From 7c9c3bc9c2d3f98ff839f73dc76750dc23693eae Mon Sep 17 00:00:00 2001 From: Andres Morales Date: Thu, 16 Apr 2015 15:57:17 -0700 Subject: Implement clear SID API Change-Id: I4ada55674edff32d3e39d460070e03abbf847359 --- gatekeeperd/IGateKeeperService.cpp | 7 +++++++ gatekeeperd/IGateKeeperService.h | 6 ++++++ gatekeeperd/gatekeeperd.cpp | 11 +++++++++++ 3 files changed, 24 insertions(+) (limited to 'gatekeeperd') diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp index d4ed53377..f5bbbf1f2 100644 --- a/gatekeeperd/IGateKeeperService.cpp +++ b/gatekeeperd/IGateKeeperService.cpp @@ -123,6 +123,13 @@ status_t BnGateKeeperService::onTransact( reply->writeInt64(sid); return NO_ERROR; } + case CLEAR_SECURE_USER_ID: { + CHECK_INTERFACE(IGateKeeperService, data, reply); + uint32_t uid = data.readInt32(); + clearSecureUserId(uid); + reply->writeNoException(); + return NO_ERROR; + } default: return BBinder::onTransact(code, data, reply, flags); } diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h index 51e179d10..a7773187e 100644 --- a/gatekeeperd/IGateKeeperService.h +++ b/gatekeeperd/IGateKeeperService.h @@ -32,6 +32,7 @@ public: VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1, VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2, GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3, + CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4, }; // DECLARE_META_INTERFACE - C++ client interface not needed @@ -70,6 +71,11 @@ public: * Returns the secure user ID for the provided android user */ virtual uint64_t getSecureUserId(uint32_t uid) = 0; + + /** + * Clears the secure user ID associated with the user. + */ + virtual void clearSecureUserId(uint32_t uid) = 0; }; // ---------------------------------------------------------------------------- diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp index 82aa422dd..a24250464 100644 --- a/gatekeeperd/gatekeeperd.cpp +++ b/gatekeeperd/gatekeeperd.cpp @@ -173,6 +173,17 @@ public: return read_sid(uid); } + virtual void clearSecureUserId(uint32_t uid) { + IPCThreadState* ipc = IPCThreadState::self(); + const int calling_pid = ipc->getCallingPid(); + const int calling_uid = ipc->getCallingUid(); + if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) { + ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid); + return; + } + store_sid(uid, 0); + } + virtual status_t dump(int fd, const Vector &) { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); -- cgit v1.2.3