From 644ddd6370eb6a943d56c8021ed98cc72599d50e Mon Sep 17 00:00:00 2001 From: "A. Cody Schuffelen" Date: Tue, 16 Jun 2020 16:34:03 -0700 Subject: Add host_supported to libgatekeeper. Bug: 155694128 Test: m libgatekeeper Change-Id: I28d2be9deabb37ccdd71635cce6bd4b0c7d0c49c --- Android.bp | 1 + 1 file changed, 1 insertion(+) diff --git a/Android.bp b/Android.bp index 49a06c4..c341fa5 100644 --- a/Android.bp +++ b/Android.bp @@ -17,6 +17,7 @@ cc_library_shared { name: "libgatekeeper", vendor_available: true, + host_supported: true, vndk: { enabled: true, }, -- cgit v1.2.3 From 12984691edd5611d5d38ddd876a273b409ae3bb6 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 19 Jan 2021 20:25:07 -0800 Subject: Appease UB sanitizer on reading gatekeeper error codes. Test: compiles Bug: 177955458 Change-Id: I0af165eadf24ff7bea9b37e3900eb4677c4a98ba --- gatekeeper_messages.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/gatekeeper_messages.cpp b/gatekeeper_messages.cpp index 3450d2b..1e5b1f5 100644 --- a/gatekeeper_messages.cpp +++ b/gatekeeper_messages.cpp @@ -50,6 +50,22 @@ static inline void append_to_buffer(uint8_t **buffer, const SizedBuffer &to_appe } } +static inline gatekeeper_error_t readError(uint32_t code) { + switch (code) { + case ERROR_NONE: + return ERROR_NONE; + case ERROR_INVALID: + return ERROR_INVALID; + case ERROR_RETRY: + return ERROR_RETRY; + case ERROR_MEMORY_ALLOCATION_FAILED: + return ERROR_MEMORY_ALLOCATION_FAILED; + case ERROR_UNKNOWN: + default: + return ERROR_UNKNOWN; + } +} + static inline gatekeeper_error_t read_from_buffer(const uint8_t **buffer, const uint8_t *end, SizedBuffer *target) { if (target == nullptr) return ERROR_INVALID; @@ -119,7 +135,7 @@ uint32_t GateKeeperMessage::Serialize(uint8_t *buffer, const uint8_t *end) const gatekeeper_error_t GateKeeperMessage::Deserialize(const uint8_t *payload, const uint8_t *end) { if (!fitsBuffer(payload, end, sizeof(serial_header_t))) return ERROR_INVALID; const serial_header_t *header = reinterpret_cast(payload); - error = static_cast(header->error); + error = readError(header->error); user_id = header->user_id; payload += sizeof(*header); if (error == ERROR_NONE) { -- cgit v1.2.3 From 76b743e8a1e431cd87def8e9526401df078272e3 Mon Sep 17 00:00:00 2001 From: Marco Nelissen Date: Mon, 25 Jan 2021 13:46:42 -0800 Subject: Add DeleteUser/DeleteAllUsers to gatekeeper Not actually implemented yet, but will respond to calls. Also add "-Werror -Wunused-parameter" to rules.mk, since that's what's used by presubmit build checks. Bug: 160731903 Test: "atest VtsHalGatekeeperV1_0TargetTest" manual testing with added instrumentation Change-Id: I3c9c4d3a2d07f4b018cd7b03691b92a777dd9f0d --- gatekeeper.cpp | 9 +++++++ gatekeeper_messages.cpp | 3 +++ include/gatekeeper/gatekeeper.h | 2 ++ include/gatekeeper/gatekeeper_messages.h | 40 ++++++++++++++++++++++++++++++++ rules.mk | 2 +- 5 files changed, 55 insertions(+), 1 deletion(-) diff --git a/gatekeeper.cpp b/gatekeeper.cpp index 9d77947..436ae81 100644 --- a/gatekeeper.cpp +++ b/gatekeeper.cpp @@ -163,6 +163,15 @@ void GateKeeper::Verify(const VerifyRequest &request, VerifyResponse *response) } } +void GateKeeper::DeleteUser(const DeleteUserRequest &/*request*/, DeleteUserResponse *response) { + response->error = ERROR_NOT_IMPLEMENTED; +} + +void GateKeeper::DeleteAllUsers(const DeleteAllUsersRequest &/*request*/, + DeleteAllUsersResponse *response) { + response->error = ERROR_NOT_IMPLEMENTED; +} + bool GateKeeper::CreatePasswordHandle(SizedBuffer *password_handle_buffer, salt_t salt, secure_id_t user_id, uint64_t flags, uint8_t handle_version, const SizedBuffer & password) { if (password_handle_buffer == nullptr) return false; diff --git a/gatekeeper_messages.cpp b/gatekeeper_messages.cpp index 3450d2b..01f2f8c 100644 --- a/gatekeeper_messages.cpp +++ b/gatekeeper_messages.cpp @@ -280,5 +280,8 @@ gatekeeper_error_t EnrollResponse::nonErrorDeserialize(const uint8_t *payload, c return read_from_buffer(&payload, end, &enrolled_password_handle); } +DeleteUserRequest::DeleteUserRequest(uint32_t user_id) { + this->user_id = user_id; +} }; diff --git a/include/gatekeeper/gatekeeper.h b/include/gatekeeper/gatekeeper.h index 27d4f32..9f70d6f 100644 --- a/include/gatekeeper/gatekeeper.h +++ b/include/gatekeeper/gatekeeper.h @@ -44,6 +44,8 @@ public: void Enroll(const EnrollRequest &request, EnrollResponse *response); void Verify(const VerifyRequest &request, VerifyResponse *response); + void DeleteUser(const DeleteUserRequest &request, DeleteUserResponse *response); + void DeleteAllUsers(const DeleteAllUsersRequest &request, DeleteAllUsersResponse *response); protected: diff --git a/include/gatekeeper/gatekeeper_messages.h b/include/gatekeeper/gatekeeper_messages.h index 82fdbcd..ec33f18 100644 --- a/include/gatekeeper/gatekeeper_messages.h +++ b/include/gatekeeper/gatekeeper_messages.h @@ -36,6 +36,7 @@ typedef enum { ERROR_RETRY = 2, ERROR_UNKNOWN = 3, ERROR_MEMORY_ALLOCATION_FAILED = 4, + ERROR_NOT_IMPLEMENTED = 5, } gatekeeper_error_t; struct SizedBuffer { @@ -231,6 +232,45 @@ public: SizedBuffer enrolled_password_handle; }; + +struct DeleteUserRequest : public GateKeeperMessage { + DeleteUserRequest(uint32_t user_id); + DeleteUserRequest() = default; + + uint32_t nonErrorSerializedSize() const override { return 0; } + void nonErrorSerialize(uint8_t * /*buffer*/) const override {} + gatekeeper_error_t nonErrorDeserialize( + const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; } +}; + +struct DeleteUserResponse : public GateKeeperMessage { + DeleteUserResponse() {} + + uint32_t nonErrorSerializedSize() const override { return 0; } + void nonErrorSerialize(uint8_t * /*buffer*/) const override {} + gatekeeper_error_t nonErrorDeserialize( + const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; } +}; + + +struct DeleteAllUsersRequest : public GateKeeperMessage { + DeleteAllUsersRequest() {}; + + uint32_t nonErrorSerializedSize() const override { return 0; } + void nonErrorSerialize(uint8_t * /*buffer*/) const override {} + gatekeeper_error_t nonErrorDeserialize( + const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; } +}; + +struct DeleteAllUsersResponse : public GateKeeperMessage { + DeleteAllUsersResponse() {} + + uint32_t nonErrorSerializedSize() const override { return 0; } + void nonErrorSerialize(uint8_t * /*buffer*/) const override {} + gatekeeper_error_t nonErrorDeserialize( + const uint8_t * /*payload*/, const uint8_t * /*end*/) override { return ERROR_NONE; } +}; + } #endif // GATEKEEPER_MESSAGES_H_ diff --git a/rules.mk b/rules.mk index 831c05a..3fff17c 100644 --- a/rules.mk +++ b/rules.mk @@ -8,7 +8,7 @@ MODULE_SRCS := \ GLOBAL_INCLUDES += $(LOCAL_DIR)/include/ -MODULE_CPPFLAGS := -std=c++11 +MODULE_CPPFLAGS := -std=c++11 -Werror -Wunused-parameter MODULE_INCLUDES := \ $(LOCAL_DIR)/../../hardware/libhardware/include -- cgit v1.2.3 From 8d7cafed36ef2a7555131a69c6aee4eb696e1a3f Mon Sep 17 00:00:00 2001 From: Marco Nelissen Date: Thu, 28 Jan 2021 09:20:03 -0800 Subject: Implement DeleteUser/DeleteAllUsers Bug: 160731903 Test: "atest VtsHalGatekeeperV1_0TargetTest" manual testing with added instrumentation Change-Id: I79fab5910a344fdec0e7acf62839146e146ac922 --- gatekeeper.cpp | 11 ++++++++--- include/gatekeeper/gatekeeper.h | 14 ++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/gatekeeper.cpp b/gatekeeper.cpp index 436ae81..57be100 100644 --- a/gatekeeper.cpp +++ b/gatekeeper.cpp @@ -163,13 +163,18 @@ void GateKeeper::Verify(const VerifyRequest &request, VerifyResponse *response) } } -void GateKeeper::DeleteUser(const DeleteUserRequest &/*request*/, DeleteUserResponse *response) { - response->error = ERROR_NOT_IMPLEMENTED; +void GateKeeper::DeleteUser(const DeleteUserRequest &request, DeleteUserResponse *response) { + if (response == nullptr) return; + + uint32_t uid = request.user_id; + response->error = RemoveUser(uid); } void GateKeeper::DeleteAllUsers(const DeleteAllUsersRequest &/*request*/, DeleteAllUsersResponse *response) { - response->error = ERROR_NOT_IMPLEMENTED; + if (response == nullptr) return; + + response->error = RemoveAllUsers(); } bool GateKeeper::CreatePasswordHandle(SizedBuffer *password_handle_buffer, salt_t salt, diff --git a/include/gatekeeper/gatekeeper.h b/include/gatekeeper/gatekeeper.h index 9f70d6f..62f0b34 100644 --- a/include/gatekeeper/gatekeeper.h +++ b/include/gatekeeper/gatekeeper.h @@ -116,6 +116,20 @@ protected: */ virtual uint64_t GetMillisecondsSinceBoot() const = 0; + /** + * Removes all records for the given user. + * + * Returns true if the user's records were successfully deleted. + */ + virtual gatekeeper_error_t RemoveUser(uint32_t /* uid */) { return ERROR_NOT_IMPLEMENTED; } + + /** + * Removes all records. + * + * Returns true if the records were successfully deleted. + */ + virtual gatekeeper_error_t RemoveAllUsers() { return ERROR_NOT_IMPLEMENTED; } + /** * Returns the value of the current failure record for the user. * -- cgit v1.2.3 From 8b274d9647fafefe8b94f750aab179ca4514fda3 Mon Sep 17 00:00:00 2001 From: Bob Badour Date: Fri, 12 Feb 2021 20:36:27 -0800 Subject: [LSC] Add LOCAL_LICENSE_KINDS to system/gatekeeper Added SPDX-license-identifier-Apache-2.0 to: Android.bp tests/Android.bp Bug: 68860345 Bug: 151177513 Bug: 151953481 Test: m all Exempt-From-Owner-Approval: janitorial work Change-Id: Ib8904c33a9284d8b1bf0a116f015e6eb31743993 --- Android.bp | 4 ++++ tests/Android.bp | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/Android.bp b/Android.bp index c341fa5..340d4cf 100644 --- a/Android.bp +++ b/Android.bp @@ -14,6 +14,10 @@ // libgatekeeper contains just the code necessary to communicate with a // GoogleGateKeeper implementation, e.g. one running in TrustZone. +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + cc_library_shared { name: "libgatekeeper", vendor_available: true, diff --git a/tests/Android.bp b/tests/Android.bp index 2dcfc8b..1ca9143 100644 --- a/tests/Android.bp +++ b/tests/Android.bp @@ -14,6 +14,10 @@ // limitations under the License. // +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + cc_test { name: "gatekeeper-unit-tests", -- cgit v1.2.3