Loading gatekeeperd/binder/android/service/gatekeeper/IGateKeeperService.aidl +10 −10 Original line number Diff line number Diff line Loading @@ -30,7 +30,7 @@ import android.service.gatekeeper.GateKeeperResponse; interface IGateKeeperService { /** * Enrolls a password, returning the handle to the enrollment to be stored locally. * @param uid The Android user ID associated to this enrollment * @param userId The Android user ID associated to this enrollment * @param currentPasswordHandle The previously enrolled handle, or null if none * @param currentPassword The previously enrolled plaintext password, or null if none. * If provided, must verify against the currentPasswordHandle. Loading @@ -38,22 +38,22 @@ interface IGateKeeperService { * upon success. * @return an EnrollResponse or null on failure */ GateKeeperResponse enroll(int uid, in @nullable byte[] currentPasswordHandle, GateKeeperResponse enroll(int userId, in @nullable byte[] currentPasswordHandle, in @nullable byte[] currentPassword, in byte[] desiredPassword); /** * Verifies an enrolled handle against a provided, plaintext blob. * @param uid The Android user ID associated to this enrollment * @param userId The Android user ID associated to this enrollment * @param enrolledPasswordHandle The handle against which the provided password will be * verified. * @param The plaintext blob to verify against enrolledPassword. * @return a VerifyResponse, or null on failure. */ GateKeeperResponse verify(int uid, in byte[] enrolledPasswordHandle, in byte[] providedPassword); GateKeeperResponse verify(int userId, in byte[] enrolledPasswordHandle, in byte[] providedPassword); /** * Verifies an enrolled handle against a provided, plaintext blob. * @param uid The Android user ID associated to this enrollment * @param userId The Android user ID associated to this enrollment * @param challenge a challenge to authenticate agaisnt the device credential. If successful * authentication occurs, this value will be written to the returned * authentication attestation. Loading @@ -62,22 +62,22 @@ interface IGateKeeperService { * @param The plaintext blob to verify against enrolledPassword. * @return a VerifyResponse with an attestation, or null on failure. */ GateKeeperResponse verifyChallenge(int uid, long challenge, in byte[] enrolledPasswordHandle, GateKeeperResponse verifyChallenge(int userId, long challenge, in byte[] enrolledPasswordHandle, in byte[] providedPassword); /** * Retrieves the secure identifier for the user with the provided Android ID, * or 0 if none is found. * @param uid the Android user id * @param userId the Android user id */ long getSecureUserId(int uid); long getSecureUserId(int userId); /** * Clears secure user id associated with the provided Android ID. * Must be called when password is set to NONE. * @param uid the Android user id. * @param userId the Android user id. */ void clearSecureUserId(int uid); void clearSecureUserId(int userId); /** * Notifies gatekeeper that device setup has been completed and any potentially still existing Loading gatekeeperd/gatekeeperd.cpp +33 −32 Original line number Diff line number Diff line Loading @@ -76,9 +76,9 @@ public: virtual ~GateKeeperProxy() { } void store_sid(uint32_t uid, uint64_t sid) { void store_sid(uint32_t userId, uint64_t sid) { char filename[21]; snprintf(filename, sizeof(filename), "%u", uid); snprintf(filename, sizeof(filename), "%u", userId); int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); if (fd < 0) { ALOGE("could not open file: %s: %s", filename, strerror(errno)); Loading Loading @@ -117,18 +117,18 @@ public: return false; } void maybe_store_sid(uint32_t uid, uint64_t sid) { void maybe_store_sid(uint32_t userId, uint64_t sid) { char