fuquan/allwinner_a64
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

upload android base code part4

Browse source
This commit is contained in:
August 2018-08-08 17:00:29 +08:00
parent b9e30e05b1
commit 78ea2404cd
23455 changed files with 5250148 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

66
android/hardware/interfaces/gatekeeper/1.0/Android.bp Normal file
View file

@ -0,0 +1,66 @@
// This file is autogenerated by hidl-gen. Do not edit manually.
filegroup {
name: "android.hardware.gatekeeper@1.0_hal",
srcs: [
"types.hal",
"IGatekeeper.hal",
],
}
genrule {
name: "android.hardware.gatekeeper@1.0_genc++",
tools: ["hidl-gen"],
cmd: "$(location hidl-gen) -o $(genDir) -Lc++-sources -randroid.hardware:hardware/interfaces -randroid.hidl:system/libhidl/transport android.hardware.gatekeeper@1.0",
srcs: [
":android.hardware.gatekeeper@1.0_hal",
],
out: [
"android/hardware/gatekeeper/1.0/types.cpp",
"android/hardware/gatekeeper/1.0/GatekeeperAll.cpp",
],
}
genrule {
name: "android.hardware.gatekeeper@1.0_genc++_headers",
tools: ["hidl-gen"],
cmd: "$(location hidl-gen) -o $(genDir) -Lc++-headers -randroid.hardware:hardware/interfaces -randroid.hidl:system/libhidl/transport android.hardware.gatekeeper@1.0",
srcs: [
":android.hardware.gatekeeper@1.0_hal",
],
out: [
"android/hardware/gatekeeper/1.0/types.h",
"android/hardware/gatekeeper/1.0/hwtypes.h",
"android/hardware/gatekeeper/1.0/IGatekeeper.h",
"android/hardware/gatekeeper/1.0/IHwGatekeeper.h",
"android/hardware/gatekeeper/1.0/BnHwGatekeeper.h",
"android/hardware/gatekeeper/1.0/BpHwGatekeeper.h",
"android/hardware/gatekeeper/1.0/BsGatekeeper.h",
],
}
cc_library {
name: "android.hardware.gatekeeper@1.0",
defaults: ["hidl-module-defaults"],
generated_sources: ["android.hardware.gatekeeper@1.0_genc++"],
generated_headers: ["android.hardware.gatekeeper@1.0_genc++_headers"],
export_generated_headers: ["android.hardware.gatekeeper@1.0_genc++_headers"],
vendor_available: true,
vndk: {
enabled: true,
},
shared_libs: [
"libhidlbase",
"libhidltransport",
"libhwbinder",
"liblog",
"libutils",
"libcutils",
],
export_shared_lib_headers: [
"libhidlbase",
"libhidltransport",
"libhwbinder",
"libutils",
],
}

