Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / d9ad02e3e0ca91fb5356f4467d73d5db56a1daa7 / . / gatekeeperd / gatekeeperd.cpp
blob: abb387c15bf98922b319c9cf848a5107d9ae77b9 [file] [log] [blame]
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "gatekeeperd"
18
19#include "IGateKeeperService.h"
20
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]21#include <errno.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]22#include <fcntl.h>
Mark Salyzyn66ce3e02016-09-28 10:07:20 -0700[diff] [blame]23#include <inttypes.h>
24#include <stdint.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]25#include <unistd.h>
Justin Yun68b0ec62017-08-16 18:54:20 +0900[diff] [blame]26#include <memory>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]27
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]28#include <binder/IPCThreadState.h>
29#include <binder/IServiceManager.h>
30#include <binder/PermissionCache.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]31#include <gatekeeper/password_handle.h> // for password_handle_t
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]32#include <hardware/gatekeeper.h>
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]33#include <hardware/hw_auth_token.h>
Mark Salyzyn66ce3e02016-09-28 10:07:20 -0700[diff] [blame]34#include <keystore/IKeystoreService.h>
35#include <keystore/keystore.h> // For error code
Mark Salyzyn30f991f2017-01-10 13:19:54 -0800[diff] [blame]36#include <log/log.h>
Mark Salyzyn66ce3e02016-09-28 10:07:20 -0700[diff] [blame]37#include <utils/Log.h>
38#include <utils/String16.h>
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]39
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]40#include "SoftGateKeeperDevice.h"
41
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]42#include <hidl/HidlSupport.h>
43#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
44
45using android::sp;
46using android::hardware::gatekeeper::V1_0::IGatekeeper;
47using android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
48using android::hardware::gatekeeper::V1_0::GatekeeperResponse;
49using android::hardware::Return;
50
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]51namespace android {
52
53static const String16 KEYGUARD_PERMISSION("android.permission.ACCESS_KEYGUARD_SECURE_STORAGE");
54static const String16 DUMP_PERMISSION("android.permission.DUMP");
55
56class GateKeeperProxy : public BnGateKeeperService {
57public:
58 GateKeeperProxy() {
Adrian Rooscb4ed1b2017-04-12 13:03:04 -0700[diff] [blame]59 clear_state_if_needed_done = false;
Chris Phoenixa84ce0c2017-01-24 13:09:39 -0800[diff] [blame]60 hw_device = IGatekeeper::getService();
Andres Moralesfef908e2015-07-07 10:28:15 -0700[diff] [blame]61
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]62 if (hw_device == nullptr) {
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]63 ALOGW("falling back to software GateKeeper");
64 soft_device.reset(new SoftGateKeeperDevice());
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]65 }
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]66 }
67
68 virtual ~GateKeeperProxy() {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]69 }
70
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]71 void store_sid(uint32_t uid, uint64_t sid) {
72 char filename[21];
George Burgess IVe7aa2b22016-03-02 14:02:55 -0800[diff] [blame]73 snprintf(filename, sizeof(filename), "%u", uid);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]74 int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
75 if (fd < 0) {
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]76 ALOGE("could not open file: %s: %s", filename, strerror(errno));
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]77 return;
78 }
79 write(fd, &sid, sizeof(sid));
80 close(fd);
81 }
82
Adrian Rooscb4ed1b2017-04-12 13:03:04 -0700[diff] [blame]83 void clear_state_if_needed() {
84 if (clear_state_if_needed_done) {
85 return;
86 }
87
88 if (mark_cold_boot()) {
89 ALOGI("cold boot: clearing state");
90 if (hw_device != nullptr) {
91 hw_device->deleteAllUsers([](const GatekeeperResponse &){});
92 }
93 }
94
95 clear_state_if_needed_done = true;
96 }
97
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]98 bool mark_cold_boot() {
99 const char *filename = ".coldboot";
100 if (access(filename, F_OK) == -1) {
101 int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
102 if (fd < 0) {
103 ALOGE("could not open file: %s : %s", filename, strerror(errno));
104 return false;
105 }
106 close(fd);
107 return true;
108 }
109 return false;
110 }
111
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]112 void maybe_store_sid(uint32_t uid, uint64_t sid) {
113 char filename[21];
George Burgess IVe7aa2b22016-03-02 14:02:55 -0800[diff] [blame]114 snprintf(filename, sizeof(filename), "%u", uid);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]115 if (access(filename, F_OK) == -1) {
116 store_sid(uid, sid);
117 }
118 }
119
120 uint64_t read_sid(uint32_t uid) {
121 char filename[21];
122 uint64_t sid;
George Burgess IVe7aa2b22016-03-02 14:02:55 -0800[diff] [blame]123 snprintf(filename, sizeof(filename), "%u", uid);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]124 int fd = open(filename, O_RDONLY);
