Gatekeeperd maintenance

* Move gatekeeper aidl definition to system/core/gatekeeperd
  * Retire hand written IGateKeeperService and use generated instead
  * Adjust gatekeeperd to use the generated aidl stubs.
  * Annotated enroll parameters with @nullable to match the
    documentation and the way it was used. (The hand written
    code was tolerant to null parameters, but it was undefined behavior.)
* Removed Software implementation from gatekeeperd.
  * Also removed the upgrade path.
  * Software implementation including test moved to
    hardware/interfaces/gatekeeper/1.0/software

Change-Id: I72b734db6f67b79b29c2629764490d75d179908a
Merged-In: I72b734db6f67b79b29c2629764490d75d179908a
Test: Manually tested setting pin and login.
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 8700c34..1d65b1c 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -16,7 +16,8 @@
 
 #define LOG_TAG "gatekeeperd"
 
-#include "IGateKeeperService.h"
+#include <android/service/gatekeeper/BnGateKeeperService.h>
+#include <gatekeeper/GateKeeperResponse.h>
 
 #include <errno.h>
 #include <fcntl.h>
@@ -41,8 +42,6 @@
 #include <utils/Log.h>
 #include <utils/String16.h>
 
-#include "SoftGateKeeperDevice.h"
-
 #include <hidl/HidlSupport.h>
 #include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
 
@@ -52,6 +51,11 @@
 using android::hardware::gatekeeper::V1_0::GatekeeperResponse;
 using android::hardware::Return;
 
+using ::android::binder::Status;
+using ::android::service::gatekeeper::BnGateKeeperService;
+using GKResponse = ::android::service::gatekeeper::GateKeeperResponse;
+using GKResponseCode = ::android::service::gatekeeper::ResponseCode;
+
 namespace android {
 
 static const String16 KEYGUARD_PERMISSION("android.permission.ACCESS_KEYGUARD_SECURE_STORAGE");
@@ -64,9 +68,8 @@
         hw_device = IGatekeeper::getService();
         is_running_gsi = android::base::GetBoolProperty(android::gsi::kGsiBootedProp, false);
 
-        if (hw_device == nullptr) {
-            ALOGW("falling back to software GateKeeper");
-            soft_device.reset(new SoftGateKeeperDevice());
+        if (!hw_device) {
+            LOG(ERROR) << "Could not find Gatekeeper device, which makes me very sad.";
         }
     }
 
@@ -92,7 +95,7 @@
 
         if (mark_cold_boot() && !is_running_gsi) {
             ALOGI("cold boot: clearing state");
-            if (hw_device != nullptr) {
+            if (hw_device) {
                 hw_device->deleteAllUsers([](const GatekeeperResponse &){});
             }
         }
@@ -154,16 +157,16 @@
         return uid;
     }
 
-    virtual int enroll(uint32_t uid,
-            const uint8_t *current_password_handle, uint32_t current_password_handle_length,
-            const uint8_t *current_password, uint32_t current_password_length,
-            const uint8_t *desired_password, uint32_t desired_password_length,
-            uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) {
+#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()
+
+    Status enroll(int32_t uid, const std::unique_ptr<std::vector<uint8_t>>& currentPasswordHandle,
+                  const std::unique_ptr<std::vector<uint8_t>>& currentPassword,
+                  const std::vector<uint8_t>& desiredPassword, GKResponse* gkResponse) override {
         IPCThreadState* ipc = IPCThreadState::self();
         const int calling_pid = ipc->getCallingPid();
         const int calling_uid = ipc->getCallingUid();
         if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
-            return PERMISSION_DENIED;
+            return GK_ERROR;
         }
 
         // Make sure to clear any state from before factory reset as soon as a credential is
@@ -171,225 +174,189 @@
         clear_state_if_needed();
 
         // need a desired password to enroll
-        if (desired_password_length == 0) return -EINVAL;
+        if (desiredPassword.size() == 0) return GK_ERROR;
 
