Commit graph

105 commits

Author SHA1 Message Date
Subrahmanyaman
355e97773a hidl2aidl: conversion of gatekeeper hidl to aidl
Conversion of the gatekeeper hidl interface to stable aidl interface.

Bug: 205760843
Test: run vts -m VtsHalGatekeeperTarget
Change-Id: I7ca82780b1f834f00c3708dea55ac6500cd08c9c
2022-09-19 16:39:27 +00:00
David Drysdale
c5b7d179c2 Depend on KeyMint HAL via default
This allows for easier bumping of the KeyMint version level.

At the moment this change should have no effect: the same dependency
is used, just reached via a default rather than explicitly.

However, when the KeyMint version increases in the near future, using
this default should mean that no change is needed here: the default
definition will change to -V2 and this will be referenced here.

Test: TreeHugger
Change-Id: Ic250e5b91ee2b48cd7a05783ce21af16ae330ed1
2021-12-02 08:16:25 +00:00
Jiyong Park
1486987d34 Remove ndk_platform backend. Use the ndk backend.
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.

Bug: 161456198
Test: m
Change-Id: I7e60ee840fd64f9e36bafa8baea19daab9c15cea
2021-07-27 12:19:00 +09:00
Suren Baghdasaryan
2079c5f0c9 Replace writepid with task_profiles command for cgroup migration
writepid command usage to join a cgroup has been deprecated in favor
of a more flexible approach using task_profiles. This way cgroup path
is not hardcoded and cgroup changes can be easily made. Replace
writepid with task_profiles command to migrate between cgroups.

Bug: 191283136
Test: build and boot
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I945c634dfa7621437d8ea3981bce370d680b7371
2021-06-24 17:24:20 +00:00
Janis Danisevskis
36ac55fef9 Keystore 2.0: Remove references to Keystore 1.0
Bug: 171305684
Test: N/A
Change-Id: I295728dba0a1dab2f8fd0e3c46cb0e239d1c72d7
2021-03-18 15:32:19 -07:00
Bob Badour
d69ad69a93 [LSC] Add LOCAL_LICENSE_KINDS to system/core
Added SPDX-license-identifier-Apache-2.0 to:
  bootstat/Android.bp
  cli-test/Android.bp
  code_coverage/Android.bp
  cpio/Android.bp
  debuggerd/crasher/Android.bp
  debuggerd/proto/Android.bp
  diagnose_usb/Android.bp
  fs_mgr/libdm/Android.bp
  fs_mgr/libfiemap/Android.bp
  fs_mgr/liblp/Android.bp
  fs_mgr/libsnapshot/Android.bp
  fs_mgr/libstorage_literals/Android.bp
  fs_mgr/libvbmeta/Android.bp
  fs_mgr/tests/Android.bp
  fs_mgr/tools/Android.bp
  gatekeeperd/Android.bp
  healthd/Android.bp
  healthd/testdata/Android.bp
  init/Android.bp
  init/Android.mk
  init/sysprop/Android.bp
  init/test_kill_services/Android.bp
  init/test_service/Android.bp
  libappfuse/Android.bp
  libasyncio/Android.bp
  libbinderwrapper/Android.bp
  libcrypto_utils/Android.bp
  libcrypto_utils/tests/Android.bp
  libdiskconfig/Android.bp
  libgrallocusage/Android.bp
  libkeyutils/mini_keyctl/Android.bp
  libmodprobe/Android.bp
  libnetutils/Android.bp
  libpackagelistparser/Android.bp
  libprocessgroup/Android.bp
  libprocessgroup/cgrouprc/Android.bp
  libprocessgroup/cgrouprc_format/Android.bp
  libprocessgroup/profiles/Android.bp
  libprocessgroup/setup/Android.bp
  libqtaguid/Android.bp
  libsparse/Android.bp
  libstats/push_compat/Android.bp
  libsuspend/Android.bp
  libsync/Android.bp
  libsystem/Android.bp
  libsysutils/Android.bp
  libusbhost/Android.bp
  libutils/Android.bp
  libvndksupport/Android.bp
  libvndksupport/tests/Android.bp
  llkd/Android.bp
  llkd/tests/Android.bp
  property_service/libpropertyinfoparser/Android.bp
  property_service/libpropertyinfoserializer/Android.bp
  property_service/property_info_checker/Android.bp
  qemu_pipe/Android.bp
  reboot/Android.bp
  rootdir/Android.bp
  rootdir/Android.mk
  rootdir/avb/Android.bp
  rootdir/avb/Android.mk
  run-as/Android.bp
  sdcard/Android.bp
  set-verity-state/Android.bp
  shell_and_utilities/Android.bp
  storaged/Android.bp
  toolbox/Android.bp
  trusty/apploader/Android.bp
  trusty/confirmationui/Android.bp
  trusty/confirmationui/fuzz/Android.bp
  trusty/coverage/Android.bp
  trusty/fuzz/Android.bp
  trusty/fuzz/test/Android.bp
  trusty/gatekeeper/Android.bp
  trusty/gatekeeper/fuzz/Android.bp
  trusty/keymaster/Android.bp
  trusty/keymaster/fuzz/Android.bp
  trusty/libtrusty/Android.bp
  trusty/libtrusty/tipc-test/Android.bp
  trusty/secure_dpu/Android.bp
  trusty/storage/interface/Android.bp
  trusty/storage/lib/Android.bp
  trusty/storage/proxy/Android.bp
  trusty/storage/tests/Android.bp
  trusty/utils/spiproxyd/Android.bp
  trusty/utils/trusty-ut-ctrl/Android.bp
  usbd/Android.bp
  watchdogd/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD to:
  debuggerd/Android.bp
  fastboot/Android.bp
  libkeyutils/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD
    SPDX-license-identifier-MIT
to:
  libcutils/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT
to:
  fs_mgr/Android.bp
  fs_mgr/libfs_avb/Android.bp
  trusty/Android.bp
  trusty/utils/rpmb_dev/Android.bp

Added SPDX-license-identifier-BSD
to:
  fastboot/fuzzy_fastboot/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: Id740a7d2884556081fdb68876584b25eb95e1bef
2021-02-19 12:59:05 -08:00
Janis Danisevskis
8e0035c0cc Gatekeeper: Add missing user_id.
Auth tokens sent to keystore2 where missing the user id.

Test: Timeout bound keys can be authorized.
Change-Id: Ifd27d2d8c4e153d2e21460574a073516e276aae0
2021-02-11 23:16:58 -08:00
Treehugger Robot
ceadc2332b Merge "Specify version for aidl_interface explicitly" 2021-02-02 00:08:08 +00:00
Janis Danisevskis
0357239d2f Fix Keystore 2.0 related bug in gatekeeperd.
Test: atest android.keystore.cts.CipherTest#testEmptyPlaintextEncryptsAndDecryptsWhenUnlockedRequired
Change-Id: Iec3d8aa34db040d5d4a418307020019ca32b0ffb
2021-01-29 23:47:18 -08:00
Jeongik Cha
d039f7bba7 Specify version for aidl_interface explicitly
Bug: 150578172
Test: m
Change-Id: I771c5d16c664d9e2e1602d7c5ac8035850bfe8ae
2021-01-26 22:35:08 +09:00
Hasini Gunasinghe
6fd560377f Integrate IKeystoreAuthorization aidl's addAuthToken with gatekeeperd.
Bug: 166672367
Bug: 177830239
Bug: 177791435
Bug: 177787061
Bug: 177787180
Test: VTS test
Change-Id: I15b751ec993a240756e58c2df3352c544bced517
2021-01-19 14:42:33 +00:00
Louis Chang
4c66b8a35c Revert "Integrate IKeystoreAuthorization aidl's addAuthToken wit..."
Revert "Implement addAuthToken method of IKeystoreAuthorization ..."

Revert "Integrate IKeystoreAuthorization aidl's addAuthToken wit..."

Revert submission 1519257-rename_auth_service

Reason for revert: breaking WM presubmit, b/177787180
Reverted Changes:
Ib847b68d4:Integrate IKeystoreAuthorization aidl's addAuthTok...
I7893ab452:Integrate IKeystoreAuthorization aidl's addAuthTok...
I4a092119c:Implement addAuthToken method of IKeystoreAuthoriz...

