blob: 40d890fa4b20dc28fd7c3f9f80ffb31ca3b5ef9a [file] [log] [blame]
Ethan Yonkere131bec2017-12-15 23:48:02 -06001/*
2 Copyright 2018 bigbiff/Dees_Troy TeamWin
3 This file is part of TWRP/TeamWin Recovery Project.
4
5 TWRP is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
9
10 TWRP is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with TWRP. If not, see <http://www.gnu.org/licenses/>.
17*/
18
19/* The keystore refuses to allow the root user to supply auth tokens, so
20 * we write the auth token to a file in TWRP and run a separate service
21 * (this) that runs as the system user to add the auth token. TWRP waits
22 * for /auth_token to be deleted and also looks for /auth_error to check
23 * for errors. TWRP will error out after a while if /auth_token does not
24 * get deleted. */
25
26#include <stdio.h>
27#include <string>
28
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050029#ifdef USE_SECURITY_NAMESPACE
30#include <android/security/IKeystoreService.h>
31#else
Ethan Yonkere131bec2017-12-15 23:48:02 -060032#include <keystore/IKeystoreService.h>
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050033#include <keystore/authorization_set.h>
34#endif
Ethan Yonkere131bec2017-12-15 23:48:02 -060035#include <binder/IPCThreadState.h>
36#include <binder/IServiceManager.h>
37
38#include <keystore/keystore.h>
Ethan Yonkere131bec2017-12-15 23:48:02 -060039
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050040#ifndef LOG_TAG
Ethan Yonkere131bec2017-12-15 23:48:02 -060041#define LOG_TAG "keystore_auth"
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050042#endif
Ethan Yonkere131bec2017-12-15 23:48:02 -060043
44using namespace android;
45
46void create_error_file() {
47 FILE* error_file = fopen("/auth_error", "wb");
48 if (error_file == NULL) {
49 printf("Failed to open /auth_error\n");
50 ALOGE("Failed to open /auth_error\n");
51 return;
52 }
53 fwrite("1", 1, 1, error_file);
54 fclose(error_file);
55 unlink("/auth_token");
56}
57
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050058int main() {
Ethan Yonkere131bec2017-12-15 23:48:02 -060059 unlink("/auth_error");
60 FILE* auth_file = fopen("/auth_token", "rb");
61 if (auth_file == NULL) {
62 printf("Failed to open /auth_token\n");
63 ALOGE("Failed to open /auth_token\n");
64 create_error_file();
65 return -1;
66 }
67 // Get the file size
68 fseek(auth_file, 0, SEEK_END);
69 int size = ftell(auth_file);
70 fseek(auth_file, 0, SEEK_SET);
71 uint8_t auth_token[size];
72 fread(auth_token , sizeof(uint8_t), size, auth_file);
73 fclose(auth_file);
74 // First get the keystore service
75 sp<IServiceManager> sm = defaultServiceManager();
76 sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050077#ifdef USE_SECURITY_NAMESPACE
78 sp<security::IKeystoreService> service = interface_cast<security::IKeystoreService>(binder);
79#else
Ethan Yonkere131bec2017-12-15 23:48:02 -060080 sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050081#endif
Ethan Yonkere131bec2017-12-15 23:48:02 -060082 if (service == NULL) {
83 printf("error: could not connect to keystore service\n");
84 ALOGE("error: could not connect to keystore service\n");
85 create_error_file();
86 return -2;
87 }
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050088#ifdef USE_SECURITY_NAMESPACE
89 std::vector<uint8_t> auth_token_vector(&auth_token[0], (&auth_token[0]) + size);
90 int result = 0;
91 auto binder_result = service->addAuthToken(auth_token_vector, &result);
92 if (!binder_result.isOk() || !keystore::KeyStoreServiceReturnCode(result).isOk()) {
93#else
Ethan Yonkere131bec2017-12-15 23:48:02 -060094 ::keystore::KeyStoreServiceReturnCode auth_result = service->addAuthToken(auth_token, size);
95 if (!auth_result.isOk()) {
Ethan Yonkere9afc3d2018-08-30 15:16:27 -050096#endif
Ethan Yonkere131bec2017-12-15 23:48:02 -060097 // The keystore checks the uid of the calling process and will return a permission denied on this operation for user 0
98 printf("keystore error adding auth token\n");
99 ALOGE("keystore error adding auth token\n");
100 create_error_file();
101 return -3;
102 }
103 printf("successfully added auth token to keystore\n");
104 ALOGD("successfully added auth token to keystore\n");
105 unlink("/auth_token");
106 return 0;
107}