Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / 7fffb19f1a0f6da7c051299b6a69504f7078ab20^1..7fffb19f1a0f6da7c051299b6a69504f7078ab20 / .
commit7fffb19f1a0f6da7c051299b6a69504f7078ab20[log] [tgz]
authorChad Brubaker <cbrubaker@google.com>Wed Apr 01 18:10:23 2015 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>Wed Apr 01 18:10:23 2015 +0000
treee33c69874b5dec8ba9ed77b29dfe7d444a6a91fe
parent026efd182ec465169dde8879d2717be580e15846 [diff]
parent12ef4ba427e3a8a393ad664470ed190951bc0b6c [diff]
am 12ef4ba4: am 8c195ad7: Merge "Implement addAuthToken"

* commit '12ef4ba427e3a8a393ad664470ed190951bc0b6c':
  Implement addAuthToken

diff --git a/keystore/Android.mk b/keystore/Android.mk
index 3480123..9463f3d 100644
--- a/keystore/Android.mk
+++ b/keystore/Android.mk

@@ -21,7 +21,7 @@
 LOCAL_MULTILIB := 32
 endif
 LOCAL_CFLAGS := -Wall -Wextra -Werror -Wunused
-LOCAL_SRC_FILES := keystore.cpp keyblob_utils.cpp operation.cpp
+LOCAL_SRC_FILES := keystore.cpp keyblob_utils.cpp operation.cpp auth_token_table.cpp
 LOCAL_SHARED_LIBRARIES := \
 	libbinder \
 	libcutils \
@@ -32,7 +32,8 @@
 	libsoftkeymaster \
 	libutils \
 	libselinux \
-	libsoftkeymasterdevice
+	libsoftkeymasterdevice \
+	libkeymaster_messages
 LOCAL_MODULE := keystore
 LOCAL_MODULE_TAGS := optional
 LOCAL_C_INCLUES := system/keymaster/

diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 5997cd5..4b4d456 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp

@@ -62,6 +62,7 @@
 
 #include <selinux/android.h>
 
+#include "auth_token_table.h"
 #include "defaults.h"
 #include "operation.h"
 
@@ -166,6 +167,7 @@
     P_RESET_UID     = 1 << 16,
     P_SYNC_UID      = 1 << 17,
     P_PASSWORD_UID  = 1 << 18,
+    P_ADD_AUTH      = 1 << 19,
 } perm_t;
 
 static struct user_euid {
@@ -198,6 +200,7 @@
     "reset_uid",
     "sync_uid",
     "password_uid",
+    "add_auth",
 };
 
 static struct user_perm {
@@ -2835,8 +2838,21 @@
         return true;
     }
 
-    int32_t addAuthToken(const uint8_t* /*token*/, size_t /*length*/) {
-        return KM_ERROR_UNIMPLEMENTED;
+    int32_t addAuthToken(const uint8_t* token, size_t length) {
+        uid_t callingUid = IPCThreadState::self()->getCallingUid();
+        pid_t spid = IPCThreadState::self()->getCallingPid();
+        if (!has_permission(callingUid, P_ADD_AUTH, spid)) {
+            ALOGW("permission denied for %d: addAuthToken", callingUid);
+            return ::PERMISSION_DENIED;
+        }
+        if (length != sizeof(hw_auth_token_t)) {
+            return KM_ERROR_INVALID_ARGUMENT;
+        }
+        hw_auth_token_t* authToken = new hw_auth_token_t;
+        memcpy(reinterpret_cast<void*>(authToken), token, sizeof(hw_auth_token_t));
+        // The table takes ownership of authToken.
+        mAuthTokenTable.AddAuthenticationToken(authToken);
+        return ::NO_ERROR;
     }
 
 private:
@@ -2880,6 +2896,7 @@
 
     ::KeyStore* mKeyStore;
     OperationMap mOperationMap;
+    keymaster::AuthTokenTable mAuthTokenTable;
 };
 
 }; // namespace android