commit 2aea55647d8eda7f4fc540dcfac30c753de75adb
author Andres Morales <anmorales@google.com> Mon May 18 09:26:19 2015 -0700
committer Andres Morales <anmorales@google.com> Wed May 27 02:19:40 2015 +0000
tree 700752e435fcdeb492663b28237bd98996a849bb
parent 1cf0580969a09fcbf84d5870da989287e628ce9b

[gatekeeperd] return brute-force throttling information

Bug: 21118563
Change-Id: I13c6a44f61668be8b4c1fde8c84dcfebab84517c

gatekeeperd/IGateKeeperService.h

diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h
index a777318..f070486 100644
--- a/gatekeeperd/IGateKeeperService.h
+++ b/gatekeeperd/IGateKeeperService.h
@@ -35,6 +35,12 @@
         CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4,
     };
 
+    enum {
+        GATEKEEPER_RESPONSE_OK = 0,
+        GATEKEEPER_RESPONSE_RETRY = 1,
+        GATEKEEPER_RESPONSE_ERROR = -1,
+    };
+
     // DECLARE_META_INTERFACE - C++ client interface not needed
     static const android::String16 descriptor;
     virtual const android::String16& getInterfaceDescriptor() const;
@@ -43,8 +49,13 @@
 
     /**
      * Enrolls a password with the GateKeeper. Returns 0 on success, negative on failure.
+     * Returns:
+     * - 0 on success
+     * - A timestamp T > 0 if the call has failed due to throttling and should not
+     *   be reattempted until T milliseconds have elapsed
+     * - -1 on failure
      */
-    virtual status_t enroll(uint32_t uid,
+    virtual int enroll(uint32_t uid,
             const uint8_t *current_password_handle, uint32_t current_password_handle_length,
             const uint8_t *current_password, uint32_t current_password_length,
             const uint8_t *desired_password, uint32_t desired_password_length,
@@ -52,21 +63,29 @@
 
     /**
      * Verifies a password previously enrolled with the GateKeeper.
-     * Returns 0 on success, negative on failure.
+     * Returns:
+     * - 0 on success
+     * - A timestamp T > 0 if the call has failed due to throttling and should not
+     *   be reattempted until T milliseconds have elapsed
+     * - -1 on failure
      */
-    virtual status_t verify(uint32_t uid, const uint8_t *enrolled_password_handle,
+    virtual int verify(uint32_t uid, const uint8_t *enrolled_password_handle,
             uint32_t enrolled_password_handle_length,
-            const uint8_t *provided_password, uint32_t provided_password_length) = 0;
+            const uint8_t *provided_password, uint32_t provided_password_length,
+            bool *request_reenroll) = 0;
 
     /**
      * Verifies a password previously enrolled with the GateKeeper.
-     * Returns 0 on success, negative on failure.
+     * Returns:
+     * - 0 on success
+     * - A timestamp T > 0 if the call has failed due to throttling and should not
+     *   be reattempted until T milliseconds have elapsed
+     * - -1 on failure
      */
-    virtual status_t verifyChallenge(uint32_t uid, uint64_t challenge,
+    virtual int verifyChallenge(uint32_t uid, uint64_t challenge,
             const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
             const uint8_t *provided_password, uint32_t provided_password_length,
-            uint8_t **auth_token, uint32_t *auth_token_length) = 0;
-
+            uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) = 0;
     /**
      * Returns the secure user ID for the provided android user
      */