am 12ef4ba4: am 8c195ad7: Merge "Implement addAuthToken"
* commit '12ef4ba427e3a8a393ad664470ed190951bc0b6c':
Implement addAuthToken
diff --git a/keystore/Android.mk b/keystore/Android.mk
index 3480123..9463f3d 100644
--- a/keystore/Android.mk
+++ b/keystore/Android.mk
@@ -21,7 +21,7 @@
LOCAL_MULTILIB := 32
endif
LOCAL_CFLAGS := -Wall -Wextra -Werror -Wunused
-LOCAL_SRC_FILES := keystore.cpp keyblob_utils.cpp operation.cpp
+LOCAL_SRC_FILES := keystore.cpp keyblob_utils.cpp operation.cpp auth_token_table.cpp
LOCAL_SHARED_LIBRARIES := \
libbinder \
libcutils \
@@ -32,7 +32,8 @@
libsoftkeymaster \
libutils \
libselinux \
- libsoftkeymasterdevice
+ libsoftkeymasterdevice \
+ libkeymaster_messages
LOCAL_MODULE := keystore
LOCAL_MODULE_TAGS := optional
LOCAL_C_INCLUES := system/keymaster/
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 5997cd5..4b4d456 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -62,6 +62,7 @@
#include <selinux/android.h>
+#include "auth_token_table.h"
#include "defaults.h"
#include "operation.h"
@@ -166,6 +167,7 @@
P_RESET_UID = 1 << 16,
P_SYNC_UID = 1 << 17,
P_PASSWORD_UID = 1 << 18,
+ P_ADD_AUTH = 1 << 19,
} perm_t;
static struct user_euid {
@@ -198,6 +200,7 @@
"reset_uid",
"sync_uid",
"password_uid",
+ "add_auth",
};
static struct user_perm {
@@ -2835,8 +2838,21 @@
return true;
}
- int32_t addAuthToken(const uint8_t* /*token*/, size_t /*length*/) {
- return KM_ERROR_UNIMPLEMENTED;
+ int32_t addAuthToken(const uint8_t* token, size_t length) {
+ uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ pid_t spid = IPCThreadState::self()->getCallingPid();
+ if (!has_permission(callingUid, P_ADD_AUTH, spid)) {
+ ALOGW("permission denied for %d: addAuthToken", callingUid);
+ return ::PERMISSION_DENIED;
+ }
+ if (length != sizeof(hw_auth_token_t)) {
+ return KM_ERROR_INVALID_ARGUMENT;
+ }
+ hw_auth_token_t* authToken = new hw_auth_token_t;
+ memcpy(reinterpret_cast<void*>(authToken), token, sizeof(hw_auth_token_t));
+ // The table takes ownership of authToken.
+ mAuthTokenTable.AddAuthenticationToken(authToken);
+ return ::NO_ERROR;
}
private:
@@ -2880,6 +2896,7 @@
::KeyStore* mKeyStore;
OperationMap mOperationMap;
+ keymaster::AuthTokenTable mAuthTokenTable;
};
}; // namespace android