Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / c828ae87768f3539cefadb7e485b877995918299^! / . / gatekeeperd / gatekeeperd.cpp
commitc828ae87768f3539cefadb7e485b877995918299[log] [tgz]
authorAndres Morales <anmorales@google.com>Fri Apr 10 21:03:07 2015 -0700
committerAndres Morales <anmorales@google.com>Sat Apr 11 18:29:04 2015 -0700
treef9dc4f6a289ec1d684172ed419483cf5829cba53
parent851b57c1f81bd3572cf5908611ba029be934c706 [diff] [blame]
Update verify API to return auth token blob

Change-Id: I853e61815458b54fb3b2f29e12a147b3b9aa3788

diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 2a435a9..ea7016e 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp

@@ -71,9 +71,20 @@
         return ret >= 0 ? NO_ERROR : UNKNOWN_ERROR;
     }
 
-    virtual status_t verify(uint32_t uid, uint64_t challenge,
+    virtual status_t verify(uint32_t uid,
             const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
             const uint8_t *provided_password, uint32_t provided_password_length) {
+        uint8_t *auth_token;
+        uint32_t auth_token_length;
+        return verifyChallenge(uid, 0, enrolled_password_handle, enrolled_password_handle_length,
+                provided_password, provided_password_length,
+                &auth_token, &auth_token_length);
+    }
+
+    virtual status_t verifyChallenge(uint32_t uid, uint64_t challenge,
+            const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
+            const uint8_t *provided_password, uint32_t provided_password_length,
+            uint8_t **auth_token, uint32_t *auth_token_length) {
         IPCThreadState* ipc = IPCThreadState::self();
         const int calling_pid = ipc->getCallingPid();
         const int calling_uid = ipc->getCallingUid();
@@ -85,19 +96,17 @@
         if ((enrolled_password_handle_length | provided_password_length) == 0)
             return -EINVAL;
 
-        uint8_t *auth_token;
-        uint32_t auth_token_length;
         int ret = device->verify(device, uid, challenge,
                 enrolled_password_handle, enrolled_password_handle_length,
-                provided_password, provided_password_length, &auth_token, &auth_token_length);
+                provided_password, provided_password_length, auth_token, auth_token_length);
 
-        if (ret >= 0 && auth_token != NULL && auth_token_length > 0) {
+        if (ret >= 0 && *auth_token != NULL && *auth_token_length > 0) {
             // TODO: cache service?
             sp<IServiceManager> sm = defaultServiceManager();
             sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
             sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
             if (service != NULL) {
-                if (service->addAuthToken(auth_token, auth_token_length) != NO_ERROR) {
+                if (service->addAuthToken(*auth_token, *auth_token_length) != NO_ERROR) {
                     ALOGE("Falure sending auth token to KeyStore");
                 }
             } else {