From 7daa66aa07ce0ffa119a2cfde31ec133f03f3ec2 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Thu, 6 Jun 2019 22:05:41 -0700 Subject: [PATCH] Replace legacy trusty gatekeeper HAL with HIDLized version This patch replaces the legacy libhardware based gatekeeper HAL with a true HIDL based implementation. Test: Workes with trusty gatekeeper Change-Id: I072b0c3fc74523400132aacd34e2f2cac9cf261b Merged-In: I072b0c3fc74523400132aacd34e2f2cac9cf261b --- trusty/gatekeeper/Android.bp | 18 +- ....hardware.gatekeeper@1.0-service.trusty.rc | 4 + ...hardware.gatekeeper@1.0-service.trusty.xml | 11 + trusty/gatekeeper/module.cpp | 57 ---- trusty/gatekeeper/service.cpp | 39 +++ trusty/gatekeeper/trusty_gatekeeper.cpp | 253 +++++++----------- trusty/gatekeeper/trusty_gatekeeper.h | 106 +++----- trusty/trusty-base.mk | 4 +- 8 files changed, 197 insertions(+), 295 deletions(-) create mode 100644 trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.rc create mode 100644 trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.xml delete mode 100644 trusty/gatekeeper/module.cpp create mode 100644 trusty/gatekeeper/service.cpp diff --git a/trusty/gatekeeper/Android.bp b/trusty/gatekeeper/Android.bp index 65b271a79..1666cfba8 100644 --- a/trusty/gatekeeper/Android.bp +++ b/trusty/gatekeeper/Android.bp @@ -1,4 +1,3 @@ -// // Copyright (C) 2015 The Android Open-Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,14 +19,15 @@ // to only building on ARM if they include assembly. Individual makefiles // are responsible for having their own logic, for fine-grained control. -cc_library_shared { - name: "gatekeeper.trusty", +cc_binary { + name: "android.hardware.gatekeeper@1.0-service.trusty", + defaults: ["hidl_defaults"], vendor: true, - relative_install_path: "hw", + init_rc: ["android.hardware.gatekeeper@1.0-service.trusty.rc"], srcs: [ - "module.cpp", + "service.cpp", "trusty_gatekeeper_ipc.c", "trusty_gatekeeper.cpp", ], @@ -39,10 +39,16 @@ cc_library_shared { ], shared_libs: [ + "android.hardware.gatekeeper@1.0", + "libbase", + "libhidlbase", + "libhidltransport", "libgatekeeper", + "libutils", "liblog", "libcutils", "libtrusty", ], - header_libs: ["libhardware_headers"], + + vintf_fragments: ["android.hardware.gatekeeper@1.0-service.trusty.xml"], } diff --git a/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.rc b/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.rc new file mode 100644 index 000000000..5413a6c9f --- /dev/null +++ b/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.rc @@ -0,0 +1,4 @@ +service vendor.gatekeeper-1-0 /vendor/bin/hw/android.hardware.gatekeeper@1.0-service.trusty + class hal + user system + group system diff --git a/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.xml b/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.xml new file mode 100644 index 000000000..19714a83b --- /dev/null +++ b/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.xml @@ -0,0 +1,11 @@ + + + android.hardware.gatekeeper + hwbinder + 1.0 + + IGatekeeper + default + + + diff --git a/trusty/gatekeeper/module.cpp b/trusty/gatekeeper/module.cpp deleted file mode 100644 index 0ee3c2f28..000000000 --- a/trusty/gatekeeper/module.cpp +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (C) 2015 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include -#include -#include - -#include "trusty_gatekeeper.h" - -using gatekeeper::TrustyGateKeeperDevice; - -static int trusty_gatekeeper_open(const hw_module_t *module, const char *name, - hw_device_t **device) { - - if (strcmp(name, HARDWARE_GATEKEEPER) != 0) { - return -EINVAL; - } - - TrustyGateKeeperDevice *gatekeeper = new TrustyGateKeeperDevice(module); - if (gatekeeper == NULL) return -ENOMEM; - *device = gatekeeper->hw_device(); - - return 0; -} - -static struct hw_module_methods_t gatekeeper_module_methods = { - .open = trusty_gatekeeper_open, -}; - -struct gatekeeper_module HAL_MODULE_INFO_SYM __attribute__((visibility("default"))) = { - .common = { - .tag = HARDWARE_MODULE_TAG, - .module_api_version = GATEKEEPER_MODULE_API_VERSION_0_1, - .hal_api_version = HARDWARE_HAL_API_VERSION, - .id = GATEKEEPER_HARDWARE_MODULE_ID, - .name = "Trusty GateKeeper HAL", - .author = "The Android Open Source Project", - .methods = &gatekeeper_module_methods, - .dso = 0, - .reserved = {} - }, -}; diff --git