filename[21]; snprintf(filename, sizeof(filename), "%u", uid); snprintf(filename, sizeof(filename), "%u", userId); if (access(filename, F_OK) == -1) { store_sid(uid, sid); store_sid(userId, sid); } } uint64_t read_sid(uint32_t uid) { uint64_t read_sid(uint32_t userId) { char filename[21]; uint64_t sid; snprintf(filename, sizeof(filename), "%u", uid); snprintf(filename, sizeof(filename), "%u", userId); int fd = open(filename, O_RDONLY); if (fd < 0) return 0; read(fd, &sid, sizeof(sid)); Loading @@ -136,30 +136,30 @@ public: return sid; } void clear_sid(uint32_t uid) { void clear_sid(uint32_t userId) { char filename[21]; snprintf(filename, sizeof(filename), "%u", uid); snprintf(filename, sizeof(filename), "%u", userId); if (remove(filename) < 0) { ALOGE("%s: could not remove file [%s], attempting 0 write", __func__, strerror(errno)); store_sid(uid, 0); store_sid(userId, 0); } } // This should only be called on uids being passed to the GateKeeper HAL. It ensures that // This should only be called on userIds being passed to the GateKeeper HAL. It ensures that // secure storage shared across a GSI image and a host image will not overlap. uint32_t adjust_uid(uint32_t uid) { uint32_t adjust_userId(uint32_t userId) { static constexpr uint32_t kGsiOffset = 1000000; CHECK(uid < kGsiOffset); CHECK(userId < kGsiOffset); CHECK(hw_device != nullptr); if (is_running_gsi) { return uid + kGsiOffset; return userId + kGsiOffset; } return uid; return userId; } #define GK_ERROR *gkResponse = GKResponse::error(), Status::ok() Status enroll(int32_t uid, const std::optional<std::vector<uint8_t>>& currentPasswordHandle, Status enroll(int32_t userId, const std::optional<std::vector<uint8_t>>& currentPasswordHandle, const std::optional<std::vector<uint8_t>>& currentPassword, const std::vector<uint8_t>& desiredPassword, GKResponse* gkResponse) override { IPCThreadState* ipc = IPCThreadState::self(); Loading Loading @@ -198,9 +198,10 @@ public: android::hardware::hidl_vec<uint8_t> newPwd; newPwd.setToExternal(const_cast<uint8_t*>(desiredPassword.data()), desiredPassword.size()); uint32_t hw_uid = adjust_uid(uid); uint32_t hw_userId = adjust_userId(userId); Return<void> hwRes = hw_device->enroll( hw_uid, curPwdHandle, curPwd, newPwd, [&gkResponse](const GatekeeperResponse& rsp) { hw_userId, curPwdHandle, curPwd, newPwd, [&gkResponse](const GatekeeperResponse& rsp) { if (rsp.code >= GatekeeperStatusCode::STATUS_OK) { *gkResponse = GKResponse::ok({rsp.data.begin(), rsp.data.end()}); } else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT && Loading @@ -225,12 +226,12 @@ public: const gatekeeper::password_handle_t* handle = reinterpret_cast<const gatekeeper::password_handle_t*>( gkResponse->payload().data()); store_sid(uid, handle->user_id); store_sid(userId, handle->user_id); GKResponse verifyResponse; // immediately verify this password so we don't ask the user to enter it again // if they just created it. auto status = verify(uid, gkResponse->payload(), desiredPassword, &verifyResponse); auto status = verify(userId, gkResponse->payload(), desiredPassword, &verifyResponse); if (!status.isOk() || verifyResponse.response_code() != GKResponseCode::OK) { LOG(ERROR) << "Failed to verify password after enrolling"; } Loading @@ -239,13 +240,13 @@ public: return Status::ok(); } Status verify(int32_t uid, const ::std::vector<uint8_t>& enrolledPasswordHandle, Status verify(int32_t userId, const ::std::vector<uint8_t>& enrolledPasswordHandle, const ::std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override { return verifyChallenge(uid, 0 /* challenge */, enrolledPasswordHandle, providedPassword, return verifyChallenge(userId, 0 /* challenge */, enrolledPasswordHandle, providedPassword, gkResponse); } Status verifyChallenge(int32_t uid, int64_t challenge, Status