125 if (fd < 0) return 0;
126 read(fd, &sid, sizeof(sid));
Andres Morales0b0435e2015-07-10 09:47:09 -0700[diff] [blame]127 close(fd);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]128 return sid;
129 }
130
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]131 void clear_sid(uint32_t uid) {
132 char filename[21];
George Burgess IVe7aa2b22016-03-02 14:02:55 -0800[diff] [blame]133 snprintf(filename, sizeof(filename), "%u", uid);
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]134 if (remove(filename) < 0) {
135 ALOGE("%s: could not remove file [%s], attempting 0 write", __func__, strerror(errno));
136 store_sid(uid, 0);
137 }
138 }
139
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]140 virtual int enroll(uint32_t uid,
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]141 const uint8_t *current_password_handle, uint32_t current_password_handle_length,
142 const uint8_t *current_password, uint32_t current_password_length,
143 const uint8_t *desired_password, uint32_t desired_password_length,
144 uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) {
145 IPCThreadState* ipc = IPCThreadState::self();
146 const int calling_pid = ipc->getCallingPid();
147 const int calling_uid = ipc->getCallingUid();
148 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
149 return PERMISSION_DENIED;
150 }
151
Adrian Rooscb4ed1b2017-04-12 13:03:04 -0700[diff] [blame]152 // Make sure to clear any state from before factory reset as soon as a credential is
153 // enrolled (which may happen during device setup).
154 clear_state_if_needed();
155
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]156 // need a desired password to enroll
157 if (desired_password_length == 0) return -EINVAL;
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]158
159 int ret;
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]160 if (hw_device != nullptr) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]161 const gatekeeper::password_handle_t *handle =
162 reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle);
163
Andres Morales7f6dcf62015-06-24 18:40:24 -0700[diff] [blame]164 if (handle != NULL && handle->version != 0 && !handle->hardware_backed) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]165 // handle is being re-enrolled from a software version. HAL probably won't accept
166 // the handle as valid, so we nullify it and enroll from scratch
167 current_password_handle = NULL;
168 current_password_handle_length = 0;
169 current_password = NULL;
170 current_password_length = 0;
171 }
172
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]173 android::hardware::hidl_vec<uint8_t> curPwdHandle;
174 curPwdHandle.setToExternal(const_cast<uint8_t*>(current_password_handle),
175 current_password_handle_length);
176 android::hardware::hidl_vec<uint8_t> curPwd;
177 curPwd.setToExternal(const_cast<uint8_t*>(current_password),
178 current_password_length);
179 android::hardware::hidl_vec<uint8_t> newPwd;
180 newPwd.setToExternal(const_cast<uint8_t*>(desired_password),
181 desired_password_length);
182
183 Return<void> hwRes = hw_device->enroll(uid, curPwdHandle, curPwd, newPwd,
184 [&ret, enrolled_password_handle, enrolled_password_handle_length]
185 (const GatekeeperResponse &rsp) {
186 ret = static_cast<int>(rsp.code); // propagate errors
187 if (rsp.code >= GatekeeperStatusCode::STATUS_OK) {
188 if (enrolled_password_handle != nullptr &&
189 enrolled_password_handle_length != nullptr) {
190 *enrolled_password_handle = new uint8_t[rsp.data.size()];
191 *enrolled_password_handle_length = rsp.data.size();
192 memcpy(*enrolled_password_handle, rsp.data.data(),
193 *enrolled_password_handle_length);
194 }
195 ret = 0; // all success states are reported as 0
196 } else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT && rsp.timeout > 0) {
197 ret = rsp.timeout;
198 }
199 });
Steven Moreland81330932017-01-03 17:01:27 -0800[diff] [blame]200 if (!hwRes.isOk()) {
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]201 ALOGE("enroll transaction failed\n");
202 ret = -1;
203 }
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]204 } else {
205 ret = soft_device->enroll(uid,
206 current_password_handle, current_password_handle_length,
207 current_password, current_password_length,
208 desired_password, desired_password_length,
209 enrolled_password_handle, enrolled_password_handle_length);
210 }
211
Alexey Polyudov8c635362016-09-07 18:51:28 -0700[diff] [blame]212 if (ret == GATEKEEPER_RESPONSE_OK && (*enrolled_password_handle == nullptr ||
213 *enrolled_password_handle_length != sizeof(password_handle_t))) {
214 ret = GATEKEEPER_RESPONSE_ERROR;
215 ALOGE("HAL: password_handle=%p size_of_handle=%" PRIu32 "\n",
216 *enrolled_password_handle, *enrolled_password_handle_length);
217 }
218
219 if (ret == GATEKEEPER_RESPONSE_OK) {
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]220 gatekeeper::password_handle_t *handle =
221 reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
222 store_sid(uid, handle->user_id);
Andres Morales531e3e82015-06-01 17:23:04 -0700[diff] [blame]223 bool rr;
224
225 // immediately verify this password so we don't ask the user to enter it again
226 // if they just created it.
