From 82599ddafa8d69f8da09a0daf17e8cd75e8b8475 Mon Sep 17 00:00:00 2001 From: Subrahmanyaman Date: Thu, 21 Jul 2022 00:45:47 +0000 Subject: [PATCH] hidl2aidl: conversion of gatekeeper hidl to aidl Conversion of the gatekeeper hidl interface to stable aidl interface. Bug: 205760843 Test: run vts -m VtsHalGatekeeperTarget Change-Id: Iacba60935581c38348437875b452aeb4b5121f9e --- .../compatibility_matrix.current.xml | 10 +- gatekeeper/OWNERS | 2 + gatekeeper/aidl/Android.bp | 29 ++++ .../gatekeeper/GatekeeperEnrollResponse.aidl | 41 +++++ .../gatekeeper/GatekeeperVerifyResponse.aidl | 40 +++++ .../hardware/gatekeeper/IGatekeeper.aidl | 46 ++++++ .../gatekeeper/GatekeeperEnrollResponse.aidl | 41 +++++ .../gatekeeper/GatekeeperVerifyResponse.aidl | 41 +++++ .../hardware/gatekeeper/IGatekeeper.aidl | 146 ++++++++++++++++++ 9 files changed, 395 insertions(+), 1 deletion(-) create mode 100644 gatekeeper/OWNERS create mode 100644 gatekeeper/aidl/Android.bp create mode 100644 gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/GatekeeperEnrollResponse.aidl create mode 100644 gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/GatekeeperVerifyResponse.aidl create mode 100644 gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/IGatekeeper.aidl create mode 100644 gatekeeper/aidl/android/hardware/gatekeeper/GatekeeperEnrollResponse.aidl create mode 100644 gatekeeper/aidl/android/hardware/gatekeeper/GatekeeperVerifyResponse.aidl create mode 100644 gatekeeper/aidl/android/hardware/gatekeeper/IGatekeeper.aidl diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml index 4e2a4edc13..894797787b 100644 --- a/compatibility_matrices/compatibility_matrix.current.xml +++ b/compatibility_matrices/compatibility_matrix.current.xml @@ -241,7 +241,7 @@ default - + android.hardware.gatekeeper 1.0 @@ -249,6 +249,14 @@ default + + android.hardware.gatekeeper + 1 + + IGatekeeper + default + + android.hardware.gnss 2 diff --git a/gatekeeper/OWNERS b/gatekeeper/OWNERS new file mode 100644 index 0000000000..d95b8567c1 --- /dev/null +++ b/gatekeeper/OWNERS @@ -0,0 +1,2 @@ +swillden@google.com +guangzhu@google.com diff --git a/gatekeeper/aidl/Android.bp b/gatekeeper/aidl/Android.bp new file mode 100644 index 0000000000..6b1bc7e816 --- /dev/null +++ b/gatekeeper/aidl/Android.bp @@ -0,0 +1,29 @@ +package { + // See: http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // all of the 'license_kinds' from "hardware_interfaces_license" + // to get the below license kinds: + // SPDX-license-identifier-Apache-2.0 + default_applicable_licenses: ["hardware_interfaces_license"], +} + +aidl_interface { + name: "android.hardware.gatekeeper", + vendor_available: true, + imports: [ + "android.hardware.security.keymint-V2", + ], + srcs: ["android/hardware/gatekeeper/*.aidl"], + stability: "vintf", + backend: { + java: { + platform_apis: true, + }, + ndk: { + apps_enabled: false, + }, + cpp: { + enabled: false, + }, + }, +} diff --git a/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/GatekeeperEnrollResponse.aidl b/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/GatekeeperEnrollResponse.aidl new file mode 100644 index 0000000000..ae64ffce5a --- /dev/null +++ b/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/GatekeeperEnrollResponse.aidl @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL file. Do not edit it manually. There are +// two cases: +// 1). this is a frozen version file - do not edit this in any case. +// 2). this is a 'current' file. If you make a backwards compatible change to +// the interface (from the latest frozen version), the build system will +// prompt you to update this file with `m -update-api`. +// +// You must not make a backward incompatible change to any AIDL file built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.gatekeeper; +@VintfStability +parcelable GatekeeperEnrollResponse { + int statusCode; + int timeoutMs; + long secureUserId; + byte[] data; +} diff --git a/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/GatekeeperVerifyResponse.aidl b/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/GatekeeperVerifyResponse.aidl new file mode 100644 index 0000000000..f55da302d2 --- /dev/null +++ b/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/GatekeeperVerifyResponse.aidl @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL file. Do not edit it manually. There are +// two cases: +// 1). this is a frozen version file - do not edit this in any case. +// 