a/trusty/gatekeeper/service.cpp b/trusty/gatekeeper/service.cpp new file mode 100644 index 000000000..c5ee4883f --- /dev/null +++ b/trusty/gatekeeper/service.cpp @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#define LOG_TAG "android.hardware.gatekeeper@1.0-service.trusty" + +#include +#include + +#include + +#include "trusty_gatekeeper.h" + +// Generated HIDL files +using android::hardware::gatekeeper::V1_0::IGatekeeper; +using gatekeeper::TrustyGateKeeperDevice; + +int main() { + ::android::hardware::configureRpcThreadpool(1, true /* willJoinThreadpool */); + android::sp gatekeeper(new TrustyGateKeeperDevice()); + auto status = gatekeeper->registerAsService(); + if (status != android::OK) { + LOG(FATAL) << "Could not register service for Gatekeeper 1.0 (trusty) (" << status << ")"; + } + + android::hardware::joinRpcThreadpool(); + return -1; // Should never get here. +} diff --git a/trusty/gatekeeper/trusty_gatekeeper.cpp b/trusty/gatekeeper/trusty_gatekeeper.cpp index b3fbfa940..d14966460 100644 --- a/trusty/gatekeeper/trusty_gatekeeper.cpp +++ b/trusty/gatekeeper/trusty_gatekeeper.cpp @@ -16,147 +16,131 @@ #define LOG_TAG "TrustyGateKeeper" -#include -#include -#include - -#include - -#include +#include +#include #include "trusty_gatekeeper.h" #include "trusty_gatekeeper_ipc.h" #include "gatekeeper_ipc.h" +using ::android::hardware::hidl_vec; +using ::android::hardware::Return; +using ::android::hardware::gatekeeper::V1_0::GatekeeperStatusCode; +using ::gatekeeper::EnrollRequest; +using ::gatekeeper::EnrollResponse; +using ::gatekeeper::ERROR_INVALID; +using ::gatekeeper::ERROR_MEMORY_ALLOCATION_FAILED; +using ::gatekeeper::ERROR_NONE; +using ::gatekeeper::ERROR_RETRY; +using ::gatekeeper::SizedBuffer; +using ::gatekeeper::VerifyRequest; +using ::gatekeeper::VerifyResponse; + namespace gatekeeper { -const uint32_t SEND_BUF_SIZE = 8192; -const uint32_t RECV_BUF_SIZE = 8192; - -TrustyGateKeeperDevice::TrustyGateKeeperDevice(const hw_module_t *module) { -#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__) - static_assert(std::is_standard_layout::value, - "TrustyGateKeeperDevice must be standard layout"); - static_assert(offsetof(TrustyGateKeeperDevice, device_) == 0, - "device_ must be the first member of TrustyGateKeeperDevice"); - static_assert(offsetof(TrustyGateKeeperDevice, device_.common) == 0, - "common must be the first member of gatekeeper_device"); -#else - assert(reinterpret_cast(this) == &device_); - assert(reinterpret_cast(this) == &(device_.common)); -#endif - - memset(&device_, 0, sizeof(device_)); - device_.common.tag = HARDWARE_DEVICE_TAG; - device_.common.version = 1; - device_.common.module = const_cast(module); - device_.common.close = close_device; - - device_.enroll = enroll; - device_.verify = verify; - device_.delete_user = nullptr; - device_.delete_all_users = nullptr; +constexpr const uint32_t SEND_BUF_SIZE = 8192; +constexpr const uint32_t RECV_BUF_SIZE = 8192; +TrustyGateKeeperDevice::TrustyGateKeeperDevice() { int rc = trusty_gatekeeper_connect(); if (rc < 0) { - ALOGE("Error initializing trusty session: %d", rc); + LOG(ERROR) << "Error initializing trusty session: " << rc; } error_ = rc; - -} - -hw_device_t* TrustyGateKeeperDevice::hw_device() { - return &device_.common; -} - -int TrustyGateKeeperDevice::close_device(hw_device_t* dev) { - delete reinterpret_cast(dev); - return 0; } TrustyGateKeeperDevice::~TrustyGateKeeperDevice() { trusty_gatekeeper_disconnect(); } -int TrustyGateKeeperDevice::Enroll(uint32_t uid, const uint8_t *current_password_handle, - uint32_t current_password_handle_length, const uint8_t *current_password, - uint32_t current_password_length, const uint8_t *desired_password, - uint32_t desired_password_length, uint8_t **enrolled_password_handle, - uint32_t *enrolled_password_handle_length) { - - if (error_ != 0) { - return error_; - } - - SizedBuffer desired_password_buffer(desired_password_length); - memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length); - - SizedBuffer current_password_handle_buffer(current_password_handle_length); - if (current_password_handle) { - memcpy(current_password_handle_buffer.buffer.get(), current_password_handle, - current_password_handle_length); - } - - SizedBuffer current_password_buffer(current_password_length); - if (current_password) { - memcpy(current_password_buffer.buffer.get(), current_password, current_password_length); - } - - EnrollRequest request(uid, ¤t_password_handle_buffer, &desired_password_buffer, - ¤t_password_buffer); - EnrollResponse response; - - gatekeeper_error_t error = Send(request, &response); - - if (error == ERROR_RETRY) { - return response.retry_timeout; - } else if (error != ERROR_NONE) { - return -EINVAL; - } - - *enrolled_password_handle = response.enrolled_password_handle.buffer.release(); - *enrolled_password_handle_length = response.enrolled_password_handle.length; - - - return 0; +SizedBuffer hidl_vec2sized_buffer(const hidl_vec& vec) { + if (vec.size() == 0 || vec.size() > std::numeric_limits::max()) return {}; + auto dummy = new uint8_t[vec.size()]; + std::copy(vec.begin(), vec.end(), dummy); + return {dummy, static_cast(vec.size())}; } -int TrustyGateKeeperDevice::Verify(uint32_t uid, uint64_t challenge, - const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, - const uint8_t *provided_password, uint32_t provided_password_length, - uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) { +Return TrustyGateKeeperDevice::enroll(uint32_t uid, + const hidl_vec& currentPasswordHandle, + const hidl_vec& currentPassword, + const hidl_vec& desiredPassword, + enroll_cb _hidl_cb) { if (error_ != 0) { - return error_; + _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}}); + return {}; } - SizedBuffer password_handle_buffer(enrolled_password_handle_length); - memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle, - enrolled_password_handle_length); - SizedBuffer provided_password_buffer(provided_password_length); - memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length); + if (desiredPassword.size() == 0) { + _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}}); + return {}; + } - VerifyRequest request(uid, challenge, &password_handle_buffer, &provided_password_buffer); + EnrollRequest request(uid, hidl_vec2sized_buffer(currentPasswordHandle), + hidl_vec2sized_buffer(desiredPassword), + hidl_vec2sized_buffer(currentPassword)); + EnrollResponse response; + auto error = Send(request, &response); + if (error != ERROR_NONE) { + _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}}); + } else if (response.error == ERROR_RETRY) { + _hidl_cb({GatekeeperStatusCode::ERROR_RETRY_TIMEOUT, response.retry_timeout, {}}); + } else if (response.error != ERROR_NONE) { + _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}}); + } else { + hidl_vec new_handle(response.enrolled_password_handle.Data(), + response.enrolled_password_handle.Data() + + response.enrolled_password_handle.size()); + _hidl_cb({GatekeeperStatusCode::STATUS_OK, response.retry_timeout, new_handle}); + } + return {}; +} + +Return TrustyGateKeeperDevice::verify( + uint32_t uid, uint64_t challenge, + const ::android::hardware::hidl_vec& enrolledPasswordHandle, + const ::android::hardware::hidl_vec& providedPassword, verify_cb _hidl_cb) { + if (error_ != 0) { + _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}}); + return {}; + } + + if (enrolledPasswordHandle.size() == 0) { + _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}}); + return {}; + } + + VerifyRequest request(uid, challenge, hidl_vec2sized_buffer(enrolledPasswordHandle), + hidl_vec2sized_buffer(providedPassword)); VerifyResponse response; - gatekeeper_error_t error = Send(request, &response); + auto error = Send(request, &response); + if (error != ERROR_NONE) { + _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}}); + } else if (response.error == ERROR_RETRY) { + _hidl_cb({GatekeeperStatusCode::ERROR_RETRY_TIMEOUT, response.retry_timeout, {}}); + } else if (response.error != ERROR_NONE) { + _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}}); + } else { + hidl_vec auth_token( + response.auth_token.Data(), + response.auth_token.Data() + response.auth_token.size()); - if (error == ERROR_RETRY) { - return response.retry_timeout; - } else if (error != ERROR_NONE) { - return -EINVAL; + _hidl_cb({response.request_reenroll ? GatekeeperStatusCode::STATUS_REENROLL + : GatekeeperStatusCode::STATUS_OK, + response.retry_timeout, auth_token}); } + return {}; +} - if (auth_token != NULL && auth_token_length != NULL) { - *auth_token = response.auth_token.buffer.release(); - *auth_token_length = response.auth_token.length; - } +Return TrustyGateKeeperDevice::deleteUser(uint32_t /*uid*/, deleteUser_cb _hidl_cb) { + _hidl_cb({GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED, 0, {}}); + return {}; +} - if (request_reenroll != NULL) { - *request_reenroll = response.request_reenroll; - } - - return 0; +Return TrustyGateKeeperDevice::deleteAllUsers(deleteAllUsers_cb _hidl_cb) { + _hidl_cb({GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED, 0, {}}); + return {}; } gatekeeper_error_t TrustyGateKeeperDevice::Send(uint32_t command, const GateKeeperMessage& request, @@ -172,7 +156,7 @@ gatekeeper_error_t TrustyGateKeeperDevice::Send(uint32_t command, const GateKeep uint32_t response_size = RECV_BUF_SIZE; int rc = trusty_gatekeeper_call(command, send_buf, request_size, recv_buf, &response_size); if (rc < 0) { - ALOGE("error (%d) calling gatekeeper TA", rc); + LOG(ERROR) << "error (" << rc << ") calling gatekeeper TA"; return ERROR_INVALID; } @@ -182,51 +166,4 @@ gatekeeper_error_t TrustyGateKeeperDevice::Send(uint32_t command, const GateKeep return response->Deserialize(payload, payload + response_size); } -static inline TrustyGateKeeperDevice *convert_device(const gatekeeper_device *dev) { - return reinterpret_cast(const_cast(dev)); -} - -/* static */ -int TrustyGateKeeperDevice::enroll(const struct gatekeeper_device *dev, uint32_t uid, - const uint8_t *current_password_handle, uint32_t current_password_handle_length, - const uint8_t *current_password, uint32_t current_password_length, - const uint8_t *desired_password, uint32_t desired_password_length, - uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) { - - if (dev == NULL || - enrolled_password_handle == NULL || enrolled_password_handle_length == NULL || - desired_password == NULL || desired_password_length == 0) - return -EINVAL; - - // Current password and current password handle go together - if (current_password_handle == NULL || current_password_handle_length == 0 || - current_password == NULL || current_password_length == 0) { - current_password_handle = NULL; - current_password_handle_length = 0; - current_password = NULL; - current_password_length = 0; - } - - return convert_device(dev)->Enroll(uid, current_password_handle, current_password_handle_length, - current_password, current_password_length, desired_password, desired_password_length, - enrolled_password_handle, enrolled_password_handle_length); - -} - -/* static */ -int TrustyGateKeeperDevice::verify(const struct gatekeeper_device *dev, uint32_t uid, - uint64_t challenge, const uint8_t *enrolled_password_handle, - uint32_t enrolled_password_handle_length, const uint8_t *provided_password, - uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, - bool *request_reenroll) { - - if (dev == NULL || enrolled_password_handle == NULL || - provided_password == NULL) { - return -EINVAL; - } - - return convert_device(dev)->Verify(uid, challenge, enrolled_password_handle, - enrolled_password_handle_length, provided_password, provided_password_length, - auth_token, auth_token_length, request_reenroll); -} }; diff --git a/trusty/gatekeeper/trusty_gatekeeper.h b/trusty/gatekeeper/trusty_gatekeeper.h index 2becc49a1..c0713f4b9 100644 --- a/trusty/gatekeeper/trusty_gatekeeper.h +++ b/trusty/gatekeeper/trusty_gatekeeper.h @@ -17,84 +17,34 @@ #ifndef TRUSTY_GATEKEEPER_H #define TRUSTY_GATEKEEPER_H -#include +#include +#include + +#include + #include #include "gatekeeper_ipc.h" namespace gatekeeper { -class TrustyGateKeeperDevice { - public: - - explicit TrustyGateKeeperDevice(const hw_module_t* module); +class TrustyGateKeeperDevice : public ::android::hardware::gatekeeper::V1_0::IGatekeeper { + public: + explicit TrustyGateKeeperDevice(); ~TrustyGateKeeperDevice(); - - hw_device_t* hw_device(); - /** * Enrolls password_payload, which should be derived from a user selected pin or password, * with the authentication factor private key used only for enrolling authentication * factor data. * * Returns: 0 on success or an error code less than 0 on error. - * On error, enrolled_password will not be allocated. - */ - int Enroll(uint32_t uid, const uint8_t *current_password_handle, - uint32_t current_password_handle_length, const uint8_t *current_password, - uint32_t current_password_length, const uint8_t *desired_password, - uint32_t