Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 2cbbe9f7a35efdc94e8e34ef92eb6f70a85887fe / . / gatekeeperd / gatekeeperd.cpp
blob: 96bda07a51ff7d89a5b9a3e53c44518c3bb01551 [file] [log] [blame]
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "gatekeeperd"
18
19#include "IGateKeeperService.h"
20
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]21#include <errno.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]22#include <fcntl.h>
Mark Salyzyn66ce3e02016-09-28 10:07:20 -0700[diff] [blame]23#include <inttypes.h>
24#include <stdint.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]25#include <unistd.h>
26
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]27#include <binder/IPCThreadState.h>
28#include <binder/IServiceManager.h>
29#include <binder/PermissionCache.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]30#include <gatekeeper/password_handle.h> // for password_handle_t
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]31#include <hardware/gatekeeper.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]32#include <hardware/hw_auth_token.h>
Mark Salyzyn66ce3e02016-09-28 10:07:20 -0700[diff] [blame]33#include <keystore/IKeystoreService.h>
34#include <keystore/keystore.h> // For error code
Mark Salyzyn30f991f2017-01-10 13:19:54 -0800[diff] [blame]35#include <log/log.h>
Mark Salyzyn66ce3e02016-09-28 10:07:20 -0700[diff] [blame]36#include <utils/Log.h>
37#include <utils/String16.h>
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]38
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]39#include "SoftGateKeeperDevice.h"
Andres Morales1cf7d252015-08-04 16:57:12 -0700[diff] [blame]40#include "IUserManager.h"
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]41
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]42namespace android {
43
44static const String16 KEYGUARD_PERMISSION("android.permission.ACCESS_KEYGUARD_SECURE_STORAGE");
45static const String16 DUMP_PERMISSION("android.permission.DUMP");
46
47class GateKeeperProxy : public BnGateKeeperService {
48public:
49 GateKeeperProxy() {
50 int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module);
Andres Moralesfef908e2015-07-07 10:28:15 -0700[diff] [blame]51 device = NULL;
52
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]53 if (ret < 0) {
54 ALOGW("falling back to software GateKeeper");
55 soft_device.reset(new SoftGateKeeperDevice());
56 } else {
57 ret = gatekeeper_open(module, &device);
58 if (ret < 0)
59 LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
60 }
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]61
62 if (mark_cold_boot()) {
63 ALOGI("cold boot: clearing state");
64 if (device != NULL && device->delete_all_users != NULL) {
65 device->delete_all_users(device);
66 }
67 }
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]68 }
69
70 virtual ~GateKeeperProxy() {
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]71 if (device) gatekeeper_close(device);
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]72 }
73
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]74 void store_sid(uint32_t uid, uint64_t sid) {
75 char filename[21];
George Burgess IVe7aa2b22016-03-02 14:02:55 -0800[diff] [blame]76 snprintf(filename, sizeof(filename), "%u", uid);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]77 int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
78 if (fd < 0) {
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]79 ALOGE("could not open file: %s: %s", filename, strerror(errno));
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]80 return;
81 }
82 write(fd, &sid, sizeof(sid));
83 close(fd);
84 }
85
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]86 bool mark_cold_boot() {
87 const char *filename = ".coldboot";
88 if (access(filename, F_OK) == -1) {
89 int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
90 if (fd < 0) {
91 ALOGE("could not open file: %s : %s", filename, strerror(errno));
92 return false;
93 }
94 close(fd);
95 return true;
96 }
97 return false;
98 }
99
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]100 void maybe_store_sid(uint32_t uid, uint64_t sid) {
101 char filename[21];
George Burgess IVe7aa2b22016-03-02 14:02:55 -0800[diff] [blame]102 snprintf(filename, sizeof(filename), "%u", uid);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]103 if (access(filename, F_OK) == -1) {
104 store_sid(uid, sid);
105 }
106 }
107
108 uint64_t read_sid(uint32_t uid) {
109 char filename[21];
110 uint64_t sid;
George Burgess IVe7aa2b22016-03-02 14:02:55 -0800[diff] [blame]111 snprintf(filename, sizeof(filename), "%u", uid);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]112 int fd = open(filename, O_RDONLY);
113 if (fd < 0) return 0;
114 read(fd, &sid, sizeof(sid));
Andres Morales0b0435e2015-07-10 09:47:09 -0700[diff] [blame]115 close(fd);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]116 return sid;
117 }
118
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]119 void clear_sid(uint32_t uid) {
120 char filename[21];
George Burgess IVe7aa2b22016-03-02 14:02:55 -0800[diff] [blame]121 snprintf(filename, sizeof(filename), "%u", uid);
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]122 if (remove(filename) < 0) {
123 ALOGE("%s: could not remove file [%s], attempting 0 write", __func__, strerror(errno));
124 store_sid(uid, 0);
125 }
126 }
127
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]128 virtual int enroll(uint32_t uid,
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]129 const uint8_t *current_password_handle, uint32_t current_password_handle_length,
130 const uint8_t *current_password, uint32_t current_password_length,
131 const uint8_t *desired_password, uint32_t desired_password_length,
132 uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) {
133 IPCThreadState* ipc = IPCThreadState::self();
134 const int calling_pid = ipc->getCallingPid();
135 const int calling_uid = ipc->getCallingUid();
136 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
