am fe1b4627: am 19f223f3: Merge "[gatekeeperd] Check parent profile for SID lookups" into mnc-dev

* commit 'fe1b462765d6db4b8b431704dda1b4b3882db61f':
  [gatekeeperd] Check parent profile for SID lookups

gatekeeperd/Android.mk

@@ -18,7 +18,12 @@ LOCAL_PATH := $(call my-dir)
 
 include $(CLEAR_VARS)
 LOCAL_CFLAGS := -Wall -Wextra -Werror -Wunused
-LOCAL_SRC_FILES := SoftGateKeeperDevice.cpp IGateKeeperService.cpp gatekeeperd.cpp
+LOCAL_SRC_FILES := \
+	SoftGateKeeperDevice.cpp \
+	IGateKeeperService.cpp \
+	gatekeeperd.cpp \
+	IUserManager.cpp
+
 LOCAL_MODULE := gatekeeperd
 LOCAL_SHARED_LIBRARIES := \
 	libbinder \

gatekeeperd/IUserManager.cpp

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "IUserManager"
+#include <stdint.h>
+#include <sys/types.h>
+#include <utils/Log.h>
+#include <binder/Parcel.h>
+
+#include "IUserManager.h"
+
+namespace android {
+
+class BpUserManager : public BpInterface<IUserManager>
+{
+public:
+    BpUserManager(const sp<IBinder>& impl) :
+            BpInterface<IUserManager>(impl) {
+    }
+    virtual int32_t getCredentialOwnerProfile(int32_t user_id) {
+        Parcel data, reply;
+        data.writeInterfaceToken(IUserManager::getInterfaceDescriptor());
+        data.writeInt32(user_id);
+        status_t rc = remote()->transact(GET_CREDENTIAL_OWNER_PROFILE, data, &reply, 0);
+        if (rc != NO_ERROR) {
+            ALOGE("%s: failed (%d)\n", __func__, rc);
+            return -1;
+        }
+
+        int32_t exception = reply.readExceptionCode();
+        if (exception != 0) {
+            ALOGE("%s: got exception (%d)\n", __func__, exception);
+            return -1;
+        }
+
+        return reply.readInt32();
+    }
+
+};
+
+IMPLEMENT_META_INTERFACE(UserManager, "android.os.IUserManager");
+
+}; // namespace android
+

gatekeeperd/IUserManager.h

@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef IUSERMANAGER_H_
+#define IUSERMANAGER_H_
+
+#include <inttypes.h>
+#include <utils/Errors.h>
+#include <binder/IInterface.h>
+#include <binder/Parcel.h>
+#include <utils/Vector.h>
+
+namespace android {
+
+/*
+* Communication channel to UserManager
+*/
+class IUserManager : public IInterface {
+    public:
+        // must be kept in sync with IUserManager.aidl
+        enum {
+            GET_CREDENTIAL_OWNER_PROFILE = IBinder::FIRST_CALL_TRANSACTION + 0,
+        };
+
+        virtual int32_t getCredentialOwnerProfile(int32_t user_id) = 0;
+
+        DECLARE_META_INTERFACE(UserManager);
+};
+
+}; // namespace android
+
+#endif // IUSERMANAGER_H_
+

gatekeeperd/gatekeeperd.cpp

@@ -40,6 +40,7 @@
 #include <hardware/hw_auth_token.h>
 
 #include "SoftGateKeeperDevice.h"
+#include "IUserManager.h"
 
 namespace android {
 
@@ -263,7 +264,21 @@ public:
     }
 
     virtual uint64_t getSecureUserId(uint32_t uid) {
-        return read_sid(uid);
+        uint64_t sid = read_sid(uid);
+         if (sid == 0) {
+            // might be a work profile, look up the parent
+            sp<IServiceManager> sm = defaultServiceManager();
+            sp<IBinder> binder = sm->getService(String16("user"));
+            sp<IUserManager> um = interface_cast<IUserManager>(binder);
+            int32_t parent = um->getCredentialOwnerProfile(uid);
+            if (parent < 0) {
+                return 0;
+            } else if (parent != (int32_t) uid) {
+                return read_sid(parent);
+            }
+        }
+        return sid;
+
     }
 
     virtual void clearSecureUserId(uint32_t uid) {