//
// Copyright (C) 2016 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include "tpm_manager/server/binder_service.h"
#include <sysexits.h>
#include <base/bind.h>
#include <binderwrapper/binder_wrapper.h>
#include "tpm_manager/common/tpm_manager.pb.h"
#include "tpm_manager/common/tpm_manager_constants.h"
namespace {
// Sends a |response_proto| to |client| for an arbitrary protobuf type.
template <typename ResponseProtobufType>
void ResponseHandler(
const android::sp<android::tpm_manager::ITpmManagerClient>& client,
const ResponseProtobufType& response_proto) {
VLOG(2) << __func__;
std::vector<uint8_t> binder_response;
binder_response.resize(response_proto.ByteSize());
CHECK(response_proto.SerializeToArray(binder_response.data(),
binder_response.size()))
<< "BinderService: Failed to serialize protobuf.";
android::binder::Status status = client->OnCommandResponse(binder_response);
if (!status.isOk()) {
LOG(ERROR) << "BinderService: Failed to send response to client: "
<< status.toString8();
}
}
// Creates an error protobuf for NVRAM commands.
template <typename ResponseProtobufType>
void CreateNvramErrorResponse(ResponseProtobufType* proto) {
proto->set_result(tpm_manager::NVRAM_RESULT_IPC_ERROR);
}
// Creates an error protobuf for ownership commands.
template <typename ResponseProtobufType>
void CreateOwnershipErrorResponse(ResponseProtobufType* proto) {
proto->set_status(tpm_manager::STATUS_DEVICE_ERROR);
}
// Calls |method| with a protobuf decoded from |request| using ResponseHandler()
// and |client| to handle the response. On error, uses |get_error_response| to
// construct a response and sends that to |client|.
template <typename RequestProtobufType, typename ResponseProtobufType>
void RequestHandler(
const std::vector<uint8_t>& request,
const base::Callback<
void(const RequestProtobufType&,
const base::Callback<void(const ResponseProtobufType&)>&)>& method,
const base::Callback<void(ResponseProtobufType*)>& get_error_response,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
VLOG(2) << __func__;
base::Callback<void(const ResponseProtobufType&)> callback =
base::Bind(ResponseHandler<ResponseProtobufType>, client);
RequestProtobufType request_proto;
if (!request_proto.ParseFromArray(request.data(), request.size())) {
LOG(ERROR) << "BinderService: Bad request data.";
// Send an error response.
ResponseProtobufType response_proto;
get_error_response.Run(&response_proto);
callback.Run(response_proto);
return;
}
method.Run(request_proto, callback);
}
} // namespace
namespace tpm_manager {
BinderService::BinderService(TpmNvramInterface* nvram_service,
TpmOwnershipInterface* ownership_service)
: nvram_service_(nvram_service), ownership_service_(ownership_service) {}
void BinderService::InitForTesting() {
nvram_binder_ = new NvramServiceInternal(nvram_service_);
ownership_binder_ = new OwnershipServiceInternal(ownership_service_);
}
int BinderService::OnInit() {
if (!watcher_.Init()) {
LOG(ERROR) << "BinderService: BinderWatcher::Init failed.";
return EX_UNAVAILABLE;
}
nvram_binder_ = new NvramServiceInternal(nvram_service_);
ownership_binder_ = new OwnershipServiceInternal(ownership_service_);
if (!android::BinderWrapper::GetOrCreateInstance()->RegisterService(
kTpmNvramBinderName, android::IInterface::asBinder(nvram_binder_))) {
LOG(ERROR) << "BinderService: RegisterService failed (nvram).";
return EX_UNAVAILABLE;
}
if (!android::BinderWrapper::GetOrCreateInstance()->RegisterService(
kTpmOwnershipBinderName,
android::IInterface::asBinder(ownership_binder_))) {
LOG(ERROR) << "BinderService: RegisterService failed (ownership).";
return EX_UNAVAILABLE;
}
LOG(INFO) << "TpmManager: Binder services registered.";
return brillo::Daemon::OnInit();
}
android::tpm_manager::ITpmNvram* BinderService::GetITpmNvram() {
return nvram_binder_.get();
}
android::tpm_manager::ITpmOwnership* BinderService::GetITpmOwnership() {
return ownership_binder_.get();
}
BinderService::NvramServiceInternal::NvramServiceInternal(
TpmNvramInterface* nvram_service)