156
android/hardware/interfaces/gatekeeper/1.0/Android.mk Normal file
View file

@ -0,0 +1,156 @@
# This file is autogenerated by hidl-gen. Do not edit manually.
LOCAL_PATH := $(call my-dir)
################################################################################
include $(CLEAR_VARS)
LOCAL_MODULE := android.hardware.gatekeeper-V1.0-java
LOCAL_MODULE_CLASS := JAVA_LIBRARIES
intermediates := $(call local-generated-sources-dir, COMMON)
HIDL := $(HOST_OUT_EXECUTABLES)/hidl-gen$(HOST_EXECUTABLE_SUFFIX)
LOCAL_JAVA_LIBRARIES := \
android.hidl.base-V1.0-java \
#
# Build types.hal (GatekeeperResponse)
#
GEN := $(intermediates)/android/hardware/gatekeeper/V1_0/GatekeeperResponse.java
$(GEN): $(HIDL)
$(GEN): PRIVATE_HIDL := $(HIDL)
$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
$(GEN): PRIVATE_CUSTOM_TOOL = \
$(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
-Ljava \
-randroid.hardware:hardware/interfaces \
-randroid.hidl:system/libhidl/transport \
android.hardware.gatekeeper@1.0::types.GatekeeperResponse
$(GEN): $(LOCAL_PATH)/types.hal
$(transform-generated-source)
LOCAL_GENERATED_SOURCES += $(GEN)
#
# Build types.hal (GatekeeperStatusCode)
#
GEN := $(intermediates)/android/hardware/gatekeeper/V1_0/GatekeeperStatusCode.java
$(GEN): $(HIDL)
$(GEN): PRIVATE_HIDL := $(HIDL)
$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
$(GEN): PRIVATE_CUSTOM_TOOL = \
$(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
-Ljava \
-randroid.hardware:hardware/interfaces \
-randroid.hidl:system/libhidl/transport \
android.hardware.gatekeeper@1.0::types.GatekeeperStatusCode
$(GEN): $(LOCAL_PATH)/types.hal
$(transform-generated-source)
LOCAL_GENERATED_SOURCES += $(GEN)
#
# Build IGatekeeper.hal
#
GEN := $(intermediates)/android/hardware/gatekeeper/V1_0/IGatekeeper.java
$(GEN): $(HIDL)
$(GEN): PRIVATE_HIDL := $(HIDL)
$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/IGatekeeper.hal
$(GEN): PRIVATE_DEPS += $(LOCAL_PATH)/types.hal
$(GEN): $(LOCAL_PATH)/types.hal
$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
$(GEN): PRIVATE_CUSTOM_TOOL = \
$(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
-Ljava \
-randroid.hardware:hardware/interfaces \
-randroid.hidl:system/libhidl/transport \
android.hardware.gatekeeper@1.0::IGatekeeper
$(GEN): $(LOCAL_PATH)/IGatekeeper.hal
$(transform-generated-source)
LOCAL_GENERATED_SOURCES += $(GEN)
include $(BUILD_JAVA_LIBRARY)
################################################################################
include $(CLEAR_VARS)
LOCAL_MODULE := android.hardware.gatekeeper-V1.0-java-static
LOCAL_MODULE_CLASS := JAVA_LIBRARIES
intermediates := $(call local-generated-sources-dir, COMMON)
HIDL := $(HOST_OUT_EXECUTABLES)/hidl-gen$(HOST_EXECUTABLE_SUFFIX)
LOCAL_STATIC_JAVA_LIBRARIES := \
android.hidl.base-V1.0-java-static \
#
# Build types.hal (GatekeeperResponse)
#
GEN := $(intermediates)/android/hardware/gatekeeper/V1_0/GatekeeperResponse.java
$(GEN): $(HIDL)
$(GEN): PRIVATE_HIDL := $(HIDL)
$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
$(GEN): PRIVATE_CUSTOM_TOOL = \
$(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
-Ljava \
-randroid.hardware:hardware/interfaces \
-randroid.hidl:system/libhidl/transport \
android.hardware.gatekeeper@1.0::types.GatekeeperResponse
$(GEN): $(LOCAL_PATH)/types.hal
$(transform-generated-source)
LOCAL_GENERATED_SOURCES += $(GEN)
#
# Build types.hal (GatekeeperStatusCode)
#
GEN := $(intermediates)/android/hardware/gatekeeper/V1_0/GatekeeperStatusCode.java
$(GEN): $(HIDL)
$(GEN): PRIVATE_HIDL := $(HIDL)
$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
$(GEN): PRIVATE_CUSTOM_TOOL = \
$(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
-Ljava \
-randroid.hardware:hardware/interfaces \
-randroid.hidl:system/libhidl/transport \
android.hardware.gatekeeper@1.0::types.GatekeeperStatusCode
$(GEN): $(LOCAL_PATH)/types.hal
$(transform-generated-source)
LOCAL_GENERATED_SOURCES += $(GEN)
#
# Build IGatekeeper.hal
#
GEN := $(intermediates)/android/hardware/gatekeeper/V1_0/IGatekeeper.java
$(GEN): $(HIDL)
$(GEN): PRIVATE_HIDL := $(HIDL)
$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/IGatekeeper.hal
$(GEN): PRIVATE_DEPS += $(LOCAL_PATH)/types.hal
$(GEN): $(LOCAL_PATH)/types.hal
$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
$(GEN): PRIVATE_CUSTOM_TOOL = \
$(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
-Ljava \
-randroid.hardware:hardware/interfaces \
-randroid.hidl:system/libhidl/transport \
android.hardware.gatekeeper@1.0::IGatekeeper
$(GEN): $(LOCAL_PATH)/IGatekeeper.hal
$(transform-generated-source)
LOCAL_GENERATED_SOURCES += $(GEN)
include $(BUILD_STATIC_JAVA_LIBRARY)
include $(call all-makefiles-under,$(LOCAL_PATH))

123
android/hardware/interfaces/gatekeeper/1.0/IGatekeeper.hal Normal file
View file

