4d7e907cSAndroid Build Coastguard Worker }
156*4d7e907cSAndroid Build Coastguard Worker
HIDL_FETCH_IGatekeeper(const char *)157*4d7e907cSAndroid Build Coastguard Worker IGatekeeper* HIDL_FETCH_IGatekeeper(const char* /* name */) {
158*4d7e907cSAndroid Build Coastguard Worker return new Gatekeeper();
159*4d7e907cSAndroid Build Coastguard Worker }
160*4d7e907cSAndroid Build Coastguard Worker
161*4d7e907cSAndroid Build Coastguard Worker } // namespace implementation
162*4d7e907cSAndroid Build Coastguard Worker } // namespace V1_0
163*4d7e907cSAndroid Build Coastguard Worker } // namespace gatekeeper
164*4d7e907cSAndroid Build Coastguard Worker } // namespace hardware
165*4d7e907cSAndroid Build Coastguard Worker } // namespace android
166