Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / d57125af1a81f34b162ecd5de81e6f1365aff588 / . / gatekeeperd / gatekeeperd.cpp
blob: 978868196c939b91f1ceef63ac21cf15f1e5ffea [file] [log] [blame]
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "gatekeeperd"
18
19#include "IGateKeeperService.h"
20
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]21#include <errno.h>
22#include <stdint.h>
23#include <inttypes.h>
24#include <fcntl.h>
25#include <unistd.h>
26
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]27#include <cutils/log.h>
28#include <utils/Log.h>
29
30#include <binder/IPCThreadState.h>
31#include <binder/IServiceManager.h>
32#include <binder/PermissionCache.h>
33#include <utils/String16.h>
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]34#include <utils/Log.h>
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]35
36#include <keystore/IKeystoreService.h>
Andres Morales2ae8b4c2015-04-13 09:20:09 -0700[diff] [blame]37#include <keystore/keystore.h> // For error code
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]38#include <gatekeeper/password_handle.h> // for password_handle_t
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]39#include <hardware/gatekeeper.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]40#include <hardware/hw_auth_token.h>
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]41
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]42#include "SoftGateKeeperDevice.h"
43
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]44namespace android {
45
46static const String16 KEYGUARD_PERMISSION("android.permission.ACCESS_KEYGUARD_SECURE_STORAGE");
47static const String16 DUMP_PERMISSION("android.permission.DUMP");
48
49class GateKeeperProxy : public BnGateKeeperService {
50public:
51 GateKeeperProxy() {
52 int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module);
Andres Moralesfef908e2015-07-07 10:28:15 -0700[diff] [blame]53 device = NULL;
54
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]55 if (ret < 0) {
56 ALOGW("falling back to software GateKeeper");
57 soft_device.reset(new SoftGateKeeperDevice());
58 } else {
59 ret = gatekeeper_open(module, &device);
60 if (ret < 0)
61 LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
62 }
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]63
64 if (mark_cold_boot()) {
65 ALOGI("cold boot: clearing state");
66 if (device != NULL && device->delete_all_users != NULL) {
67 device->delete_all_users(device);
68 }
69 }
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]70 }
71
72 virtual ~GateKeeperProxy() {
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]73 if (device) gatekeeper_close(device);
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]74 }
75
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]76 void store_sid(uint32_t uid, uint64_t sid) {
77 char filename[21];
78 sprintf(filename, "%u", uid);
79 int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
80 if (fd < 0) {
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]81 ALOGE("could not open file: %s: %s", filename, strerror(errno));
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]82 return;
83 }
84 write(fd, &sid, sizeof(sid));
85 close(fd);
86 }
87
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]88 bool mark_cold_boot() {
89 const char *filename = ".coldboot";
90 if (access(filename, F_OK) == -1) {
91 int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
92 if (fd < 0) {
93 ALOGE("could not open file: %s : %s", filename, strerror(errno));
94 return false;
95 }
96 close(fd);
97 return true;
98 }
99 return false;
100 }
101
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]102 void maybe_store_sid(uint32_t uid, uint64_t sid) {
103 char filename[21];
104 sprintf(filename, "%u", uid);
105 if (access(filename, F_OK) == -1) {
106 store_sid(uid, sid);
107 }
108 }
109
110 uint64_t read_sid(uint32_t uid) {
111 char filename[21];
112 uint64_t sid;
113 sprintf(filename, "%u", uid);
114 int fd = open(filename, O_RDONLY);
115 if (fd < 0) return 0;
116 read(fd, &sid, sizeof(sid));
Andres Morales0b0435e2015-07-10 09:47:09 -0700[diff] [blame]117 close(fd);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]118 return sid;
119 }
120
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]121 void clear_sid(uint32_t uid) {
122 char filename[21];
123 sprintf(filename, "%u", uid);
124 if (remove(filename) < 0) {
125 ALOGE("%s: could not remove file [%s], attempting 0 write", __func__, strerror(errno));
126 store_sid(uid, 0);
127 }
128 }
129
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]130 virtual int enroll(uint32_t uid,
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]131 const uint8_t *current_password_handle, uint32_t current_password_handle_length,
132 const uint8_t *current_password, uint32_t current_password_length,
133 const uint8_t *desired_password, uint32_t desired_password_length,
134 uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) {
135 IPCThreadState* ipc = IPCThreadState::self();
136 const int calling_pid = ipc->getCallingPid();
137 const int calling_uid = ipc->getCallingUid();
138 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
139 return PERMISSION_DENIED;
140 }
141
142 // need a desired password to enroll
143 if (desired_password_length == 0) return -EINVAL;
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]144
145 int ret;