Change-Id: Icc48050a127fa3a931cb0b591db8165384e2fe25
2021-01-18 10:01:12 +00:00
Hasini Gunasinghe
701fbca843 Integrate IKeystoreAuthorization aidl's addAuthToken with gatekeeperd.
Bug: 166672367
Test: VTS test

Change-Id: Ib847b68d4ab6fe4265c8b8aa5268db7c058b3629
2021-01-07 10:51:30 -08:00
Branden Archer
c02f17c216 Add @SensitiveData to GateKeeperService
Bug: 171501998
Test: Builds and manual evaluation
Change-Id: Ic62ca4b35529b2066cd536c5b414a53e254f808c
2020-11-04 13:51:04 -08:00
Janis Danisevskis
0a738d9504 Chanage uid to userId where it denotes an Android user id.
This patch changes the variable name `uid` to `userId` where it
denotes an Android user id. This makes it harder to mistake the user id
for an actual UID.

Test: Trivial refactoring no logical changes.
Bug: 163636858
Change-Id: I9e240367bcd30bbfa1816014a7f44bbcb58ede4b
2020-09-23 18:01:37 -07:00
Jooyung Han
57110a4752 Use optional for nullable types
AIDL generates optional<T> for nullable T types for C++, which is more
efficient and idomatic and easy to use.

Bug: 144773267
Test: build/flash/boot
Merged-In: I6bf4c2017f113f4d326fddb1d76163c2fed34d50
Change-Id: I6bf4c2017f113f4d326fddb1d76163c2fed34d50
(cherry picked from commit 5f7f450fa38e752ae49ae91b1bdaf267ec9deea5)
2020-02-24 09:31:47 +09:00
Steven Moreland
a4eaf64de8 Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.

Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I0bdffced6af52695c0ef98c9dd659348e56f7aa6
2019-09-05 14:17:42 -07:00
Janis Danisevskis
3a1eb672c5 Gatekeeperd maintenance
* Move gatekeeper aidl definition to system/core/gatekeeperd
  * Retire hand written IGateKeeperService and use generated instead
  * Adjust gatekeeperd to use the generated aidl stubs.
  * Annotated enroll parameters with @nullable to match the
    documentation and the way it was used. (The hand written
    code was tolerant to null parameters, but it was undefined behavior.)
* Removed Software implementation from gatekeeperd.
  * Also removed the upgrade path.
  * Software implementation including test moved to
    hardware/interfaces/gatekeeper/1.0/software

Change-Id: I72b734db6f67b79b29c2629764490d75d179908a
Merged-In: I72b734db6f67b79b29c2629764490d75d179908a
Test: Manually tested setting pin and login.
2019-06-23 11:09:30 -07:00
David Anderson
97400bd865 Use distinct GateKeeper userids when running a GSI.
GateKeeper uses userids to key authentication data. This poses a problem
for GSIs, since both the GSI and the host image will be storing separate
authentication data for the same userids.

To account for this, we add a large offset (1000000) to GSI userids
before handing them off to the GateKeeper HAL. Note that
SyntheticPasswordManager uses a similar trick to store Weaver data in
GateKeeper (when a Weaver HAL is not available).

Bug: 123716647
Test: PIN authentication works after booting into a GSI
Change-Id: I714368919f8e46ff1931f350342f09fa09225a35
2019-02-28 08:56:30 -08:00
Janis Danisevskis
ea893985be Multi-threaded Keystore
Reflect that IKeystoreInterface was moved to keystore namespace.

Bug: 111443219
Change-Id: Idfc4d584686aa50853ef6f6effcdd670d7e818a5
2018-11-07 11:39:23 -08:00
Dan Willemsen
3e963f9df7 Convert more modules to Android.bp
Test: cd system/core; mma
Test: check for mkbootfs in build artifacts
Test: out/host/linux-x86/nativetest64/libcrypto_utils_test/libcrypto_utils_test
Test: out/host/linux-x86/nativetest64/libnativebridge-tests/*_test
Change-Id: I71141bd85f052d5d86763a8b79b219cc4c46aafb
2018-10-31 21:53:37 -07:00
Elliott Hughes
643268f325 Move system/core/ off NO_ERROR.
It causes trouble for Windows, and OK already exists.

Bug: N/A
Test: builds
Change-Id: Ida22fd658b0ebb259c710ba39049b07c9e495d9c
2018-10-08 11:15:52 -07:00
Kihyung Lee
1729875503 Merge "Fix memory leak when GateKeeperProxy.verify() returns"
am: 855a643d3a

Change-Id: Ic6f852f970b60bc5b86da19ae050c78893fa8f94
2018-06-26 08:31:27 -07:00
Kihyung Lee
d9ad02e3e0 Fix memory leak when GateKeeperProxy.verify() returns
After verify() calls verifyChallenge(), the caller acquires the ownership of
returned memory block pointed by *auth_token.
However, the current implementation directly returns and lost the reference
of auth_token without freeing it from heap memory.

