GateKeeper proxy service

Until we have SELinux support for gating access to individual TEE services, we will proxy TEE requests to GateKeeper via this daemon. Change-Id: Ifa316b75f75bff79bdae613a112c8c3c2e7189a8
author: Andres Morales <anmorales@google.com> 2015-04-03 16:40:15 -0700
committer: Andres Morales <anmorales@google.com> 2015-04-08 15:20:22 -0700
commit: 2d08dce0beedcfc63b2a837045d1be7d49157555 (patch)
tree: 0a74bf6cd5b25138d1fc63ae8c0df389912efb0f /gatekeeperd/IGateKeeperService.cpp
parent: 56b8a6a59f6e86ba88ede9719e3445e8eb3187ae (diff)
download: system_core-2d08dce0beedcfc63b2a837045d1be7d49157555.zip
system_core-2d08dce0beedcfc63b2a837045d1be7d49157555.tar.gz
system_core-2d08dce0beedcfc63b2a837045d1be7d49157555.tar.bz2
1 files changed, 93 insertions, 0 deletions
diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp
new file mode 100644
index 0000000..133df4c
--- /dev/null
+++ b/gatekeeperd/IGateKeeperService.cpp
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2015, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+#define LOG_TAG "GateKeeperService"
+#include <utils/Log.h>
+
+#include "IGateKeeperService.h"
+
+namespace android {
+
+const android::String16 IGateKeeperService::descriptor("android.service.gatekeeper.IGateKeeperService");
+const android::String16& IGateKeeperService::getInterfaceDescriptor() const {
+    return IGateKeeperService::descriptor;
+}
+
+status_t BnGateKeeperService::onTransact(
+    uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) {
+    switch(code) {
+        case ENROLL: {
+            CHECK_INTERFACE(IGateKeeperService, data, reply);
+            uint32_t uid = data.readInt32();
+
+            ssize_t currentPasswordHandleSize = data.readInt32();
+            const uint8_t *currentPasswordHandle =
+                    static_cast<const uint8_t *>(data.readInplace(currentPasswordHandleSize));
+            if (!currentPasswordHandle) currentPasswordHandleSize = 0;
+
+            ssize_t currentPasswordSize = data.readInt32();
+            const uint8_t *currentPassword =
+                    static_cast<const uint8_t *>(data.readInplace(currentPasswordSize));
+            if (!currentPassword) currentPasswordSize = 0;
+
+            ssize_t desiredPasswordSize = data.readInt32();
+            const uint8_t *desiredPassword =
+                    static_cast<const uint8_t *>(data.readInplace(desiredPasswordSize));
+            if (!desiredPassword) desiredPasswordSize = 0;
+
+            uint8_t *out = NULL;
+            uint32_t outSize = 0;
+            status_t ret = enroll(uid, currentPasswordHandle, currentPasswordHandleSize,
+                    currentPassword, currentPasswordSize, desiredPassword,
+                    desiredPasswordSize, &out, &outSize);
+
+            reply->writeNoException();
+            if (ret == NO_ERROR && outSize > 0 && out != NULL) {
+                reply->writeInt32(outSize);
+                void *buf = reply->writeInplace(outSize);
+                memcpy(buf, out, outSize);
+                free(out);
+            } else {
+                reply->writeInt32(-1);
+            }
+            return NO_ERROR;
+        }
+        case VERIFY: {
+            CHECK_INTERFACE(IGateKeeperService, data, reply);
+            uint32_t uid = data.readInt32();
+            ssize_t currentPasswordHandleSize = data.readInt32();
+            const uint8_t *currentPasswordHandle =
+                    static_cast<const uint8_t *>(data.readInplace(currentPasswordHandleSize));
+            if (!currentPasswordHandle) currentPasswordHandleSize = 0;
+
+            ssize_t currentPasswordSize = data.readInt32();
+            const uint8_t *currentPassword =
+                static_cast<const uint8_t *>(data.readInplace(currentPasswordSize));
+            if (!currentPassword) currentPasswordSize = 0;
+
+            status_t ret = verify(uid, (uint8_t *) currentPasswordHandle, currentPasswordHandleSize,
+                    (uint8_t *) currentPassword, currentPasswordSize);
+            reply->writeNoException();
+            reply->writeInt32(ret == NO_ERROR ? 1 : 0);
+            return NO_ERROR;
+        }
+        default:
+            return BBinder::onTransact(code, data, reply, flags);
+    }
+};
+
+
+}; // namespace android
author	Andres Morales <anmorales@google.com>	2015-04-03 16:40:15 -0700
committer	Andres Morales <anmorales@google.com>	2015-04-08 15:20:22 -0700
commit	2d08dce0beedcfc63b2a837045d1be7d49157555 (patch)
tree	0a74bf6cd5b25138d1fc63ae8c0df389912efb0f /gatekeeperd/IGateKeeperService.cpp
parent	56b8a6a59f6e86ba88ede9719e3445e8eb3187ae (diff)
download	system_core-2d08dce0beedcfc63b2a837045d1be7d49157555.zip system_core-2d08dce0beedcfc63b2a837045d1be7d49157555.tar.gz system_core-2d08dce0beedcfc63b2a837045d1be7d49157555.tar.bz2