-        int ret;
-        if (hw_device != nullptr) {
-            const gatekeeper::password_handle_t *handle =
-                    reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle);
+        if (!hw_device) {
+            LOG(ERROR) << "has no HAL to talk to";
+            return GK_ERROR;
+        }
 
-            if (handle != NULL && handle->version != 0 && !handle->hardware_backed) {
-                // handle is being re-enrolled from a software version. HAL probably won't accept
-                // the handle as valid, so we nullify it and enroll from scratch
-                current_password_handle = NULL;
-                current_password_handle_length = 0;
-                current_password = NULL;
-                current_password_length = 0;
+        android::hardware::hidl_vec<uint8_t> curPwdHandle;
+        android::hardware::hidl_vec<uint8_t> curPwd;
+
+        if (currentPasswordHandle && currentPassword) {
+            if (currentPasswordHandle->size() != sizeof(gatekeeper::password_handle_t)) {
+                LOG(INFO) << "Password handle has wrong length";
+                return GK_ERROR;
             }
+            curPwdHandle.setToExternal(const_cast<uint8_t*>(currentPasswordHandle->data()),
+                                       currentPasswordHandle->size());
+            curPwd.setToExternal(const_cast<uint8_t*>(currentPassword->data()),
+                                 currentPassword->size());
+        }
 
-            android::hardware::hidl_vec<uint8_t> curPwdHandle;
-            curPwdHandle.setToExternal(const_cast<uint8_t*>(current_password_handle),
-                                       current_password_handle_length);
-            android::hardware::hidl_vec<uint8_t> curPwd;
-            curPwd.setToExternal(const_cast<uint8_t*>(current_password),
-                                 current_password_length);
-            android::hardware::hidl_vec<uint8_t> newPwd;
-            newPwd.setToExternal(const_cast<uint8_t*>(desired_password),
-                                 desired_password_length);
+        android::hardware::hidl_vec<uint8_t> newPwd;
+        newPwd.setToExternal(const_cast<uint8_t*>(desiredPassword.data()), desiredPassword.size());
 
-            uint32_t hw_uid = adjust_uid(uid);
-            Return<void> hwRes = hw_device->enroll(hw_uid, curPwdHandle, curPwd, newPwd,
-                              [&ret, enrolled_password_handle, enrolled_password_handle_length]
-                                   (const GatekeeperResponse &rsp) {
-                ret = static_cast<int>(rsp.code); // propagate errors
-                if (rsp.code >= GatekeeperStatusCode::STATUS_OK) {
-                    if (enrolled_password_handle != nullptr &&
-                        enrolled_password_handle_length != nullptr) {
-                        *enrolled_password_handle = new uint8_t[rsp.data.size()];
-                        *enrolled_password_handle_length = rsp.data.size();
-                        memcpy(*enrolled_password_handle, rsp.data.data(),
-                               *enrolled_password_handle_length);
+        uint32_t hw_uid = adjust_uid(uid);
+        Return<void> hwRes = hw_device->enroll(
+                hw_uid, curPwdHandle, curPwd, newPwd, [&gkResponse](const GatekeeperResponse& rsp) {
+                    if (rsp.code >= GatekeeperStatusCode::STATUS_OK) {
+                        *gkResponse = GKResponse::ok({rsp.data.begin(), rsp.data.end()});
+                    } else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT &&
+                               rsp.timeout > 0) {
+                        *gkResponse = GKResponse::retry(rsp.timeout);
+                    } else {
+                        *gkResponse = GKResponse::error();
                     }
-                    ret = 0; // all success states are reported as 0
-                } else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT && rsp.timeout > 0) {
-                    ret = rsp.timeout;
-                }
-            });
-            if (!hwRes.isOk()) {
-                ALOGE("enroll transaction failed\n");
-                ret = -1;
+                });
+        if (!hwRes.isOk()) {
+            LOG(ERROR) << "enroll transaction failed";
+            return GK_ERROR;
+        }
+
+        if (gkResponse->response_code() == GKResponseCode::OK && !gkResponse->should_reenroll()) {
+            if (gkResponse->payload().size() != sizeof(gatekeeper::password_handle_t)) {
+                LOG(ERROR) << "HAL returned password handle of invalid length "
+                           << gkResponse->payload().size();
+                return GK_ERROR;
             }
-        } else {
-            ret = soft_device->enroll(uid,
-                    current_password_handle, current_password_handle_length,
-                    current_password, current_password_length,
-                    desired_password, desired_password_length,
-                    enrolled_password_handle, enrolled_password_handle_length);
-        }
 