137 return PERMISSION_DENIED;
138 }
139
140 // need a desired password to enroll
141 if (desired_password_length == 0) return -EINVAL;
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]142
143 int ret;
144 if (device) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]145 const gatekeeper::password_handle_t *handle =
146 reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle);
147
Andres Morales7f6dcf62015-06-24 18:40:24 -0700[diff] [blame]148 if (handle != NULL && handle->version != 0 && !handle->hardware_backed) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]149 // handle is being re-enrolled from a software version. HAL probably won't accept
150 // the handle as valid, so we nullify it and enroll from scratch
151 current_password_handle = NULL;
152 current_password_handle_length = 0;
153 current_password = NULL;
154 current_password_length = 0;
155 }
156
157 ret = device->enroll(device, uid, current_password_handle, current_password_handle_length,
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]158 current_password, current_password_length,
159 desired_password, desired_password_length,
160 enrolled_password_handle, enrolled_password_handle_length);
161 } else {
162 ret = soft_device->enroll(uid,
163 current_password_handle, current_password_handle_length,
164 current_password, current_password_length,
165 desired_password, desired_password_length,
166 enrolled_password_handle, enrolled_password_handle_length);
167 }
168
Alexey Polyudov8c635362016-09-07 18:51:28 -0700[diff] [blame]169 if (ret == GATEKEEPER_RESPONSE_OK && (*enrolled_password_handle == nullptr ||
170 *enrolled_password_handle_length != sizeof(password_handle_t))) {
171 ret = GATEKEEPER_RESPONSE_ERROR;
172 ALOGE("HAL: password_handle=%p size_of_handle=%" PRIu32 "\n",
173 *enrolled_password_handle, *enrolled_password_handle_length);
174 }
175
176 if (ret == GATEKEEPER_RESPONSE_OK) {
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]177 gatekeeper::password_handle_t *handle =
178 reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
179 store_sid(uid, handle->user_id);
Andres Morales531e3e82015-06-01 17:23:04 -0700[diff] [blame]180 bool rr;
181
182 // immediately verify this password so we don't ask the user to enter it again
183 // if they just created it.
184 verify(uid, *enrolled_password_handle, sizeof(password_handle_t), desired_password,
185 desired_password_length, &rr);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]186 }
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]187
188 return ret;
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]189 }
190
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]191 virtual int verify(uint32_t uid,
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]192 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]193 const uint8_t *provided_password, uint32_t provided_password_length, bool *request_reenroll) {
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]194 uint8_t *auth_token;
195 uint32_t auth_token_length;
196 return verifyChallenge(uid, 0, enrolled_password_handle, enrolled_password_handle_length,
197 provided_password, provided_password_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]198 &auth_token, &auth_token_length, request_reenroll);
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]199 }
200
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]201 virtual int verifyChallenge(uint32_t uid, uint64_t challenge,
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]202 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
203 const uint8_t *provided_password, uint32_t provided_password_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]204 uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]205 IPCThreadState* ipc = IPCThreadState::self();
206 const int calling_pid = ipc->getCallingPid();
207 const int calling_uid = ipc->getCallingUid();
208 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
209 return PERMISSION_DENIED;
210 }
211
212 // can't verify if we're missing either param
213 if ((enrolled_password_handle_length | provided_password_length) == 0)
214 return -EINVAL;
215
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]216 int ret;
217 if (device) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]218 const gatekeeper::password_handle_t *handle =
219 reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle);
Andres Morales7f6dcf62015-06-24 18:40:24 -0700[diff] [blame]220 // handle version 0 does not have hardware backed flag, and thus cannot be upgraded to
221 // a HAL if there was none before
222 if (handle->version == 0 || handle->hardware_backed) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]223 ret = device->verify(device, uid, challenge,
224 enrolled_password_handle, enrolled_password_handle_length,
225 provided_password, provided_password_length, auth_token, auth_token_length,
226 request_reenroll);
227 } else {
228 // upgrade scenario, a HAL has been added to this device where there was none before
229 SoftGateKeeperDevice soft_dev;
230 ret = soft_dev.verify(uid, challenge,
231 enrolled_password_handle, enrolled_password_handle_length,
232 provided_password, provided_password_length, auth_token, auth_token_length,
233 request_reenroll);
234
235 if (ret == 0) {
236 // success! re-enroll with HAL
237 *request_reenroll = true;
238 }
239 }
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]240 } else {
241 ret = soft_device->verify(uid, challenge,
242 enrolled_password_handle, enrolled_password_handle_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]243 provided_password, provided_password_length, auth_token, auth_token_length,
244 request_reenroll);
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]245 }
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]246
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]247 if (ret == 0 && *auth_token != NULL && *auth_token_length > 0) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]248 // TODO: cache service?
