1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef IGATEKEEPER_SERVICE_H_ 18 #define IGATEKEEPER_SERVICE_H_ 19 20 #include <binder/IInterface.h> 21 #include <binder/Parcel.h> 22 23 namespace android { 24 25 /* 26 * This must be kept manually in sync with frameworks/base's IGateKeeperService.aidl 27 */ 28 class IGateKeeperService : public IInterface { 29 public: 30 enum { 31 ENROLL = IBinder::FIRST_CALL_TRANSACTION + 0, 32 VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1, 33 VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2, 34 GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3, 35 CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4, 36 REPORT_DEVICE_SETUP_COMPLETE = IBinder::FIRST_CALL_TRANSACTION + 5, 37 }; 38 39 enum { 40 GATEKEEPER_RESPONSE_OK = 0, 41 GATEKEEPER_RESPONSE_RETRY = 1, 42 GATEKEEPER_RESPONSE_ERROR = -1, 43 }; 44 45 // DECLARE_META_INTERFACE - C++ client interface not needed 46 static const android::String16 descriptor; 47 virtual const android::String16& getInterfaceDescriptor() const; IGateKeeperService()48 IGateKeeperService() {} ~IGateKeeperService()49 virtual ~IGateKeeperService() {} 50 51 /** 52 * Enrolls a password with the GateKeeper. Returns 0 on success, negative on failure. 53 * Returns: 54 * - 0 on success 55 * - A timestamp T > 0 if the call has failed due to throttling and should not 56 * be reattempted until T milliseconds have elapsed 57 * - -1 on failure 58 */ 59 virtual int enroll(uint32_t uid, 60 const uint8_t *current_password_handle, uint32_t current_password_handle_length, 61 const uint8_t *current_password, uint32_t current_password_length, 62 const uint8_t *desired_password, uint32_t desired_password_length, 63 uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) = 0; 64 65 /** 66 * Verifies a password previously enrolled with the GateKeeper. 67 * Returns: 68 * - 0 on success 69 * - A timestamp T > 0 if the call has failed due to throttling and should not 70 * be reattempted until T milliseconds have elapsed 71 * - -1 on failure 72 */ 73 virtual int verify(uint32_t uid, const uint8_t *enrolled_password_handle, 74 uint32_t enrolled_password_handle_length, 75 const uint8_t *provided_password, uint32_t provided_password_length, 76 bool *request_reenroll) = 0; 77 78 /** 79 * Verifies a password previously enrolled with the GateKeeper. 80 * Returns: 81 * - 0 on success 82 * - A timestamp T > 0 if the call has failed due to throttling and should not 83 * be reattempted until T milliseconds have elapsed 84 * - -1 on failure 85 */ 86 virtual int verifyChallenge(uint32_t uid, uint64_t challenge, 87 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, 88 const uint8_t *provided_password, uint32_t provided_password_length, 89 uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) = 0; 90 /** 91 * Returns the secure user ID for the provided android user 92 */ 93 virtual uint64_t getSecureUserId(uint32_t uid) = 0; 94 95 /** 96 * Clears the secure user ID associated with the user. 97 */ 98 virtual void clearSecureUserId(uint32_t uid) = 0; 99 100 /** 101 * Notifies gatekeeper that device setup has been completed and any potentially still existing 102 * state from before a factory reset can be cleaned up (if it has not been already). 103 */ 104 virtual void reportDeviceSetupComplete() = 0; 105 }; 106 107 // ---------------------------------------------------------------------------- 108 109 class BnGateKeeperService: public BnInterface<IGateKeeperService> { 110 public: 111 virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, 112 uint32_t flags = 0); 113 }; 114 115 } // namespace android 116 117 #endif 118 119