1*00c7fec1SAndroid Build Coastguard Worker /* 2*00c7fec1SAndroid Build Coastguard Worker * Copyright (C) 2023 The Android Open Source Project 3*00c7fec1SAndroid Build Coastguard Worker * 4*00c7fec1SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*00c7fec1SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*00c7fec1SAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*00c7fec1SAndroid Build Coastguard Worker * 8*00c7fec1SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*00c7fec1SAndroid Build Coastguard Worker * 10*00c7fec1SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*00c7fec1SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*00c7fec1SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*00c7fec1SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*00c7fec1SAndroid Build Coastguard Worker * limitations under the License. 15*00c7fec1SAndroid Build Coastguard Worker */ 16*00c7fec1SAndroid Build Coastguard Worker 17*00c7fec1SAndroid Build Coastguard Worker #include <aidl/android/hardware/gatekeeper/IGatekeeper.h> 18*00c7fec1SAndroid Build Coastguard Worker #include <android/hardware/gatekeeper/1.0/IGatekeeper.h> 19*00c7fec1SAndroid Build Coastguard Worker #include <android/service/gatekeeper/BnGateKeeperService.h> 20*00c7fec1SAndroid Build Coastguard Worker #include <gatekeeper/GateKeeperResponse.h> 21*00c7fec1SAndroid Build Coastguard Worker 22*00c7fec1SAndroid Build Coastguard Worker using ::android::hardware::gatekeeper::V1_0::IGatekeeper; 23*00c7fec1SAndroid Build Coastguard Worker using AidlIGatekeeper = ::aidl::android::hardware::gatekeeper::IGatekeeper; 24*00c7fec1SAndroid Build Coastguard Worker using ::android::binder::Status; 25*00c7fec1SAndroid Build Coastguard Worker using ::android::service::gatekeeper::BnGateKeeperService; 26*00c7fec1SAndroid Build Coastguard Worker using GKResponse = ::android::service::gatekeeper::GateKeeperResponse; 27*00c7fec1SAndroid Build Coastguard Worker 28*00c7fec1SAndroid Build Coastguard Worker namespace android { 29*00c7fec1SAndroid Build Coastguard Worker 30*00c7fec1SAndroid Build Coastguard Worker class GateKeeperProxy : public BnGateKeeperService { 31*00c7fec1SAndroid Build Coastguard Worker public: 32*00c7fec1SAndroid Build Coastguard Worker GateKeeperProxy(); 33*00c7fec1SAndroid Build Coastguard Worker ~GateKeeperProxy()34*00c7fec1SAndroid Build Coastguard Worker virtual ~GateKeeperProxy() {} 35*00c7fec1SAndroid Build Coastguard Worker 36*00c7fec1SAndroid Build Coastguard Worker void store_sid(uint32_t userId, uint64_t sid); 37*00c7fec1SAndroid Build Coastguard Worker 38*00c7fec1SAndroid Build Coastguard Worker void clear_state_if_needed(); 39*00c7fec1SAndroid Build Coastguard Worker 40*00c7fec1SAndroid Build Coastguard Worker bool mark_cold_boot(); 41*00c7fec1SAndroid Build Coastguard Worker 42*00c7fec1SAndroid Build Coastguard Worker void maybe_store_sid(uint32_t userId, uint64_t sid); 43*00c7fec1SAndroid Build Coastguard Worker 44*00c7fec1SAndroid Build Coastguard Worker uint64_t read_sid(uint32_t userId); 45*00c7fec1SAndroid Build Coastguard Worker 46*00c7fec1SAndroid Build Coastguard Worker void clear_sid(uint32_t userId); 47*00c7fec1SAndroid Build Coastguard Worker 48*00c7fec1SAndroid Build Coastguard Worker // This should only be called on userIds being passed to the GateKeeper HAL. It ensures that 49*00c7fec1SAndroid Build Coastguard Worker // secure storage shared across a GSI image and a host image will not overlap. 50*00c7fec1SAndroid Build Coastguard Worker Status adjust_userId(uint32_t userId, uint32_t* hw_userId); 51*00c7fec1SAndroid Build Coastguard Worker 52*00c7fec1SAndroid Build Coastguard Worker #define GK_ERROR *gkResponse = GKResponse::error(), Status::ok() 53*00c7fec1SAndroid Build Coastguard Worker 54*00c7fec1SAndroid Build Coastguard Worker Status enroll(int32_t userId, const std::optional<std::vector<uint8_t>>& currentPasswordHandle, 55*00c7fec1SAndroid Build Coastguard Worker const std::optional<std::vector<uint8_t>>& currentPassword, 56*00c7fec1SAndroid Build Coastguard Worker const std::vector<uint8_t>& desiredPassword, GKResponse* gkResponse) override; 57*00c7fec1SAndroid Build Coastguard Worker 58*00c7fec1SAndroid Build Coastguard Worker Status verify(int32_t userId, const ::std::vector<uint8_t>& enrolledPasswordHandle, 59*00c7fec1SAndroid Build Coastguard Worker const ::std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override; 60*00c7fec1SAndroid Build Coastguard Worker 61*00c7fec1SAndroid Build Coastguard Worker Status verifyChallenge(int32_t userId, int64_t challenge, 62*00c7fec1SAndroid Build Coastguard Worker const std::vector<uint8_t>& enrolledPasswordHandle, 63*00c7fec1SAndroid Build Coastguard Worker const std::vector<uint8_t>& providedPassword, 64*00c7fec1SAndroid Build Coastguard Worker GKResponse* gkResponse) override; 65*00c7fec1SAndroid Build Coastguard Worker 66*00c7fec1SAndroid Build Coastguard Worker Status getSecureUserId(int32_t userId, int64_t* sid) override; 67*00c7fec1SAndroid Build Coastguard Worker 68*00c7fec1SAndroid Build Coastguard Worker Status clearSecureUserId(int32_t userId) override; 69*00c7fec1SAndroid Build Coastguard Worker 70*00c7fec1SAndroid Build Coastguard Worker Status reportDeviceSetupComplete() override; 71*00c7fec1SAndroid Build Coastguard Worker 72*00c7fec1SAndroid Build Coastguard Worker status_t dump(int fd, const Vector<String16>&) override; 73*00c7fec1SAndroid Build Coastguard Worker 74*00c7fec1SAndroid Build Coastguard Worker private: 75*00c7fec1SAndroid Build Coastguard Worker // AIDL gatekeeper service. 76*00c7fec1SAndroid Build Coastguard Worker std::shared_ptr<AidlIGatekeeper> aidl_hw_device; 77*00c7fec1SAndroid Build Coastguard Worker // HIDL gatekeeper service. 78*00c7fec1SAndroid Build Coastguard Worker sp<IGatekeeper> hw_device; 79*00c7fec1SAndroid Build Coastguard Worker 80*00c7fec1SAndroid Build Coastguard Worker bool clear_state_if_needed_done; 81*00c7fec1SAndroid Build Coastguard Worker bool is_running_gsi; 82*00c7fec1SAndroid Build Coastguard Worker }; 83*00c7fec1SAndroid Build Coastguard Worker } // namespace android 84