desired_password_length, uint8_t **enrolled_password_handle, - uint32_t *enrolled_password_handle_length); - - /** - * Verifies provided_password matches expected_password after enrolling - * with the authentication factor private key. - * - * Implementations of this module may retain the result of this call - * to attest to the recency of authentication. - * - * On success, writes the address of a verification token to verification_token, - * - * Returns: 0 on success or an error code less than 0 on error - * On error, verification token will not be allocated - */ - int Verify(uint32_t uid, uint64_t challenge, const uint8_t *enrolled_password_handle, - uint32_t enrolled_password_handle_length, const uint8_t *provided_password, - uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, - bool *request_reenroll); - - private: - - gatekeeper_error_t Send(uint32_t command, const GateKeeperMessage& request, - GateKeeperMessage* response); - - gatekeeper_error_t Send(const EnrollRequest& request, EnrollResponse *response) { - return Send(GK_ENROLL, request, response); - } - - gatekeeper_error_t Send(const VerifyRequest& request, VerifyResponse *response) { - return Send(GK_VERIFY, request, response); - } - - // Static methods interfacing the HAL API with the TrustyGateKeeper device - - /** - * Enrolls desired_password, which should be derived from a user selected pin or password, - * with the authentication factor private key used only for enrolling authentication - * factor data. - * - * If there was already a password enrolled, it should be provided in - * current_password_handle, along with the current password in current_password - * that should validate against current_password_handle. - * - * Returns: 0 on success or an error code less than 0 on error. * On error, enrolled_password_handle will not be allocated. */ - static int enroll(const struct gatekeeper_device *dev, uint32_t uid, - const uint8_t *current_password_handle, uint32_t current_password_handle_length, - const uint8_t *current_password, uint32_t current_password_length, - const uint8_t *desired_password, uint32_t desired_password_length, - uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length); + ::android::hardware::Return enroll( + uint32_t uid, const ::android::hardware::hidl_vec& currentPasswordHandle, + const ::android::hardware::hidl_vec& currentPassword, + const ::android::hardware::hidl_vec& desiredPassword, + enroll_cb _hidl_cb) override; /** * Verifies provided_password matches enrolled_password_handle. @@ -109,18 +59,32 @@ class TrustyGateKeeperDevice { * Returns: 0 on success or an error code less than 0 on error * On error, verification token will not be allocated */ - static int verify(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge, - const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, - const uint8_t *provided_password, uint32_t provided_password_length, - uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll); + ::android::hardware::Return verify( + uint32_t uid, uint64_t challenge, + const ::android::hardware::hidl_vec& enrolledPasswordHandle, + const ::android::hardware::hidl_vec& providedPassword, + verify_cb _hidl_cb) override; - static int close_device(hw_device_t* dev); + ::android::hardware::Return deleteUser(uint32_t uid, deleteUser_cb _hidl_cb) override; + + ::android::hardware::Return deleteAllUsers(deleteAllUsers_cb _hidl_cb) override; + + private: + gatekeeper_error_t Send(uint32_t command, const GateKeeperMessage& request, + GateKeeperMessage* response); + + gatekeeper_error_t Send(const EnrollRequest& request, EnrollResponse *response) { + return Send(GK_ENROLL, request, response); + } + + gatekeeper_error_t Send(const VerifyRequest& request, VerifyResponse *response) { + return Send(GK_VERIFY, request, response); + } - gatekeeper_device device_; int error_; - }; -} + +} // namespace gatekeeper #endif diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk index 445d3ced1..fd8daa84a 100644 --- a/trusty/trusty-base.mk +++ b/trusty/trusty-base.mk @@ -24,9 +24,7 @@ PRODUCT_PACKAGES += \ android.hardware.keymaster@4.0-service.trusty \ - android.hardware.gatekeeper@1.0-service \ - android.hardware.gatekeeper@1.0-impl \ - gatekeeper.trusty + android.hardware.gatekeeper@1.0-service.trusty PRODUCT_PROPERTY_OVERRIDES += \ ro.hardware.keystore=trusty \