Merge "[gatekeeperd] Check parent profile for SID lookups" into mnc-dev
diff --git a/gatekeeperd/Android.mk b/gatekeeperd/Android.mk
index ce050ae..55b2d5e 100644
--- a/gatekeeperd/Android.mk
+++ b/gatekeeperd/Android.mk
@@ -18,7 +18,12 @@
include $(CLEAR_VARS)
LOCAL_CFLAGS := -Wall -Wextra -Werror -Wunused
-LOCAL_SRC_FILES := SoftGateKeeperDevice.cpp IGateKeeperService.cpp gatekeeperd.cpp
+LOCAL_SRC_FILES := \
+ SoftGateKeeperDevice.cpp \
+ IGateKeeperService.cpp \
+ gatekeeperd.cpp \
+ IUserManager.cpp
+
LOCAL_MODULE := gatekeeperd
LOCAL_SHARED_LIBRARIES := \
libbinder \
diff --git a/gatekeeperd/IUserManager.cpp b/gatekeeperd/IUserManager.cpp
new file mode 100644
index 0000000..8645fc2
--- /dev/null
+++ b/gatekeeperd/IUserManager.cpp
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "IUserManager"
+#include <stdint.h>
+#include <sys/types.h>
+#include <utils/Log.h>
+#include <binder/Parcel.h>
+
+#include "IUserManager.h"
+
+namespace android {
+
+class BpUserManager : public BpInterface<IUserManager>
+{
+public:
+ BpUserManager(const sp<IBinder>& impl) :
+ BpInterface<IUserManager>(impl) {
+ }
+ virtual int32_t getCredentialOwnerProfile(int32_t user_id) {
+ Parcel data, reply;
+ data.writeInterfaceToken(IUserManager::getInterfaceDescriptor());
+ data.writeInt32(user_id);
+ status_t rc = remote()->transact(GET_CREDENTIAL_OWNER_PROFILE, data, &reply, 0);
+ if (rc != NO_ERROR) {
+ ALOGE("%s: failed (%d)\n", __func__, rc);
+ return -1;
+ }
+
+ int32_t exception = reply.readExceptionCode();
+ if (exception != 0) {
+ ALOGE("%s: got exception (%d)\n", __func__, exception);
+ return -1;
+ }
+
+ return reply.readInt32();
+ }
+
+};
+
+IMPLEMENT_META_INTERFACE(UserManager, "android.os.IUserManager");
+
+}; // namespace android
+
diff --git a/gatekeeperd/IUserManager.h b/gatekeeperd/IUserManager.h
new file mode 100644
index 0000000..640e9b5
--- /dev/null
+++ b/gatekeeperd/IUserManager.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef IUSERMANAGER_H_
+#define IUSERMANAGER_H_
+
+#include <inttypes.h>
+#include <utils/Errors.h>
+#include <binder/IInterface.h>
+#include <binder/Parcel.h>
+#include <utils/Vector.h>
+
+namespace android {
+
+/*
+* Communication channel to UserManager
+*/
+class IUserManager : public IInterface {
+ public:
+ // must be kept in sync with IUserManager.aidl
+ enum {
+ GET_CREDENTIAL_OWNER_PROFILE = IBinder::FIRST_CALL_TRANSACTION + 0,
+ };
+
+ virtual int32_t getCredentialOwnerProfile(int32_t user_id) = 0;
+
+ DECLARE_META_INTERFACE(UserManager);
+};
+
+}; // namespace android
+
+#endif // IUSERMANAGER_H_
+
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 9788681..b4fdab0 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -40,6 +40,7 @@
#include <hardware/hw_auth_token.h>
#include "SoftGateKeeperDevice.h"
+#include "IUserManager.h"
namespace android {
@@ -263,7 +264,21 @@
}
virtual uint64_t getSecureUserId(uint32_t uid) {
- return read_sid(uid);
+ uint64_t sid = read_sid(uid);
+ if (sid == 0) {
+ // might be a work profile, look up the parent
+ sp<IServiceManager> sm = defaultServiceManager();
+ sp<IBinder> binder = sm->getService(String16("user"));
+ sp<IUserManager> um = interface_cast<IUserManager>(binder);
+ int32_t parent = um->getCredentialOwnerProfile(uid);
+ if (parent < 0) {
+ return 0;
+ } else if (parent != (int32_t) uid) {
+ return read_sid(parent);
+ }
+ }
+ return sid;
+
}
virtual void clearSecureUserId(uint32_t uid) {