verifyChallenge(int32_t userId, int64_t challenge, const std::vector<uint8_t>& enrolledPasswordHandle, const std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override { Loading @@ -269,7 +270,7 @@ public: reinterpret_cast<const gatekeeper::password_handle_t*>( enrolledPasswordHandle.data()); uint32_t hw_uid = adjust_uid(uid); uint32_t hw_userId = adjust_userId(userId); android::hardware::hidl_vec<uint8_t> curPwdHandle; curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolledPasswordHandle.data()), enrolledPasswordHandle.size()); Loading @@ -278,7 +279,7 @@ public: providedPassword.size()); Return<void> hwRes = hw_device->verify( hw_uid, challenge, curPwdHandle, enteredPwd, hw_userId, challenge, curPwdHandle, enteredPwd, [&gkResponse](const GatekeeperResponse& rsp) { if (rsp.code >= GatekeeperStatusCode::STATUS_OK) { *gkResponse = GKResponse::ok( Loading Loading @@ -315,18 +316,18 @@ public: } } maybe_store_sid(uid, handle->user_id); maybe_store_sid(userId, handle->user_id); } return Status::ok(); } Status getSecureUserId(int32_t uid, int64_t* sid) override { *sid = read_sid(uid); Status getSecureUserId(int32_t userId, int64_t* sid) override { *sid = read_sid(userId); return Status::ok(); } Status clearSecureUserId(int32_t uid) override { Status clearSecureUserId(int32_t userId) override { IPCThreadState* ipc = IPCThreadState::self(); const int calling_pid = ipc->getCallingPid(); const int calling_uid = ipc->getCallingUid(); Loading @@ -334,11 +335,11 @@ public: ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid); return Status::ok(); } clear_sid(uid); clear_sid(userId); if (hw_device) { uint32_t hw_uid = adjust_uid(uid); hw_device->deleteUser(hw_uid, [] (const GatekeeperResponse &){}); uint32_t hw_userId = adjust_userId(userId); hw_device->deleteUser(hw_userId, [](const GatekeeperResponse&) {}); } return Status::ok(); } Loading Loading
gatekeeperd/binder/android/service/gatekeeper/IGateKeeperService.aidl +10 −10 Original line number Diff line number Diff line Loading @@ -30,7 +30,7 @@ import android.service.gatekeeper.GateKeeperResponse; interface IGateKeeperService { /** * Enrolls a password, returning the handle to the enrollment to be stored locally. * @param uid The Android user ID associated to this enrollment * @param userId The Android user ID associated to this enrollment * @param currentPasswordHandle The previously enrolled handle, or null if none * @param currentPassword The previously enrolled plaintext password, or null if none. * If provided, must verify against the currentPasswordHandle. Loading @@ -38,22 +38,22 @@ interface IGateKeeperService { * upon success. * @return an EnrollResponse or null on failure */ GateKeeperResponse enroll(int uid, in @nullable byte[] currentPasswordHandle, GateKeeperResponse enroll(int userId, in @nullable byte[] currentPasswordHandle, in @nullable byte[] currentPassword, in byte[] desiredPassword); /** * Verifies an enrolled handle against a provided, plaintext blob. * @param uid The Android user ID associated to this enrollment * @param userId The Android user ID associated to this enrollment * @param enrolledPasswordHandle The handle against which the provided password will be * verified. * @param The plaintext blob to verify against enrolledPassword. * @return a VerifyResponse, or null on failure. */ GateKeeperResponse verify(int uid, in byte[] enrolledPasswordHandle, in byte[] providedPassword); GateKeeperResponse verify(int userId, in byte[] enrolledPasswordHandle, in byte[] providedPassword); /** * Verifies an enrolled handle against a provided, plaintext blob. * @param uid The Android user ID associated to this enrollment * @param userId The Android user ID associated to this enrollment * @param challenge a challenge to