This patch solves this problem by explicitly deleting the auth_token array.

Change-Id: I6cfe8427174aa36fbb208e2fff8904095f468ec6
2018-06-18 11:05:42 +09:00
TreeHugger Robot
336fab3633 Merge "Revert "Restore "Add UID parameter to authentication token""" 2018-02-23 17:42:46 +00:00
Brian Young
388ff6bb7b Revert "Restore "Add UID parameter to authentication token""
This reverts commit 9e62f3ee11.

Reason for revert: Regression in creating auth-bound keys

Bug: 73773914

Bug: 67752510

Change-Id: Ibde9aefffbaab9b85deb95ae2fdf9e0db6d1e992
2018-02-23 01:31:12 +00:00
Brian Young
eb7585950e Merge "Restore "Add UID parameter to authentication token"" 2018-02-16 01:18:53 +00:00
Brian C. Young
9e62f3ee11 Restore "Add UID parameter to authentication token"
The keystore/keymaster changes to prevent some keys from being used
while the screen is locked require passing Android user IDs as well as
keymaster secure IDs.

This reverts commit 16b8434935.

Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed

Bug: 67752510

Change-Id: Ie09855813092a38fff80c913c9c8f8228aa4c95b
2018-02-15 11:28:59 -08:00
Shawn Willden
e8995b5773 Add OWNERS file to gatekeeperd
Test: Yes, that would be nice, wouldn't it?
Change-Id: I4116c2546bbc15ef5edb90867ed156637bb125c6
2018-02-14 16:04:36 -07:00
Brian Young
16b8434935 Revert "Add UID parameter to authentication token"
This reverts commit 58ce81349a.

Reason for revert: Build breakages on elfin, gce_x86_phone.

Bug: 72679761
Bug: 67752510
Change-Id: Ia27d6a7aa0195e49d0f132e7b77c81d780248a4c
2018-01-30 15:31:32 +00:00
Brian C. Young
58ce81349a Add UID parameter to authentication token
The keystore/keymaster changes to prevent some keys from being used
while the screen is locked require passing Android user IDs as well as
keymaster secure IDs.

Test: go/asym-write-test-plan

Bug: 67752510

Change-Id: I07bfad82775025f8cf66004e46387d1354ef6575
2018-01-25 10:33:42 -08:00
Dmitry Dementyev
963daf2c11 Make libkeystore_aidl shared and export to PDK.
Bug: 69539820
Test: manual

Change-Id: I2616cbd10351b7ea9041ae0f0abde6634206de65
2017-11-28 16:59:41 -08:00
Dmitry Dementyev
0dd259cf78 Get rid of manually created IKeystoreService in gatekeeper.cpp
Bug:68389643
Test: manual
Change-Id: I2c1404f4c6597e63bc0a360a7bf598e35585b30e
2017-11-14 16:15:44 -08:00
Andrew Hsieh
16d20205e1 Merge "gatekeeperd: use std::unique_ptr" into oc-mr1-dev
am: 202fedd1fe

Change-Id: I72aa2745bcd5a14785fa77845f07d15ce648c933
2017-08-18 19:18:46 +00:00
Justin Yun
68b0ec6487 gatekeeperd: use std::unique_ptr
std::unique_ptr is available in this scope. Substitue the UniquePtr to
std::unique_ptr.

Bug: 63686260
Test: build and boot
Change-Id: Ib8ea3fb5c49c0e92d962f65f1139b073168f8698
2017-08-17 14:58:23 +09:00
Elliott Hughes
37e0a46463 Merge "Stop asking for old versions of C++ in system/core." am: e61e2fcf21 am: 0915192d8b am: 514464f4ca
am: cb6e5d6ed2

Change-Id: Id7cbfd270890da3a29b10393f10bd128d219f9e5
2017-08-03 02:37:39 +00:00
Elliott Hughes
cb6e5d6ed2 Merge "Stop asking for old versions of C++ in system/core." am: e61e2fcf21 am: 0915192d8b
am: 514464f4ca