146 if (device) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]147 const gatekeeper::password_handle_t *handle =
148 reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle);
149
Andres Morales7f6dcf62015-06-24 18:40:24 -0700[diff] [blame]150 if (handle != NULL && handle->version != 0 && !handle->hardware_backed) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]151 // handle is being re-enrolled from a software version. HAL probably won't accept
152 // the handle as valid, so we nullify it and enroll from scratch
153 current_password_handle = NULL;
154 current_password_handle_length = 0;
155 current_password = NULL;
156 current_password_length = 0;
157 }
158
159 ret = device->enroll(device, uid, current_password_handle, current_password_handle_length,
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]160 current_password, current_password_length,
161 desired_password, desired_password_length,
162 enrolled_password_handle, enrolled_password_handle_length);
163 } else {
164 ret = soft_device->enroll(uid,
165 current_password_handle, current_password_handle_length,
166 current_password, current_password_length,
167 desired_password, desired_password_length,
168 enrolled_password_handle, enrolled_password_handle_length);
169 }
170
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]171 if (ret == 0) {
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]172 gatekeeper::password_handle_t *handle =
173 reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
174 store_sid(uid, handle->user_id);
Andres Morales531e3e82015-06-01 17:23:04 -0700[diff] [blame]175 bool rr;
176
177 // immediately verify this password so we don't ask the user to enter it again
178 // if they just created it.
179 verify(uid, *enrolled_password_handle, sizeof(password_handle_t), desired_password,
180 desired_password_length, &rr);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]181 }
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]182
183 return ret;
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]184 }
185
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]186 virtual int verify(uint32_t uid,
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]187 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]188 const uint8_t *provided_password, uint32_t provided_password_length, bool *request_reenroll) {
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]189 uint8_t *auth_token;
190 uint32_t auth_token_length;
191 return verifyChallenge(uid, 0, enrolled_password_handle, enrolled_password_handle_length,
192 provided_password, provided_password_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]193 &auth_token, &auth_token_length, request_reenroll);
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]194 }
195
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]196 virtual int verifyChallenge(uint32_t uid, uint64_t challenge,
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]197 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
198 const uint8_t *provided_password, uint32_t provided_password_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]199 uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]200 IPCThreadState* ipc = IPCThreadState::self();
201 const int calling_pid = ipc->getCallingPid();
202 const int calling_uid = ipc->getCallingUid();
203 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
204 return PERMISSION_DENIED;
205 }
206
207 // can't verify if we're missing either param
208 if ((enrolled_password_handle_length | provided_password_length) == 0)
209 return -EINVAL;
210
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]211 int ret;
212 if (device) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]213 const gatekeeper::password_handle_t *handle =
214 reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle);
Andres Morales7f6dcf62015-06-24 18:40:24 -0700[diff] [blame]215 // handle version 0 does not have hardware backed flag, and thus cannot be upgraded to
216 // a HAL if there was none before
217 if (handle->version == 0 || handle->hardware_backed) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]218 ret = device->verify(device, uid, challenge,
219 enrolled_password_handle, enrolled_password_handle_length,
220 provided_password, provided_password_length, auth_token, auth_token_length,
221 request_reenroll);
222 } else {
223 // upgrade scenario, a HAL has been added to this device where there was none before
224 SoftGateKeeperDevice soft_dev;
225 ret = soft_dev.verify(uid, challenge,
226 enrolled_password_handle, enrolled_password_handle_length,
227 provided_password, provided_password_length, auth_token, auth_token_length,
228 request_reenroll);
229
230 if (ret == 0) {
231 // success! re-enroll with HAL
232 *request_reenroll = true;
233 }
234 }
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]235 } else {
236 ret = soft_device->verify(uid, challenge,
237 enrolled_password_handle, enrolled_password_handle_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]238 provided_password, provided_password_length, auth_token, auth_token_length,
239 request_reenroll);
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]240 }
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]241
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]242 if (ret == 0 && *auth_token != NULL && *auth_token_length > 0) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]243 // TODO: cache service?