authenticate agaisnt the device credential. If successful * authentication occurs, this value will be written to the returned * authentication attestation. Loading @@ -62,22 +62,22 @@ interface IGateKeeperService { * @param The plaintext blob to verify against enrolledPassword. * @return a VerifyResponse with an attestation, or null on failure. */ GateKeeperResponse verifyChallenge(int uid, long challenge, in byte[] enrolledPasswordHandle, GateKeeperResponse verifyChallenge(int userId, long challenge, in byte[] enrolledPasswordHandle, in byte[] providedPassword); /** * Retrieves the secure identifier for the user with the provided Android ID, * or 0 if none is found. * @param uid the Android user id * @param userId the Android user id */ long getSecureUserId(int uid); long getSecureUserId(int userId); /** * Clears secure user id associated with the provided Android ID. * Must be called when password is set to NONE. * @param uid the Android user id. * @param userId the Android user id. */ void clearSecureUserId(int uid); void clearSecureUserId(int userId); /** * Notifies gatekeeper that device setup has been completed and any potentially still existing Loading
gatekeeperd/gatekeeperd.cpp +33 −32 Original line number Diff line number Diff line Loading @@ -76,9 +76,9 @@ public: virtual ~GateKeeperProxy() { } void store_sid(uint32_t uid, uint64_t sid) { void store_sid(uint32_t userId, uint64_t sid) { char filename[21]; snprintf(filename, sizeof(filename), "%u", uid); snprintf(filename, sizeof(filename), "%u", userId); int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); if (fd < 0) { ALOGE("could not open file: %s: %s", filename, strerror(errno)); Loading Loading @@ -117,18 +117,18 @@ public: return false; } void maybe_store_sid(uint32_t uid, uint64_t sid) { void maybe_store_sid(uint32_t userId, uint64_t sid) { char filename[21]; snprintf(filename, sizeof(filename), "%u", uid); snprintf(filename, sizeof(filename), "%u", userId); if (access(filename, F_OK) == -1) { store_sid(uid, sid); store_sid(userId, sid); } } uint64_t read_sid(uint32_t uid) { uint64_t read_sid(uint32_t userId) { char filename[21]; uint64_t sid; snprintf(filename, sizeof(filename), "%u", uid); snprintf(filename, sizeof(filename), "%u", userId); int fd = open(filename, O_RDONLY); if (fd < 0) return 0; read(fd, &sid, sizeof(sid)); Loading @@ -136,30 +136,30 @@ public: return sid; } void clear_sid(uint32_t uid) { void clear_sid(uint32_t userId) { char filename[21]; snprintf(filename, sizeof(filename), "%u", uid); snprintf(filename, sizeof(filename), "%u", userId); if (remove(filename) < 0) { ALOGE("%s: could not remove file [%s], attempting 0 write", __func__, strerror(errno)); store_sid(uid, 0); store_sid(userId, 0); } } // This should only be called on uids being passed to the GateKeeper HAL. It ensures that // This should only be called on userIds being passed to the GateKeeper HAL. It ensures that // secure storage shared across a GSI image and a host image will not overlap. uint32_t adjust_uid(uint32_t uid) { uint32_t adjust_userId(uint32_t userId) { static constexpr uint32_t kGsiOffset = 1000000; CHECK(uid < kGsiOffset); CHECK(userId < kGsiOffset); CHECK(hw_device != nullptr); if (is_running_gsi) { return uid + kGsiOffset; return userId + kGsiOffset; } return uid; return userId; } #define GK_ERROR *gkResponse = GKResponse::error(), Status::ok() Status enroll(int32_t uid, const std::optional<std::vector<uint8_t>>& currentPasswordHandle, Status enroll(int32_t userId, const std::optional<std::vector<uint8_t>>& currentPasswordHandle, const std::optional<std::vector<uint8_t>>& currentPassword, const std::vector<uint8_t>& desiredPassword, GKResponse* gkResponse) override { IPCThreadState* ipc = IPCThreadState::self(); Loading