diff options
author | Andres Morales <anmorales@google.com> | 2015-04-16 15:57:17 -0700 |
---|---|---|
committer | Andres Morales <anmorales@google.com> | 2015-04-16 15:57:17 -0700 |
commit | 7c9c3bc9c2d3f98ff839f73dc76750dc23693eae (patch) | |
tree | 4f243ac382dd3eef1780b36542dd184e05e604be /gatekeeperd | |
parent | 6a49c2fa4371cad600f4a96da3d1644df862d2a5 (diff) | |
download | core-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.tar.gz core-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.tar.bz2 core-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.zip |
Implement clear SID API
Change-Id: I4ada55674edff32d3e39d460070e03abbf847359
Diffstat (limited to 'gatekeeperd')
-rw-r--r-- | gatekeeperd/IGateKeeperService.cpp | 7 | ||||
-rw-r--r-- | gatekeeperd/IGateKeeperService.h | 6 | ||||
-rw-r--r-- | gatekeeperd/gatekeeperd.cpp | 11 |
3 files changed, 24 insertions, 0 deletions
diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp index d4ed53377..f5bbbf1f2 100644 --- a/gatekeeperd/IGateKeeperService.cpp +++ b/gatekeeperd/IGateKeeperService.cpp @@ -123,6 +123,13 @@ status_t BnGateKeeperService::onTransact( reply->writeInt64(sid); return NO_ERROR; } + case CLEAR_SECURE_USER_ID: { + CHECK_INTERFACE(IGateKeeperService, data, reply); + uint32_t uid = data.readInt32(); + clearSecureUserId(uid); + reply->writeNoException(); + return NO_ERROR; + } default: return BBinder::onTransact(code, data, reply, flags); } diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h index 51e179d10..a7773187e 100644 --- a/gatekeeperd/IGateKeeperService.h +++ b/gatekeeperd/IGateKeeperService.h @@ -32,6 +32,7 @@ public: VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1, VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2, GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3, + CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4, }; // DECLARE_META_INTERFACE - C++ client interface not needed @@ -70,6 +71,11 @@ public: * Returns the secure user ID for the provided android user */ virtual uint64_t getSecureUserId(uint32_t uid) = 0; + + /** + * Clears the secure user ID associated with the user. + */ + virtual void clearSecureUserId(uint32_t uid) = 0; }; // ---------------------------------------------------------------------------- diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp index 82aa422dd..a24250464 100644 --- a/gatekeeperd/gatekeeperd.cpp +++ b/gatekeeperd/gatekeeperd.cpp @@ -173,6 +173,17 @@ public: return read_sid(uid); } + virtual void clearSecureUserId(uint32_t uid) { + IPCThreadState* ipc = IPCThreadState::self(); + const int calling_pid = ipc->getCallingPid(); + const int calling_uid = ipc->getCallingUid(); + if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) { + ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid); + return; + } + store_sid(uid, 0); + } + virtual status_t dump(int fd, const Vector<String16> &) { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); |