1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #define LOG_TAG "android.hardware.gatekeeper (at) 1.0-service" 17 18 #include <dlfcn.h> 19 20 #include <log/log.h> 21 22 #include "Gatekeeper.h" 23 24 namespace android { 25 namespace hardware { 26 namespace gatekeeper { 27 namespace V1_0 { 28 namespace implementation { 29 30 Gatekeeper::Gatekeeper() 31 { 32 int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module); 33 device = NULL; 34 35 if (!ret) { 36 ret = gatekeeper_open(module, &device); 37 } 38 if (ret < 0) { 39 LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL"); 40 } 41 } 42 43 Gatekeeper::~Gatekeeper() 44 { 45 if (device != nullptr) { 46 int ret = gatekeeper_close(device); 47 if (ret < 0) { 48 ALOGE("Unable to close GateKeeper HAL"); 49 } 50 } 51 dlclose(module->dso); 52 } 53 54 // Methods from ::android::hardware::gatekeeper::V1_0::IGatekeeper follow. 55 Return<void> Gatekeeper::enroll(uint32_t uid, 56 const hidl_vec<uint8_t>& currentPasswordHandle, 57 const hidl_vec<uint8_t>& currentPassword, 58 const hidl_vec<uint8_t>& desiredPassword, 59 enroll_cb cb) 60 { 61 GatekeeperResponse rsp; 62 uint8_t *enrolled_password_handle = nullptr; 63 uint32_t enrolled_password_handle_length = 0; 64 65 int ret = device->enroll(device, uid, 66 currentPasswordHandle.data(), currentPasswordHandle.size(), 67 currentPassword.data(), currentPassword.size(), 68 desiredPassword.data(), desiredPassword.size(), 69 &enrolled_password_handle, &enrolled_password_handle_length); 70 if (!ret) { 71 rsp.data.setToExternal(enrolled_password_handle, 72 enrolled_password_handle_length, 73 true); 74 rsp.code = GatekeeperStatusCode::STATUS_OK; 75 } else if (ret > 0) { 76 rsp.timeout = ret; 77 rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT; 78 } else { 79 rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE; 80 } 81 cb(rsp); 82 return Void(); 83 } 84 85 Return<void> Gatekeeper::verify(uint32_t uid, 86 uint64_t challenge, 87 const hidl_vec<uint8_t>& enrolledPasswordHandle, 88 const hidl_vec<uint8_t>& providedPassword, 89 verify_cb cb) 90 { 91 GatekeeperResponse rsp; 92 uint8_t *auth_token = nullptr; 93 uint32_t auth_token_length = 0; 94 bool request_reenroll = false; 95 96 int ret = device->verify(device, uid, challenge, 97 enrolledPasswordHandle.data(), enrolledPasswordHandle.size(), 98 providedPassword.data(), providedPassword.size(), 99 &auth_token, &auth_token_length, 100 &request_reenroll); 101 if (!ret) { 102 rsp.data.setToExternal(auth_token, auth_token_length, true); 103 if (request_reenroll) { 104 rsp.code = GatekeeperStatusCode::STATUS_REENROLL; 105 } else { 106 rsp.code = GatekeeperStatusCode::STATUS_OK; 107 } 108 } else if (ret > 0) { 109 rsp.timeout = ret; 110 rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT; 111 } else { 112 rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE; 113 } 114 cb(rsp); 115 return Void(); 116 } 117 118 Return<void> Gatekeeper::deleteUser(uint32_t uid, deleteUser_cb cb) { 119 GatekeeperResponse rsp; 120 121 if (device->delete_user != nullptr) { 122 int ret = device->delete_user(device, uid); 123 if (!ret) { 124 rsp.code = GatekeeperStatusCode::STATUS_OK; 125 } else if (ret > 0) { 126 rsp.timeout = ret; 127 rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT; 128 } else { 129 rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE; 130 } 131 } else { 132 rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED; 133 } 134 cb(rsp); 135 return Void(); 136 } 137 138 Return<void> Gatekeeper::deleteAllUsers(deleteAllUsers_cb cb) { 139 GatekeeperResponse rsp; 140 if (device->delete_all_users != nullptr) { 141 int ret = device->delete_all_users(device); 142 if (!ret) { 143 rsp.code = GatekeeperStatusCode::STATUS_OK; 144 } else if (ret > 0) { 145 rsp.timeout = ret; 146 rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT; 147 } else { 148 rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE; 149 } 150 } else { 151 rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED; 152 } 153 cb(rsp); 154 return Void(); 155 } 156 157 IGatekeeper* HIDL_FETCH_IGatekeeper(const char* /* name */) { 158 return new Gatekeeper(); 159 } 160 161 } // namespace implementation 162 } // namespace V1_0 163 } // namespace gatekeeper 164 } // namespace hardware 165 } // namespace android 166