-        if (ret == GATEKEEPER_RESPONSE_OK && (*enrolled_password_handle == nullptr ||
-            *enrolled_password_handle_length != sizeof(password_handle_t))) {
-            ret = GATEKEEPER_RESPONSE_ERROR;
-            ALOGE("HAL: password_handle=%p size_of_handle=%" PRIu32 "\n",
-                  *enrolled_password_handle, *enrolled_password_handle_length);
-        }
-
-        if (ret == GATEKEEPER_RESPONSE_OK) {
-            gatekeeper::password_handle_t *handle =
-                    reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
+            const gatekeeper::password_handle_t* handle =
+                    reinterpret_cast<const gatekeeper::password_handle_t*>(
+                            gkResponse->payload().data());
             store_sid(uid, handle->user_id);
-            bool rr;
 
+            GKResponse verifyResponse;
             // immediately verify this password so we don't ask the user to enter it again
             // if they just created it.
-            verify(uid, *enrolled_password_handle, sizeof(password_handle_t), desired_password,
-                    desired_password_length, &rr);
+            auto status = verify(uid, gkResponse->payload(), desiredPassword, &verifyResponse);
+            if (!status.isOk() || verifyResponse.response_code() != GKResponseCode::OK) {
+                LOG(ERROR) << "Failed to verify password after enrolling";
+            }
         }
 
-        return ret;
+        return Status::ok();
     }
 
-    virtual int verify(uint32_t uid,
-            const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
-            const uint8_t *provided_password, uint32_t provided_password_length, bool *request_reenroll) {
-        uint8_t *auth_token = nullptr;
-        uint32_t auth_token_length;
-        int ret = verifyChallenge(uid, 0, enrolled_password_handle, enrolled_password_handle_length,
-                provided_password, provided_password_length,
-                &auth_token, &auth_token_length, request_reenroll);
-        delete [] auth_token;
-        return ret;
+    Status verify(int32_t uid, const ::std::vector<uint8_t>& enrolledPasswordHandle,
+                  const ::std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override {
+        return verifyChallenge(uid, 0 /* challenge */, enrolledPasswordHandle, providedPassword,
+                               gkResponse);
     }
 
-    virtual int verifyChallenge(uint32_t uid, uint64_t challenge,
-            const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
-            const uint8_t *provided_password, uint32_t provided_password_length,
-            uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) {
+    Status verifyChallenge(int32_t uid, int64_t challenge,
+                           const std::vector<uint8_t>& enrolledPasswordHandle,
+                           const std::vector<uint8_t>& providedPassword,
+                           GKResponse* gkResponse) override {
         IPCThreadState* ipc = IPCThreadState::self();
         const int calling_pid = ipc->getCallingPid();
         const int calling_uid = ipc->getCallingUid();
         if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
-            return PERMISSION_DENIED;
+            return GK_ERROR;
         }
 
         // can't verify if we're missing either param
-        if ((enrolled_password_handle_length | provided_password_length) == 0)
-            return -EINVAL;
+        if (enrolledPasswordHandle.size() == 0 || providedPassword.size() == 0) return GK_ERROR;
 
