ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

am 835d96ea: [gatekeeperd] handle upgrades from software version to HAL

Browse source 
* commit '835d96eae59aefeaa32fda3218246db51bf22fab':
  [gatekeeperd] handle upgrades from software version to HAL
This commit is contained in:
Andres Morales 2015-06-22 21:13:29 +00:00 committed by Android Git Automerger
commit 1e8a458834
1 changed files with 34 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
gatekeeperd/gatekeeperd.cpp
View file

@ -31,6 +31,7 @@
#include <binder/IServiceManager.h> #include <binder/IServiceManager.h>
#include <binder/PermissionCache.h> #include <binder/PermissionCache.h>
#include <utils/String16.h> #include <utils/String16.h>
#include <utils/Log.h>
#include <keystore/IKeystoreService.h> #include <keystore/IKeystoreService.h>
#include <keystore/keystore.h> // For error code #include <keystore/keystore.h> // For error code
@ -119,8 +120,19 @@ public:
int ret; int ret;
if (device) { if (device) {
ret = device->enroll(device, uid, const gatekeeper::password_handle_t *handle =
current_password_handle, current_password_handle_length, reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle);
if (handle != NULL && !handle->hardware_backed) {
// handle is being re-enrolled from a software version. HAL probably won't accept
// the handle as valid, so we nullify it and enroll from scratch
current_password_handle = NULL;
current_password_handle_length = 0;
current_password = NULL;
current_password_length = 0;
}
ret = device->enroll(device, uid, current_password_handle, current_password_handle_length,
current_password, current_password_length, current_password, current_password_length,
desired_password, desired_password_length, desired_password, desired_password_length,
enrolled_password_handle, enrolled_password_handle_length); enrolled_password_handle, enrolled_password_handle_length);
@ -174,10 +186,26 @@ public:
int ret; int ret;
if (device) { if (device) {
ret = device->verify(device, uid, challenge, const gatekeeper::password_handle_t *handle =
enrolled_password_handle, enrolled_password_handle_length, reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle);
provided_password, provided_password_length, auth_token, auth_token_length, if (handle->hardware_backed) {
request_reenroll); ret = device->verify(device, uid, challenge,
enrolled_password_handle, enrolled_password_handle_length,
provided_password, provided_password_length, auth_token, auth_token_length,
request_reenroll);
} else {
// upgrade scenario, a HAL has been added to this device where there was none before
SoftGateKeeperDevice soft_dev;
ret = soft_dev.verify(uid, challenge,
enrolled_password_handle, enrolled_password_handle_length,
provided_password, provided_password_length, auth_token, auth_token_length,
request_reenroll);
if (ret == 0) {
// success! re-enroll with HAL
*request_reenroll = true;
}
}
} else { } else {
ret = soft_device->verify(uid, challenge, ret = soft_device->verify(uid, challenge,
enrolled_password_handle, enrolled_password_handle_length, enrolled_password_handle, enrolled_password_handle_length,