Separating GateKeeperProxy declaration in header
Adding gatekeeperd.h and moving declarations for GateKeeperProxy into
header. Adding separate main.cpp for entry point.
Adding cc_default to be used by binary and fuzzer.
This is needed in order to fuzz gatekeeperd AIDL service
Test: m gatekeeperd
Bug: N/A
Change-Id: Ifb2082f68bb200e4ed83608a6def8e45032753de
diff --git a/gatekeeperd/gatekeeperd.h b/gatekeeperd/gatekeeperd.h
new file mode 100644
index 0000000..29873da
--- /dev/null
+++ b/gatekeeperd/gatekeeperd.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <aidl/android/hardware/gatekeeper/IGatekeeper.h>
+#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
+#include <android/service/gatekeeper/BnGateKeeperService.h>
+#include <gatekeeper/GateKeeperResponse.h>
+
+using ::android::hardware::gatekeeper::V1_0::IGatekeeper;
+using AidlIGatekeeper = ::aidl::android::hardware::gatekeeper::IGatekeeper;
+using ::android::binder::Status;
+using ::android::service::gatekeeper::BnGateKeeperService;
+using GKResponse = ::android::service::gatekeeper::GateKeeperResponse;
+
+namespace android {
+
+class GateKeeperProxy : public BnGateKeeperService {
+ public:
+ GateKeeperProxy();
+
+ virtual ~GateKeeperProxy() {}
+
+ void store_sid(uint32_t userId, uint64_t sid);
+
+ void clear_state_if_needed();
+
+ bool mark_cold_boot();
+
+ void maybe_store_sid(uint32_t userId, uint64_t sid);
+
+ uint64_t read_sid(uint32_t userId);
+
+ void clear_sid(uint32_t userId);
+
+ // This should only be called on userIds being passed to the GateKeeper HAL. It ensures that
+ // secure storage shared across a GSI image and a host image will not overlap.
+ uint32_t adjust_userId(uint32_t userId);
+
+#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()
+
+ Status enroll(int32_t userId, const std::optional<std::vector<uint8_t>>& currentPasswordHandle,
+ const std::optional<std::vector<uint8_t>>& currentPassword,
+ const std::vector<uint8_t>& desiredPassword, GKResponse* gkResponse) override;
+
+ Status verify(int32_t userId, const ::std::vector<uint8_t>& enrolledPasswordHandle,
+ const ::std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override;
+
+ Status verifyChallenge(int32_t userId, int64_t challenge,
+ const std::vector<uint8_t>& enrolledPasswordHandle,
+ const std::vector<uint8_t>& providedPassword,
+ GKResponse* gkResponse) override;
+
+ Status getSecureUserId(int32_t userId, int64_t* sid) override;
+
+ Status clearSecureUserId(int32_t userId) override;
+
+ Status reportDeviceSetupComplete() override;
+
+ status_t dump(int fd, const Vector<String16>&) override;
+
+ private:
+ // AIDL gatekeeper service.
+ std::shared_ptr<AidlIGatekeeper> aidl_hw_device;
+ // HIDL gatekeeper service.
+ sp<IGatekeeper> hw_device;
+
+ bool clear_state_if_needed_done;
+ bool is_running_gsi;
+};
+} // namespace android