2). this is a 'current' file. If you make a backwards compatible change to +// the interface (from the latest frozen version), the build system will +// prompt you to update this file with `m -update-api`. +// +// You must not make a backward incompatible change to any AIDL file built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.gatekeeper; +@VintfStability +parcelable GatekeeperVerifyResponse { + int statusCode; + int timeoutMs; + android.hardware.security.keymint.HardwareAuthToken hardwareAuthToken; +} diff --git a/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/IGatekeeper.aidl b/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/IGatekeeper.aidl new file mode 100644 index 0000000000..1a6f1ff046 --- /dev/null +++ b/gatekeeper/aidl/aidl_api/android.hardware.gatekeeper/current/android/hardware/gatekeeper/IGatekeeper.aidl @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL file. Do not edit it manually. There are +// two cases: +// 1). this is a frozen version file - do not edit this in any case. +// 2). this is a 'current' file. If you make a backwards compatible change to +// the interface (from the latest frozen version), the build system will +// prompt you to update this file with `m -update-api`. +// +// You must not make a backward incompatible change to any AIDL file built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.gatekeeper; +@SensitiveData @VintfStability +interface IGatekeeper { + void deleteAllUsers(); + void deleteUser(in int uid); + android.hardware.gatekeeper.GatekeeperEnrollResponse enroll(in int uid, in byte[] currentPasswordHandle, in byte[] currentPassword, in byte[] desiredPassword); + android.hardware.gatekeeper.GatekeeperVerifyResponse verify(in int uid, in long challenge, in byte[] enrolledPasswordHandle, in byte[] providedPassword); + const int STATUS_REENROLL = 1; + const int STATUS_OK = 0; + const int ERROR_GENERAL_FAILURE = -1; + const int ERROR_RETRY_TIMEOUT = -2; + const int ERROR_NOT_IMPLEMENTED = -3; +} diff --git a/gatekeeper/aidl/android/hardware/gatekeeper/GatekeeperEnrollResponse.aidl b/gatekeeper/aidl/android/hardware/gatekeeper/GatekeeperEnrollResponse.aidl new file mode 100644 index 0000000000..04bacf0ca1 --- /dev/null +++ b/gatekeeper/aidl/android/hardware/gatekeeper/GatekeeperEnrollResponse.aidl @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.hardware.gatekeeper; + +/** + * Gatekeeper response to enroll requests has this structure as mandatory part + */ +@VintfStability +parcelable GatekeeperEnrollResponse { + /** + * Request completion status + */ + int statusCode; + /** + * Retry timeout in ms, if code == ERROR_RETRY_TIMEOUT + * otherwise unused (0) + */ + int timeoutMs; + /** + * secure user id. + */ + long secureUserId; + /** + * optional crypto blob. Opaque to Android system. + */ + byte[] data; +} diff --git a/gatekeeper/aidl/android/hardware/gatekeeper/GatekeeperVerifyResponse.aidl b/gatekeeper/aidl/android/hardware/gatekeeper/GatekeeperVerifyResponse.aidl new file mode 100644 index 0000000000..bcf2d7665d --- /dev/null +++ b/gatekeeper/aidl/android/hardware/gatekeeper/GatekeeperVerifyResponse.aidl @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.hardware.gatekeeper; + +import android.hardware.security.keymint.HardwareAuthToken; + +/** + * Gatekeeper response to verify requests has this structure as mandatory part + */ +@VintfStability +parcelable GatekeeperVerifyResponse { + /** + * Request completion status + */ + int statusCode; + /** + * Retry timeout in ms, if code == ERROR_RETRY_TIMEOUT + * otherwise unused (0) + */ + int timeoutMs; + /** + * On successful verification of the password, + * IGatekeeper implementations must return hardware auth token + * in the response. + */ + HardwareAuthToken hardwareAuthToken; +} diff --git a/gatekeeper/aidl/android/hardware/gatekeeper/IGatekeeper.aidl b/gatekeeper/aidl/android/hardware/gatekeeper/IGatekeeper.aidl new file mode 100644 index 0000000000..927293ef8b --- /dev/null +++ b/gatekeeper/aidl/android/hardware/gatekeeper/IGatekeeper.aidl @@ -0,0 +1,146 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.hardware.gatekeeper; + +import android.hardware.gatekeeper.GatekeeperEnrollResponse; +import android.hardware.gatekeeper.GatekeeperVerifyResponse; + +@VintfStability +@SensitiveData +interface IGatekeeper { + /** + * enroll and verify binder calls may return a ServiceSpecificException + * with the following error codes. + */ + /* Success, but