-        int ret;
-        if (hw_device != nullptr) {
-            const gatekeeper::password_handle_t *handle =
-                    reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle);
-            // handle version 0 does not have hardware backed flag, and thus cannot be upgraded to
-            // a HAL if there was none before
-            if (handle->version == 0 || handle->hardware_backed) {
-                uint32_t hw_uid = adjust_uid(uid);
-                android::hardware::hidl_vec<uint8_t> curPwdHandle;
-                curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolled_password_handle),
-                                           enrolled_password_handle_length);
-                android::hardware::hidl_vec<uint8_t> enteredPwd;
-                enteredPwd.setToExternal(const_cast<uint8_t*>(provided_password),
-                                         provided_password_length);
-                Return<void> hwRes = hw_device->verify(hw_uid, challenge, curPwdHandle, enteredPwd,
-                                        [&ret, request_reenroll, auth_token, auth_token_length]
-                                             (const GatekeeperResponse &rsp) {
-                    ret = static_cast<int>(rsp.code); // propagate errors
-                    if (auth_token != nullptr && auth_token_length != nullptr &&
-                        rsp.code >= GatekeeperStatusCode::STATUS_OK) {
-                        *auth_token = new uint8_t[rsp.data.size()];
-                        *auth_token_length = rsp.data.size();
-                        memcpy(*auth_token, rsp.data.data(), *auth_token_length);
-                        if (request_reenroll != nullptr) {
-                            *request_reenroll = (rsp.code == GatekeeperStatusCode::STATUS_REENROLL);
-                        }
-                        ret = 0; // all success states are reported as 0
-                    } else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT &&
-                               rsp.timeout > 0) {
-                        ret = rsp.timeout;
+        if (!hw_device) return GK_ERROR;
+
+        if (enrolledPasswordHandle.size() != sizeof(gatekeeper::password_handle_t)) {
+            LOG(INFO) << "Password handle has wrong length";
+            return GK_ERROR;
+        }
+        const gatekeeper::password_handle_t* handle =
+                reinterpret_cast<const gatekeeper::password_handle_t*>(
+                        enrolledPasswordHandle.data());
+
+        uint32_t hw_uid = adjust_uid(uid);
+        android::hardware::hidl_vec<uint8_t> curPwdHandle;
+        curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolledPasswordHandle.data()),
+                                   enrolledPasswordHandle.size());
+        android::hardware::hidl_vec<uint8_t> enteredPwd;
+        enteredPwd.setToExternal(const_cast<uint8_t*>(providedPassword.data()),
+                                 providedPassword.size());
+
+        Return<void> hwRes = hw_device->verify(
+                hw_uid, challenge, curPwdHandle, enteredPwd,
+                [&gkResponse](const GatekeeperResponse& rsp) {
+                    if (rsp.code >= GatekeeperStatusCode::STATUS_OK) {
+                        *gkResponse = GKResponse::ok(
+                                {rsp.data.begin(), rsp.data.end()},
+                                rsp.code == GatekeeperStatusCode::STATUS_REENROLL /* reenroll */);
+                    } else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT) {
+                        *gkResponse = GKResponse::retry(rsp.timeout);
+                    } else {
+                        *gkResponse = GKResponse::error();
                     }
                 });
-                if (!hwRes.isOk()) {
-                    ALOGE("verify transaction failed\n");
-                    ret = -1;
-                }
-            } else {
-                // upgrade scenario, a HAL has been added to this device where there was none before
-                SoftGateKeeperDevice soft_dev;
-                ret = soft_dev.verify(uid, challenge,
-                    enrolled_password_handle, enrolled_password_handle_length,
-                    provided_password, provided_password_length, auth_token, auth_token_length,
-                    request_reenroll);
 
