Snap for 7550844 from dfd56e3d82e4c7ebd7d39a5380429a432ce71a71 to mainline-tethering-releaseandroid-mainline-12.0.0_r95android-mainline-12.0.0_r82android-mainline-12.0.0_r66android-mainline-12.0.0_r53android-mainline-12.0.0_r38android-mainline-12.0.0_r18android-mainline-12.0.0_r125android-mainline-12.0.0_r110aml_tet_311811050android12-mainline-tethering-release

Change-Id: Ia451b4e6ff61e5cf1daca96e77dc7f6393280703

7 files changed, 100 insertions, 2 deletions

diff --git a/Android.bp b/Android.bp
index 49a06c4..340d4cf 100644
--- a/Android.bp
+++ b/Android.bp
@@ -14,9 +14,14 @@
 
 // libgatekeeper contains just the code necessary to communicate with a
 // GoogleGateKeeper implementation, e.g. one running in TrustZone.
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
 cc_library_shared {
     name: "libgatekeeper",
     vendor_available: true,
+    host_supported: true,
     vndk: {
         enabled: true,
     },
diff --git a/gatekeeper.cpp b/gatekeeper.cpp
index 9d77947..57be100 100644
--- a/gatekeeper.cpp
+++ b/gatekeeper.cpp
@@ -163,6 +163,20 @@ void GateKeeper::Verify(const VerifyRequest &request, VerifyResponse *response)
     }
 }
 
+void GateKeeper::DeleteUser(const DeleteUserRequest &request, DeleteUserResponse *response) {
+    if (response == nullptr) return;
+
+    uint32_t uid = request.user_id;
+    response->error = RemoveUser(uid);
+}
+
+void GateKeeper::DeleteAllUsers(const DeleteAllUsersRequest &/*request*/,
+        DeleteAllUsersResponse *response) {
+    if (response == nullptr) return;
+
+    response->error = RemoveAllUsers();
+}
+
 bool GateKeeper::CreatePasswordHandle(SizedBuffer *password_handle_buffer, salt_t salt,
         secure_id_t user_id, uint64_t flags, uint8_t handle_version, const SizedBuffer & password) {
     if (password_handle_buffer == nullptr) return false;
diff --git a/gatekeeper_messages.cpp b/gatekeeper_messages.cpp
index 3450d2b..3b78664 100644
--- a/gatekeeper_messages.cpp
+++ b/gatekeeper_messages.cpp
@@ -50,6 +50,22 @@ static inline void append_to_buffer(uint8_t **buffer, const SizedBuffer &to_appe
     }
 }
 
+static inline gatekeeper_error_t readError(uint32_t code) {
+    switch (code) {
+        case ERROR_NONE:
+            return ERROR_NONE;
+        case ERROR_INVALID:
+            return ERROR_INVALID;
+        case ERROR_RETRY:
+            return ERROR_RETRY;
+        case ERROR_MEMORY_ALLOCATION_FAILED:
+            return ERROR_MEMORY_ALLOCATION_FAILED;
+        case ERROR_UNKNOWN:
+        default:
+            return ERROR_UNKNOWN;
+    }
+}
+
 static inline gatekeeper_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end,
         SizedBuffer *target) {
     if (target == nullptr) return ERROR_INVALID;
@@ -119,7 +135,7 @@ uint32_t GateKeeperMessage::Serialize(uint8_t *buffer, const uint8_t *end) const
 gatekeeper_error_t GateKeeperMessage::Deserialize(const uint8_t *payload, const uint8_t *end) {
     if (!fitsBuffer(payload, end, sizeof(serial_header_t))) return ERROR_INVALID;
     const serial_header_t *header = reinterpret_cast<const serial_header_t *>(payload);
-    error = static_cast<gatekeeper_error_t>(header->error);
+    error = readError(header->error);
     user_id = header->user_id;
     payload += sizeof(*header);
     if (error == ERROR_NONE) {
@@ -280,5 +296,8 @@ gatekeeper_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, c
     return read_from_buffer(&payload, end, &enrolled_password_handle);
 }
 
