186 lines
7.0 KiB
C++
186 lines
7.0 KiB
C++
/*
|
|
* Copyright 2015, The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include <inttypes.h>
|
|
|
|
#include <binder/IPCThreadState.h>
|
|
#include <binder/IServiceManager.h>
|
|
#include <binder/PermissionCache.h>
|
|
#include <utils/String16.h>
|
|
#include <utils/Looper.h>
|
|
#include <keystore/IKeystoreService.h>
|
|
#include <keystore/keystore.h> // for error code
|
|
#include <hardware/hardware.h>
|
|
#include <hardware/fingerprint.h>
|
|
#include <hardware/hw_auth_token.h>
|
|
#include "IFingerprintDaemon.h"
|
|
#include "IFingerprintDaemonCallback.h"
|
|
|
|
namespace android {
|
|
|
|
static const String16 USE_FINGERPRINT_PERMISSION("android.permission.USE_FINGERPRINT");
|
|
static const String16 MANAGE_FINGERPRINT_PERMISSION("android.permission.MANAGE_FINGERPRINT");
|
|
static const String16 HAL_FINGERPRINT_PERMISSION("android.permission.MANAGE_FINGERPRINT"); // TODO
|
|
static const String16 DUMP_PERMISSION("android.permission.DUMP");
|
|
|
|
const android::String16
|
|
IFingerprintDaemon::descriptor("android.hardware.fingerprint.IFingerprintDaemon");
|
|
|
|
const android::String16&
|
|
IFingerprintDaemon::getInterfaceDescriptor() const {
|
|
return IFingerprintDaemon::descriptor;
|
|
}
|
|
|
|
status_t BnFingerprintDaemon::onTransact(uint32_t code, const Parcel& data, Parcel* reply,
|
|
uint32_t flags) {
|
|
switch(code) {
|
|
case AUTHENTICATE: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const uint64_t sessionId = data.readInt64();
|
|
const uint32_t groupId = data.readInt32();
|
|
const int32_t ret = authenticate(sessionId, groupId);
|
|
reply->writeNoException();
|
|
reply->writeInt32(ret);
|
|
return NO_ERROR;
|
|
};
|
|
case CANCEL_AUTHENTICATION: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const int32_t ret = stopAuthentication();
|
|
reply->writeNoException();
|
|
reply->writeInt32(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case ENROLL: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const ssize_t tokenSize = data.readInt32();
|
|
const uint8_t* token = static_cast<const uint8_t *>(data.readInplace(tokenSize));
|
|
const int32_t groupId = data.readInt32();
|
|
const int32_t timeout = data.readInt32();
|
|
const int32_t ret = enroll(token, tokenSize, groupId, timeout);
|
|
reply->writeNoException();
|
|
reply->writeInt32(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case CANCEL_ENROLLMENT: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const int32_t ret = stopEnrollment();
|
|
reply->writeNoException();
|
|
reply->writeInt32(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case PRE_ENROLL: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const uint64_t ret = preEnroll();
|
|
reply->writeNoException();
|
|
reply->writeInt64(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case REMOVE: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const int32_t fingerId = data.readInt32();
|
|
const int32_t groupId = data.readInt32();
|
|
const int32_t ret = remove(fingerId, groupId);
|
|
reply->writeNoException();
|
|
reply->writeInt32(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case GET_AUTHENTICATOR_ID: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const uint64_t ret = getAuthenticatorId();
|
|
reply->writeNoException();
|
|
reply->writeInt64(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case SET_ACTIVE_GROUP: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const int32_t group = data.readInt32();
|
|
const ssize_t pathSize = data.readInt32();
|
|
const uint8_t* path = static_cast<const uint8_t *>(data.readInplace(pathSize));
|
|
const int32_t ret = setActiveGroup(group, path, pathSize);
|
|
reply->writeNoException();
|
|
reply->writeInt32(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case OPEN_HAL: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const int64_t ret = openHal();
|
|
reply->writeNoException();
|
|
reply->writeInt64(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case CLOSE_HAL: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
const int32_t ret = closeHal();
|
|
reply->writeNoException();
|
|
reply->writeInt32(ret);
|
|
return NO_ERROR;
|
|
}
|
|
case INIT: {
|
|
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
|
|
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
|
|
return PERMISSION_DENIED;
|
|
}
|
|
sp<IFingerprintDaemonCallback> callback =
|
|
interface_cast<IFingerprintDaemonCallback>(data.readStrongBinder());
|
|
init(callback);
|
|
reply->writeNoException();
|
|
return NO_ERROR;
|
|
}
|
|
default:
|
|
return BBinder::onTransact(code, data, reply, flags);
|
|
}
|
|
};
|
|
|
|
bool BnFingerprintDaemon::checkPermission(const String16& permission) {
|
|
const IPCThreadState* ipc = IPCThreadState::self();
|
|
const int calling_pid = ipc->getCallingPid();
|
|
const int calling_uid = ipc->getCallingUid();
|
|
return PermissionCache::checkPermission(permission, calling_pid, calling_uid);
|
|
}
|
|
|
|
|
|
}; // namespace android
|