244 sp<IServiceManager> sm = defaultServiceManager();
245 sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
246 sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
247 if (service != NULL) {
Andres Morales2ae8b4c2015-04-13 09:20:09 -0700[diff] [blame]248 status_t ret = service->addAuthToken(*auth_token, *auth_token_length);
249 if (ret != ResponseCode::NO_ERROR) {
250 ALOGE("Falure sending auth token to KeyStore: %d", ret);
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]251 }
252 } else {
253 ALOGE("Unable to communicate with KeyStore");
254 }
255 }
256
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]257 if (ret == 0) {
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]258 maybe_store_sid(uid, reinterpret_cast<const gatekeeper::password_handle_t *>(
259 enrolled_password_handle)->user_id);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]260 }
261
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]262 return ret;
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]263 }
264
265 virtual uint64_t getSecureUserId(uint32_t uid) {
266 return read_sid(uid);
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]267 }
268
Andres Morales7c9c3bc2015-04-16 15:57:17 -0700[diff] [blame]269 virtual void clearSecureUserId(uint32_t uid) {
270 IPCThreadState* ipc = IPCThreadState::self();
271 const int calling_pid = ipc->getCallingPid();
272 const int calling_uid = ipc->getCallingUid();
273 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
274 ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
275 return;
276 }
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]277 clear_sid(uid);
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]278
279 if (device != NULL && device->delete_user != NULL) {
280 device->delete_user(device, uid);
281 }
Andres Morales7c9c3bc2015-04-16 15:57:17 -0700[diff] [blame]282 }
283
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]284 virtual status_t dump(int fd, const Vector<String16> &) {
285 IPCThreadState* ipc = IPCThreadState::self();
286 const int pid = ipc->getCallingPid();
287 const int uid = ipc->getCallingUid();
288 if (!PermissionCache::checkPermission(DUMP_PERMISSION, pid, uid)) {
289 return PERMISSION_DENIED;
290 }
291
292 if (device == NULL) {
293 const char *result = "Device not available";
294 write(fd, result, strlen(result) + 1);
295 } else {
296 const char *result = "OK";
297 write(fd, result, strlen(result) + 1);
298 }
299
300 return NO_ERROR;
301 }
302
303private:
304 gatekeeper_device_t *device;
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]305 UniquePtr<SoftGateKeeperDevice> soft_device;
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]306 const hw_module_t *module;
307};
308}// namespace android
309
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]310int main(int argc, char* argv[]) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]311 ALOGI("Starting gatekeeperd...");
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]312 if (argc < 2) {
313 ALOGE("A directory must be specified!");
314 return 1;
315 }
316 if (chdir(argv[1]) == -1) {
317 ALOGE("chdir: %s: %s", argv[1], strerror(errno));
318 return 1;
319 }
320
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]321 android::sp<android::IServiceManager> sm = android::defaultServiceManager();
322 android::sp<android::GateKeeperProxy> proxy = new android::GateKeeperProxy();
323 android::status_t ret = sm->addService(
324 android::String16("android.service.gatekeeper.IGateKeeperService"), proxy);
325 if (ret != android::OK) {
326 ALOGE("Couldn't register binder service!");
327 return -1;
328 }
329
330 /*
331 * We're the only thread in existence, so we're just going to process
332 * Binder transaction as a single-threaded program.
333 */
334 android::IPCThreadState::self()->joinThreadPool();
335 return 0;
336}