pa-fazil
/
android_system_core
mirror of https://github.com/fazilsheik96/android_system_core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge "Revert "Integrate IKeystoreAuthorization aidl's addAuthToken wit...""

This commit is contained in:
Louis Chang 2021-01-18 14:58:14 +00:00 committed by Gerrit Code Review
parent 9d78718441 4c66b8a35c
commit bccf7601ae
2 changed files with 21 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gatekeeperd/Android.bp
View File

@ -28,7 +28,6 @@ cc_binary {
shared_libs: [ shared_libs: [
"libbinder", "libbinder",
"libbinder_ndk",
"libgatekeeper", "libgatekeeper",
"libgsi", "libgsi",
"liblog", "liblog",
@ -41,8 +40,6 @@ cc_binary {
"libhidlbase", "libhidlbase",
"android.hardware.gatekeeper@1.0", "android.hardware.gatekeeper@1.0",
"libgatekeeper_aidl", "libgatekeeper_aidl",
"android.hardware.security.keymint-unstable-ndk_platform",
"android.security.authorization-ndk_platform",
], ],
static_libs: ["libscrypt_static"], static_libs: ["libscrypt_static"],

73
gatekeeperd/gatekeeperd.cpp
View File

@ -19,44 +19,42 @@
#include <android/service/gatekeeper/BnGateKeeperService.h> #include <android/service/gatekeeper/BnGateKeeperService.h>
#include <gatekeeper/GateKeeperResponse.h> #include <gatekeeper/GateKeeperResponse.h>
#include <endian.h>
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <inttypes.h>
#include <stdint.h>
#include <unistd.h> #include <unistd.h>
#include <memory> #include <memory>
#include <android/security/keystore/IKeystoreService.h>
#include <android-base/logging.h> #include <android-base/logging.h>
#include <android-base/properties.h> #include <android-base/properties.h>
#include <android/binder_manager.h>
#include <android/security/keystore/IKeystoreService.h>
#include <binder/IPCThreadState.h> #include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h> #include <binder/IServiceManager.h>
#include <binder/PermissionCache.h> #include <binder/PermissionCache.h>
#include <gatekeeper/password_handle.h> // for password_handle_t #include <gatekeeper/password_handle.h> // for password_handle_t
#include <hardware/gatekeeper.h>
#include <hardware/hw_auth_token.h> #include <hardware/hw_auth_token.h>
#include <keystore/keystore.h> // For error code
#include <keystore/keystore_return_types.h> #include <keystore/keystore_return_types.h>
#include <libgsi/libgsi.h> #include <libgsi/libgsi.h>
#include <log/log.h> #include <log/log.h>
#include <utils/Log.h>
#include <utils/String16.h> #include <utils/String16.h>
#include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>
#include <aidl/android/security/authorization/IKeystoreAuthorization.h>
#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
#include <hidl/HidlSupport.h> #include <hidl/HidlSupport.h>
#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
using android::sp; using android::sp;
using android::hardware::Return;
using android::hardware::gatekeeper::V1_0::GatekeeperResponse;
using android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
using android::hardware::gatekeeper::V1_0::IGatekeeper; using android::hardware::gatekeeper::V1_0::IGatekeeper;
using android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
using android::hardware::gatekeeper::V1_0::GatekeeperResponse;
using android::hardware::Return;
using ::android::binder::Status; using ::android::binder::Status;
using ::android::service::gatekeeper::BnGateKeeperService; using ::android::service::gatekeeper::BnGateKeeperService;
using GKResponse = ::android::service::gatekeeper::GateKeeperResponse; using GKResponse = ::android::service::gatekeeper::GateKeeperResponse;
using GKResponseCode = ::android::service::gatekeeper::ResponseCode; using GKResponseCode = ::android::service::gatekeeper::ResponseCode;
using ::aidl::android::hardware::security::keymint::HardwareAuthenticatorType;
using ::aidl::android::hardware::security::keymint::HardwareAuthToken;
using ::aidl::android::security::authorization::IKeystoreAuthorization;
namespace android { namespace android {
@ -64,7 +62,7 @@ static const String16 KEYGUARD_PERMISSION("android.permission.ACCESS_KEYGUARD_SE
static const String16 DUMP_PERMISSION("android.permission.DUMP"); static const String16 DUMP_PERMISSION("android.permission.DUMP");
class GateKeeperProxy : public BnGateKeeperService { class GateKeeperProxy : public BnGateKeeperService {
public: public:
GateKeeperProxy() { GateKeeperProxy() {