@ -0,0 +1,123 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.gatekeeper@1.0;
interface IGatekeeper {
/**
* Enrolls desiredPassword, which may be derived from a user selected pin
* or password, with the private key used only for enrolling authentication
* factor data.
*
* If there was already a password enrolled, current password handle must be
* passed in currentPasswordHandle, and current password must be passed in
* currentPassword. Valid currentPassword must verify() against
* currentPasswordHandle.
*
* @param uid The Android user identifier
*
* @param currentPasswordHandle The currently enrolled password handle the user
* wants to replace. May be empty only if there's no currently enrolled
* password. Otherwise must be non-empty.
*
* @param currentPassword The user's current password in plain text.
* it MUST verify against current_password_handle if the latter is not-empty
*
* @param desiredPassword The new password the user wishes to enroll in
* plaintext.
*
* @return response
* On success, data buffer must contain the new password handle referencing
* the password provided in desiredPassword.
* This buffer can be used on subsequent calls to enroll or
* verify. On error, this buffer must be empty.
* response.code must always contain operation completion status.
* This method may return ERROR_GENERAL_FAILURE or ERROR_RETRY_TIMEOUT on
* failure. It must return STATUS_OK on success.
* If ERROR_RETRY_TIMEOUT is returned, response.timeout must be non-zero.
*/
enroll(uint32_t uid,
vec<uint8_t> currentPasswordHandle,
vec<uint8_t> currentPassword,
vec<uint8_t> desiredPassword)
generates (GatekeeperResponse response);
/**
* Verifies that providedPassword matches enrolledPasswordHandle.
*
* Implementations of this module may retain the result of this call
* to attest to the recency of authentication.
*
* On success, returns verification token in response.data, which shall be
* usable to attest password verification to other trusted services.
*
* @param uid The Android user identifier
*
* @param challenge An optional challenge to authenticate against, or 0.
* Used when a separate authenticator requests password verification,
* or for transactional password authentication.
*
* @param enrolledPasswordHandle The currently enrolled password handle that
* user wishes to verify against. Must be non-empty.
*
* @param providedPassword The plaintext password to be verified against the
* enrolledPasswordHandle
*
* @return response
* On success, a non-empty data buffer containing the
* authentication token resulting from this verification is returned.
* On error, data buffer must be empty.
* response.code must always contain operation completion status.
* This method may return ERROR_GENERAL_FAILURE or ERROR_RETRY_TIMEOUT on
* failure. It must return STATUS_OK on success.
* If password re-enrollment is necessary, it must return STATUS_REENROLL.
* If ERROR_RETRY_TIMEOUT is returned, response.timeout must be non-zero.
*/
verify(uint32_t uid, uint64_t challenge,
vec<uint8_t> enrolledPasswordHandle,
vec<uint8_t> providedPassword)
generates (GatekeeperResponse response);
/**
* Deletes the enrolledPasswordHandle associated with the uid. Once deleted
* the user cannot be verified anymore.
* This is an optional method.
*
* @param uid The Android user identifier
*
* @return response
* response.code must always contain operation completion status.
* This method may return ERROR_GENERAL_FAILURE or ERROR_RETRY_TIMEOUT on
* failure. It must return STATUS_OK on success.
* If not implemented, it must return ERROR_NOT_IMPLEMENTED.
* If ERROR_RETRY_TIMEOUT is returned, response.timeout must be non-zero.
*/
deleteUser(uint32_t uid) generates (GatekeeperResponse response);
/**
* Deletes all the enrolled_password_handles for all uid's. Once called,
* no users must be enrolled on the device.
* This is an optional method.
*
* @return response
* response.code must always contain operation completion status.
* This method may return ERROR_GENERAL_FAILURE or ERROR_RETRY_TIMEOUT on
* failure. It must return STATUS_OK on success.
* If not implemented, it must return ERROR_NOT_IMPLEMENTED.
* If ERROR_RETRY_TIMEOUT is returned, response.timeout must be non-zero.
*/
deleteAllUsers() generates (GatekeeperResponse response);
};

40
android/hardware/interfaces/gatekeeper/1.0/default/Android.mk Normal file
View file

@ -0,0 +1,40 @@
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE_RELATIVE_PATH := hw
LOCAL_PROPRIETARY_MODULE := true
LOCAL_MODULE := android.hardware.gatekeeper@1.0-impl
LOCAL_SRC_FILES := \
Gatekeeper.cpp \
LOCAL_SHARED_LIBRARIES := \
android.hardware.gatekeeper@1.0 \
libhardware \
libhidlbase \
libhidltransport \
libutils \
liblog \
include $(BUILD_SHARED_LIBRARY)
include $(CLEAR_VARS)
LOCAL_MODULE_RELATIVE_PATH := hw
LOCAL_PROPRIETARY_MODULE := true
LOCAL_MODULE := android.hardware.gatekeeper@1.0-service
LOCAL_INIT_RC := android.hardware.gatekeeper@1.0-service.rc
LOCAL_SRC_FILES := \
service.cpp \
LOCAL_SHARED_LIBRARIES := \
android.hardware.gatekeeper@1.0 \
libhardware \
libhidlbase \
libhidltransport \
libutils \
liblog \
include $(BUILD_EXECUTABLE)

165
android/hardware/interfaces/gatekeeper/1.0/default/Gatekeeper.cpp Normal file
View file

