It's expected that clearSecureUserId is sometimes called with a userId
that doesn't currently have a Gatekeeper enrollment. For example, this
happens whenever a user with no LSKF is removed. gatekeeperd currently
has two odd behaviors when it's asked to do this. First, it logs the
following message at ERROR level, which is not appropriate:
E gatekeeperd: clear_sid: could not remove file [No such file or directory], attempting 0 write
Second, it writes 0 to the file /data/misc/gatekeeper/$userId. This
makes this file exist even after the user has been removed, which
doesn't cause a real problem but is unexpected.
Fix both of these issues by making clear_sid() check for ENOENT.
Bug: 188702845
Bug: 268526331
Change-Id: Ib1b110f2502267004f5c945c28c98ae926b2a794
Conversion of the gatekeeper hidl interface to stable aidl interface.
Bug: 205760843
Test: run vts -m VtsHalGatekeeperTarget
Change-Id: I7ca82780b1f834f00c3708dea55ac6500cd08c9c
This allows for easier bumping of the KeyMint version level.
At the moment this change should have no effect: the same dependency
is used, just reached via a default rather than explicitly.
However, when the KeyMint version increases in the near future, using
this default should mean that no change is needed here: the default
definition will change to -V2 and this will be referenced here.
Test: TreeHugger
Change-Id: Ic250e5b91ee2b48cd7a05783ce21af16ae330ed1
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: I7e60ee840fd64f9e36bafa8baea19daab9c15cea
writepid command usage to join a cgroup has been deprecated in favor
of a more flexible approach using task_profiles. This way cgroup path
is not hardcoded and cgroup changes can be easily made. Replace
writepid with task_profiles command to migrate between cgroups.
Bug: 191283136
Test: build and boot
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I945c634dfa7621437d8ea3981bce370d680b7371
Auth tokens sent to keystore2 where missing the user id.
Test: Timeout bound keys can be authorized.
Change-Id: Ifd27d2d8c4e153d2e21460574a073516e276aae0
This patch changes the variable name `uid` to `userId` where it
denotes an Android user id. This makes it harder to mistake the user id
for an actual UID.
Test: Trivial refactoring no logical changes.
Bug: 163636858
Change-Id: I9e240367bcd30bbfa1816014a7f44bbcb58ede4b
AIDL generates optional<T> for nullable T types for C++, which is more
efficient and idomatic and easy to use.
Bug: 144773267
Test: build/flash/boot
Merged-In: I6bf4c2017f113f4d326fddb1d76163c2fed34d50
Change-Id: I6bf4c2017f113f4d326fddb1d76163c2fed34d50
(cherry picked from commit 5f7f450fa38e752ae49ae91b1bdaf267ec9deea5)
Since these were combined into libhidlbase.
Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I0bdffced6af52695c0ef98c9dd659348e56f7aa6
* Move gatekeeper aidl definition to system/core/gatekeeperd
* Retire hand written IGateKeeperService and use generated instead
* Adjust gatekeeperd to use the generated aidl stubs.
* Annotated enroll parameters with @nullable to match the
documentation and the way it was used. (The hand written
code was tolerant to null parameters, but it was undefined behavior.)
* Removed Software implementation from gatekeeperd.
* Also removed the upgrade path.
* Software implementation including test moved to
hardware/interfaces/gatekeeper/1.0/software
Change-Id: I72b734db6f67b79b29c2629764490d75d179908a
Merged-In: I72b734db6f67b79b29c2629764490d75d179908a
Test: Manually tested setting pin and login.
GateKeeper uses userids to key authentication data. This poses a problem
for GSIs, since both the GSI and the host image will be storing separate
authentication data for the same userids.
To account for this, we add a large offset (1000000) to GSI userids
before handing them off to the GateKeeper HAL. Note that
SyntheticPasswordManager uses a similar trick to store Weaver data in
GateKeeper (when a Weaver HAL is not available).
Bug: 123716647
Test: PIN authentication works after booting into a GSI
Change-Id: I714368919f8e46ff1931f350342f09fa09225a35
After verify() calls verifyChallenge(), the caller acquires the ownership of
returned memory block pointed by *auth_token.
However, the current implementation directly returns and lost the reference
of auth_token without freeing it from heap memory.
This patch solves this problem by explicitly deleting the auth_token array.
Change-Id: I6cfe8427174aa36fbb208e2fff8904095f468ec6
The keystore/keymaster changes to prevent some keys from being used
while the screen is locked require passing Android user IDs as well as
keymaster secure IDs.
This reverts commit 16b8434935.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: Ie09855813092a38fff80c913c9c8f8228aa4c95b
The keystore/keymaster changes to prevent some keys from being used
while the screen is locked require passing Android user IDs as well as
keymaster secure IDs.
Test: go/asym-write-test-plan
Bug: 67752510
Change-Id: I07bfad82775025f8cf66004e46387d1354ef6575
std::unique_ptr is available in this scope. Substitue the UniquePtr to
std::unique_ptr.
Bug: 63686260
Test: build and boot
Change-Id: Ib8ea3fb5c49c0e92d962f65f1139b073168f8698
libnativeheader exports headers under nativeheader. These were
available before incorrectly as global headers in order to give
access to jni.h.
Test: modules using system/core find headers
Bug: 63762847
Change-Id: I86240f7857dd815100cab32ad261aa9a0a54329c
This is a revert of http://ag/741442
Every user now has their own SID, so there is no need to look up
profile parent anymore.
Bug: 38259874
Test: manual, using ConfirmCredential sample app in work profile.
Test: manual, making sure keys survive N->O-MR1 upgrade.
Change-Id: Ib2f52baeb7c5bfeec95431fccfd6ddd537019954
Gatekeeperd now delays clearing all user credentials
until the device setup is complete or we enroll a new
credential (whichever comes first).
Bug: 36814845
Test: Set lockscreen credential, "adb reboot-bootloader && fastboot -w", "adb shell am start -a android.app.action.CONFIRM_FRP_CREDENTIAL", verify that credential still works
Change-Id: If2ad78ff5b80a6ddffd997be0949b03ed11797f4
The getService() and registerAsService() methods of interface objects
now have default parameters of "default" for the service name. HALs
will not have to use any service name unless they want to register
more than one service.
Test: builds
Bug: 33844934
Change-Id: Ie49c8cea290d328b2160f6012e7c143c49d535cc