Return error from gatekeeperd
Instead of crashing the gatekeeperd on incorrect inputs to AIDL interface, return errors from the service. Test: m gatekeeperd, booted device Bug: 279970163 Change-Id: Ifd3330e749f4ce147db5886f1f2dbb00c322bed2
This commit is contained in:
Pawan Wagh
parent
a819eb223f
commit
d2d320ab0b
2 changed files with 33 additions and 10 deletions
|
|
@ -144,14 +144,22 @@ void GateKeeperProxy::clear_sid(uint32_t userId) {
|
|||
}
|
||||
}
|
||||
|
||||
uint32_t GateKeeperProxy::adjust_userId(uint32_t userId) {
|
||||
Status GateKeeperProxy::adjust_userId(uint32_t userId, uint32_t* hw_userId) {
|
||||
static constexpr uint32_t kGsiOffset = 1000000;
|
||||
CHECK(userId < kGsiOffset);
|
||||
CHECK((aidl_hw_device != nullptr) || (hw_device != nullptr));
|
||||
if (is_running_gsi) {
|
||||
return userId + kGsiOffset;
|
||||
if (userId >= kGsiOffset) {
|
||||
return Status::fromExceptionCode(Status::EX_ILLEGAL_ARGUMENT);
|
||||
}
|
||||
return userId;
|
||||
|
||||
if ((aidl_hw_device == nullptr) && (hw_device == nullptr)) {
|
||||
return Status::fromExceptionCode(Status::EX_ILLEGAL_STATE);
|
||||
}
|
||||
|
||||
if (is_running_gsi) {
|
||||
*hw_userId = userId + kGsiOffset;
|
||||
return Status::ok();
|
||||
}
|
||||
*hw_userId = userId;
|
||||
return Status::ok();
|
||||
}
|
||||
|
||||
#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()
|
||||
|
|
@ -201,7 +209,12 @@ Status GateKeeperProxy::enroll(int32_t userId,
|
|||
android::hardware::hidl_vec<uint8_t> newPwd;
|
||||
newPwd.setToExternal(const_cast<uint8_t*>(desiredPassword.data()), desiredPassword.size());
|
||||
|
||||
uint32_t hw_userId = adjust_userId(userId);
|
||||
uint32_t hw_userId = 0;
|
||||
Status result = adjust_userId(userId, &hw_userId);
|
||||
if (!result.isOk()) {
|
||||
return result;
|
||||
}
|
||||
|
||||
uint64_t secureUserId = 0;
|
||||
if (aidl_hw_device) {
|
||||
// AIDL gatekeeper service
|
||||
|
|
@ -300,7 +313,12 @@ Status GateKeeperProxy::verifyChallenge(int32_t userId, int64_t challenge,
|
|||
}
|
||||
}
|
||||
|
||||
uint32_t hw_userId = adjust_userId(userId);
|
||||
uint32_t hw_userId = 0;
|
||||
Status result = adjust_userId(userId, &hw_userId);
|
||||
if (!result.isOk()) {
|
||||
return result;
|
||||
}
|
||||
|
||||
android::hardware::hidl_vec<uint8_t> curPwdHandle;
|
||||
curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolledPasswordHandle.data()),
|
||||
enrolledPasswordHandle.size());
|
||||
|
|
@ -410,7 +428,12 @@ Status GateKeeperProxy::clearSecureUserId(int32_t userId) {
|
|||
}
|
||||
clear_sid(userId);
|
||||
|
||||
uint32_t hw_userId = adjust_userId(userId);
|
||||
uint32_t hw_userId = 0;
|
||||
Status result = adjust_userId(userId, &hw_userId);
|
||||
if (!result.isOk()) {
|
||||
return result;
|
||||
}
|
||||
|
||||
if (aidl_hw_device) {
|
||||
aidl_hw_device->deleteUser(hw_userId);
|
||||
} else if (hw_device) {
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class GateKeeperProxy : public BnGateKeeperService {
|
|||
|
||||
// This should only be called on userIds being passed to the GateKeeper HAL. It ensures that
|
||||
// secure storage shared across a GSI image and a host image will not overlap.
|
||||
uint32_t adjust_userId(uint32_t userId);
|
||||
Status adjust_userId(uint32_t userId, uint32_t* hw_userId);
|
||||
|
||||
#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue