Commit graph

113 commits

Author SHA1 Message Date
Steven Moreland
00fe3ad728 system/core: use proper nativehelper headers
libnativeheader exports headers under nativeheader. These were
available before incorrectly as global headers in order to give
access to jni.h.

Test: modules using system/core find headers
Bug: 63762847
Change-Id: I86240f7857dd815100cab32ad261aa9a0a54329c
2017-07-18 17:03:20 -07:00
Pavel Grafov
9890f89ca2 Don't look up parent user SID.
This is a revert of http://ag/741442

Every user now has their own SID, so there is no need to look up
profile parent anymore.

Bug: 38259874
Test: manual, using ConfirmCredential sample app in work profile.
Test: manual, making sure keys survive N->O-MR1 upgrade.
Change-Id: Ib2f52baeb7c5bfeec95431fccfd6ddd537019954
2017-06-28 20:38:33 +01:00
Adrian Roos
cb4ed1bdb9 Credential FRP: keep gatekeeperd credentials after reset
Gatekeeperd now delays clearing all user credentials
until the device setup is complete or we enroll a new
credential (whichever comes first).

Bug: 36814845
Test: Set lockscreen credential, "adb reboot-bootloader && fastboot -w", "adb shell am start -a android.app.action.CONFIRM_FRP_CREDENTIAL", verify that credential still works
Change-Id: If2ad78ff5b80a6ddffd997be0949b03ed11797f4
2017-04-18 20:50:52 +00:00
Chris Phoenix
a84ce0c581 gatekeeper HAL uses "default" service name
The getService() and registerAsService() methods of interface objects
now have default parameters of "default" for the service name. HALs
will not have to use any service name unless they want to register
more than one service.

Test: builds

Bug: 33844934
Change-Id: Ie49c8cea290d328b2160f6012e7c143c49d535cc
2017-02-23 19:31:59 +00:00
Janis Danisevskis
72030fb7bc Adjust for small changes in the native keystore interface
Test: compiled and run on bullhead device
Bug: 32020919
Change-Id: I8352b87be090ba756e3a6ea51cd691cd5594e8f7
2017-01-19 05:32:34 -07:00
Mark Salyzyn
271a1a7cda resolve merge conflicts of a45b1d6f3 to master
Test: compile
Bug: 30465923
Change-Id: I648855539df3cfa176c6ecac19b6a562ba6feaf7
2017-01-11 11:41:38 -08:00
Mark Salyzyn
a45b1d6f38 Merge "liblog: use log/log.h when utilizing ALOG macros" am: 01e12b4ee7 am: c3b346ea93
am: 5482cb01b2

Change-Id: Ifaf21912d44f6ee9fda06df255ba3f7a4ca26ed7
2017-01-11 19:26:19 +00:00
Mark Salyzyn
30f991f251 liblog: use log/log.h when utilizing ALOG macros
Test: compile
Bug: 30465923
Change-Id: Id6d76510819ebd88c3f5003d00d73a0dbe85e943
2017-01-11 09:31:15 -08:00
Steven Moreland
a1538906ac Merge "Return<*> getStatus().isOk() -> isOk()" 2017-01-04 23:46:52 +00:00
Alexey Polyudov
48e00f7470 gatekeeperd: protect from invalid data passed by HAL am: 8c63536ded
am: 563ed1672f

Change-Id: I524b468ef7d54444feaceacbcdc66861a1cada0c
2017-01-04 03:33:20 +00:00
Alexey Polyudov
563ed1672f gatekeeperd: protect from invalid data passed by HAL
am: 8c63536ded

Change-Id: Ie020281e63504ea0b9f27e9e36433d3e137ae018
2017-01-04 03:31:20 +00:00
Steven Moreland
813309326b Return<*> getStatus().isOk() -> isOk()
Bug: 31348667
Test: compiles
Change-Id: I44d89e45c8bf8bcd7a47dff1f5cd4d454c95a079
2017-01-03 17:05:26 -08:00
Alexey Polyudov
8c63536ded gatekeeperd: protect from invalid data passed by HAL
Bug: 31349112
Change-Id: I6c0656f85e44054147f8795c98baab7a98f575b9
Signed-off-by: Alexey Polyudov <apolyudov@google.com>
2016-12-21 14:55:29 +00:00
Stephen Hines
ce3fcb7681 Merge "Switch to memcpy for accessing misaligned data." am: 2bdb37190c am: 87daae5505 am: 317f152365
am: 231c735043

Change-Id: I893ed58f9667744ec54510020ca18743ab10fa71
2016-12-14 03:21:24 +00:00
Stephen Hines
b0775ca517 Switch to memcpy for accessing misaligned data.
Bug: http://b/31532493

Using misaligned pointers forces us to potentially take the address of
members in a packed structure (which is now a warning/error in the
latest Clang). Using memcpy() is the proper way to handle this kind of
problem, as the compiler can insert the proper instructions (and usually
elide the memcpy() entirely).

Test: Built correctly with updated compilers.
Change-Id: Ia1f6eb62cf19404ff76b71d3c6c7ffffa1403120
2016-12-07 03:46:55 -08:00
Alexey Polyudov
275aece609 Use HIDL-generated HAL interworking code
Change-Id: Ide455f8e8bba8b7f403cc7a8971848c11d3b37a8
Signed-off-by: Alexey Polyudov <apolyudov@google.com>
2016-11-21 14:05:04 -08:00
Mark Salyzyn
66ce3e08c5 system/core Replace cutils/log.h with android/log.h
Should use android/log.h instead of cutils/log.h as a good example
to all others.  Adjust header order to comply with Android Coding
standards.

Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I2c9cbbbd64d8dccf2d44356361d9742e4a9b9031
2016-09-30 12:47:05 -07:00
Chih-hung Hsieh
fb44ca5178 Merge "Fix google-explicit-constructor warnings." am: 7bdd6a8b5a
am: 427d8d840f

* commit '427d8d840f6ec5ce5767b2ee521e4ac5b7ebd619':
  Fix google-explicit-constructor warnings.

Change-Id: I26dc45aca83f991aa7993f6d4233e0439dd44a22
2016-04-30 05:16:35 +00:00
Chih-Hung Hsieh
1c563d96f0 Fix google-explicit-constructor warnings.
Bug: 28341362
Change-Id: I4504e98a8db31e0edcbe63c23f9af43eb13e9d86
2016-04-29 15:44:04 -07:00
Martijn Coenen
8c65002114 Merge "Move gatekeeperd to system-background cpuset." into nyc-dev
am: 0e54903

* commit '0e54903c737aa71590d222828cd31944bd2be4cb':
  Move gatekeeperd to system-background cpuset.

Change-Id: I4cb18f78f65baa727c777d0f98ecead1d060e7e5
2016-04-25 18:03:25 +00:00
Martijn Coenen
0fd19760a1 Move gatekeeperd to system-background cpuset.
Bug: 24949295
Change-Id: I3c68bf1c604f0e8eb8155a4615802847a9a8604d
2016-04-15 14:29:40 +02:00
George Burgess IV
02f689e11a Merge "Cleanup uses of sprintf so we can deprecate it." am: 2c5b89a64a
am: 3368bdebba

* commit '3368bdebba02316710bafc5bce120eec388365fb':
  Cleanup uses of sprintf so we can deprecate it.
2016-03-08 07:41:39 +00:00
George Burgess IV
e7aa2b2c83 Cleanup uses of sprintf so we can deprecate it.
Also cleans up two instances of open() with useless mode params, and
changes a few uses of snprintf to use sizeof(buffer) instead of
hardcoded buffer sizes.

Change-Id: If11591003d910c995e72ad8f75afd072c255a3c5
2016-03-07 18:40:40 -08:00
Elliott Hughes
ef119a14b8 Merge "Track rename of base/ to android-base/." am: 912ed3d8ca am: e2a9563be1
am: 3608ee5e90

* commit '3608ee5e903689ea7c433587be664649689816e1':
  Track rename of base/ to android-base/.
2015-12-07 23:59:44 +00:00
Elliott Hughes
4f71319df0 Track rename of base/ to android-base/.
Change-Id: Idf9444fece4aa89c93e15640de59a91f6e758ccf
2015-12-04 22:00:26 -08:00
Andres Morales
70309ff8c7 [gatekeeperd] copy uid to local before passing to u_map
The compiler will issue the unaligned access instuctions
when reading from a packed struct. Since 'find' takes a
reference, if we pass the field directly it is removed
from its packed context and may be unreadable.

Read the field out directly from the packed struct and pass
in aligned to u_map to fix.

Bug: 22367550
Change-Id: Ia3b639c7518154ff5a2b7c233b752e154eab9aad
(cherry picked from commit 6e83dc4d325d68b568c841d3e88fda2a93e00663)
2015-11-05 11:09:21 -08:00
Tom Cherry
d2a600eb35 update bundled rc files to their contents from rootdir/init.rc
Bug 23186545

Change-Id: Ieb03ba89db2dee0365ae346295207ddfd29bd2b7
(cherry picked from commit 297991b324)
2015-08-21 21:54:42 +00:00
Tom Cherry
297991b324 update bundled rc files to their contents from rootdir/init.rc
Bug 23186545

Change-Id: Ieb03ba89db2dee0365ae346295207ddfd29bd2b7
2015-08-21 12:39:01 -07:00
Andres Morales
82b4d4bc63 am dec7201e: am fe1b4627: am 19f223f3: Merge "[gatekeeperd] Check parent profile for SID lookups" into mnc-dev
* commit 'dec7201e59f7eec1dae5ca5b3c6fae11d3e22242':
  [gatekeeperd] Check parent profile for SID lookups
2015-08-06 22:54:45 +00:00
Andres Morales
1cf7d259e8 [gatekeeperd] Check parent profile for SID lookups
Bug: 22257554
Change-Id: I1a363729b449a2bc8594b48dada719fd79da7036
2015-08-05 10:32:13 -07:00
Andres Morales
17aa7571f9 [gatekeeperd] fix other unaligned mem access
Initially tested with the wrong (mnc) toolchain
which just hid the error entirely. Now tested with
master toolchain so this should be the last instance.

Bug: 22367550
Change-Id: I0e785918b1a9f4a8af80dc96b794737fcfd12367
2015-07-10 13:56:02 -07:00
Andres Morales
0e761b8c39 am 07f0aef8: am a5c8358a: am 787c3764: Merge "[gatekeeperd] fix use of uninitialized memory" into mnc-dev
* commit '07f0aef8b98aea677e2f97589a6866903ed540ef':
  [gatekeeperd] fix use of uninitialized memory
2015-07-10 18:27:49 +00:00
Andres Morales
5767a723bb am beb4fa62: am b8fb72e0: am 0b0435ea: [gatekeeperd] fix file descriptor leak
* commit 'beb4fa627b8da911a2d61d5e51b8df6af6c76c74':
  [gatekeeperd] fix file descriptor leak
2015-07-10 18:05:33 +00:00
Andres Morales
787c3764d3 Merge "[gatekeeperd] fix use of uninitialized memory" into mnc-dev 2015-07-10 17:20:31 +00:00
Andres Morales
0b0435ea87 [gatekeeperd] fix file descriptor leak
Bug: 22403703
Change-Id: I65da3b3b3f85db035d79277344beb5460cb025f2
2015-07-10 09:47:09 -07:00
Andres Morales
3439f41abf [gatekeeperd] copy uid to local before passing to u_map
The compiler will issue the unaligned access instuctions
when reading from a packed struct. Since 'find' takes a
reference, if we pass the field directly it is removed
from its packed context and may be unreadable.

Read the field out directly from the packed struct and pass
in aligned to u_map to fix.

Bug: 22367550
Change-Id: Ia3b639c7518154ff5a2b7c233b752e154eab9aad
2015-07-09 23:26:44 +00:00
Andres Morales
fef908e5a5 [gatekeeperd] fix use of uninitialized memory
Bug: 22319772
Change-Id: I3cb83389f11e54867aca132de48a3f6407b7eaf3
2015-07-08 20:33:36 +00:00
Andres Morales
b15e63602d am d3b8b72e: am 9a53bb0f: Merge "[gatekeeperd] fix issue with SW->HW upgrades" into mnc-dev
* commit 'd3b8b72ec9cbaf202053f0281c33a8da432222ca':
  [gatekeeperd] fix issue with SW->HW upgrades
2015-06-25 16:10:35 +00:00
Andres Morales
9a53bb0f80 Merge "[gatekeeperd] fix issue with SW->HW upgrades" into mnc-dev 2015-06-25 15:43:02 +00:00
Andres Morales
7f6dcf6576 [gatekeeperd] fix issue with SW->HW upgrades
If the handle version is 0, there's no hardware_backed flag
meaning hardware backed handles will be attempted against
the soft impl. Ensure we don't try to read from hardware_backed
unless the version is > 0.

Bug: 21090356
Change-Id: I65f009c55538ea3c20eb486b580eb11ce93934fc
2015-06-24 18:40:24 -07:00
Dan Albert
262be42687 Merge "Add missing include. Clang build fix." into mnc-dev 2015-06-24 21:41:13 +00:00
Andres Morales
db100ff076 am 7f270fa8: am 3c2086da: [gatekeeperd] clear state and mark on cold boot
* commit '7f270fa8a18c86b8d5451dfcd8936c79115440ef':
  [gatekeeperd] clear state and mark on cold boot
2015-06-24 18:52:51 +00:00
Andres Morales
3c2086dabd [gatekeeperd] clear state and mark on cold boot
required to initialize state by certain HAL impls

Bug: 22011857
Change-Id: Ibb01a799da983e1a930aae946c331b23f571861d
2015-06-24 10:22:45 -07:00
Andres Morales
991680bf60 am 343d7082: am b2856ddb: Merge "[gatekeeperd] invalidate stale password cache" into mnc-dev
* commit '343d708234636d505653d4ed1c9104463db76bab':
  [gatekeeperd] invalidate stale password cache
2015-06-23 22:21:15 +00:00
Andres Morales
9ea9a06b06 [gatekeeperd] invalidate stale password cache
password may change offline, invalidate the cache if it is
stale

Bug: 22019187
Change-Id: I2aaae978c8bd4629a0f93df3778d8679ae9b53d5
2015-06-23 11:29:57 -07:00
Andres Morales
0fdae23b53 am 1e8a4588: am 835d96ea: [gatekeeperd] handle upgrades from software version to HAL
* commit '1e8a4588346bfaf1bb8f2c909e95669e29bd0d6e':
  [gatekeeperd] handle upgrades from software version to HAL
2015-06-22 21:56:41 +00:00
Andres Morales
835d96eae5 [gatekeeperd] handle upgrades from software version to HAL
Certain devices, like Shamu, are currently running an interim
software-only gatekeeper. When the HAL for those devices is merged,
we need to handle upgrading to the HAL smoothly.

