12d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales/* 22d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * Copyright (C) 2015 The Android Open Source Project 32d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * 42d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * Licensed under the Apache License, Version 2.0 (the "License"); 52d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * you may not use this file except in compliance with the License. 62d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * You may obtain a copy of the License at 72d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * 82d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * http://www.apache.org/licenses/LICENSE-2.0 92d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * 102d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * Unless required by applicable law or agreed to in writing, software 112d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * distributed under the License is distributed on an "AS IS" BASIS, 122d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 132d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * See the License for the specific language governing permissions and 142d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * limitations under the License. 152d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales */ 162d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 172d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales#ifndef IGATEKEEPER_SERVICE_H_ 182d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales#define IGATEKEEPER_SERVICE_H_ 192d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 202d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales#include <binder/IInterface.h> 212d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales#include <binder/Parcel.h> 222d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 232d08dce0beedcfc63b2a837045d1be7d49157555Andres Moralesnamespace android { 242d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 252d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales/* 262d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * This must be kept manually in sync with frameworks/base's IGateKeeperService.aidl 272d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales */ 282d08dce0beedcfc63b2a837045d1be7d49157555Andres Moralesclass IGateKeeperService : public IInterface { 292d08dce0beedcfc63b2a837045d1be7d49157555Andres Moralespublic: 302d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales enum { 312d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales ENROLL = IBinder::FIRST_CALL_TRANSACTION + 0, 322d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1, 33c828ae87768f3539cefadb7e485b877995918299Andres Morales VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2, 346a49c2fa4371cad600f4a96da3d1644df862d2a5Andres Morales GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3, 357c9c3bc9c2d3f98ff839f73dc76750dc23693eaeAndres Morales CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4, 362d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales }; 372d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 38ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales enum { 39ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales GATEKEEPER_RESPONSE_OK = 0, 40ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales GATEKEEPER_RESPONSE_RETRY = 1, 41ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales GATEKEEPER_RESPONSE_ERROR = -1, 42ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales }; 43ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales 442d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales // DECLARE_META_INTERFACE - C++ client interface not needed 452d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales static const android::String16 descriptor; 462d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales virtual const android::String16& getInterfaceDescriptor() const; 472d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales IGateKeeperService() {} 482d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales virtual ~IGateKeeperService() {} 492d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 502d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales /** 512d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * Enrolls a password with the GateKeeper. Returns 0 on success, negative on failure. 52ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * Returns: 53ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - 0 on success 54ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - A timestamp T > 0 if the call has failed due to throttling and should not 55ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * be reattempted until T milliseconds have elapsed 56ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - -1 on failure 572d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales */ 58ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales virtual int enroll(uint32_t uid, 592d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales const uint8_t *current_password_handle, uint32_t current_password_handle_length, 602d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales const uint8_t *current_password, uint32_t current_password_length, 612d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales const uint8_t *desired_password, uint32_t desired_password_length, 622d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) = 0; 632d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 642d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales /** 652d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales * Verifies a password previously enrolled with the GateKeeper. 66ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * Returns: 67ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - 0 on success 68ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - A timestamp T > 0 if the call has failed due to throttling and should not 69ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * be reattempted until T milliseconds have elapsed 70ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - -1 on failure 712d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales */ 72ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales virtual int verify(uint32_t uid, const uint8_t *enrolled_password_handle, 73c828ae87768f3539cefadb7e485b877995918299Andres Morales uint32_t enrolled_password_handle_length, 74ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales const uint8_t *provided_password, uint32_t provided_password_length, 75ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales bool *request_reenroll) = 0; 76c828ae87768f3539cefadb7e485b877995918299Andres Morales 77c828ae87768f3539cefadb7e485b877995918299Andres Morales /** 78c828ae87768f3539cefadb7e485b877995918299Andres Morales * Verifies a password previously enrolled with the GateKeeper. 79ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * Returns: 80ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - 0 on success 81ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - A timestamp T > 0 if the call has failed due to throttling and should not 82ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * be reattempted until T milliseconds have elapsed 83ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales * - -1 on failure 84c828ae87768f3539cefadb7e485b877995918299Andres Morales */ 85ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales virtual int verifyChallenge(uint32_t uid, uint64_t challenge, 86c828ae87768f3539cefadb7e485b877995918299Andres Morales const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, 87c828ae87768f3539cefadb7e485b877995918299Andres Morales const uint8_t *provided_password, uint32_t provided_password_length, 88ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) = 0; 896a49c2fa4371cad600f4a96da3d1644df862d2a5Andres Morales /** 906a49c2fa4371cad600f4a96da3d1644df862d2a5Andres Morales * Returns the secure user ID for the provided android user 916a49c2fa4371cad600f4a96da3d1644df862d2a5Andres Morales */ 926a49c2fa4371cad600f4a96da3d1644df862d2a5Andres Morales virtual uint64_t getSecureUserId(uint32_t uid) = 0; 937c9c3bc9c2d3f98ff839f73dc76750dc23693eaeAndres Morales 947c9c3bc9c2d3f98ff839f73dc76750dc23693eaeAndres Morales /** 957c9c3bc9c2d3f98ff839f73dc76750dc23693eaeAndres Morales * Clears the secure user ID associated with the user. 967c9c3bc9c2d3f98ff839f73dc76750dc23693eaeAndres Morales */ 977c9c3bc9c2d3f98ff839f73dc76750dc23693eaeAndres Morales virtual void clearSecureUserId(uint32_t uid) = 0; 982d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales}; 992d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 1002d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales// ---------------------------------------------------------------------------- 1012d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 1022d08dce0beedcfc63b2a837045d1be7d49157555Andres Moralesclass BnGateKeeperService: public BnInterface<IGateKeeperService> { 1032d08dce0beedcfc63b2a837045d1be7d49157555Andres Moralespublic: 1042d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, 1052d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales uint32_t flags = 0); 1062d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales}; 1072d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 1082d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales} // namespace android 1092d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 1102d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales#endif 1112d08dce0beedcfc63b2a837045d1be7d49157555Andres Morales 112