227 verify(uid, *enrolled_password_handle, sizeof(password_handle_t), desired_password,
228 desired_password_length, &rr);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]229 }
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]230
231 return ret;
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]232 }
233
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]234 virtual int verify(uint32_t uid,
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]235 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]236 const uint8_t *provided_password, uint32_t provided_password_length, bool *request_reenroll) {
Kihyung Leed9ad02e2018-06-15 12:46:42 +0900[diff] [blame^]237 uint8_t *auth_token = nullptr;
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]238 uint32_t auth_token_length;
Kihyung Leed9ad02e2018-06-15 12:46:42 +0900[diff] [blame^]239 int ret = verifyChallenge(uid, 0, enrolled_password_handle, enrolled_password_handle_length,
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]240 provided_password, provided_password_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]241 &auth_token, &auth_token_length, request_reenroll);
Kihyung Leed9ad02e2018-06-15 12:46:42 +0900[diff] [blame^]242 delete [] auth_token;
243 return ret;
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]244 }
245
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]246 virtual int verifyChallenge(uint32_t uid, uint64_t challenge,
Andres Moralesc828ae82015-04-10 21:03:07 -0700[diff] [blame]247 const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
248 const uint8_t *provided_password, uint32_t provided_password_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]249 uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]250 IPCThreadState* ipc = IPCThreadState::self();
251 const int calling_pid = ipc->getCallingPid();
252 const int calling_uid = ipc->getCallingUid();
253 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
254 return PERMISSION_DENIED;
255 }
256
257 // can't verify if we're missing either param
258 if ((enrolled_password_handle_length | provided_password_length) == 0)
259 return -EINVAL;
260
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]261 int ret;
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]262 if (hw_device != nullptr) {
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]263 const gatekeeper::password_handle_t *handle =
264 reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle);
Andres Morales7f6dcf62015-06-24 18:40:24 -0700[diff] [blame]265 // handle version 0 does not have hardware backed flag, and thus cannot be upgraded to
266 // a HAL if there was none before
267 if (handle->version == 0 || handle->hardware_backed) {
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]268 android::hardware::hidl_vec<uint8_t> curPwdHandle;
269 curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolled_password_handle),
270 enrolled_password_handle_length);
271 android::hardware::hidl_vec<uint8_t> enteredPwd;
272 enteredPwd.setToExternal(const_cast<uint8_t*>(provided_password),
273 provided_password_length);
274 Return<void> hwRes = hw_device->verify(uid, challenge, curPwdHandle, enteredPwd,
275 [&ret, request_reenroll, auth_token, auth_token_length]
276 (const GatekeeperResponse &rsp) {
277 ret = static_cast<int>(rsp.code); // propagate errors
278 if (auth_token != nullptr && auth_token_length != nullptr &&
279 rsp.code >= GatekeeperStatusCode::STATUS_OK) {
280 *auth_token = new uint8_t[rsp.data.size()];
281 *auth_token_length = rsp.data.size();
282 memcpy(*auth_token, rsp.data.data(), *auth_token_length);
283 if (request_reenroll != nullptr) {
284 *request_reenroll = (rsp.code == GatekeeperStatusCode::STATUS_REENROLL);
285 }
286 ret = 0; // all success states are reported as 0
287 } else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT &&
288 rsp.timeout > 0) {
289 ret = rsp.timeout;
290 }
291 });
Steven Moreland81330932017-01-03 17:01:27 -0800[diff] [blame]292 if (!hwRes.isOk()) {
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]293 ALOGE("verify transaction failed\n");
294 ret = -1;
295 }
Andres Morales835d96e2015-06-03 15:06:24 -0700[diff] [blame]296 } else {
297 // upgrade scenario, a HAL has been added to this device where there was none before
298 SoftGateKeeperDevice soft_dev;
299 ret = soft_dev.verify(uid, challenge,
300 enrolled_password_handle, enrolled_password_handle_length,
301 provided_password, provided_password_length, auth_token, auth_token_length,
302 request_reenroll);
303
304 if (ret == 0) {
305 // success! re-enroll with HAL
306 *request_reenroll = true;
307 }
308 }
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]309 } else {
310 ret = soft_device->verify(uid, challenge,
311 enrolled_password_handle, enrolled_password_handle_length,
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]312 provided_password, provided_password_length, auth_token, auth_token_length,
313 request_reenroll);
Andres Morales33dfdc72015-05-12 15:37:20 -0700[diff] [blame]314 }
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]315
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]316 if (ret == 0 && *auth_token != NULL && *auth_token_length > 0) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]317 // TODO: cache service?
