1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #define LOG_TAG "android.hardware.gatekeeper@1.0-service"
17
18 #include <dlfcn.h>
19
20 #include <log/log.h>
21
22 #include "Gatekeeper.h"
23
24 namespace android {
25 namespace hardware {
26 namespace gatekeeper {
27 namespace V1_0 {
28 namespace implementation {
29
Gatekeeper()30 Gatekeeper::Gatekeeper()
31 {
32 int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module);
33 device = NULL;
34
35 if (!ret) {
36 ret = gatekeeper_open(module, &device);
37 }
38 if (ret < 0) {
39 LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
40 }
41 }
42
~Gatekeeper()43 Gatekeeper::~Gatekeeper()
44 {
45 if (device != nullptr) {
46 int ret = gatekeeper_close(device);
47 if (ret < 0) {
48 ALOGE("Unable to close GateKeeper HAL");
49 }
50 }
51 dlclose(module->dso);
52 }
53
54 // Methods from ::android::hardware::gatekeeper::V1_0::IGatekeeper follow.
enroll(uint32_t uid,const hidl_vec<uint8_t> & currentPasswordHandle,const hidl_vec<uint8_t> & currentPassword,const hidl_vec<uint8_t> & desiredPassword,enroll_cb cb)55 Return<void> Gatekeeper::enroll(uint32_t uid,
56 const hidl_vec<uint8_t>& currentPasswordHandle,
57 const hidl_vec<uint8_t>& currentPassword,
58 const hidl_vec<uint8_t>& desiredPassword,
59 enroll_cb cb)
60 {
61 GatekeeperResponse rsp;
62 uint8_t *enrolled_password_handle = nullptr;
63 uint32_t enrolled_password_handle_length = 0;
64
65 int ret = device->enroll(device, uid,
66 currentPasswordHandle.data(), currentPasswordHandle.size(),
67 currentPassword.data(), currentPassword.size(),
68 desiredPassword.data(), desiredPassword.size(),
69 &enrolled_password_handle, &enrolled_password_handle_length);
70 if (!ret) {
71 rsp.data.setToExternal(enrolled_password_handle,
72 enrolled_password_handle_length,
73 true);
74 rsp.code = GatekeeperStatusCode::STATUS_OK;
75 } else if (ret > 0) {
76 rsp.timeout = ret;
77 rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
78 } else {
79 rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
80 }
81 cb(rsp);
82 return Void();
83 }
84
verify(uint32_t uid,uint64_t challenge,const hidl_vec<uint8_t> & enrolledPasswordHandle,const hidl_vec<uint8_t> & providedPassword,verify_cb cb)85 Return<void> Gatekeeper::verify(uint32_t uid,
86 uint64_t challenge,
87 const hidl_vec<uint8_t>& enrolledPasswordHandle,
88 const hidl_vec<uint8_t>& providedPassword,
89 verify_cb cb)
90 {
91 GatekeeperResponse rsp;
92 uint8_t *auth_token = nullptr;
93 uint32_t auth_token_length = 0;
94 bool request_reenroll = false;
95
96 int ret = device->verify(device, uid, challenge,
97 enrolledPasswordHandle.data(), enrolledPasswordHandle.size(),
98 providedPassword.data(), providedPassword.size(),
99 &auth_token, &auth_token_length,
100 &request_reenroll);
101 if (!ret) {
102 rsp.data.setToExternal(auth_token, auth_token_length, true);
103 if (request_reenroll) {
104 rsp.code = GatekeeperStatusCode::STATUS_REENROLL;
105 } else {
106 rsp.code = GatekeeperStatusCode::STATUS_OK;
107 }
108 } else if (ret > 0) {
109 rsp.timeout = ret;
110 rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
111 } else {
112 rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
113 }
114 cb(rsp);
115 return Void();
116 }
117
deleteUser(uint32_t uid,deleteUser_cb cb)118 Return<void> Gatekeeper::deleteUser(uint32_t uid, deleteUser_cb cb) {
119 GatekeeperResponse rsp;
120
121 if (device->delete_user != nullptr) {
122 int ret = device->delete_user(device, uid);
123 if (!ret) {
124 rsp.code = GatekeeperStatusCode::STATUS_OK;
125 } else if (ret > 0) {
126 rsp.timeout = ret;
127 rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
128 } else {
129 rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
130 }
131 } else {
132 rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
133 }
134 cb(rsp);
135 return Void();
136 }
137
deleteAllUsers(deleteAllUsers_cb cb)138 Return<void> Gatekeeper::deleteAllUsers(deleteAllUsers_cb cb) {
139 GatekeeperResponse rsp;
140 if (device->delete_all_users != nullptr) {
141 int ret = device->delete_all_users(device);
142 if (!ret) {
143 rsp.code = GatekeeperStatusCode::STATUS_OK;
144 } else if (ret > 0) {
145 rsp.timeout = ret;
146 rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
147 } else {
148 rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
149 }
150 } else {
151 rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
152 }
153 cb(rsp);
154 return Void();
155 }
156
HIDL_FETCH_IGatekeeper(const char *)157 IGatekeeper* HIDL_FETCH_IGatekeeper(const char* /* name */) {
158 return new Gatekeeper();
159 }
160
161 } // namespace implementation
162 } // namespace V1_0
163 } // namespace gatekeeper
164 } // namespace hardware
165 } // namespace android
166