Loading @@ -198,9 +198,10 @@ public: android::hardware::hidl_vec<uint8_t> newPwd; newPwd.setToExternal(const_cast<uint8_t*>(desiredPassword.data()), desiredPassword.size()); uint32_t hw_uid = adjust_uid(uid); uint32_t hw_userId = adjust_userId(userId); Return<void> hwRes = hw_device->enroll( hw_uid, curPwdHandle, curPwd, newPwd, [&gkResponse](const GatekeeperResponse& rsp) { hw_userId, curPwdHandle, curPwd, newPwd, [&gkResponse](const GatekeeperResponse& rsp) { if (rsp.code >= GatekeeperStatusCode::STATUS_OK) { *gkResponse = GKResponse::ok({rsp.data.begin(), rsp.data.end()}); } else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT && Loading @@ -225,12 +226,12 @@ public: const gatekeeper::password_handle_t* handle = reinterpret_cast<const gatekeeper::password_handle_t*>( gkResponse->payload().data()); store_sid(uid, handle->user_id); store_sid(userId, handle->user_id); GKResponse verifyResponse; // immediately verify this password so we don't ask the user to enter it again // if they just created it. auto status = verify(uid, gkResponse->payload(), desiredPassword, &verifyResponse); auto status = verify(userId, gkResponse->payload(), desiredPassword, &verifyResponse); if (!status.isOk() || verifyResponse.response_code() != GKResponseCode::OK) { LOG(ERROR) << "Failed to verify password after enrolling"; } Loading @@ -239,13 +240,13 @@ public: return Status::ok(); } Status verify(int32_t uid, const ::std::vector<uint8_t>& enrolledPasswordHandle, Status verify(int32_t userId, const ::std::vector<uint8_t>& enrolledPasswordHandle, const ::std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override { return verifyChallenge(uid, 0 /* challenge */, enrolledPasswordHandle, providedPassword, return verifyChallenge(userId, 0 /* challenge */, enrolledPasswordHandle, providedPassword, gkResponse); } Status verifyChallenge(int32_t uid, int64_t challenge, Status verifyChallenge(int32_t userId, int64_t challenge, const std::vector<uint8_t>& enrolledPasswordHandle, const std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override { Loading @@ -269,7 +270,7 @@ public: reinterpret_cast<const gatekeeper::password_handle_t*>( enrolledPasswordHandle.data()); uint32_t hw_uid = adjust_uid(uid); uint32_t hw_userId = adjust_userId(userId); android::hardware::hidl_vec<uint8_t> curPwdHandle; curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolledPasswordHandle.data()), enrolledPasswordHandle.size()); Loading @@ -278,7 +279,7 @@ public: providedPassword.size()); Return<void> hwRes = hw_device->verify( hw_uid, challenge, curPwdHandle, enteredPwd, hw_userId, challenge, curPwdHandle, enteredPwd, [&gkResponse](const GatekeeperResponse& rsp) { if (rsp.code >= GatekeeperStatusCode::STATUS_OK) { *gkResponse = GKResponse::ok( Loading Loading @@ -315,18 +316,18 @@ public: } } maybe_store_sid(uid, handle->user_id); maybe_store_sid(userId, handle->user_id); } return Status::ok(); } Status getSecureUserId(int32_t uid, int64_t* sid) override { *sid = read_sid(uid); Status getSecureUserId(int32_t userId, int64_t* sid) override { *sid = read_sid(userId); return Status::ok(); } Status clearSecureUserId(int32_t uid) override { Status clearSecureUserId(int32_t userId) override { IPCThreadState* ipc = IPCThreadState::self(); const int calling_pid = ipc->getCallingPid(); const int calling_uid = ipc->getCallingUid(); Loading @@ -334,11 +335,11 @@ public: ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid); return Status::ok(); } clear_sid(uid); clear_sid(userId); if (hw_device) { uint32_t hw_uid = adjust_uid(uid); hw_device->deleteUser(hw_uid, [] (const GatekeeperResponse &){}); uint32_t hw_userId = adjust_userId(userId); hw_device->deleteUser(hw_userId, [](const GatekeeperResponse&) {}); } return Status::ok(); } Loading