: nvram_service_(nvram_service) {}
android::binder::Status BinderService::NvramServiceInternal::DefineSpace(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<DefineSpaceRequest, DefineSpaceReply>(
command_proto, base::Bind(&TpmNvramInterface::DefineSpace,
base::Unretained(nvram_service_)),
base::Bind(CreateNvramErrorResponse<DefineSpaceReply>), client);
return android::binder::Status::ok();
}
android::binder::Status BinderService::NvramServiceInternal::DestroySpace(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<DestroySpaceRequest, DestroySpaceReply>(
command_proto, base::Bind(&TpmNvramInterface::DestroySpace,
base::Unretained(nvram_service_)),
base::Bind(CreateNvramErrorResponse<DestroySpaceReply>), client);
return android::binder::Status::ok();
}
android::binder::Status BinderService::NvramServiceInternal::WriteSpace(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<WriteSpaceRequest, WriteSpaceReply>(
command_proto, base::Bind(&TpmNvramInterface::WriteSpace,
base::Unretained(nvram_service_)),
base::Bind(CreateNvramErrorResponse<WriteSpaceReply>), client);
return android::binder::Status::ok();
}
android::binder::Status BinderService::NvramServiceInternal::ReadSpace(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<ReadSpaceRequest, ReadSpaceReply>(
command_proto, base::Bind(&TpmNvramInterface::ReadSpace,
base::Unretained(nvram_service_)),
base::Bind(CreateNvramErrorResponse<ReadSpaceReply>), client);
return android::binder::Status::ok();
}
android::binder::Status BinderService::NvramServiceInternal::LockSpace(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<LockSpaceRequest, LockSpaceReply>(
command_proto, base::Bind(&TpmNvramInterface::LockSpace,
base::Unretained(nvram_service_)),
base::Bind(CreateNvramErrorResponse<LockSpaceReply>), client);
return android::binder::Status::ok();
}
android::binder::Status BinderService::NvramServiceInternal::ListSpaces(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<ListSpacesRequest, ListSpacesReply>(
command_proto, base::Bind(&TpmNvramInterface::ListSpaces,
base::Unretained(nvram_service_)),
base::Bind(CreateNvramErrorResponse<ListSpacesReply>), client);
return android::binder::Status::ok();
}
android::binder::Status BinderService::NvramServiceInternal::GetSpaceInfo(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<GetSpaceInfoRequest, GetSpaceInfoReply>(
command_proto, base::Bind(&TpmNvramInterface::GetSpaceInfo,
base::Unretained(nvram_service_)),
base::Bind(CreateNvramErrorResponse<GetSpaceInfoReply>), client);
return android::binder::Status::ok();
}
BinderService::OwnershipServiceInternal::OwnershipServiceInternal(
TpmOwnershipInterface* ownership_service)
: ownership_service_(ownership_service) {}
android::binder::Status BinderService::OwnershipServiceInternal::GetTpmStatus(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<GetTpmStatusRequest, GetTpmStatusReply>(
command_proto, base::Bind(&TpmOwnershipInterface::GetTpmStatus,
base::Unretained(ownership_service_)),
base::Bind(CreateOwnershipErrorResponse<GetTpmStatusReply>), client);
return android::binder::Status::ok();
}
android::binder::Status BinderService::OwnershipServiceInternal::TakeOwnership(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<TakeOwnershipRequest, TakeOwnershipReply>(
command_proto, base::Bind(&TpmOwnershipInterface::TakeOwnership,
base::Unretained(ownership_service_)),
base::Bind(CreateOwnershipErrorResponse<TakeOwnershipReply>), client);
return android::binder::Status::ok();
}
android::binder::Status
BinderService::OwnershipServiceInternal::RemoveOwnerDependency(
const std::vector<uint8_t>& command_proto,
const android::sp<android::tpm_manager::ITpmManagerClient>& client) {
RequestHandler<RemoveOwnerDependencyRequest, RemoveOwnerDependencyReply>(
command_proto, base::Bind(&TpmOwnershipInterface::RemoveOwnerDependency,
base::Unretained(ownership_service_)),
base::Bind(CreateOwnershipErrorResponse<RemoveOwnerDependencyReply>),
client);
return android::binder::Status::ok();
}
} // namespace tpm_manager