+DeleteUserRequest::DeleteUserRequest(uint32_t user_id) {
+    this->user_id = user_id;
+}
 };
 
diff --git a/include/gatekeeper/gatekeeper.h b/include/gatekeeper/gatekeeper.h
index 27d4f32..62f0b34 100644
--- a/include/gatekeeper/gatekeeper.h
+++ b/include/gatekeeper/gatekeeper.h
@@ -44,6 +44,8 @@ public:
 
     void Enroll(const EnrollRequest &request, EnrollResponse *response);
     void Verify(const VerifyRequest &request, VerifyResponse *response);
+    void DeleteUser(const DeleteUserRequest &request, DeleteUserResponse *response);
+    void DeleteAllUsers(const DeleteAllUsersRequest &request, DeleteAllUsersResponse *response);
 
 protected:
 
@@ -115,6 +117,20 @@ protected:
     virtual uint64_t GetMillisecondsSinceBoot() const = 0;
 
     /**
+     * Removes all records for the given user.
+     *
+     * Returns true if the user's records were successfully deleted.
+     */
+    virtual gatekeeper_error_t RemoveUser(uint32_t /* uid */) { return ERROR_NOT_IMPLEMENTED; }
+
+    /**
+     * Removes all records.
+     *
+     * Returns true if the records were successfully deleted.
+     */
+    virtual gatekeeper_error_t RemoveAllUsers() { return ERROR_NOT_IMPLEMENTED; }
+
+    /**
      * Returns the value of the current failure record for the user.
      *
      * The failure record should be written to hardware-backed secure storage, such as
diff --git a/include/gatekeeper/gatekeeper_messages.h b/include/gatekeeper/gatekeeper_messages.h
index 82fdbcd..ec33f18 100644
--- a/include/gatekeeper/gatekeeper_messages.h
+++ b/include/gatekeeper/gatekeeper_messages.h
@@ -36,6 +36,7 @@ typedef enum {
     ERROR_RETRY = 2,
     ERROR_UNKNOWN = 3,
     ERROR_MEMORY_ALLOCATION_FAILED = 4,
+    ERROR_NOT_IMPLEMENTED = 5,
 } gatekeeper_error_t;
 
 struct SizedBuffer {
@@ -231,6 +232,45 @@ public:
 
    SizedBuffer enrolled_password_handle;
 };
+
+struct DeleteUserRequest : public GateKeeperMessage {
+    DeleteUserRequest(uint32_t user_id);
+    DeleteUserRequest() = default;
+
+    uint32_t nonErrorSerializedSize() const override { return 0; }
+    void nonErrorSerialize(uint8_t * /*buffer*/) const override {}
+    gatekeeper_error_t nonErrorDeserialize(
+            const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; }
+};
+
+struct DeleteUserResponse : public GateKeeperMessage {
+    DeleteUserResponse() {}
+
+    uint32_t nonErrorSerializedSize() const override { return 0; }
+    void nonErrorSerialize(uint8_t * /*buffer*/) const override {}
+    gatekeeper_error_t nonErrorDeserialize(
+            const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; }
+};
+
+
+struct DeleteAllUsersRequest : public GateKeeperMessage {
+    DeleteAllUsersRequest() {};
+
+    uint32_t nonErrorSerializedSize() const override { return 0; }
+    void nonErrorSerialize(uint8_t * /*buffer*/) const override {}
+    gatekeeper_error_t nonErrorDeserialize(
+            const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; }
+};
+
+struct DeleteAllUsersResponse : public GateKeeperMessage {
+    DeleteAllUsersResponse() {}
+
+    uint32_t nonErrorSerializedSize() const override { return 0; }
+    void nonErrorSerialize(uint8_t * /*buffer*/) const override {}
+    gatekeeper_error_t nonErrorDeserialize(
+            const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; }
+};
+
 }
 
 #endif // GATEKEEPER_MESSAGES_H_
diff --git a/rules.mk b/rules.mk
index 831c05a..3fff17c 100644
--- a/rules.mk
+++ b/rules.mk
@@ -8,7 +8,7 @@ MODULE_SRCS := \
 
 GLOBAL_INCLUDES += $(LOCAL_DIR)/include/
 
-MODULE_CPPFLAGS := -std=c++11
+MODULE_CPPFLAGS := -std=c++11 -Werror -Wunused-parameter
 
 MODULE_INCLUDES := \
 	$(LOCAL_DIR)/../../hardware/libhardware/include
diff --git a/tests/Android.bp b/tests/Android.bp
index 2dcfc8b..1ca9143 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -14,6 +14,10 @@
 // limitations under the License.
 //
 
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
 cc_test {
     name: "gatekeeper-unit-tests",