| /* |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.server.oemlock; |
| |
| import android.annotation.Nullable; |
| import android.content.Context; |
| import android.hardware.oemlock.V1_0.IOemLock; |
| import android.hardware.oemlock.V1_0.OemLockSecureStatus; |
| import android.hardware.oemlock.V1_0.OemLockStatus; |
| import android.os.RemoteException; |
| import android.util.Slog; |
| |
| import java.util.ArrayList; |
| import java.util.NoSuchElementException; |
| |
| /** |
| * Uses the OEM lock HAL. |
| */ |
| class VendorLock extends OemLock { |
| private static final String TAG = "OemLock"; |
| |
| private Context mContext; |
| private IOemLock mOemLock; |
| |
| static IOemLock getOemLockHalService() { |
| try { |
| return IOemLock.getService(/* retry */ true); |
| } catch (NoSuchElementException e) { |
| Slog.i(TAG, "OemLock HAL not present on device"); |
| return null; |
| } catch (RemoteException e) { |
| throw e.rethrowFromSystemServer(); |
| } |
| } |
| |
| VendorLock(Context context, IOemLock oemLock) { |
| mContext = context; |
| mOemLock = oemLock; |
| } |
| |
| @Override |
| @Nullable |
| String getLockName() { |
| final Integer[] requestStatus = new Integer[1]; |
| final String[] lockName = new String[1]; |
| |
| try { |
| mOemLock.getName((status, name) -> { |
| requestStatus[0] = status; |
| lockName[0] = name; |
| }); |
| } catch (RemoteException e) { |
| Slog.e(TAG, "Failed to get name from HAL", e); |
| throw e.rethrowFromSystemServer(); |
| } |
| |
| switch (requestStatus[0]) { |
| case OemLockStatus.OK: |
| // Success |
| return lockName[0]; |
| |
| case OemLockStatus.FAILED: |
| Slog.e(TAG, "Failed to get OEM lock name."); |
| return null; |
| |
| default: |
| Slog.e(TAG, "Unknown return value indicates code is out of sync with HAL"); |
| return null; |
| } |
| } |
| |
| @Override |
| void setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature) { |
| try { |
| ArrayList<Byte> signatureBytes = toByteArrayList(signature); |
| switch (mOemLock.setOemUnlockAllowedByCarrier(allowed, signatureBytes)) { |
| case OemLockSecureStatus.OK: |
| Slog.i(TAG, "Updated carrier allows OEM lock state to: " + allowed); |
| return; |
| |
| case OemLockSecureStatus.INVALID_SIGNATURE: |
| if (signatureBytes.isEmpty()) { |
| throw new IllegalArgumentException("Signature required for carrier unlock"); |
| } |
| throw new SecurityException( |
| "Invalid signature used in attempt to carrier unlock"); |
| |
| default: |
| Slog.e(TAG, "Unknown return value indicates code is out of sync with HAL"); |
| // Fallthrough |
| case OemLockSecureStatus.FAILED: |
| throw new RuntimeException("Failed to set carrier OEM unlock state"); |
| } |
| } catch (RemoteException e) { |
| Slog.e(TAG, "Failed to set carrier state with HAL", e); |
| throw e.rethrowFromSystemServer(); |
| } |
| } |
| |
| @Override |
| boolean isOemUnlockAllowedByCarrier() { |
| final Integer[] requestStatus = new Integer[1]; |
| final Boolean[] allowedByCarrier = new Boolean[1]; |
| |
| try { |
| mOemLock.isOemUnlockAllowedByCarrier((status, allowed) -> { |
| requestStatus[0] = status; |
| allowedByCarrier[0] = allowed; |
| }); |
| } catch (RemoteException e) { |
| Slog.e(TAG, "Failed to get carrier state from HAL"); |
| throw e.rethrowFromSystemServer(); |
| } |
| |
| switch (requestStatus[0]) { |
| case OemLockStatus.OK: |
| // Success |
| return allowedByCarrier[0]; |
| |
| default: |
| Slog.e(TAG, "Unknown return value indicates code is out of sync with HAL"); |
| // Fallthrough |
| case OemLockStatus.FAILED: |
| throw new RuntimeException("Failed to get carrier OEM unlock state"); |
| } |
| } |
| |
| @Override |
| void setOemUnlockAllowedByDevice(boolean allowedByDevice) { |
| try { |
| switch (mOemLock.setOemUnlockAllowedByDevice(allowedByDevice)) { |
| case OemLockSecureStatus.OK: |
| Slog.i(TAG, "Updated device allows OEM lock state to: " + allowedByDevice); |
| return; |
| |
| default: |
| Slog.e(TAG, "Unknown return value indicates code is out of sync with HAL"); |
| // Fallthrough |
| case OemLockSecureStatus.FAILED: |
| throw new RuntimeException("Failed to set device OEM unlock state"); |
| } |
| } catch (RemoteException e) { |
| Slog.e(TAG, "Failed to set device state with HAL", e); |
| throw e.rethrowFromSystemServer(); |
| } |
| } |
| |
| @Override |
| boolean isOemUnlockAllowedByDevice() { |
| final Integer[] requestStatus = new Integer[1]; |
| final Boolean[] allowedByDevice = new Boolean[1]; |
| |
| try { |
| mOemLock.isOemUnlockAllowedByDevice((status, allowed) -> { |
| requestStatus[0] = status; |
| allowedByDevice[0] = allowed; |
| }); |
| } catch (RemoteException e) { |
| Slog.e(TAG, "Failed to get devie state from HAL"); |
| throw e.rethrowFromSystemServer(); |
| } |
| |
| switch (requestStatus[0]) { |
| case OemLockStatus.OK: |
| // Success |
| return allowedByDevice[0]; |
| |
| default: |
| Slog.e(TAG, "Unknown return value indicates code is out of sync with HAL"); |
| // Fallthrough |
| case OemLockStatus.FAILED: |
| throw new RuntimeException("Failed to get device OEM unlock state"); |
| } |
| } |
| |
| private ArrayList<Byte> toByteArrayList(byte[] data) { |
| if (data == null) { |
| return new ArrayList<Byte>(); |
| } |
| ArrayList<Byte> result = new ArrayList<Byte>(data.length); |
| for (final byte b : data) { |
| result.add(b); |
| } |
| return result; |
| } |
| } |
