84 lines
3 KiB
C
84 lines
3 KiB
C
|
/*
|
||
|
* Copyright (C) 2023 The Android Open Source Project
|
||
|
*
|
||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
* you may not use this file except in compliance with the License.
|
||
|
* You may obtain a copy of the License at
|
||
|
*
|
||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||
|
*
|
||
|
* Unless required by applicable law or agreed to in writing, software
|
||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
* See the License for the specific language governing permissions and
|
||
|
* limitations under the License.
|
||
|
*/
|
||
|
|
||
|
#include <aidl/android/hardware/gatekeeper/IGatekeeper.h>
|
||
|
#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
|
||
|
#include <android/service/gatekeeper/BnGateKeeperService.h>
|
||
|
#include <gatekeeper/GateKeeperResponse.h>
|
||
|
|
||
|
using ::android::hardware::gatekeeper::V1_0::IGatekeeper;
|
||
|
using AidlIGatekeeper = ::aidl::android::hardware::gatekeeper::IGatekeeper;
|
||
|
using ::android::binder::Status;
|
||
|
using ::android::service::gatekeeper::BnGateKeeperService;
|
||
|
using GKResponse = ::android::service::gatekeeper::GateKeeperResponse;
|
||
|
|
||
|
namespace android {
|
||
|
|
||
|
class GateKeeperProxy : public BnGateKeeperService {
|
||
|
public:
|
||
|
GateKeeperProxy();
|
||
|
|
||
|
virtual ~GateKeeperProxy() {}
|
||
|
|
||
|
void store_sid(uint32_t userId, uint64_t sid);
|
||
|
|
||
|
void clear_state_if_needed();
|
||
|
|
||
|
bool mark_cold_boot();
|
||
|
|
||
|
void maybe_store_sid(uint32_t userId, uint64_t sid);
|
||
|
|
||
|
uint64_t read_sid(uint32_t userId);
|
||
|
|
||
|
void clear_sid(uint32_t userId);
|
||
|
|
||
|
// This should only be called on userIds being passed to the GateKeeper HAL. It ensures that
|
||
|
// secure storage shared across a GSI image and a host image will not overlap.
|
||
|
uint32_t adjust_userId(uint32_t userId);
|
||
|
|
||
|
#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()
|
||
|
|
||
|
Status enroll(int32_t userId, const std::optional<std::vector<uint8_t>>& currentPasswordHandle,
|
||
|
const std::optional<std::vector<uint8_t>>& currentPassword,
|
||
|
const std::vector<uint8_t>& desiredPassword, GKResponse* gkResponse) override;
|
||
|
|
||
|
Status verify(int32_t userId, const ::std::vector<uint8_t>& enrolledPasswordHandle,
|
||
|
const ::std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override;
|
||
|
|
||
|
Status verifyChallenge(int32_t userId, int64_t challenge,
|
||
|
const std::vector<uint8_t>& enrolledPasswordHandle,
|
||
|
const std::vector<uint8_t>& providedPassword,
|
||
|
GKResponse* gkResponse) override;
|
||
|
|
||
|
Status getSecureUserId(int32_t userId, int64_t* sid) override;
|
||
|
|
||
|
Status clearSecureUserId(int32_t userId) override;
|
||
|
|
||
|
Status reportDeviceSetupComplete() override;
|
||
|
|
||
|
status_t dump(int fd, const Vector<String16>&) override;
|
||
|
|
||
|
private:
|
||
|
// AIDL gatekeeper service.
|
||
|
std::shared_ptr<AidlIGatekeeper> aidl_hw_device;
|
||
|
// HIDL gatekeeper service.
|
||
|
sp<IGatekeeper> hw_device;
|
||
|
|
||
|
bool clear_state_if_needed_done;
|
||
|
bool is_running_gsi;
|
||
|
};
|
||
|
} // namespace android
|