diff options
| author | Andres Morales <anmorales@google.com> | 2015-04-16 15:57:17 -0700 |
|---|---|---|
| committer | Andres Morales <anmorales@google.com> | 2015-04-16 15:57:17 -0700 |
| commit | 7c9c3bc9c2d3f98ff839f73dc76750dc23693eae (patch) | |
| tree | 4f243ac382dd3eef1780b36542dd184e05e604be | |
| parent | 6a49c2fa4371cad600f4a96da3d1644df862d2a5 (diff) | |
| download | system_core-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.zip system_core-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.tar.gz system_core-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.tar.bz2 | |
Implement clear SID API
Change-Id: I4ada55674edff32d3e39d460070e03abbf847359
| -rw-r--r-- | gatekeeperd/IGateKeeperService.cpp | 7 | ||||
| -rw-r--r-- | gatekeeperd/IGateKeeperService.h | 6 | ||||
| -rw-r--r-- | gatekeeperd/gatekeeperd.cpp | 11 |
3 files changed, 24 insertions, 0 deletions
diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp index d4ed533..f5bbbf1 100644 --- a/gatekeeperd/IGateKeeperService.cpp +++ b/gatekeeperd/IGateKeeperService.cpp @@ -123,6 +123,13 @@ status_t BnGateKeeperService::onTransact( reply->writeInt64(sid); return NO_ERROR; } + case CLEAR_SECURE_USER_ID: { + CHECK_INTERFACE(IGateKeeperService, data, reply); + uint32_t uid = data.readInt32(); + clearSecureUserId(uid); + reply->writeNoException(); + return NO_ERROR; + } default: return BBinder::onTransact(code, data, reply, flags); } diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h index 51e179d..a777318 100644 --- a/gatekeeperd/IGateKeeperService.h +++ b/gatekeeperd/IGateKeeperService.h @@ -32,6 +32,7 @@ public: VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1, VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2, GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3, + CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4, }; // DECLARE_META_INTERFACE - C++ client interface not needed @@ -70,6 +71,11 @@ public: * Returns the secure user ID for the provided android user */ virtual uint64_t getSecureUserId(uint32_t uid) = 0; + + /** + * Clears the secure user ID associated with the user. + */ + virtual void clearSecureUserId(uint32_t uid) = 0; }; // ---------------------------------------------------------------------------- diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp index 82aa422..a242504 100644 --- a/gatekeeperd/gatekeeperd.cpp +++ b/gatekeeperd/gatekeeperd.cpp @@ -173,6 +173,17 @@ public: return read_sid(uid); } + virtual void clearSecureUserId(uint32_t uid) { + IPCThreadState* ipc = IPCThreadState::self(); + const int calling_pid = ipc->getCallingPid(); + const int calling_uid = ipc->getCallingUid(); + if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) { + ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid); + return; + } + store_sid(uid, 0); + } + virtual status_t dump(int fd, const Vector<String16> &) { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); |