@ -0,0 +1,165 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define LOG_TAG "android.hardware.gatekeeper@1.0-service"
#include <dlfcn.h>
#include <log/log.h>
#include "Gatekeeper.h"
namespace android {
namespace hardware {
namespace gatekeeper {
namespace V1_0 {
namespace implementation {
Gatekeeper::Gatekeeper()
{
int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module);
device = NULL;
if (!ret) {
ret = gatekeeper_open(module, &device);
}
if (ret < 0) {
LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
}
}
Gatekeeper::~Gatekeeper()
{
if (device != nullptr) {
int ret = gatekeeper_close(device);
if (ret < 0) {
ALOGE("Unable to close GateKeeper HAL");
}
}
dlclose(module->dso);
}
// Methods from ::android::hardware::gatekeeper::V1_0::IGatekeeper follow.
Return<void> Gatekeeper::enroll(uint32_t uid,
const hidl_vec<uint8_t>& currentPasswordHandle,
const hidl_vec<uint8_t>& currentPassword,
const hidl_vec<uint8_t>& desiredPassword,
enroll_cb cb)
{
GatekeeperResponse rsp;
uint8_t *enrolled_password_handle = nullptr;
uint32_t enrolled_password_handle_length = 0;
int ret = device->enroll(device, uid,
currentPasswordHandle.data(), currentPasswordHandle.size(),
currentPassword.data(), currentPassword.size(),
desiredPassword.data(), desiredPassword.size(),
&enrolled_password_handle, &enrolled_password_handle_length);
if (!ret) {
rsp.data.setToExternal(enrolled_password_handle,
enrolled_password_handle_length,
true);
rsp.code = GatekeeperStatusCode::STATUS_OK;
} else if (ret > 0) {
rsp.timeout = ret;
rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
} else {
rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
}
cb(rsp);
return Void();
}
Return<void> Gatekeeper::verify(uint32_t uid,
uint64_t challenge,
const hidl_vec<uint8_t>& enrolledPasswordHandle,
const hidl_vec<uint8_t>& providedPassword,
verify_cb cb)
{
GatekeeperResponse rsp;
uint8_t *auth_token = nullptr;
uint32_t auth_token_length = 0;
bool request_reenroll = false;
int ret = device->verify(device, uid, challenge,
enrolledPasswordHandle.data(), enrolledPasswordHandle.size(),
providedPassword.data(), providedPassword.size(),
&auth_token, &auth_token_length,
&request_reenroll);
if (!ret) {
rsp.data.setToExternal(auth_token, auth_token_length, true);
if (request_reenroll) {
rsp.code = GatekeeperStatusCode::STATUS_REENROLL;
} else {
rsp.code = GatekeeperStatusCode::STATUS_OK;
}
} else if (ret > 0) {
rsp.timeout = ret;
rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
} else {
rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
}
cb(rsp);
return Void();
}
Return<void> Gatekeeper::deleteUser(uint32_t uid, deleteUser_cb cb) {
GatekeeperResponse rsp;
if (device->delete_user != nullptr) {
int ret = device->delete_user(device, uid);
if (!ret) {
rsp.code = GatekeeperStatusCode::STATUS_OK;
} else if (ret > 0) {
rsp.timeout = ret;
rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
} else {
rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
}
} else {
rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
}
cb(rsp);
return Void();
}
Return<void> Gatekeeper::deleteAllUsers(deleteAllUsers_cb cb) {
GatekeeperResponse rsp;
if (device->delete_all_users != nullptr) {
int ret = device->delete_all_users(device);
if (!ret) {
rsp.code = GatekeeperStatusCode::STATUS_OK;
} else if (ret > 0) {
rsp.timeout = ret;
rsp.code = GatekeeperStatusCode::ERROR_RETRY_TIMEOUT;
} else {
rsp.code = GatekeeperStatusCode::ERROR_GENERAL_FAILURE;
}
} else {
rsp.code = GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED;
}
cb(rsp);
return Void();
}
IGatekeeper* HIDL_FETCH_IGatekeeper(const char* /* name */) {
return new Gatekeeper();
}
} // namespace implementation
} // namespace V1_0
} // namespace gatekeeper
} // namespace hardware
} // namespace android

72
android/hardware/interfaces/gatekeeper/1.0/default/Gatekeeper.h Normal file
View file

@ -0,0 +1,72 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef ANDROID_HARDWARE_GATEKEEPER_V1_0_GATEKEEPER_H
#define ANDROID_HARDWARE_GATEKEEPER_V1_0_GATEKEEPER_H
#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
#include <hidl/Status.h>
#include <hidl/MQDescriptor.h>
#include <hardware/hardware.h>
#include <hardware/gatekeeper.h>
namespace android {
namespace hardware {
namespace gatekeeper {
namespace V1_0 {
namespace implementation {
using ::android::hardware::gatekeeper::V1_0::GatekeeperResponse;
using ::android::hardware::gatekeeper::V1_0::IGatekeeper;
using ::android::hardware::Return;
using ::android::hardware::Void;
using ::android::hardware::hidl_vec;
using ::android::hardware::hidl_string;
using ::android::sp;
class Gatekeeper : public IGatekeeper {
public:
Gatekeeper();
~Gatekeeper();
// Methods from ::android::hardware::gatekeeper::V1_0::IGatekeeper follow.
Return<void> enroll(uint32_t uid,
const hidl_vec<uint8_t>& currentPasswordHandle,
const hidl_vec<uint8_t>& currentPassword,
const hidl_vec<uint8_t>& desiredPassword,
enroll_cb _hidl_cb) override;
Return<void> verify(uint32_t uid,
uint64_t challenge,
const hidl_vec<uint8_t>& enrolledPasswordHandle,
const hidl_vec<uint8_t>& providedPassword,
verify_cb _hidl_cb) override;
Return<void> deleteUser(uint32_t uid, deleteUser_cb _hidl_cb) override;
Return<void> deleteAllUsers(deleteAllUsers_cb _hidl_cb) override;
private:
gatekeeper_device_t *device;
const hw_module_t *module;
};
extern "C" IGatekeeper* HIDL_FETCH_IGatekeeper(const char* name);
} // namespace implementation
} // namespace V1_0
} // namespace gatekeeper
} // namespace hardware
} // namespace android
#endif // ANDROID_HARDWARE_GATEKEEPER_V1_0_GATEKEEPER_H