318 sp<IServiceManager> sm = defaultServiceManager();
319 sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
320 sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
321 if (service != NULL) {
Janis Danisevskis72030fb2016-10-24 14:47:00 +0100[diff] [blame]322 auto ret = service->addAuthToken(*auth_token, *auth_token_length);
323 if (!ret.isOk()) {
324 ALOGE("Failure sending auth token to KeyStore: %" PRId32, int32_t(ret));
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]325 }
326 } else {
327 ALOGE("Unable to communicate with KeyStore");
328 }
329 }
330
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]331 if (ret == 0) {
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]332 maybe_store_sid(uid, reinterpret_cast<const gatekeeper::password_handle_t *>(
333 enrolled_password_handle)->user_id);
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]334 }
335
Andres Moralesae242922015-05-18 09:26:19 -0700[diff] [blame]336 return ret;
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]337 }
338
Pavel Grafov9890f892017-06-28 19:03:58 +0100[diff] [blame]339 virtual uint64_t getSecureUserId(uint32_t uid) { return read_sid(uid); }
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]340
Andres Morales7c9c3bc2015-04-16 15:57:17 -0700[diff] [blame]341 virtual void clearSecureUserId(uint32_t uid) {
342 IPCThreadState* ipc = IPCThreadState::self();
343 const int calling_pid = ipc->getCallingPid();
344 const int calling_uid = ipc->getCallingUid();
345 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
346 ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
347 return;
348 }
Andres Moralesdcb3fbd2015-04-17 09:00:28 -0700[diff] [blame]349 clear_sid(uid);
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]350
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]351 if (hw_device != nullptr) {
352 hw_device->deleteUser(uid, [] (const GatekeeperResponse &){});
Andres Morales3c2086d2015-06-24 10:21:16 -0700[diff] [blame]353 }
Andres Morales7c9c3bc2015-04-16 15:57:17 -0700[diff] [blame]354 }
355
Adrian Rooscb4ed1b2017-04-12 13:03:04 -0700[diff] [blame]356 virtual void reportDeviceSetupComplete() {
357 IPCThreadState* ipc = IPCThreadState::self();
358 const int calling_pid = ipc->getCallingPid();
359 const int calling_uid = ipc->getCallingUid();
360 if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
361 ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
362 return;
363 }
364
365 clear_state_if_needed();
366 }
367
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]368 virtual status_t dump(int fd, const Vector<String16> &) {
369 IPCThreadState* ipc = IPCThreadState::self();
370 const int pid = ipc->getCallingPid();
371 const int uid = ipc->getCallingUid();
372 if (!PermissionCache::checkPermission(DUMP_PERMISSION, pid, uid)) {
373 return PERMISSION_DENIED;
374 }
375
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]376 if (hw_device == NULL) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]377 const char *result = "Device not available";
378 write(fd, result, strlen(result) + 1);
379 } else {
380 const char *result = "OK";
381 write(fd, result, strlen(result) + 1);
382 }
383
384 return NO_ERROR;
385 }
386
387private:
Alexey Polyudov275aece2016-10-18 13:59:26 -0700[diff] [blame]388 sp<IGatekeeper> hw_device;
Justin Yun68b0ec62017-08-16 18:54:20 +0900[diff] [blame]389 std::unique_ptr<SoftGateKeeperDevice> soft_device;
Adrian Rooscb4ed1b2017-04-12 13:03:04 -0700[diff] [blame]390
391 bool clear_state_if_needed_done;
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]392};
393}// namespace android
394
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]395int main(int argc, char* argv[]) {
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]396 ALOGI("Starting gatekeeperd...");
Andres Morales6a49c2f2015-04-16 13:16:24 -0700[diff] [blame]397 if (argc < 2) {
398 ALOGE("A directory must be specified!");
399 return 1;
400 }
401 if (chdir(argv[1]) == -1) {
402 ALOGE("chdir: %s: %s", argv[1], strerror(errno));
403 return 1;
404 }
405
Andres Morales2d08dce2015-04-03 16:40:15 -0700[diff] [blame]406 android::sp<android::IServiceManager> sm = android::defaultServiceManager();
407 android::sp<android::GateKeeperProxy> proxy = new android::GateKeeperProxy();
408 android::status_t ret = sm->addService(
409 android::String16("android.service.gatekeeper.IGateKeeperService"), proxy);
410 if (ret != android::OK) {
411 ALOGE("Couldn't register binder service!");
412 return -1;
413 }
414
415 /*
416 * We're the only thread in existence, so we're just going to process
417 * Binder transaction as a single-threaded program.
418 */
419 android::IPCThreadState::self()->joinThreadPool();
420 return 0;
421}