Gatekeeper.cpp revision f9d303435d80161fabb16cdff3b8f2f75f362480 
1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#define LOG_TAG "android.hardware.gatekeeper@1.0-service"
17
18#include <android/log.h>
19#include <dlfcn.h>
20
21#include "Gatekeeper.h"
22
23namespace android {
24namespace hardware {
25namespace gatekeeper {
26namespace V1_0 {
27namespace implementation {
28
29Gatekeeper::Gatekeeper()
30{
31    int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module);
32    device = NULL;
33
34    if (!ret) {
35        ret = gatekeeper_open(module, &device);
36    }
37    if (ret < 0) {
38        LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
39    }
40}
41
42Gatekeeper::~Gatekeeper()
43{
44    if (device != nullptr) {
45        int ret = gatekeeper_close(device);
46        if (ret < 0) {
47            ALOGE("Unable to close GateKeeper HAL");
48        }
49    }
50    dlclose(module->dso);
51}
52
53// Methods from ::android::hardware::gatekeeper::V1_0::IGatekeeper follow.
54Return<void> Gatekeeper::enroll(uint32_t uid,
55        const hidl_vec<uint8_t>& currentPasswordHandle,
56        const hidl_vec<uint8_t>& currentPassword,
57        const hidl_vec<uint8_t>& desiredPassword,
58        enroll_cb cb)
59{
60    GatekeeperResponse rsp;
61    uint8_t *enrolled_password_handle = nullptr;
62    uint32_t enrolled_password_handle_length = 0;
63
64    int ret = device->enroll(device, uid,
65            currentPasswordHandle.data(), currentPasswordHandle.size(),
66            currentPassword.data(), currentPassword.size(),
67            desiredPassword.data(), desiredPassword.size(),
68            &enrolled_password_handle, &enrolled_password_handle_length);
69    if (!ret) {
70        rsp.data.setToExternal(enrolled_password_handle,
71                               enrolled_password_handle_length,
72                               true);
73        rsp.code = GatekeeperStatusCode::STATUS_OK;
74    } else if (ret > 0) {
75        rsp.timeout = ret;
76        rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
77    } else {
78        rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
79    }
80    cb(rsp);
81    return Void();
82}
83
84Return<void> Gatekeeper::verify(uint32_t uid,
85                                uint64_t challenge,
86                                const hidl_vec<uint8_t>& enrolledPasswordHandle,
87                                const hidl_vec<uint8_t>& providedPassword,
88                                verify_cb cb)
89{
90    GatekeeperResponse rsp;
91    uint8_t *auth_token = nullptr;
92    uint32_t auth_token_length = 0;
93    bool request_reenroll = false;
94
95    int ret = device->verify(device, uid, challenge,
96            enrolledPasswordHandle.data(), enrolledPasswordHandle.size(),
97            providedPassword.data(), providedPassword.size(),
98            &auth_token, &auth_token_length,
99            &request_reenroll);
100    if (!ret) {
101        rsp.data.setToExternal(auth_token, auth_token_length, true);
102        if (request_reenroll) {
103            rsp.code = GatekeeperStatusCode::STATUS_REENROLL;
104        } else {
105            rsp.code = GatekeeperStatusCode::STATUS_OK;
106        }
107    } else if (ret > 0) {
108        rsp.timeout = ret;
109        rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
110    } else {
111        rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
112    }
113    cb(rsp);
114    return Void();
115}
116
117Return<void> Gatekeeper::deleteUser(uint32_t uid, deleteUser_cb cb)  {
118    GatekeeperResponse rsp;
119
120    if (device->delete_user != nullptr) {
121        int ret = device->delete_user(device, uid);
122        if (!ret) {
123            rsp.code = GatekeeperStatusCode::STATUS_OK;
124        } else if (ret > 0) {
125            rsp.timeout = ret;
126            rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
127        } else {
128            rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
129        }
130    } else {
131        rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
132    }
133    cb(rsp);
134    return Void();
135}
136
137Return<void> Gatekeeper::deleteAllUsers(deleteAllUsers_cb cb)  {
138    GatekeeperResponse rsp;
139    if (device->delete_all_users != nullptr) {
140        int ret = device->delete_all_users(device);
141        if (!ret) {
142            rsp.code = GatekeeperStatusCode::STATUS_OK;
143        } else if (ret > 0) {
144            rsp.timeout = ret;
145            rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
146        } else {
147            rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
148        }
149    } else {
150        rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
151    }
152    cb(rsp);
153    return Void();
154}
155
156IGatekeeper* HIDL_FETCH_IGatekeeper(const char* /* name */) {
157    return new Gatekeeper();
158}
159
160} // namespace implementation
161}  // namespace V1_0
162}  // namespace gatekeeper
163}  // namespace hardware
164}  // namespace android
165