4
android/hardware/interfaces/gatekeeper/1.0/default/android.hardware.gatekeeper@1.0-service.rc Normal file
View file

@ -0,0 +1,4 @@
service gatekeeper-1-0 /vendor/bin/hw/android.hardware.gatekeeper@1.0-service
class hal
user system
group system

28
android/hardware/interfaces/gatekeeper/1.0/default/service.cpp Normal file
View file

@ -0,0 +1,28 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define LOG_TAG "android.hardware.gatekeeper@1.0-service"
#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
#include <hidl/LegacySupport.h>
// Generated HIDL files
using android::hardware::gatekeeper::V1_0::IGatekeeper;
using android::hardware::defaultPassthroughServiceImplementation;
int main() {
return defaultPassthroughServiceImplementation<IGatekeeper>();
}

43
android/hardware/interfaces/gatekeeper/1.0/types.hal Normal file
View file

@ -0,0 +1,43 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.gatekeeper@1.0;
/**
* Gatekeeper response codes; success >= 0; error < 0
*/
enum GatekeeperStatusCode : int32_t {
STATUS_REENROLL = 1, // success, but upper layers should re-enroll
// the verified password due to a version change
STATUS_OK = 0, // operation is successful
ERROR_GENERAL_FAILURE = -1, // operation failed
ERROR_RETRY_TIMEOUT = -2, // operation should be retried after timeout
ERROR_NOT_IMPLEMENTED = -3, // operation is not implemented
};
/**
* Gatekeeper response to any/all requests has this structure as mandatory part
*/
struct GatekeeperResponse {
/** request completion status */
GatekeeperStatusCode code;
/**
* retry timeout in ms, if code == ERROR_RETRY_TIMEOUT
* otherwise unused (0)
*/
uint32_t timeout;
/** optional crypto blob. Opaque to Android system. */
vec<uint8_t> data;
};

22
android/hardware/interfaces/gatekeeper/1.0/vts/functional/Android.bp Normal file
View file

@ -0,0 +1,22 @@
//
// Copyright (C) 2016 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
cc_test {
name: "VtsHalGatekeeperV1_0TargetTest",
defaults: ["VtsHalTargetTestDefaults"],
srcs: ["VtsHalGatekeeperV1_0TargetTest.cpp"],
static_libs: ["android.hardware.gatekeeper@1.0"],
}

440
android/hardware/interfaces/gatekeeper/1.0/vts/functional/VtsHalGatekeeperV1_0TargetTest.cpp Normal file
View file

