Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / core / 7c9c3bc9c2d3f98ff839f73dc76750dc23693eae^! / . / gatekeeperd
commit7c9c3bc9c2d3f98ff839f73dc76750dc23693eae[log] [tgz]
authorAndres Morales <anmorales@google.com>Thu Apr 16 15:57:17 2015 -0700
committerAndres Morales <anmorales@google.com>Thu Apr 16 15:57:17 2015 -0700
tree4f243ac382dd3eef1780b36542dd184e05e604be
parent6a49c2fa4371cad600f4a96da3d1644df862d2a5 [diff]
Implement clear SID API

Change-Id: I4ada55674edff32d3e39d460070e03abbf847359

diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp
index d4ed533..f5bbbf1 100644
--- a/gatekeeperd/IGateKeeperService.cpp
+++ b/gatekeeperd/IGateKeeperService.cpp

@@ -123,6 +123,13 @@
             reply->writeInt64(sid);
             return NO_ERROR;
         }
+        case CLEAR_SECURE_USER_ID: {
+            CHECK_INTERFACE(IGateKeeperService, data, reply);
+            uint32_t uid = data.readInt32();
+            clearSecureUserId(uid);
+            reply->writeNoException();
+            return NO_ERROR;
+        }
         default:
             return BBinder::onTransact(code, data, reply, flags);
     }

diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h
index 51e179d..a777318 100644
--- a/gatekeeperd/IGateKeeperService.h
+++ b/gatekeeperd/IGateKeeperService.h

@@ -32,6 +32,7 @@
         VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1,
         VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2,
         GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3,
+        CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4,
     };
 
     // DECLARE_META_INTERFACE - C++ client interface not needed
@@ -70,6 +71,11 @@
      * Returns the secure user ID for the provided android user
      */
     virtual uint64_t getSecureUserId(uint32_t uid) = 0;
+
+    /**
+     * Clears the secure user ID associated with the user.
+     */
+    virtual void clearSecureUserId(uint32_t uid) = 0;
 };
 
 // ----------------------------------------------------------------------------

diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 82aa422..a242504 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp

@@ -173,6 +173,17 @@
         return read_sid(uid);
     }
 
+    virtual void clearSecureUserId(uint32_t uid) {
+        IPCThreadState* ipc = IPCThreadState::self();
+        const int calling_pid = ipc->getCallingPid();
+        const int calling_uid = ipc->getCallingUid();
+        if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
+            ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
+            return;
+        }
+        store_sid(uid, 0);
+    }
+
     virtual status_t dump(int fd, const Vector<String16> &) {
         IPCThreadState* ipc = IPCThreadState::self();
         const int pid = ipc->getCallingPid();