Change-Id: Ibbd6515b4a44105e7b965e7b36bc4c3648c7e713
2017-08-03 02:33:04 +00:00
Elliott Hughes
0915192d8b Merge "Stop asking for old versions of C++ in system/core."
am: e61e2fcf21

Change-Id: I9c424e8bb99c7f03baefc794e4b095b8d29db3bb
2017-08-03 02:23:09 +00:00
Elliott Hughes
972d078b3e Stop asking for old versions of C++ in system/core.
Bug: http://b/32019064
Test: builds
Change-Id: I1befc647b581bd293f98010e816b6413caab5e6c
2017-08-02 14:06:28 -07:00
Steven Moreland
68c699a0aa Merge "system/core: use proper nativehelper headers" am: 4f59afe9fa am: 6208cd1322 am: 106c355688
am: 57db1511bd

Change-Id: If1de13ecd84a5bf43edefd844e1b46104bddf9a0
2017-07-19 15:39:36 +00:00
Steven Moreland
57db1511bd Merge "system/core: use proper nativehelper headers" am: 4f59afe9fa am: 6208cd1322
am: 106c355688

Change-Id: I8ddfceec58ab69b6c0952ea39f3ad78802f5d7bc
2017-07-19 15:36:37 +00:00
Steven Moreland
6208cd1322 Merge "system/core: use proper nativehelper headers"
am: 4f59afe9fa

Change-Id: I0fee29c0ad6e81b83cd0f3f774cd08f483a5df6c
2017-07-19 15:31:07 +00:00
Steven Moreland
00fe3ad728 system/core: use proper nativehelper headers
libnativeheader exports headers under nativeheader. These were
available before incorrectly as global headers in order to give
access to jni.h.

Test: modules using system/core find headers
Bug: 63762847
Change-Id: I86240f7857dd815100cab32ad261aa9a0a54329c
2017-07-18 17:03:20 -07:00
Pavel Grafov
9890f89ca2 Don't look up parent user SID.
This is a revert of http://ag/741442

Every user now has their own SID, so there is no need to look up
profile parent anymore.

Bug: 38259874
Test: manual, using ConfirmCredential sample app in work profile.
Test: manual, making sure keys survive N->O-MR1 upgrade.
Change-Id: Ib2f52baeb7c5bfeec95431fccfd6ddd537019954
2017-06-28 20:38:33 +01:00
Adrian Roos
cb4ed1bdb9 Credential FRP: keep gatekeeperd credentials after reset
Gatekeeperd now delays clearing all user credentials
until the device setup is complete or we enroll a new
credential (whichever comes first).

Bug: 36814845
Test: Set lockscreen credential, "adb reboot-bootloader && fastboot -w", "adb shell am start -a android.app.action.CONFIRM_FRP_CREDENTIAL", verify that credential still works
Change-Id: If2ad78ff5b80a6ddffd997be0949b03ed11797f4
2017-04-18 20:50:52 +00:00
Chris Phoenix
a84ce0c581 gatekeeper HAL uses "default" service name
The getService() and registerAsService() methods of interface objects
now have default parameters of "default" for the service name. HALs
will not have to use any service name unless they want to register
more than one service.

Test: builds

Bug: 33844934
Change-Id: Ie49c8cea290d328b2160f6012e7c143c49d535cc
2017-02-23 19:31:59 +00:00
Janis Danisevskis
72030fb7bc Adjust for small changes in the native keystore interface
Test: compiled and run on bullhead device
Bug: 32020919
Change-Id: I8352b87be090ba756e3a6ea51cd691cd5594e8f7
2017-01-19 05:32:34 -07:00
Mark Salyzyn
271a1a7cda resolve merge conflicts of a45b1d6f3 to master
Test: compile
Bug: 30465923
Change-Id: I648855539df3cfa176c6ecac19b6a562ba6feaf7
2017-01-11 11:41:38 -08:00
Mark Salyzyn
a45b1d6f38 Merge "liblog: use log/log.h when utilizing ALOG macros" am: 01e12b4ee7 am: c3b346ea93
am: 5482cb01b2

Change-Id: Ifaf21912d44f6ee9fda06df255ba3f7a4ca26ed7
2017-01-11 19:26:19 +00:00
Mark Salyzyn
30f991f251 liblog: use log/log.h when utilizing ALOG macros
Test: compile
Bug: 30465923
Change-Id: Id6d76510819ebd88c3f5003d00d73a0dbe85e943
2017-01-11 09:31:15 -08:00