1 /*
2  * Copyright 2015, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15 */
16 
17 #include <inttypes.h>
18 
19 #include <binder/IPCThreadState.h>
20 #include <binder/IServiceManager.h>
21 #include <binder/PermissionCache.h>
22 #include <utils/String16.h>
23 #include <utils/Looper.h>
24 #include <keystore/IKeystoreService.h>
25 #include <keystore/keystore.h> // for error code
26 #include <hardware/hardware.h>
27 #include <hardware/fingerprint.h>
28 #include <hardware/hw_auth_token.h>
29 #include "IFingerprintDaemon.h"
30 #include "IFingerprintDaemonCallback.h"
31 
32 namespace android {
33 
34 static const String16 USE_FINGERPRINT_PERMISSION("android.permission.USE_FINGERPRINT");
35 static const String16 MANAGE_FINGERPRINT_PERMISSION("android.permission.MANAGE_FINGERPRINT");
36 static const String16 HAL_FINGERPRINT_PERMISSION("android.permission.MANAGE_FINGERPRINT"); // TODO
37 static const String16 DUMP_PERMISSION("android.permission.DUMP");
38 
39 const android::String16
40 IFingerprintDaemon::descriptor("android.hardware.fingerprint.IFingerprintDaemon");
41 
42 const android::String16&
getInterfaceDescriptor() const43 IFingerprintDaemon::getInterfaceDescriptor() const {
44     return IFingerprintDaemon::descriptor;
45 }
46 
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)47 status_t BnFingerprintDaemon::onTransact(uint32_t code, const Parcel& data, Parcel* reply,
48         uint32_t flags) {
49     switch(code) {
50         case AUTHENTICATE: {
51             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
52             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
53                 return PERMISSION_DENIED;
54             }
55             const uint64_t sessionId = data.readInt64();
56             const uint32_t groupId = data.readInt32();
57             const int32_t ret = authenticate(sessionId, groupId);
58             reply->writeNoException();
59             reply->writeInt32(ret);
60             return NO_ERROR;
61         };
62         case CANCEL_AUTHENTICATION: {
63             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
64             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
65                 return PERMISSION_DENIED;
66             }
67             const int32_t ret = stopAuthentication();
68             reply->writeNoException();
69             reply->writeInt32(ret);
70             return NO_ERROR;
71         }
72         case ENROLL: {
73             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
74             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
75                 return PERMISSION_DENIED;
76             }
77             const ssize_t tokenSize = data.readInt32();
78             const uint8_t* token = static_cast<const uint8_t *>(data.readInplace(tokenSize));
79             const int32_t groupId = data.readInt32();
80             const int32_t timeout = data.readInt32();
81             const int32_t ret = enroll(token, tokenSize, groupId, timeout);
82             reply->writeNoException();
83             reply->writeInt32(ret);
84             return NO_ERROR;
85         }
86         case CANCEL_ENROLLMENT: {
87             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
88             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
89                 return PERMISSION_DENIED;
90             }
91             const int32_t ret = stopEnrollment();
92             reply->writeNoException();
93             reply->writeInt32(ret);
94             return NO_ERROR;
95         }
96         case PRE_ENROLL: {
97             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
98             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
99                 return PERMISSION_DENIED;
100             }
101             const uint64_t ret = preEnroll();
102             reply->writeNoException();
103             reply->writeInt64(ret);
104             return NO_ERROR;
105         }
106         case POST_ENROLL: {
107             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
108             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
109                 return PERMISSION_DENIED;
110             }
111             const int32_t ret = postEnroll();
112             reply->writeNoException();
113             reply->writeInt32(ret);
114             return NO_ERROR;
115         }
116         case REMOVE: {
117             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
118             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
119                 return PERMISSION_DENIED;
120             }
121             const int32_t fingerId = data.readInt32();
122             const int32_t groupId = data.readInt32();
123             const int32_t ret = remove(fingerId, groupId);
124             reply->writeNoException();
125             reply->writeInt32(ret);
126             return NO_ERROR;
127         }
128         case GET_AUTHENTICATOR_ID: {
129             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
130             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
131                 return PERMISSION_DENIED;
132             }
133             const uint64_t ret = getAuthenticatorId();
134             reply->writeNoException();
135             reply->writeInt64(ret);
136             return NO_ERROR;
137         }
138         case SET_ACTIVE_GROUP: {
139             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
140             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
141                 return PERMISSION_DENIED;
142             }
143             const int32_t group = data.readInt32();
144             const ssize_t pathSize = data.readInt32();
145             const uint8_t* path = static_cast<const uint8_t *>(data.readInplace(pathSize));
146             const int32_t ret = setActiveGroup(group, path, pathSize);
147             reply->writeNoException();
148             reply->writeInt32(ret);
149             return NO_ERROR;
150         }
151         case OPEN_HAL: {
152             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
153             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
154                 return PERMISSION_DENIED;
155             }
156             const int64_t ret = openHal();
157             reply->writeNoException();
158             reply->writeInt64(ret);
159             return NO_ERROR;
160         }
161         case CLOSE_HAL: {
162             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
163             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
164                 return PERMISSION_DENIED;
165             }
166             const int32_t ret = closeHal();
167             reply->writeNoException();
168             reply->writeInt32(ret);
169             return NO_ERROR;
170         }
171         case INIT: {
172             CHECK_INTERFACE(IFingerprintDaemon, data, reply);
173             if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
174                 return PERMISSION_DENIED;
175             }
176             sp<IFingerprintDaemonCallback> callback =
177                     interface_cast<IFingerprintDaemonCallback>(data.readStrongBinder());
178             init(callback);
179             reply->writeNoException();
180             return NO_ERROR;
181         }
182         default:
183             return BBinder::onTransact(code, data, reply, flags);
184     }
185 };
186 
checkPermission(const String16 & permission)187 bool BnFingerprintDaemon::checkPermission(const String16& permission) {
188     const IPCThreadState* ipc = IPCThreadState::self();
189     const int calling_pid = ipc->getCallingPid();
190     const int calling_uid = ipc->getCallingUid();
191     return PermissionCache::checkPermission(permission, calling_pid, calling_uid);
192 }
193 
194 
195 }; // namespace android
196