249 sp<IServiceManager> sm = defaultServiceManager();
250 sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
251 sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
252 if (service != NULL) {
Andres Morales2ae8b4c2015-04-13 09:20:09 -0700[diff] [blame]253 status_t ret = service->addAuthToken(*auth_token, *auth_token_length);
254 if (ret != ResponseCode::NO_ERROR) {
255 ALOGE("Falure sending auth token to KeyStore: %d", ret);
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]256 }
257 } else {
258 ALOGE("Unable to communicate with KeyStore");
259 }
260 }
261
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]262 if (ret == 0) {
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]263 maybe_store_sid(uid, reinterpret_cast<const gatekeeper::password_handle_t *>(
264 enrolled_password_handle)->user_id);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]265 }
266
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]267 return ret;
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]268 }
269
270 virtual uint64_t getSecureUserId(uint32_t uid) {
Andres Morales1cf7d252015-08-04 16:57:12 -0700[diff] [blame]271 uint64_t sid = read_sid(uid);
272 if (sid == 0) {
273 // might be a work profile, look up the parent
274 sp<IServiceManager> sm = defaultServiceManager();
275 sp<IBinder> binder = sm->getService(String16("user"));
276 sp<IUserManager> um = interface_cast<IUserManager>(binder);
277 int32_t parent = um->getCredentialOwnerProfile(uid);
278 if (parent < 0) {
279 return 0;
280 } else if (parent != (int32_t) uid) {
281 return read_sid(parent);
282 }
283 }
284 return sid;
285
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]286 }
287
Andres Morales7c9c3bc2015-04-16 15:57:17 -0700[diff] [blame]288 virtual void clearSecureUserId(uint32_t uid) {
289 IPCThreadState* ipc = IPCThreadState::self();
290 const int calling_pid = ipc->getCallingPid();
291 const int calling_uid = ipc->getCallingUid();
292 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
293 ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
294 return;
295 }
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]296 clear_sid(uid);
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]297
298 if (device != NULL && device->delete_user != NULL) {
299 device->delete_user(device, uid);
300 }
Andres Morales7c9c3bc2015-04-16 15:57:17 -0700[diff] [blame]301 }
302
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]303 virtual status_t dump(int fd, const Vector<String16> &) {
304 IPCThreadState* ipc = IPCThreadState::self();
305 const int pid = ipc->getCallingPid();
306 const int uid = ipc->getCallingUid();
307 if (!PermissionCache::checkPermission(DUMP_PERMISSION, pid, uid)) {
308 return PERMISSION_DENIED;
309 }
310
311 if (device == NULL) {
312 const char *result = "Device not available";
313 write(fd, result, strlen(result) + 1);
314 } else {
315 const char *result = "OK";
316 write(fd, result, strlen(result) + 1);
317 }
318
319 return NO_ERROR;
320 }
321
322private:
323 gatekeeper_device_t *device;
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]324 UniquePtr<SoftGateKeeperDevice> soft_device;
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]325 const hw_module_t *module;
326};
327}// namespace android
328
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]329int main(int argc, char* argv[]) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]330 ALOGI("Starting gatekeeperd...");
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]331 if (argc < 2) {
332 ALOGE("A directory must be specified!");
333 return 1;
334 }
335 if (chdir(argv[1]) == -1) {
336 ALOGE("chdir: %s: %s", argv[1], strerror(errno));
337 return 1;
338 }
339
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]340 android::sp<android::IServiceManager> sm = android::defaultServiceManager();
341 android::sp<android::GateKeeperProxy> proxy = new android::GateKeeperProxy();
342 android::status_t ret = sm->addService(
343 android::String16("android.service.gatekeeper.IGateKeeperService"), proxy);
344 if (ret != android::OK) {
345 ALOGE("Couldn't register binder service!");
346 return -1;
347 }
348
349 /*
350 * We're the only thread in existence, so we're just going to process
351 * Binder transaction as a single-threaded program.
352 */
353 android::IPCThreadState::self()->joinThreadPool();
354 return 0;
355}