Commit Graph

17 Commits

Author SHA1 Message Date
Andres Morales 1cf7d259e8 [gatekeeperd] Check parent profile for SID lookups
Bug: 22257554
Change-Id: I1a363729b449a2bc8594b48dada719fd79da7036
2015-08-05 10:32:13 -07:00
Andres Morales 787c3764d3 Merge "[gatekeeperd] fix use of uninitialized memory" into mnc-dev 2015-07-10 17:20:31 +00:00
Andres Morales 0b0435ea87 [gatekeeperd] fix file descriptor leak
Bug: 22403703
Change-Id: I65da3b3b3f85db035d79277344beb5460cb025f2
2015-07-10 09:47:09 -07:00
Andres Morales fef908e5a5 [gatekeeperd] fix use of uninitialized memory
Bug: 22319772
Change-Id: I3cb83389f11e54867aca132de48a3f6407b7eaf3
2015-07-08 20:33:36 +00:00
Andres Morales 7f6dcf6576 [gatekeeperd] fix issue with SW->HW upgrades
If the handle version is 0, there's no hardware_backed flag
meaning hardware backed handles will be attempted against
the soft impl. Ensure we don't try to read from hardware_backed
unless the version is > 0.

Bug: 21090356
Change-Id: I65f009c55538ea3c20eb486b580eb11ce93934fc
2015-06-24 18:40:24 -07:00
Andres Morales 3c2086dabd [gatekeeperd] clear state and mark on cold boot
required to initialize state by certain HAL impls

Bug: 22011857
Change-Id: Ibb01a799da983e1a930aae946c331b23f571861d
2015-06-24 10:22:45 -07:00
Andres Morales 835d96eae5 [gatekeeperd] handle upgrades from software version to HAL
Certain devices, like Shamu, are currently running an interim
software-only gatekeeper. When the HAL for those devices is merged,
we need to handle upgrading to the HAL smoothly.

Bug: 21090356
Change-Id: I5352bc547a43671a08249eae532e8b3ce6b90087
2015-06-22 13:12:41 -07:00
Andres Morales 531e3e83c2 [gatekeeperd] verify a password after enrolling successfully
Bug: 20918106
Change-Id: Ia3cb6d1375d9ee2a6e543ee97d37b7c4f0459447
2015-06-02 10:43:21 -07:00
Andres Morales ae242929da [gatekeeperd] return brute-force throttling information
Bug: 21118563
Change-Id: I13c6a44f61668be8b4c1fde8c84dcfebab84517c
2015-05-27 07:45:22 -07:00
Andres Morales 33dfdc7bbc Move SoftGateKeeper into gatekeeperd
Allows for easy determination of whether there's a
hardware module in place. Permits tighter coupling of
software implementation with upper-level stack.

Bug:21090356
Change-Id: I275b57cd976c233c43c476c5869c5a4b29fbc175
2015-05-14 12:58:13 -07:00
Andres Morales dcb3fbdaa4 Make clear SID delete the file
This allows us to recover in situations where we manage
to clear the SID in GateKeeper but fail to remove the
password in LockSettingsService.

Change-Id: Ib64ead137632f9615745a414c90a9b66b847134f
2015-04-17 09:01:41 -07:00
Andres Morales 7c9c3bc9c2 Implement clear SID API
Change-Id: I4ada55674edff32d3e39d460070e03abbf847359
2015-04-16 15:57:17 -07:00
Andres Morales 6a49c2fa43 Implement SID API
Change-Id: Id11632a6b4b9cab6f08f97026dd65fdf49a46491
2015-04-16 13:17:54 -07:00
Andres Morales 2ae8b4c28f Use proper NO_ERROR checking KS return value
It's a bit weird that KS defines NO_ERROR outside a
namespace like the Android binder lib, but assigns
it the value 1 instead of 0.

Change-Id: I5aedfd495f2f3bdff7eb1b4ba0f75d335dfe12d9
2015-04-13 09:20:09 -07:00
Andres Morales c828ae8776 Update verify API to return auth token blob
Change-Id: I853e61815458b54fb3b2f29e12a147b3b9aa3788
2015-04-11 18:29:04 -07:00
Andres Morales 851b57c1f8 Add challenge to verify call
required for enrolling secondary auth form factors

Change-Id: Ia3e1d47f988bca1bb1a0e713c000886e60b4e839
2015-04-10 19:56:07 -07:00
Andres Morales 2d08dce0be GateKeeper proxy service
Until we have SELinux support for gating access
to individual TEE services, we will proxy TEE requests
to GateKeeper via this daemon.

Change-Id: Ifa316b75f75bff79bdae613a112c8c3c2e7189a8
2015-04-08 15:20:22 -07:00