diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2021-06-21 14:36:55 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2021-06-21 14:36:55 +0000 |
commit | d57027b1652f9df31c053d2658741dbbd1d85593 (patch) | |
tree | f09f14760e7ccfc14047d326269ebafcfcfd5498 | |
parent | dd73a85fb461d6b6732fed1096ebd7b3e4619691 (diff) | |
parent | dfd56e3d82e4c7ebd7d39a5380429a432ce71a71 (diff) | |
download | gatekeeper-android-mainline-12.0.0_r2.tar.gz |
Snap for 7478028 from dfd56e3d82e4c7ebd7d39a5380429a432ce71a71 to mainline-documentsui-releaseandroid-mainline-12.0.0_r26android-mainline-12.0.0_r2aml_doc_310851020android12-mainline-documentsui-release
Change-Id: I77ff67cfb8bb46f371658a3aac6b8fafaa9b5682
-rw-r--r-- | Android.bp | 5 | ||||
-rw-r--r-- | gatekeeper.cpp | 14 | ||||
-rw-r--r-- | gatekeeper_messages.cpp | 21 | ||||
-rw-r--r-- | include/gatekeeper/gatekeeper.h | 16 | ||||
-rw-r--r-- | include/gatekeeper/gatekeeper_messages.h | 40 | ||||
-rw-r--r-- | rules.mk | 2 | ||||
-rw-r--r-- | tests/Android.bp | 4 |
7 files changed, 100 insertions, 2 deletions
@@ -14,9 +14,14 @@ // libgatekeeper contains just the code necessary to communicate with a // GoogleGateKeeper implementation, e.g. one running in TrustZone. +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + cc_library_shared { name: "libgatekeeper", vendor_available: true, + host_supported: true, vndk: { enabled: true, }, diff --git a/gatekeeper.cpp b/gatekeeper.cpp index 9d77947..57be100 100644 --- a/gatekeeper.cpp +++ b/gatekeeper.cpp @@ -163,6 +163,20 @@ void GateKeeper::Verify(const VerifyRequest &request, VerifyResponse *response) } } +void GateKeeper::DeleteUser(const DeleteUserRequest &request, DeleteUserResponse *response) { + if (response == nullptr) return; + + uint32_t uid = request.user_id; + response->error = RemoveUser(uid); +} + +void GateKeeper::DeleteAllUsers(const DeleteAllUsersRequest &/*request*/, + DeleteAllUsersResponse *response) { + if (response == nullptr) return; + + response->error = RemoveAllUsers(); +} + bool GateKeeper::CreatePasswordHandle(SizedBuffer *password_handle_buffer, salt_t salt, secure_id_t user_id, uint64_t flags, uint8_t handle_version, const SizedBuffer & password) { if (password_handle_buffer == nullptr) return false; diff --git a/gatekeeper_messages.cpp b/gatekeeper_messages.cpp index 3450d2b..3b78664 100644 --- a/gatekeeper_messages.cpp +++ b/gatekeeper_messages.cpp @@ -50,6 +50,22 @@ static inline void append_to_buffer(uint8_t **buffer, const SizedBuffer &to_appe } } +static inline gatekeeper_error_t readError(uint32_t code) { + switch (code) { + case ERROR_NONE: + return ERROR_NONE; + case ERROR_INVALID: + return ERROR_INVALID; + case ERROR_RETRY: + return ERROR_RETRY; + case ERROR_MEMORY_ALLOCATION_FAILED: + return ERROR_MEMORY_ALLOCATION_FAILED; + case ERROR_UNKNOWN: + default: + return ERROR_UNKNOWN; + } +} + static inline gatekeeper_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end, SizedBuffer *target) { if (target == nullptr) return ERROR_INVALID; @@ -119,7 +135,7 @@ uint32_t GateKeeperMessage::Serialize(uint8_t *buffer, const uint8_t *end) const gatekeeper_error_t GateKeeperMessage::Deserialize(const uint8_t *payload, const uint8_t *end) { if (!fitsBuffer(payload, end, sizeof(serial_header_t))) return ERROR_INVALID; const serial_header_t *header = reinterpret_cast<const serial_header_t *>(payload); - error = static_cast<gatekeeper_error_t>(header->error); + error = readError(header->error); user_id = header->user_id; payload += sizeof(*header); if (error == ERROR_NONE) { @@ -280,5 +296,8 @@ gatekeeper_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, c return