@ -0,0 +1,440 @@
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define LOG_TAG "gatekeeper_hidl_hal_test"
#include <algorithm>
#include <cmath>
#include <string>
#include <vector>
#include <inttypes.h>
#include <unistd.h>
#include <hardware/hw_auth_token.h>
#include <android/log.h>
#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
#include <android/hardware/gatekeeper/1.0/types.h>
#include <log/log.h>
#include <VtsHalHidlTargetTestBase.h>
using ::android::hardware::hidl_string;
using ::android::hardware::hidl_vec;
using ::android::hardware::gatekeeper::V1_0::IGatekeeper;
using ::android::hardware::gatekeeper::V1_0::GatekeeperResponse;
using ::android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
using ::android::hardware::Return;
using ::android::hardware::Void;
using ::android::sp;
struct GatekeeperRequest {
uint32_t uid;
uint64_t challenge;
hidl_vec<uint8_t> curPwdHandle;
hidl_vec<uint8_t> curPwd;
hidl_vec<uint8_t> newPwd;
GatekeeperRequest() : uid(0), challenge(0) {}
};
// ASSERT_* macros generate return "void" internally
// we have to use EXPECT_* if we return anything but "void"
static const hw_auth_token_t *toAuthToken(GatekeeperResponse &rsp) {
const hw_auth_token_t *auth_token =
reinterpret_cast<hw_auth_token_t *>(rsp.data.data());
const size_t auth_token_size = rsp.data.size();
EXPECT_NE(nullptr, auth_token);
EXPECT_EQ(sizeof(hw_auth_token_t), auth_token_size);
if (auth_token != nullptr && auth_token_size >= sizeof(*auth_token)) {
// these are in network order: translate to host
uint32_t auth_type = ntohl(auth_token->authenticator_type);
uint64_t auth_tstamp = ntohq(auth_token->timestamp);
EXPECT_EQ(HW_AUTH_PASSWORD, auth_type);
EXPECT_NE(UINT64_C(~0), auth_tstamp);
EXPECT_EQ(HW_AUTH_TOKEN_VERSION, auth_token->version);
// EXPECT_NE(UINT64_C(0), auth_token->authenticator_id);
ALOGI("Authenticator ID: %016" PRIX64, auth_token->authenticator_id);
EXPECT_NE(UINT32_C(0), auth_token->user_id);
}
return auth_token;
}
// The main test class for Gatekeeper HIDL HAL.
class GatekeeperHidlTest : public ::testing::VtsHalHidlTargetTestBase {
protected:
void setUid(uint32_t uid) { uid_ = uid; }
void doEnroll(GatekeeperRequest &req, GatekeeperResponse &rsp) {
while (true) {
auto ret = gatekeeper_->enroll(
uid_, req.curPwdHandle, req.curPwd, req.newPwd,
[&rsp](const GatekeeperResponse &cbRsp) { rsp = cbRsp; });
ASSERT_TRUE(ret.isOk());
if (rsp.code != GatekeeperStatusCode::ERROR_RETRY_TIMEOUT) break;
ALOGI("%s: got retry code; retrying in 1 sec", __func__);
sleep(1);
}
}
void doVerify(GatekeeperRequest &req, GatekeeperResponse &rsp) {
while (true) {
auto ret = gatekeeper_->verify(
uid_, req.challenge, req.curPwdHandle, req.newPwd,
[&rsp](const GatekeeperResponse &cb_rsp) { rsp = cb_rsp; });
ASSERT_TRUE(ret.isOk());
if (rsp.code != GatekeeperStatusCode::ERROR_RETRY_TIMEOUT) break;
ALOGI("%s: got retry code; retrying in 1 sec", __func__);
sleep(1);
}
}
void doDeleteUser(GatekeeperResponse &rsp) {
while (true) {
auto ret = gatekeeper_->deleteUser(
uid_, [&rsp](const GatekeeperResponse &cb_rsp) { rsp = cb_rsp; });
ASSERT_TRUE(ret.isOk());
if (rsp.code != GatekeeperStatusCode::ERROR_RETRY_TIMEOUT) break;
ALOGI("%s: got retry code; retrying in 1 sec", __func__);
sleep(1);
}
}
void doDeleteAllUsers(GatekeeperResponse &rsp) {
while (true) {
auto ret = gatekeeper_->deleteAllUsers(
[&rsp](const GatekeeperResponse &cb_rsp) { rsp = cb_rsp; });
ASSERT_TRUE(ret.isOk());
if (rsp.code != GatekeeperStatusCode::ERROR_RETRY_TIMEOUT) break;
ALOGI("%s: got retry code; retrying in 1 sec", __func__);
sleep(1);
}
}
void generatePassword(hidl_vec<uint8_t> &password, uint8_t seed) {
password.resize(16);
memset(password.data(), seed, password.size());
}
void checkEnroll(GatekeeperResponse &rsp, bool expectSuccess) {
if (expectSuccess) {
EXPECT_EQ(GatekeeperStatusCode::STATUS_OK, rsp.code);
EXPECT_NE(nullptr, rsp.data.data());
EXPECT_GT(rsp.data.size(), UINT32_C(0));
} else {
EXPECT_EQ(GatekeeperStatusCode::ERROR_GENERAL_FAILURE, rsp.code);
EXPECT_EQ(UINT32_C(0), rsp.data.size());
}
}
void checkVerify(GatekeeperResponse &rsp, uint64_t challenge,
bool expectSuccess) {
if (expectSuccess) {
EXPECT_GE(rsp.code, GatekeeperStatusCode::STATUS_OK);
EXPECT_LE(rsp.code, GatekeeperStatusCode::STATUS_REENROLL);
const hw_auth_token_t *auth_token = toAuthToken(rsp);
ASSERT_NE(nullptr, auth_token);
EXPECT_EQ(challenge, auth_token->challenge);
} else {