clear_state_if_needed_done = false; clear_state_if_needed_done = false;
hw_device = IGatekeeper::getService(); hw_device = IGatekeeper::getService();
@ -75,7 +73,8 @@ class GateKeeperProxy : public BnGateKeeperService {
} }
} }
virtual ~GateKeeperProxy() {} virtual ~GateKeeperProxy() {
}
void store_sid(uint32_t userId, uint64_t sid) { void store_sid(uint32_t userId, uint64_t sid) {
char filename[21]; char filename[21];
@ -97,7 +96,7 @@ class GateKeeperProxy : public BnGateKeeperService {
if (mark_cold_boot() && !is_running_gsi) { if (mark_cold_boot() && !is_running_gsi) {
ALOGI("cold boot: clearing state"); ALOGI("cold boot: clearing state");
if (hw_device) { if (hw_device) {
hw_device->deleteAllUsers([](const GatekeeperResponse&) {}); hw_device->deleteAllUsers([](const GatekeeperResponse &){});
} }
} }
@ -105,7 +104,7 @@ class GateKeeperProxy : public BnGateKeeperService {
} }
bool mark_cold_boot() { bool mark_cold_boot() {
const char* filename = ".coldboot"; const char *filename = ".coldboot";
if (access(filename, F_OK) == -1) { if (access(filename, F_OK) == -1) {
int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
if (fd < 0) { if (fd < 0) {
@ -300,34 +299,7 @@ class GateKeeperProxy : public BnGateKeeperService {
if (gkResponse->response_code() == GKResponseCode::OK) { if (gkResponse->response_code() == GKResponseCode::OK) {
if (gkResponse->payload().size() != 0) { if (gkResponse->payload().size() != 0) {
// try to connect to IKeystoreAuthorization AIDL service first.
::ndk::SpAIBinder authzBinder(
AServiceManager_getService("android.security.authorization"));
auto authzService = IKeystoreAuthorization::fromBinder(authzBinder);
if (authzService) {
if (gkResponse->payload().size() != sizeof(hw_auth_token_t)) {
LOG(ERROR) << "Incorrect size of AuthToken payload.";
return GK_ERROR;
}
const hw_auth_token_t* hwAuthToken =
reinterpret_cast<const hw_auth_token_t*>(gkResponse->payload().data());
HardwareAuthToken authToken;
authToken.timestamp.milliSeconds = betoh64(hwAuthToken->timestamp);
authToken.challenge = hwAuthToken->challenge;
authToken.authenticatorId = hwAuthToken->authenticator_id;
authToken.authenticatorType = static_cast<HardwareAuthenticatorType>(
betoh32(hwAuthToken->authenticator_type));
authToken.mac.assign(&hwAuthToken->hmac[0], &hwAuthToken->hmac[32]);
auto result = authzService->addAuthToken(authToken);
if (!result.isOk()) {
LOG(ERROR) << "Failure in sending AuthToken to AuthorizationService.";
return GK_ERROR;
}
}
sp<IServiceManager> sm = defaultServiceManager(); sp<IServiceManager> sm = defaultServiceManager();
sp<IBinder> binder = sm->getService(String16("android.security.keystore")); sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
sp<security::keystore::IKeystoreService> service = sp<security::keystore::IKeystoreService> service =
interface_cast<security::keystore::IKeystoreService>(binder); interface_cast<security::keystore::IKeystoreService>(binder);
@ -338,12 +310,9 @@ class GateKeeperProxy : public BnGateKeeperService {
if (!binder_result.isOk() || if (!binder_result.isOk() ||
!keystore::KeyStoreServiceReturnCode(result).isOk()) { !keystore::KeyStoreServiceReturnCode(result).isOk()) {
LOG(ERROR) << "Failure sending auth token to KeyStore: " << result; LOG(ERROR) << "Failure sending auth token to KeyStore: " << result;
return GK_ERROR;
} }
} else { } else {
LOG(ERROR) << "Cannot deliver auth token. Unable to communicate with " LOG(ERROR) << "Cannot deliver auth token. Unable to communicate with Keystore.";
"Keystore.";
return GK_ERROR;
} }
} }
@ -397,23 +366,23 @@ class GateKeeperProxy : public BnGateKeeperService {
} }
if (hw_device == NULL) { if (hw_device == NULL) {
const char* result = "Device not available"; const char *result = "Device not available";
write(fd, result, strlen(result) + 1); write(fd, result, strlen(result) + 1);
} else { } else {
const char* result = "OK"; const char *result = "OK";
write(fd, result, strlen(result) + 1); write(fd, result, strlen(result) + 1);
} }
return OK; return OK;
} }
private: private:
sp<IGatekeeper> hw_device; sp<IGatekeeper> hw_device;
bool clear_state_if_needed_done; bool clear_state_if_needed_done;
bool is_running_gsi; bool is_running_gsi;
}; };
} // namespace android }// namespace android
int main(int argc, char* argv[]) { int main(int argc, char* argv[]) {
ALOGI("Starting gatekeeperd..."); ALOGI("Starting gatekeeperd...");