upper layers should re-enroll the verified password due to a version change. */ + const int STATUS_REENROLL = 1; + /* operation is successful */ + const int STATUS_OK = 0; + /* operation is successful. */ + const int ERROR_GENERAL_FAILURE = -1; + /* operation should be retried after timeout. */ + const int ERROR_RETRY_TIMEOUT = -2; + /* operation is not implemented. */ + const int ERROR_NOT_IMPLEMENTED = -3; + + /** + * Deletes all the enrolled_password_handles for all uid's. Once called, + * no users must be enrolled on the device. + * This is an optional method. + * + * Service status return: + * + * OK if all the users are deleted successfully. + * ERROR_GENERAL_FAILURE on failure. + * ERROR_NOT_IMPLEMENTED if not implemented. + */ + void deleteAllUsers(); + + /** + * Deletes the enrolledPasswordHandle associated with the uid. Once deleted + * the user cannot be verified anymore. + * This is an optional method. + * + * Service status return: + * + * OK if user is deleted successfully. + * ERROR_GENERAL_FAILURE on failure. + * ERROR_NOT_IMPLEMENTED if not implemented. + * + * @param uid The Android user identifier + */ + void deleteUser(in int uid); + + /** + * Enrolls desiredPassword, which may be derived from a user selected pin + * or password, with the private key used only for enrolling authentication + * factor data. + * + * If there was already a password enrolled, current password handle must be + * passed in currentPasswordHandle, and current password must be passed in + * currentPassword. Valid currentPassword must verify() against + * currentPasswordHandle. + * + * Service status return: + * + * OK if password is enrolled successfully. + * ERROR_GENERAL_FAILURE on failure. + * ERROR_NOT_IMPLEMENTED if not implemented. + * + * @param uid The Android user identifier + * + * @param currentPasswordHandle The currently enrolled password handle the user + * wants to replace. May be empty only if there's no currently enrolled + * password. Otherwise must be non-empty. + * + * @param currentPassword The user's current password in plain text. + * it MUST verify against current_password_handle if the latter is not-empty + * + * @param desiredPassword The new password the user wishes to enroll in + * plaintext. + * + * @return + * On success, data buffer must contain the new password handle referencing + * the password provided in desiredPassword. + * This buffer can be used on subsequent calls to enroll or + * verify. response.statusCode must contain either ERROR_RETRY_TIMEOUT or + * STATUS_OK. On error, this buffer must be empty. This method may return + * ERROR_GENERAL_FAILURE on failure. + * If ERROR_RETRY_TIMEOUT is returned, response.timeout must be non-zero. + */ + GatekeeperEnrollResponse enroll(in int uid, in byte[] currentPasswordHandle, + in byte[] currentPassword, in byte[] desiredPassword); + + /** + * Verifies that providedPassword matches enrolledPasswordHandle. + * + * Implementations of this module may retain the result of this call + * to attest to the recency of authentication. + * + * On success, returns verification token in response.data, which shall be + * usable to attest password verification to other trusted services. + * + * Service status return: + * + * OK if password is enrolled successfully. + * ERROR_GENERAL_FAILURE on failure. + * ERROR_NOT_IMPLEMENTED if not implemented. + * + * @param uid The Android user identifier + * + * @param challenge An optional challenge to authenticate against, or 0. + * Used when a separate authenticator requests password verification, + * or for transactional password authentication. + * + * @param enrolledPasswordHandle The currently enrolled password handle that + * user wishes to verify against. Must be non-empty. + * + * @param providedPassword The plaintext password to be verified against the + * enrolledPasswordHandle + * + * @return + * On success, a HardwareAuthToken resulting from this verification is returned. + * response.statusCode must contain either ERROR_RETRY_TIMEOUT or + * or STATUS_REENROLL or STATUS_OK. + * On error, data buffer must be empty. + * This method may return ERROR_GENERAL_FAILURE on failure. + * If password re-enrollment is necessary, it must return STATUS_REENROLL. + * If ERROR_RETRY_TIMEOUT is returned, response.timeout must be non-zero. + */ + GatekeeperVerifyResponse verify(in int uid, in long challenge, in byte[] enrolledPasswordHandle, + in byte[] providedPassword); +}