Google Git
Sign in
android / platform / frameworks / base / refs/heads/main / . / telephony / java / android / telephony / gba / GbaService.java
blob: 3962aff9df4f057629cef0be8e548b853e267769 [file] [log] [blame]
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.telephony.gba;
import android.annotation.NonNull;
import android.annotation.SystemApi;
import android.app.Service;
import android.content.Intent;
import android.net.Uri;
import android.os.Build;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.IBinder;
import android.os.Looper;
import android.os.Message;
import android.os.RemoteException;
import android.telephony.Annotation.UiccAppTypeExt;
import android.telephony.IBootstrapAuthenticationCallback;
import android.telephony.TelephonyManager;
import android.telephony.TelephonyManager.AuthenticationFailureReason;
import android.util.Log;
import android.util.SparseArray;
/**
* Base class for GBA Service. Any implementation which wants to provide
* GBA service must extend this class.
*
* <p>Note that the application to implement the service must declare to use
* the permission {@link android.Manifest.permission#BIND_GBA_SERVICE},
* and filter the intent of {@link #SERVICE_INTERFACE}.
* The manifest of the service must follow the format below:
*
* <p>...
* <service
* android:name=".EgGbaService"
* android:directBootAware="true"
* android:permission="android.permission.BIND_GBA_SERVICE" >
* ...
* <intent-filter>
* <action android:name="android.telephony.gba.GbaService"/>
* </intent-filter>
* </service>
* ...
*
* <p>The service should also be file-based encryption (FBE) aware.
* {@hide}
*/
@SystemApi
public class GbaService extends Service {
private static final boolean DBG = Build.IS_DEBUGGABLE;
private static final String TAG = "GbaService";
/**
* The intent must be defined as an intent-filter in the
* AndroidManifest of the GbaService.
*/
public static final String SERVICE_INTERFACE = "android.telephony.gba.GbaService";
private static final int EVENT_GBA_AUTH_REQUEST = 1;
private final HandlerThread mHandlerThread;
private final GbaServiceHandler mHandler;
private final SparseArray<IBootstrapAuthenticationCallback> mCallbacks = new SparseArray<>();
private final IGbaServiceWrapper mBinder = new IGbaServiceWrapper();
/**
* Default constructor.
*/
public GbaService() {
mHandlerThread = new HandlerThread(TAG);
mHandlerThread.start();
mHandler = new GbaServiceHandler(mHandlerThread.getLooper());
Log.d(TAG, "GBA service created");
}
private class GbaServiceHandler extends Handler {
GbaServiceHandler(Looper looper) {
super(looper);
}
@Override
public void handleMessage(Message msg) {
switch (msg.what) {
case EVENT_GBA_AUTH_REQUEST:
GbaAuthRequest req = (GbaAuthRequest) msg.obj;
synchronized (mCallbacks) {
mCallbacks.put(req.getToken(), req.getCallback());
}
onAuthenticationRequest(req.getSubId(), req.getToken(), req.getAppType(),
req.getNafUrl(), req.getSecurityProtocol(), req.isForceBootStrapping());
break;
default:
break;
}
}
}
/**
* Called by the platform when a GBA authentication request is received from
* {@link TelephonyManager#bootstrapAuthenticationRequest} to get the KsNAF for
* a particular NAF.
*
* @param subscriptionId the ICC card to be used for the bootstrapping authentication.
* @param token the identification of the authentication request.
* @param appType icc application type, like {@link #APPTYPE_USIM} or {@link
* #APPTYPE_ISIM} or {@link#APPTYPE_UNKNOWN}
* @param nafUrl Network Application Function(NAF) fully qualified domain name and
* the selected GBA mode. It shall contain two parts delimited by "@" sign. The first
* part is the constant string "3GPP-bootstrapping" (GBA_ME),
* "3GPP-bootstrapping-uicc" (GBA_ U), or "3GPP-bootstrapping-digest" (GBA_Digest),
* and the latter part shall be the FQDN of the NAF (e.g.
* "3GPP-bootstrapping@naf1.operator.com" or "3GPP-bootstrapping-uicc@naf1.operator.com",
* or "3GPP-bootstrapping-digest@naf1.operator.com").
* @param securityProtocol Security protocol identifier between UE and NAF.  See
* 3GPP TS 33.220 Annex H. Application can use
   * {@link UaSecurityProtocolIdentifier#createDefaultUaSpId},
* {@link UaSecurityProtocolIdentifier#create3GppUaSpId},
* to create the ua security protocol identifier as needed
  * @param forceBootStrapping true=force bootstrapping, false=do not force
  * bootstrapping. Bootstrapping shouldn't be forced unless the application sees
  * authentication errors from the server.
* Response is returned via {@link TelephonyManager#BootstrapAuthenticationCallback}
* along with the token to identify the request.
*
* <p>Note that this is not called in the main thread.
*/
public void onAuthenticationRequest(int subscriptionId, int token, @UiccAppTypeExt int appType,
@NonNull Uri nafUrl, @NonNull byte[] securityProtocol, boolean forceBootStrapping) {
//Default implementation should be overridden by vendor Gba Service. Vendor Gba Service
//should handle the gba bootstrap authentication request, and call reportKeysAvailable or
//reportAuthenticationFailure to notify the caller accordingly.
reportAuthenticationFailure(
token, TelephonyManager.GBA_FAILURE_REASON_FEATURE_NOT_SUPPORTED);
}
/**
* Called by {@link GbaService} when the previously requested GBA keys are available
* (@see onAuthenticationRequest())
*
* @param token unique identifier of the request.
* @param gbaKey KsNaf Response.
* @param transactionId Bootstrapping Transaction ID.
* @throws RuntimeException when there is remote failure of callback.
*/
public final void reportKeysAvailable(int token, @NonNull byte[] gbaKey,
@NonNull String transactionId) throws RuntimeException {
IBootstrapAuthenticationCallback cb = null;
synchronized (mCallbacks) {
cb = mCallbacks.get(token);
mCallbacks.remove(token);
}
if (cb != null) {
try {
cb.onKeysAvailable(token, gbaKey, transactionId);
} catch (RemoteException exception) {
throw exception.rethrowAsRuntimeException();
}
}
}
/**
* Invoked when the previously requested GBA key authentication failed
* (@see onAuthenticationRequest())
*
* @param token unique identifier of the request.
* @param reason The reason for the authentication failure.
* @throws RuntimeException when there is remote failure of callback.
*/
public final void reportAuthenticationFailure(int token,
@AuthenticationFailureReason int reason) throws RuntimeException {
IBootstrapAuthenticationCallback cb = null;
synchronized (mCallbacks) {
cb = mCallbacks.get(token);
mCallbacks.remove(token);
}
if (cb != null) {
try {
cb.onAuthenticationFailure(token, reason);
} catch (RemoteException exception) {
throw exception.rethrowAsRuntimeException();
}
}
}
/** @hide */
@Override
public IBinder onBind(Intent intent) {
if (SERVICE_INTERFACE.equals(intent.getAction())) {
Log.d(TAG, "GbaService Bound.");
return mBinder;
}
return null;
}
/** @hide */
@Override
public void onDestroy() {
mHandlerThread.quit();
super.onDestroy();
}
private class IGbaServiceWrapper extends IGbaService.Stub {
@Override
public void authenticationRequest(GbaAuthRequest request) {
if (DBG) Log.d(TAG, "receive request: " + request);
mHandler.obtainMessage(EVENT_GBA_AUTH_REQUEST, request).sendToTarget();
}
}
}