commit 7f99e576e968f6e42fbe703d328b5d22941e1349
author Andres Morales <anmorales@google.com> Thu Apr 16 23:39:37 2015 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Thu Apr 16 23:39:37 2015 +0000
tree e5f6c235fbf91fc57c89bc42eb6650a81af3c166
parent 9cd4cdd4a56fa1be99f9f39be564c6da657c4c9a
parent 09538f34e1f767a363ee6ab5d3e4e35215d444e8

Merge "Implement clear SID API"

gatekeeperd/IGateKeeperService.cpp

diff --git a/gatekeeperd/IGateKeeperService.cpp b/gatekeeperd/IGateKeeperService.cpp
index d4ed533..f5bbbf1 100644
--- a/gatekeeperd/IGateKeeperService.cpp
+++ b/gatekeeperd/IGateKeeperService.cpp
@@ -123,6 +123,13 @@
             reply->writeInt64(sid);
             return NO_ERROR;
         }
+        case CLEAR_SECURE_USER_ID: {
+            CHECK_INTERFACE(IGateKeeperService, data, reply);
+            uint32_t uid = data.readInt32();
+            clearSecureUserId(uid);
+            reply->writeNoException();
+            return NO_ERROR;
+        }
         default:
             return BBinder::onTransact(code, data, reply, flags);
     }

gatekeeperd/IGateKeeperService.h

diff --git a/gatekeeperd/IGateKeeperService.h b/gatekeeperd/IGateKeeperService.h
index 51e179d..a777318 100644
--- a/gatekeeperd/IGateKeeperService.h
+++ b/gatekeeperd/IGateKeeperService.h
@@ -32,6 +32,7 @@
         VERIFY = IBinder::FIRST_CALL_TRANSACTION + 1,
         VERIFY_CHALLENGE = IBinder::FIRST_CALL_TRANSACTION + 2,
         GET_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 3,
+        CLEAR_SECURE_USER_ID = IBinder::FIRST_CALL_TRANSACTION + 4,
     };
 
     // DECLARE_META_INTERFACE - C++ client interface not needed
@@ -70,6 +71,11 @@
      * Returns the secure user ID for the provided android user
      */
     virtual uint64_t getSecureUserId(uint32_t uid) = 0;
+
+    /**
+     * Clears the secure user ID associated with the user.
+     */
+    virtual void clearSecureUserId(uint32_t uid) = 0;
 };
 
 // ----------------------------------------------------------------------------

gatekeeperd/gatekeeperd.cpp

diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 82aa422..a242504 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -173,6 +173,17 @@
         return read_sid(uid);
     }
 
+    virtual void clearSecureUserId(uint32_t uid) {
+        IPCThreadState* ipc = IPCThreadState::self();
+        const int calling_pid = ipc->getCallingPid();
+        const int calling_uid = ipc->getCallingUid();
+        if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
+            ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
+            return;
+        }
+        store_sid(uid, 0);
+    }
+
     virtual status_t dump(int fd, const Vector<String16> &) {
         IPCThreadState* ipc = IPCThreadState::self();
         const int pid = ipc->getCallingPid();