EXPECT_EQ(GatekeeperStatusCode::ERROR_GENERAL_FAILURE, rsp.code);
EXPECT_EQ(UINT32_C(0), rsp.data.size());
}
}
void enrollNewPassword(hidl_vec<uint8_t> &password, GatekeeperResponse &rsp,
bool expectSuccess) {
GatekeeperRequest req;
req.newPwd.setToExternal(password.data(), password.size());
doEnroll(req, rsp);
checkEnroll(rsp, expectSuccess);
}
void verifyPassword(hidl_vec<uint8_t> &password,
hidl_vec<uint8_t> &passwordHandle, uint64_t challenge,
GatekeeperResponse &verifyRsp, bool expectSuccess) {
GatekeeperRequest verifyReq;
// build verify request for the same password (we want it to succeed)
verifyReq.newPwd = password;
// use enrolled password handle we've got
verifyReq.curPwdHandle = passwordHandle;
verifyReq.challenge = challenge;
doVerify(verifyReq, verifyRsp);
checkVerify(verifyRsp, challenge, expectSuccess);
}
protected:
sp<IGatekeeper> gatekeeper_;
uint32_t uid_;
public:
GatekeeperHidlTest() : uid_(0) {}
virtual void SetUp() override {
GatekeeperResponse rsp;
gatekeeper_ = ::testing::VtsHalHidlTargetTestBase::getService<IGatekeeper>();
ASSERT_NE(nullptr, gatekeeper_.get());
doDeleteAllUsers(rsp);
}
virtual void TearDown() override {
GatekeeperResponse rsp;
doDeleteAllUsers(rsp);
}
};
/**
* Ensure we can enroll new password
*/
TEST_F(GatekeeperHidlTest, EnrollSuccess) {
hidl_vec<uint8_t> password;
GatekeeperResponse rsp;
ALOGI("Testing Enroll (expected success)");
generatePassword(password, 0);
enrollNewPassword(password, rsp, true);
ALOGI("Testing Enroll done");
}
/**
* Ensure we can not enroll empty password
*/
TEST_F(GatekeeperHidlTest, EnrollNoPassword) {
hidl_vec<uint8_t> password;
GatekeeperResponse rsp;
ALOGI("Testing Enroll (expected failure)");
enrollNewPassword(password, rsp, false);
ALOGI("Testing Enroll done");
}
/**
* Ensure we can successfully verify previously enrolled password
*/
TEST_F(GatekeeperHidlTest, VerifySuccess) {
GatekeeperResponse enrollRsp;
GatekeeperResponse verifyRsp;
hidl_vec<uint8_t> password;
ALOGI("Testing Enroll+Verify (expected success)");
generatePassword(password, 0);
enrollNewPassword(password, enrollRsp, true);
verifyPassword(password, enrollRsp.data, 1, verifyRsp, true);
ALOGI("Testing Enroll+Verify done");
}
/**
* Ensure we can securely update password (keep the same
* secure user_id) if we prove we know old password
*/
TEST_F(GatekeeperHidlTest, TrustedReenroll) {
GatekeeperResponse enrollRsp;
GatekeeperRequest reenrollReq;
GatekeeperResponse reenrollRsp;
GatekeeperResponse verifyRsp;
GatekeeperResponse reenrollVerifyRsp;
hidl_vec<uint8_t> password;
hidl_vec<uint8_t> newPassword;
generatePassword(password, 0);
ALOGI("Testing Trusted Reenroll (expected success)");
enrollNewPassword(password, enrollRsp, true);
verifyPassword(password, enrollRsp.data, 0, verifyRsp, true);
ALOGI("Primary Enroll+Verify done");
generatePassword(newPassword, 1);
reenrollReq.newPwd.setToExternal(newPassword.data(), newPassword.size());
reenrollReq.curPwd.setToExternal(password.data(), password.size());
reenrollReq.curPwdHandle.setToExternal(enrollRsp.data.data(),
enrollRsp.data.size());
doEnroll(reenrollReq, reenrollRsp);
checkEnroll(reenrollRsp, true);
verifyPassword(newPassword, reenrollRsp.data, 0, reenrollVerifyRsp, true);
ALOGI("Trusted ReEnroll+Verify done");
const hw_auth_token_t *first = toAuthToken(verifyRsp);
const hw_auth_token_t *second = toAuthToken(reenrollVerifyRsp);
if (first != nullptr && second != nullptr) {
EXPECT_EQ(first->user_id, second->user_id);
}
ALOGI("Testing Trusted Reenroll done");
}
/**
* Ensure we can update password (and get new
* secure user_id) if we don't know old password
*/
TEST_F(GatekeeperHidlTest, UntrustedReenroll) {
GatekeeperResponse enrollRsp;
GatekeeperResponse reenrollRsp;
GatekeeperResponse verifyRsp;
GatekeeperResponse reenrollVerifyRsp;
hidl_vec<uint8_t> password;
hidl_vec<uint8_t> newPassword;
ALOGI("Testing Untrusted Reenroll (expected success)");
generatePassword(password, 0);
enrollNewPassword(password, enrollRsp, true);
verifyPassword(password, enrollRsp.data, 0, verifyRsp, true);
ALOGI("Primary Enroll+Verify done");
generatePassword(newPassword, 1);
enrollNewPassword(newPassword, reenrollRsp, true);
verifyPassword(newPassword, reenrollRsp.data, 0, reenrollVerifyRsp, true);
ALOGI("Untrusted ReEnroll+Verify done");
const hw_auth_token_t *first = toAuthToken(verifyRsp);
const hw_auth_token_t *second = toAuthToken(reenrollVerifyRsp);
if (first != nullptr && second != nullptr) {
