summaryrefslogtreecommitdiffstats
path: root/gatekeeperd
Commit message (Collapse)AuthorAgeFilesLines
* [gatekeeperd] copy uid to local before passing to u_mapAndres Morales2015-11-092-3/+6
| | | | | | | | | | | | | | The compiler will issue the unaligned access instuctions when reading from a packed struct. Since 'find' takes a reference, if we pass the field directly it is removed from its packed context and may be unreadable. Read the field out directly from the packed struct and pass in aligned to u_map to fix. Bug: 22367550 Change-Id: Ia3b639c7518154ff5a2b7c233b752e154eab9aad (cherry picked from commit 6e83dc4d325d68b568c841d3e88fda2a93e00663)
* [gatekeeperd] Check parent profile for SID lookupsAndres Morales2015-08-054-2/+125
| | | | | Bug: 22257554 Change-Id: I1a363729b449a2bc8594b48dada719fd79da7036
* Merge "[gatekeeperd] fix use of uninitialized memory" into mnc-devAndres Morales2015-07-101-0/+2
|\
| * [gatekeeperd] fix use of uninitialized memoryAndres Morales2015-07-081-0/+2
| | | | | | | | | | Bug: 22319772 Change-Id: I3cb83389f11e54867aca132de48a3f6407b7eaf3
* | [gatekeeperd] fix file descriptor leakAndres Morales2015-07-101-0/+1
|/ | | | | Bug: 22403703 Change-Id: I65da3b3b3f85db035d79277344beb5460cb025f2
* Merge "[gatekeeperd] fix issue with SW->HW upgrades" into mnc-devAndres Morales2015-06-251-2/+4
|\
| * [gatekeeperd] fix issue with SW->HW upgradesAndres Morales2015-06-241-2/+4
| | | | | | | | | | | | | | | | | | | | If the handle version is 0, there's no hardware_backed flag meaning hardware backed handles will be attempted against the soft impl. Ensure we don't try to read from hardware_backed unless the version is > 0. Bug: 21090356 Change-Id: I65f009c55538ea3c20eb486b580eb11ce93934fc
* | Merge "Add missing include. Clang build fix." into mnc-devDan Albert2015-06-241-1/+3
|\ \ | |/ |/|
| * Add missing include. Clang build fix.Dan Albert2015-06-101-1/+3
| | | | | | | | Change-Id: I74bed4f27e34c6bbf904058c14e124d8f5d35d82
* | [gatekeeperd] clear state and mark on cold bootAndres Morales2015-06-241-0/+25
| | | | | | | | | | | | | | required to initialize state by certain HAL impls Bug: 22011857 Change-Id: Ibb01a799da983e1a930aae946c331b23f571861d
* | [gatekeeperd] invalidate stale password cacheAndres Morales2015-06-231-2/+2
| | | | | | | | | | | | | | | | password may change offline, invalidate the cache if it is stale Bug: 22019187 Change-Id: I2aaae978c8bd4629a0f93df3778d8679ae9b53d5
* | [gatekeeperd] handle upgrades from software version to HALAndres Morales2015-06-221-6/+34
| | | | | | | | | | | | | | | | | | Certain devices, like Shamu, are currently running an interim software-only gatekeeper. When the HAL for those devices is merged, we need to handle upgrading to the HAL smoothly. Bug: 21090356 Change-Id: I5352bc547a43671a08249eae532e8b3ce6b90087
* | [gatekeeperd] add fast path for SW password verificationAndres Morales2015-06-222-2/+47
|/ | | | | Bug: 21445004 Change-Id: I5e36ddbefaf1fa8de8623858fd785ac8fb651a4f
* Merge "[gatekeeperd] track gk failure record changes" into mnc-devAndres Morales2015-06-041-6/+14
|\
| * [gatekeeperd] track gk failure record changesAndres Morales2015-06-031-6/+14
| | | | | | | | | | Bug:21118563 Change-Id: Ia726dc4db6ec5c6a1e8e08a689ec82568ff1e5aa
* | [gatekeeperd] verify a password after enrolling successfullyAndres Morales2015-06-021-0/+6
|/ | | | | Bug: 20918106 Change-Id: Ia3cb6d1375d9ee2a6e543ee97d37b7c4f0459447
* [gatekeeperd] return brute-force throttling informationAndres Morales2015-05-279-43/+465
| | | | | Bug: 21118563 Change-Id: I13c6a44f61668be8b4c1fde8c84dcfebab84517c
* Move SoftGateKeeper into gatekeeperdAndres Morales2015-05-144-15/+216
| | | | | | | | | Allows for easy determination of whether there's a hardware module in place. Permits tighter coupling of software implementation with upper-level stack. Bug:21090356 Change-Id: I275b57cd976c233c43c476c5869c5a4b29fbc175
* Make clear SID delete the fileAndres Morales2015-04-171-2/+11
| | | | | | | | This allows us to recover in situations where we manage to clear the SID in GateKeeper but fail to remove the password in LockSettingsService. Change-Id: Ib64ead137632f9615745a414c90a9b66b847134f
* Implement clear SID APIAndres Morales2015-04-163-0/+24
| | | | Change-Id: I4ada55674edff32d3e39d460070e03abbf847359
* Implement SID APIAndres Morales2015-04-164-3/+82
| | | | Change-Id: Id11632a6b4b9cab6f08f97026dd65fdf49a46491
* Use proper NO_ERROR checking KS return valueAndres Morales2015-04-131-2/+4
| | | | | | | | It's a bit weird that KS defines NO_ERROR outside a namespace like the Android binder lib, but assigns it the value 1 instead of 0. Change-Id: I5aedfd495f2f3bdff7eb1b4ba0f75d335dfe12d9
* Update verify API to return auth token blobAndres Morales2015-04-113-10/+59
| | | | Change-Id: I853e61815458b54fb3b2f29e12a147b3b9aa3788
* Add challenge to verify callAndres Morales2015-04-103-5/+6
| | | | | | required for enrolling secondary auth form factors Change-Id: Ia3e1d47f988bca1bb1a0e713c000886e60b4e839
* GateKeeper proxy serviceAndres Morales2015-04-084-0/+345
Until we have SELinux support for gating access to individual TEE services, we will proxy TEE requests to GateKeeper via this daemon. Change-Id: Ifa316b75f75bff79bdae613a112c8c3c2e7189a8