238 lines
9.9 KiB
C++
238 lines
9.9 KiB
C++
//
|
|
// Copyright (C) 2016 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
#include "tpm_manager/server/binder_service.h"
|
|
|
|
#include <sysexits.h>
|
|
|
|
#include <base/bind.h>
|
|
#include <binderwrapper/binder_wrapper.h>
|
|
|
|
#include "tpm_manager/common/tpm_manager.pb.h"
|
|
#include "tpm_manager/common/tpm_manager_constants.h"
|
|
|
|
namespace {
|
|
|
|
// Sends a |response_proto| to |client| for an arbitrary protobuf type.
|
|
template <typename ResponseProtobufType>
|
|
void ResponseHandler(
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client,
|
|
const ResponseProtobufType& response_proto) {
|
|
VLOG(2) << __func__;
|
|
std::vector<uint8_t> binder_response;
|
|
binder_response.resize(response_proto.ByteSize());
|
|
CHECK(response_proto.SerializeToArray(binder_response.data(),
|
|
binder_response.size()))
|
|
<< "BinderService: Failed to serialize protobuf.";
|
|
android::binder::Status status = client->OnCommandResponse(binder_response);
|
|
if (!status.isOk()) {
|
|
LOG(ERROR) << "BinderService: Failed to send response to client: "
|
|
<< status.toString8();
|
|
}
|
|
}
|
|
|
|
// Creates an error protobuf for NVRAM commands.
|
|
template <typename ResponseProtobufType>
|
|
void CreateNvramErrorResponse(ResponseProtobufType* proto) {
|
|
proto->set_result(tpm_manager::NVRAM_RESULT_IPC_ERROR);
|
|
}
|
|
|
|
// Creates an error protobuf for ownership commands.
|
|
template <typename ResponseProtobufType>
|
|
void CreateOwnershipErrorResponse(ResponseProtobufType* proto) {
|
|
proto->set_status(tpm_manager::STATUS_DEVICE_ERROR);
|
|
}
|
|
|
|
// Calls |method| with a protobuf decoded from |request| using ResponseHandler()
|
|
// and |client| to handle the response. On error, uses |get_error_response| to
|
|
// construct a response and sends that to |client|.
|
|
template <typename RequestProtobufType, typename ResponseProtobufType>
|
|
void RequestHandler(
|
|
const std::vector<uint8_t>& request,
|
|
const base::Callback<
|
|
void(const RequestProtobufType&,
|
|
const base::Callback<void(const ResponseProtobufType&)>&)>& method,
|
|
const base::Callback<void(ResponseProtobufType*)>& get_error_response,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
VLOG(2) << __func__;
|
|
base::Callback<void(const ResponseProtobufType&)> callback =
|
|
base::Bind(ResponseHandler<ResponseProtobufType>, client);
|
|
RequestProtobufType request_proto;
|
|
if (!request_proto.ParseFromArray(request.data(), request.size())) {
|
|
LOG(ERROR) << "BinderService: Bad request data.";
|
|
// Send an error response.
|
|
ResponseProtobufType response_proto;
|
|
get_error_response.Run(&response_proto);
|
|
callback.Run(response_proto);
|
|
return;
|
|
}
|
|
method.Run(request_proto, callback);
|
|
}
|
|
|
|
} // namespace
|
|
|
|
namespace tpm_manager {
|
|
|
|
BinderService::BinderService(TpmNvramInterface* nvram_service,
|
|
TpmOwnershipInterface* ownership_service)
|
|
: nvram_service_(nvram_service), ownership_service_(ownership_service) {}
|
|
|
|
void BinderService::InitForTesting() {
|
|
nvram_binder_ = new NvramServiceInternal(nvram_service_);
|
|
ownership_binder_ = new OwnershipServiceInternal(ownership_service_);
|
|
}
|
|
|
|
int BinderService::OnInit() {
|
|
if (!watcher_.Init()) {
|
|
LOG(ERROR) << "BinderService: BinderWatcher::Init failed.";
|
|
return EX_UNAVAILABLE;
|
|
}
|
|
nvram_binder_ = new NvramServiceInternal(nvram_service_);
|
|
ownership_binder_ = new OwnershipServiceInternal(ownership_service_);
|
|
if (!android::BinderWrapper::GetOrCreateInstance()->RegisterService(
|
|
kTpmNvramBinderName, android::IInterface::asBinder(nvram_binder_))) {
|
|
LOG(ERROR) << "BinderService: RegisterService failed (nvram).";
|
|
return EX_UNAVAILABLE;
|
|
}
|
|
if (!android::BinderWrapper::GetOrCreateInstance()->RegisterService(
|
|
kTpmOwnershipBinderName,
|
|
android::IInterface::asBinder(ownership_binder_))) {
|
|
LOG(ERROR) << "BinderService: RegisterService failed (ownership).";
|
|
return EX_UNAVAILABLE;
|
|
}
|
|
LOG(INFO) << "TpmManager: Binder services registered.";
|
|
return brillo::Daemon::OnInit();
|
|
}
|
|
|
|
android::tpm_manager::ITpmNvram* BinderService::GetITpmNvram() {
|
|
return nvram_binder_.get();
|
|
}
|
|
|
|
android::tpm_manager::ITpmOwnership* BinderService::GetITpmOwnership() {