EXPECT_NE(first->user_id, second->user_id);
}
ALOGI("Testing Untrusted Reenroll done");
}
/**
* Ensure we dont get successful verify with invalid data
*/
TEST_F(GatekeeperHidlTest, VerifyNoData) {
hidl_vec<uint8_t> password;
hidl_vec<uint8_t> passwordHandle;
GatekeeperResponse verifyRsp;
ALOGI("Testing Verify (expected failure)");
verifyPassword(password, passwordHandle, 0, verifyRsp, false);
EXPECT_EQ(GatekeeperStatusCode::ERROR_GENERAL_FAILURE, verifyRsp.code);
ALOGI("Testing Verify done");
}
/**
* Ensure we can not verify password after we enrolled it and then deleted user
*/
TEST_F(GatekeeperHidlTest, DeleteUserTest) {
hidl_vec<uint8_t> password;
GatekeeperResponse enrollRsp;
GatekeeperResponse verifyRsp;
GatekeeperResponse delRsp;
ALOGI("Testing deleteUser (expected success)");
setUid(10001);
generatePassword(password, 0);
enrollNewPassword(password, enrollRsp, true);
verifyPassword(password, enrollRsp.data, 0, verifyRsp, true);
ALOGI("Enroll+Verify done");
doDeleteUser(delRsp);
EXPECT_EQ(UINT32_C(0), delRsp.data.size());
EXPECT_TRUE(delRsp.code == GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED ||
delRsp.code == GatekeeperStatusCode::STATUS_OK);
ALOGI("DeleteUser done");
if (delRsp.code == GatekeeperStatusCode::STATUS_OK) {
verifyPassword(password, enrollRsp.data, 0, verifyRsp, false);
EXPECT_EQ(GatekeeperStatusCode::ERROR_GENERAL_FAILURE, verifyRsp.code);
ALOGI("Verify after Delete done (must fail)");
}
ALOGI("Testing deleteUser done: rsp=%" PRIi32, delRsp.code);
}
/**
* Ensure we can not delete a user that does not exist
*/
TEST_F(GatekeeperHidlTest, DeleteInvalidUserTest) {
hidl_vec<uint8_t> password;
GatekeeperResponse enrollRsp;
GatekeeperResponse verifyRsp;
GatekeeperResponse delRsp1;
GatekeeperResponse delRsp2;
ALOGI("Testing deleteUser (expected failure)");
setUid(10002);
generatePassword(password, 0);
enrollNewPassword(password, enrollRsp, true);
verifyPassword(password, enrollRsp.data, 0, verifyRsp, true);
ALOGI("Enroll+Verify done");
// Delete the user
doDeleteUser(delRsp1);
EXPECT_EQ(UINT32_C(0), delRsp1.data.size());
EXPECT_TRUE(delRsp1.code == GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED ||
delRsp1.code == GatekeeperStatusCode::STATUS_OK);
// Delete the user again
doDeleteUser(delRsp2);
EXPECT_EQ(UINT32_C(0), delRsp2.data.size());
EXPECT_TRUE(delRsp2.code == GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED ||
delRsp2.code == GatekeeperStatusCode::ERROR_GENERAL_FAILURE);
ALOGI("DeleteUser done");
ALOGI("Testing deleteUser done: rsp=%" PRIi32, delRsp2.code);
}
/**
* Ensure we can not verify passwords after we enrolled them and then deleted
* all users
*/
TEST_F(GatekeeperHidlTest, DeleteAllUsersTest) {
struct UserData {
uint32_t userId;
hidl_vec<uint8_t> password;
GatekeeperResponse enrollRsp;
GatekeeperResponse verifyRsp;
UserData(int id) { userId = id; }
} users[3]{10001, 10002, 10003};
GatekeeperResponse delAllRsp;
ALOGI("Testing deleteAllUsers (expected success)");
// enroll multiple users
for (size_t i = 0; i < sizeof(users) / sizeof(users[0]); ++i) {
setUid(users[i].userId);
generatePassword(users[i].password, (i % 255) + 1);
enrollNewPassword(users[i].password, users[i].enrollRsp, true);
}
ALOGI("Multiple users enrolled");
// verify multiple users
for (size_t i = 0; i < sizeof(users) / sizeof(users[0]); ++i) {
setUid(users[i].userId);
verifyPassword(users[i].password, users[i].enrollRsp.data, 0,
users[i].verifyRsp, true);
}
ALOGI("Multiple users verified");
doDeleteAllUsers(delAllRsp);
EXPECT_EQ(UINT32_C(0), delAllRsp.data.size());
EXPECT_TRUE(delAllRsp.code == GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED ||
delAllRsp.code == GatekeeperStatusCode::STATUS_OK);
ALOGI("All users deleted");
if (delAllRsp.code == GatekeeperStatusCode::STATUS_OK) {
// verify multiple users after they are deleted; all must fail
for (size_t i = 0; i < sizeof(users) / sizeof(users[0]); ++i) {
setUid(users[i].userId);
verifyPassword(users[i].password, users[i].enrollRsp.data, 0,
users[i].verifyRsp, false);
EXPECT_EQ(GatekeeperStatusCode::ERROR_GENERAL_FAILURE,
users[i].verifyRsp.code);
}
ALOGI("Multiple users verified after delete (all must fail)");
}
ALOGI("Testing deleteAllUsers done: rsp=%" PRIi32, delAllRsp.code);
}
int main(int argc, char **argv) {
::testing::InitGoogleTest(&argc, argv);
int status = RUN_ALL_TESTS();
ALOGI("Test result = %d", status);
return status;
}