Merge "Return error from gatekeeperd" (c51ed4c5) · Commits · e / os / android_system_core

gatekeeperd/gatekeeperd.cpp

+31 −8

Original line number	Diff line number	Diff line
		@@ -144,14 +144,22 @@ void GateKeeperProxy::clear_sid(uint32_t userId) {
		}
		}

		uint32_t GateKeeperProxy::adjust_userId(uint32_t userId) {
		Status GateKeeperProxy::adjust_userId(uint32_t userId, uint32_t* hw_userId) {
		static constexpr uint32_t kGsiOffset = 1000000;
		CHECK(userId < kGsiOffset);
		CHECK((aidl_hw_device != nullptr) \|\| (hw_device != nullptr));
		if (userId >= kGsiOffset) {
		return Status::fromExceptionCode(Status::EX_ILLEGAL_ARGUMENT);
		}

		if ((aidl_hw_device == nullptr) && (hw_device == nullptr)) {
		return Status::fromExceptionCode(Status::EX_ILLEGAL_STATE);
		}

		if (is_running_gsi) {
		return userId + kGsiOffset;
		*hw_userId = userId + kGsiOffset;
		return Status::ok();
		}
		return userId;
		*hw_userId = userId;
		return Status::ok();
		}

		#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()
		@@ -201,7 +209,12 @@ Status GateKeeperProxy::enroll(int32_t userId,
		android::hardware::hidl_vec<uint8_t> newPwd;
		newPwd.setToExternal(const_cast<uint8_t*>(desiredPassword.data()), desiredPassword.size());

		uint32_t hw_userId = adjust_userId(userId);
		uint32_t hw_userId = 0;
		Status result = adjust_userId(userId, &hw_userId);
		if (!result.isOk()) {
		return result;
		}

		uint64_t secureUserId = 0;
		if (aidl_hw_device) {
		// AIDL gatekeeper service
		@@ -300,7 +313,12 @@ Status GateKeeperProxy::verifyChallenge(int32_t userId, int64_t challenge,
		}
		}

		uint32_t hw_userId = adjust_userId(userId);
		uint32_t hw_userId = 0;
		Status result = adjust_userId(userId, &hw_userId);
		if (!result.isOk()) {
		return result;
		}

		android::hardware::hidl_vec<uint8_t> curPwdHandle;
		curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolledPasswordHandle.data()),
		enrolledPasswordHandle.size());
		@@ -410,7 +428,12 @@ Status GateKeeperProxy::clearSecureUserId(int32_t userId) {
		}
		clear_sid(userId);

		uint32_t hw_userId = adjust_userId(userId);
		uint32_t hw_userId = 0;
		Status result = adjust_userId(userId, &hw_userId);
		if (!result.isOk()) {
		return result;
		}

		if (aidl_hw_device) {
		aidl_hw_device->deleteUser(hw_userId);
		} else if (hw_device) {

gatekeeperd/gatekeeperd.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -47,7 +47,7 @@ class GateKeeperProxy : public BnGateKeeperService {

		// This should only be called on userIds being passed to the GateKeeper HAL. It ensures that
		// secure storage shared across a GSI image and a host image will not overlap.
		uint32_t adjust_userId(uint32_t userId);
		Status adjust_userId(uint32_t userId, uint32_t* hw_userId);

		#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()