|
|
return ownership_binder_.get();
|
|
}
|
|
|
|
BinderService::NvramServiceInternal::NvramServiceInternal(
|
|
TpmNvramInterface* nvram_service)
|
|
: nvram_service_(nvram_service) {}
|
|
|
|
android::binder::Status BinderService::NvramServiceInternal::DefineSpace(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<DefineSpaceRequest, DefineSpaceReply>(
|
|
command_proto, base::Bind(&TpmNvramInterface::DefineSpace,
|
|
base::Unretained(nvram_service_)),
|
|
base::Bind(CreateNvramErrorResponse<DefineSpaceReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
android::binder::Status BinderService::NvramServiceInternal::DestroySpace(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<DestroySpaceRequest, DestroySpaceReply>(
|
|
command_proto, base::Bind(&TpmNvramInterface::DestroySpace,
|
|
base::Unretained(nvram_service_)),
|
|
base::Bind(CreateNvramErrorResponse<DestroySpaceReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
android::binder::Status BinderService::NvramServiceInternal::WriteSpace(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<WriteSpaceRequest, WriteSpaceReply>(
|
|
command_proto, base::Bind(&TpmNvramInterface::WriteSpace,
|
|
base::Unretained(nvram_service_)),
|
|
base::Bind(CreateNvramErrorResponse<WriteSpaceReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
android::binder::Status BinderService::NvramServiceInternal::ReadSpace(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<ReadSpaceRequest, ReadSpaceReply>(
|
|
command_proto, base::Bind(&TpmNvramInterface::ReadSpace,
|
|
base::Unretained(nvram_service_)),
|
|
base::Bind(CreateNvramErrorResponse<ReadSpaceReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
android::binder::Status BinderService::NvramServiceInternal::LockSpace(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<LockSpaceRequest, LockSpaceReply>(
|
|
command_proto, base::Bind(&TpmNvramInterface::LockSpace,
|
|
base::Unretained(nvram_service_)),
|
|
base::Bind(CreateNvramErrorResponse<LockSpaceReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
android::binder::Status BinderService::NvramServiceInternal::ListSpaces(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<ListSpacesRequest, ListSpacesReply>(
|
|
command_proto, base::Bind(&TpmNvramInterface::ListSpaces,
|
|
base::Unretained(nvram_service_)),
|
|
base::Bind(CreateNvramErrorResponse<ListSpacesReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
android::binder::Status BinderService::NvramServiceInternal::GetSpaceInfo(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<GetSpaceInfoRequest, GetSpaceInfoReply>(
|
|
command_proto, base::Bind(&TpmNvramInterface::GetSpaceInfo,
|
|
base::Unretained(nvram_service_)),
|
|
base::Bind(CreateNvramErrorResponse<GetSpaceInfoReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
BinderService::OwnershipServiceInternal::OwnershipServiceInternal(
|
|
TpmOwnershipInterface* ownership_service)
|
|
: ownership_service_(ownership_service) {}
|
|
|
|
android::binder::Status BinderService::OwnershipServiceInternal::GetTpmStatus(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<GetTpmStatusRequest, GetTpmStatusReply>(
|
|
command_proto, base::Bind(&TpmOwnershipInterface::GetTpmStatus,
|
|
base::Unretained(ownership_service_)),
|
|
base::Bind(CreateOwnershipErrorResponse<GetTpmStatusReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
android::binder::Status BinderService::OwnershipServiceInternal::TakeOwnership(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<TakeOwnershipRequest, TakeOwnershipReply>(
|
|
command_proto, base::Bind(&TpmOwnershipInterface::TakeOwnership,
|
|
base::Unretained(ownership_service_)),
|
|
base::Bind(CreateOwnershipErrorResponse<TakeOwnershipReply>), client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
android::binder::Status
|
|
BinderService::OwnershipServiceInternal::RemoveOwnerDependency(
|
|
const std::vector<uint8_t>& command_proto,
|
|
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
|
|
RequestHandler<RemoveOwnerDependencyRequest, RemoveOwnerDependencyReply>(
|
|
command_proto, base::Bind(&TpmOwnershipInterface::RemoveOwnerDependency,
|
|
base::Unretained(ownership_service_)),
|
|
base::Bind(CreateOwnershipErrorResponse<RemoveOwnerDependencyReply>),
|
|
client);
|
|
return android::binder::Status::ok();
|
|
}
|
|
|
|
} // namespace tpm_manager
|