Add authorization binder methods
Add methods for sending an auth token to keystore and to query the
authorization state of a given operation. These methods are currently
stubs until authorization is implemented.
Change-Id: I0f97ffb3afe19c1f1d8a00bfc95e27616e7cb06c
diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp
index 3818acf..af81525 100644
--- a/keystore/IKeystoreService.cpp
+++ b/keystore/IKeystoreService.cpp
@@ -975,7 +975,6 @@
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
- data.writeInt32(bufLength);
data.writeByteArray(bufLength, buf);
status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
if (status != NO_ERROR) {
@@ -1205,7 +1204,7 @@
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
data.writeStrongBinder(token);
- status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
+ status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
if (status != NO_ERROR) {
ALOGD("abort() could not contact remote: %d\n", status);
return KM_ERROR_UNKNOWN_ERROR;
@@ -1218,6 +1217,45 @@
}
return ret;
}
+
+ virtual bool isOperationAuthorized(const sp<IBinder>& token)
+ {
+ Parcel data, reply;
+ data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
+ data.writeStrongBinder(token);
+ status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
+ &reply);
+ if (status != NO_ERROR) {
+ ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
+ return false;
+ }
+ int32_t err = reply.readExceptionCode();
+ int32_t ret = reply.readInt32();
+ if (err < 0) {
+ ALOGD("isOperationAuthorized() caught exception %d\n", err);
+ return false;
+ }
+ return ret == 1;
+ }
+
+ virtual int32_t addAuthToken(const uint8_t* token, size_t length)
+ {
+ Parcel data, reply;
+ data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
+ data.writeByteArray(length, token);
+ status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
+ if (status != NO_ERROR) {
+ ALOGD("addAuthToken() could not contact remote: %d\n", status);
+ return -1;
+ }
+ int32_t err = reply.readExceptionCode();
+ int32_t ret = reply.readInt32();
+ if (err < 0) {
+ ALOGD("addAuthToken() caught exception %d\n", err);
+ return -1;
+ }
+ return ret;
+ };
};
IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
@@ -1689,6 +1727,27 @@
return NO_ERROR;
}
+ case IS_OPERATION_AUTHORIZED: {
+ CHECK_INTERFACE(IKeystoreService, data, reply);
+ sp<IBinder> token = data.readStrongBinder();
+ bool result = isOperationAuthorized(token);
+ reply->writeNoException();
+ reply->writeInt32(result ? 1 : 0);
+
+ return NO_ERROR;
+ }
+ case ADD_AUTH_TOKEN: {
+ CHECK_INTERFACE(IKeystoreService, data, reply);
+ sp<IBinder> token = data.readStrongBinder();
+ const uint8_t* token_bytes = NULL;
+ size_t size = 0;
+ readByteArray(data, &token_bytes, &size);
+ int32_t result = addAuthToken(token_bytes, size);
+ reply->writeNoException();
+ reply->writeInt32(result);
+
+ return NO_ERROR;
+ }
default:
return BBinder::onTransact(code, data, reply, flags);
}