read_from_buffer(&payload, end, &enrolled_password_handle); } +DeleteUserRequest::DeleteUserRequest(uint32_t user_id) { + this->user_id = user_id; +} }; diff --git a/include/gatekeeper/gatekeeper.h b/include/gatekeeper/gatekeeper.h index 27d4f32..62f0b34 100644 --- a/include/gatekeeper/gatekeeper.h +++ b/include/gatekeeper/gatekeeper.h @@ -44,6 +44,8 @@ public: void Enroll(const EnrollRequest &request, EnrollResponse *response); void Verify(const VerifyRequest &request, VerifyResponse *response); + void DeleteUser(const DeleteUserRequest &request, DeleteUserResponse *response); + void DeleteAllUsers(const DeleteAllUsersRequest &request, DeleteAllUsersResponse *response); protected: @@ -115,6 +117,20 @@ protected: virtual uint64_t GetMillisecondsSinceBoot() const = 0; /** + * Removes all records for the given user. + * + * Returns true if the user's records were successfully deleted. + */ + virtual gatekeeper_error_t RemoveUser(uint32_t /* uid */) { return ERROR_NOT_IMPLEMENTED; } + + /** + * Removes all records. + * + * Returns true if the records were successfully deleted. + */ + virtual gatekeeper_error_t RemoveAllUsers() { return ERROR_NOT_IMPLEMENTED; } + + /** * Returns the value of the current failure record for the user. * * The failure record should be written to hardware-backed secure storage, such as diff --git a/include/gatekeeper/gatekeeper_messages.h b/include/gatekeeper/gatekeeper_messages.h index 82fdbcd..ec33f18 100644 --- a/include/gatekeeper/gatekeeper_messages.h +++ b/include/gatekeeper/gatekeeper_messages.h @@ -36,6 +36,7 @@ typedef enum { ERROR_RETRY = 2, ERROR_UNKNOWN = 3, ERROR_MEMORY_ALLOCATION_FAILED = 4, + ERROR_NOT_IMPLEMENTED = 5, } gatekeeper_error_t; struct SizedBuffer { @@ -231,6 +232,45 @@ public: SizedBuffer enrolled_password_handle; }; + +struct DeleteUserRequest : public GateKeeperMessage { + DeleteUserRequest(uint32_t user_id); + DeleteUserRequest() = default; + + uint32_t nonErrorSerializedSize() const override { return 0; } + void nonErrorSerialize(uint8_t * /*buffer*/) const override {} + gatekeeper_error_t nonErrorDeserialize( + const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; } +}; + +struct DeleteUserResponse : public GateKeeperMessage { + DeleteUserResponse() {} + + uint32_t nonErrorSerializedSize() const override { return 0; } + void nonErrorSerialize(uint8_t * /*buffer*/) const override {} + gatekeeper_error_t nonErrorDeserialize( + const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; } +}; + + +struct DeleteAllUsersRequest : public GateKeeperMessage { + DeleteAllUsersRequest() {}; + + uint32_t nonErrorSerializedSize() const override { return 0; } + void nonErrorSerialize(uint8_t * /*buffer*/) const override {} + gatekeeper_error_t nonErrorDeserialize( + const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; } +}; + +struct DeleteAllUsersResponse : public GateKeeperMessage { + DeleteAllUsersResponse() {} + + uint32_t nonErrorSerializedSize() const override { return 0; } + void nonErrorSerialize(uint8_t * /*buffer*/) const override {} + gatekeeper_error_t nonErrorDeserialize( + const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; } +}; + } #endif // GATEKEEPER_MESSAGES_H_ @@ -8,7 +8,7 @@ MODULE_SRCS := \ GLOBAL_INCLUDES += $(LOCAL_DIR)/include/ -MODULE_CPPFLAGS := -std=c++11 +MODULE_CPPFLAGS := -std=c++11 -Werror -Wunused-parameter MODULE_INCLUDES := \ $(LOCAL_DIR)/../../hardware/libhardware/include diff --git a/tests/Android.bp b/tests/Android.bp index 2dcfc8b..1ca9143 100644 --- a/tests/Android.bp +++ b/tests/Android.bp @@ -14,6 +14,10 @@ // limitations under the License. // +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + cc_test { name: "gatekeeper-unit-tests", |