-                if (ret == 0) {
-                    // success! re-enroll with HAL
-                    *request_reenroll = true;
+        if (!hwRes.isOk()) {
+            LOG(ERROR) << "verify transaction failed";
+            return GK_ERROR;
+        }
+
+        if (gkResponse->response_code() == GKResponseCode::OK) {
+            if (gkResponse->payload().size() != 0) {
+                sp<IServiceManager> sm = defaultServiceManager();
+                sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
+                sp<security::keystore::IKeystoreService> service =
+                        interface_cast<security::keystore::IKeystoreService>(binder);
+
+                if (service) {
+                    int result = 0;
+                    auto binder_result = service->addAuthToken(gkResponse->payload(), &result);
+                    if (!binder_result.isOk() ||
+                        !keystore::KeyStoreServiceReturnCode(result).isOk()) {
+                        LOG(ERROR) << "Failure sending auth token to KeyStore: " << result;
+                    }
+                } else {
+                    LOG(ERROR) << "Cannot deliver auth token. Unable to communicate with Keystore.";
                 }
             }
-        } else {
-            ret = soft_device->verify(uid, challenge,
-                enrolled_password_handle, enrolled_password_handle_length,
-                provided_password, provided_password_length, auth_token, auth_token_length,
-                request_reenroll);
+
+            maybe_store_sid(uid, handle->user_id);
         }
 
-        if (ret == 0 && *auth_token != NULL && *auth_token_length > 0) {
-            // TODO: cache service?
-            sp<IServiceManager> sm = defaultServiceManager();
-            sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
-            sp<security::keystore::IKeystoreService> service =
-                    interface_cast<security::keystore::IKeystoreService>(binder);
-            if (service != NULL) {
-                std::vector<uint8_t> auth_token_vector(*auth_token,
-                                                       (*auth_token) + *auth_token_length);
-                int result = 0;
-                auto binder_result = service->addAuthToken(auth_token_vector, &result);
-                if (!binder_result.isOk() || !keystore::KeyStoreServiceReturnCode(result).isOk()) {
-                    ALOGE("Failure sending auth token to KeyStore: %" PRId32, result);
-                }
-            } else {
-                ALOGE("Unable to communicate with KeyStore");
-            }
-        }
-
-        if (ret == 0) {
-            maybe_store_sid(uid, reinterpret_cast<const gatekeeper::password_handle_t *>(
-                        enrolled_password_handle)->user_id);
-        }
-
-        return ret;
+        return Status::ok();
     }
 
-    virtual uint64_t getSecureUserId(uint32_t uid) { return read_sid(uid); }
+    Status getSecureUserId(int32_t uid, int64_t* sid) override {
+        *sid = read_sid(uid);
+        return Status::ok();
+    }
 
-    virtual void clearSecureUserId(uint32_t uid) {
+    Status clearSecureUserId(int32_t uid) override {
         IPCThreadState* ipc = IPCThreadState::self();
         const int calling_pid = ipc->getCallingPid();
         const int calling_uid = ipc->getCallingUid();
         if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
             ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
-            return;
+            return Status::ok();
         }
         clear_sid(uid);
 
-        if (hw_device != nullptr) {
+        if (hw_device) {
             uint32_t hw_uid = adjust_uid(uid);
             hw_device->deleteUser(hw_uid, [] (const GatekeeperResponse &){});
         }
+        return Status::ok();
     }
 
-    virtual void reportDeviceSetupComplete() {
+    Status reportDeviceSetupComplete() override {
         IPCThreadState* ipc = IPCThreadState::self();
         const int calling_pid = ipc->getCallingPid();
         const int calling_uid = ipc->getCallingUid();
         if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
             ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
-            return;
+            return Status::ok();
         }
 
         clear_state_if_needed();
+        return Status::ok();
     }
 
-    virtual status_t dump(int fd, const Vector<String16> &) {
+    status_t dump(int fd, const Vector<String16>&) override {
         IPCThreadState* ipc = IPCThreadState::self();
         const int pid = ipc->getCallingPid();
         const int uid = ipc->getCallingUid();
@@ -410,7 +377,6 @@
 
 private:
     sp<IGatekeeper> hw_device;
-    std::unique_ptr<SoftGateKeeperDevice> soft_device;
 
     bool clear_state_if_needed_done;
     bool is_running_gsi;