summaryrefslogtreecommitdiffstats
path: root/gatekeeperd
diff options
context:
space:
mode:
authorAndres Morales <anmorales@google.com>2015-04-16 15:57:17 -0700
committerAndres Morales <anmorales@google.com>2015-04-16 15:57:17 -0700
commit7c9c3bc9c2d3f98ff839f73dc76750dc23693eae (patch)
tree4f243ac382dd3eef1780b36542dd184e05e604be /gatekeeperd
parent6a49c2fa4371cad600f4a96da3d1644df862d2a5 (diff)
downloadcore-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.tar.gz
core-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.tar.bz2
core-7c9c3bc9c2d3f98ff839f73dc76750dc23693eae.zip
Implement clear SID API
Change-Id: I4ada55674edff32d3e39d460070e03abbf847359
Diffstat (limited to 'gatekeeperd')
-rw-r--r--gatekeeperd/IGateKeeperService.cpp7
-rw-r--r--gatekeeperd/IGateKeeperService.h6
-rw-r--r--gatekeeperd/gatekeeperd.cpp11
3 files changed, 24 insertions, 0 deletions
diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp
index d4ed53377..f5bbbf1f2 100644
--- a/gatekeeperd/IGateKeeperService.cpp
+++ b/gatekeeperd/IGateKeeperService.cpp
@@ -123,6 +123,13 @@ status_t BnGateKeeperService::onTransact(
reply->writeInt64(sid);
return NO_ERROR;
}
+ case CLEAR_SECURE_USER_ID: {
+ CHECK_INTERFACE(IGateKeeperService, data, reply);
+ uint32_t uid = data.readInt32();
+ clearSecureUserId(uid);
+ reply->writeNoException();
+ return NO_ERROR;
+ }
default:
return BBinder::onTransact(code, data, reply, flags);
}
diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h
index 51e179d10..a7773187e 100644
--- a/gatekeeperd/IGateKeeperService.h
+++ b/gatekeeperd/IGateKeeperService.h
@@ -32,6 +32,7 @@ public:
VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1,
VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2,
GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3,
+ CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4,
};
// DECLARE_META_INTERFACE - C++ client interface not needed
@@ -70,6 +71,11 @@ public:
* Returns the secure user ID for the provided android user
*/
virtual uint64_t getSecureUserId(uint32_t uid) = 0;
+
+ /**
+ * Clears the secure user ID associated with the user.
+ */
+ virtual void clearSecureUserId(uint32_t uid) = 0;
};
// ----------------------------------------------------------------------------
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 82aa422dd..a24250464 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -173,6 +173,17 @@ public:
return read_sid(uid);
}
+ virtual void clearSecureUserId(uint32_t uid) {
+ IPCThreadState* ipc = IPCThreadState::self();
+ const int calling_pid = ipc->getCallingPid();
+ const int calling_uid = ipc->getCallingUid();
+ if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
+ ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
+ return;
+ }
+ store_sid(uid, 0);
+ }
+
virtual status_t dump(int fd, const Vector<String16> &) {
IPCThreadState* ipc = IPCThreadState::self();
const int pid = ipc->getCallingPid();