Bug: 21090356
Change-Id: I5352bc547a43671a08249eae532e8b3ce6b90087
2015-06-22 13:12:41 -07:00
Andres Morales
c5b8743ff6 am b58866fb: am c7ab1e81: [gatekeeperd] add fast path for SW password verification
* commit 'b58866fbec93d6469f578c668a037738eefe5759':
  [gatekeeperd] add fast path for SW password verification
2015-06-22 20:08:51 +00:00
Andres Morales
c7ab1e8177 [gatekeeperd] add fast path for SW password verification
Bug: 21445004
Change-Id: I5e36ddbefaf1fa8de8623858fd785ac8fb651a4f
2015-06-22 12:05:57 -07:00
Dan Albert
8f7f0f88a3 Add missing include. Clang build fix.
Change-Id: I74bed4f27e34c6bbf904058c14e124d8f5d35d82
2015-06-10 17:34:58 -07:00
Dan Albert
460f6b1f11 Add missing arpa/inet.h include for ntohl.
Clang build fix. Not sure why this is happening with gcc.

Change-Id: Ic3e192e31ba8d1d78dab83a6af13e82d261e5938
2015-06-09 20:10:19 -07:00
Andres Morales
b8216007c6 Merge "[gatekeeperd] track gk failure record changes" into mnc-dev 2015-06-04 01:27:34 +00:00
Andres Morales
e1f827fc1f [gatekeeperd] track gk failure record changes
Bug:21118563
Change-Id: Ia726dc4db6ec5c6a1e8e08a689ec82568ff1e5aa
2015-06-03 18:24:36 -07:00
Andres Morales
531e3e83c2 [gatekeeperd] verify a password after enrolling successfully
Bug: 20918106
Change-Id: Ia3cb6d1375d9ee2a6e543ee97d37b7c4f0459447
2015-06-02 10:43:21 -07:00
Andres Morales
ae242929da [gatekeeperd] return brute-force throttling information
Bug: 21118563
Change-Id: I13c6a44f61668be8b4c1fde8c84dcfebab84517c
2015-05-27 07:45:22 -07:00
Andres Morales
33dfdc7bbc Move SoftGateKeeper into gatekeeperd
Allows for easy determination of whether there's a
hardware module in place. Permits tighter coupling of
software implementation with upper-level stack.

Bug:21090356
Change-Id: I275b57cd976c233c43c476c5869c5a4b29fbc175
2015-05-14 12:58:13 -07:00
Andres Morales
dcb3fbdaa4 Make clear SID delete the file
This allows us to recover in situations where we manage
to clear the SID in GateKeeper but fail to remove the
password in LockSettingsService.

Change-Id: Ib64ead137632f9615745a414c90a9b66b847134f
2015-04-17 09:01:41 -07:00
Andres Morales
7c9c3bc9c2 Implement clear SID API
Change-Id: I4ada55674edff32d3e39d460070e03abbf847359
2015-04-16 15:57:17 -07:00
Andres Morales
6a49c2fa43 Implement SID API
Change-Id: Id11632a6b4b9cab6f08f97026dd65fdf49a46491
2015-04-16 13:17:54 -07:00
Andres Morales
2ae8b4c28f Use proper NO_ERROR checking KS return value
It's a bit weird that KS defines NO_ERROR outside a
namespace like the Android binder lib, but assigns
it the value 1 instead of 0.

Change-Id: I5aedfd495f2f3bdff7eb1b4ba0f75d335dfe12d9
2015-04-13 09:20:09 -07:00
Andres Morales
c828ae8776 Update verify API to return auth token blob
Change-Id: I853e61815458b54fb3b2f29e12a147b3b9aa3788
2015-04-11 18:29:04 -07:00
Andres Morales
851b57c1f8 Add challenge to verify call
required for enrolling secondary auth form factors

Change-Id: Ia3e1d47f988bca1bb1a0e713c000886e60b4e839
2015-04-10 19:56:07 -07:00
Andres Morales
2d08dce0be GateKeeper proxy service
Until we have SELinux support for gating access
to individual TEE services, we will proxy TEE requests
to GateKeeper via this daemon.

Change-Id: Ifa316b75f75bff79bdae613a112c8c3c2e7189a8
2015-04-08 15:20:22 -07:00