1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #define LOG_TAG "android.hardware.gatekeeper@1.0-service"
17 
18 #include <dlfcn.h>
19 
20 #include <log/log.h>
21 
22 #include "Gatekeeper.h"
23 
24 namespace android {
25 namespace hardware {
26 namespace gatekeeper {
27 namespace V1_0 {
28 namespace implementation {
29 
Gatekeeper()30 Gatekeeper::Gatekeeper()
31 {
32     int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module);
33     device = NULL;
34 
35     if (!ret) {
36         ret = gatekeeper_open(module, &device);
37     }
38     if (ret < 0) {
39         LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
40     }
41 }
42 
~Gatekeeper()43 Gatekeeper::~Gatekeeper()
44 {
45     if (device != nullptr) {
46         int ret = gatekeeper_close(device);
47         if (ret < 0) {
48             ALOGE("Unable to close GateKeeper HAL");
49         }
50     }
51     dlclose(module->dso);
52 }
53 
54 // Methods from ::android::hardware::gatekeeper::V1_0::IGatekeeper follow.
enroll(uint32_t uid,const hidl_vec<uint8_t> & currentPasswordHandle,const hidl_vec<uint8_t> & currentPassword,const hidl_vec<uint8_t> & desiredPassword,enroll_cb cb)55 Return<void> Gatekeeper::enroll(uint32_t uid,
56         const hidl_vec<uint8_t>& currentPasswordHandle,
57         const hidl_vec<uint8_t>& currentPassword,
58         const hidl_vec<uint8_t>& desiredPassword,
59         enroll_cb cb)
60 {
61     GatekeeperResponse rsp;
62     uint8_t *enrolled_password_handle = nullptr;
63     uint32_t enrolled_password_handle_length = 0;
64 
65     int ret = device->enroll(device, uid,
66             currentPasswordHandle.data(), currentPasswordHandle.size(),
67             currentPassword.data(), currentPassword.size(),
68             desiredPassword.data(), desiredPassword.size(),
69             &enrolled_password_handle, &enrolled_password_handle_length);
70     if (!ret) {
71         rsp.data.setToExternal(enrolled_password_handle,
72                                enrolled_password_handle_length,
73                                true);
74         rsp.code = GatekeeperStatusCode::STATUS_OK;
75     } else if (ret > 0) {
76         rsp.timeout = ret;
77         rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
78     } else {
79         rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
80     }
81     cb(rsp);
82     return Void();
83 }
84 
verify(uint32_t uid,uint64_t challenge,const hidl_vec<uint8_t> & enrolledPasswordHandle,const hidl_vec<uint8_t> & providedPassword,verify_cb cb)85 Return<void> Gatekeeper::verify(uint32_t uid,
86                                 uint64_t challenge,
87                                 const hidl_vec<uint8_t>& enrolledPasswordHandle,
88                                 const hidl_vec<uint8_t>& providedPassword,
89                                 verify_cb cb)
90 {
91     GatekeeperResponse rsp;
92     uint8_t *auth_token = nullptr;
93     uint32_t auth_token_length = 0;
94     bool request_reenroll = false;
95 
96     int ret = device->verify(device, uid, challenge,
97             enrolledPasswordHandle.data(), enrolledPasswordHandle.size(),
98             providedPassword.data(), providedPassword.size(),
99             &auth_token, &auth_token_length,
100             &request_reenroll);
101     if (!ret) {
102         rsp.data.setToExternal(auth_token, auth_token_length, true);
103         if (request_reenroll) {
104             rsp.code = GatekeeperStatusCode::STATUS_REENROLL;
105         } else {
106             rsp.code = GatekeeperStatusCode::STATUS_OK;
107         }
108     } else if (ret > 0) {
109         rsp.timeout = ret;
110         rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
111     } else {
112         rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
113     }
114     cb(rsp);
115     return Void();
116 }
117 
deleteUser(uint32_t uid,deleteUser_cb cb)118 Return<void> Gatekeeper::deleteUser(uint32_t uid, deleteUser_cb cb)  {
119     GatekeeperResponse rsp;
120 
121     if (device->delete_user != nullptr) {
122         int ret = device->delete_user(device, uid);
123         if (!ret) {
124             rsp.code = GatekeeperStatusCode::STATUS_OK;
125         } else if (ret > 0) {
126             rsp.timeout = ret;
127             rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
128         } else {
129             rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
130         }
131     } else {
132         rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
133     }
134     cb(rsp);
135     return Void();
136 }
137 
deleteAllUsers(deleteAllUsers_cb cb)138 Return<void> Gatekeeper::deleteAllUsers(deleteAllUsers_cb cb)  {
139     GatekeeperResponse rsp;
140     if (device->delete_all_users != nullptr) {
141         int ret = device->delete_all_users(device);
142         if (!ret) {
143             rsp.code = GatekeeperStatusCode::STATUS_OK;
144         } else if (ret > 0) {
145             rsp.timeout = ret;
146             rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
147         } else {
148             rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
149         }
150     } else {
151         rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
152     }
153     cb(rsp);
154     return Void();
155 }
156 
HIDL_FETCH_IGatekeeper(const char *)157 IGatekeeper* HIDL_FETCH_IGatekeeper(const char* /* name */) {
158     return new Gatekeeper();
159 }
160 
161 } // namespace implementation
162 }  // namespace V1_0
163 }  // namespace gatekeeper
164 }  // namespace hardware
165 }  // namespace android
166