IGateKeeperService.aidl revision cfb61601fa4e92445655de7b82d2bc0ea9000824
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.service.gatekeeper; 18 19/** 20 * Interface for communication with GateKeeper, the 21 * secure password storage daemon. 22 * 23 * This must be kept manually in sync with system/core/gatekeeperd 24 * until AIDL can generate both C++ and Java bindings. 25 * 26 * @hide 27 */ 28interface IGateKeeperService { 29 /** 30 * Enrolls a password, returning the handle to the enrollment to be stored locally. 31 * @param uid The Android user ID associated to this enrollment 32 * @param currentPasswordHandle The previously enrolled handle, or null if none 33 * @param currentPassword The previously enrolled plaintext password, or null if none. 34 * If provided, must verify against the currentPasswordHandle. 35 * @param desiredPassword The new desired password, for which a handle will be returned 36 * upon success. 37 * @return the handle corresponding to desiredPassword, or null 38 */ 39 byte[] enroll(int uid, in byte[] currentPasswordHandle, in byte[] currentPassword, 40 in byte[] desiredPassword); 41 42 /** 43 * Verifies an enrolled handle against a provided, plaintext blob. 44 * @param uid The Android user ID associated to this enrollment 45 * @param enrolledPasswordHandle The handle against which the provided password will be 46 * verified. 47 * @param The plaintext blob to verify against enrolledPassword. 48 * @return True if the authentication was successful 49 */ 50 boolean verify(int uid, in byte[] enrolledPasswordHandle, 51 in byte[] providedPassword); 52 /** 53 * Verifies an enrolled handle against a provided, plaintext blob. 54 * @param uid The Android user ID associated to this enrollment 55 * @param challenge a challenge to authenticate agaisnt the device credential. If successful 56 * authentication occurs, this value will be written to the returned 57 * authentication attestation. 58 * @param enrolledPasswordHandle The handle against which the provided password will be 59 * verified. 60 * @param The plaintext blob to verify against enrolledPassword. 61 * @return an opaque attestation of authentication on success, or null. 62 */ 63 byte[] verifyChallenge(int uid, long challenge, in byte[] enrolledPasswordHandle, 64 in byte[] providedPassword); 65 66 /** 67 * Retrieves the secure identifier for the user with the provided Android ID, 68 * or 0 if none is found. 69 * @param uid the Android user id 70 */ 71 long getSecureUserId(int uid); 72 73 /** 74 * Clears secure user id associated with the provided Android ID. 75 * Must be called when password is set to NONE. 76 * @param uid the Android user id. 77 */ 78 void clearSecureUserId(int uid); 79} 80