bool Permission::checkCalling() const { IPCThreadState* ipcState = IPCThreadState::self(); pid_t pid = ipcState->getCallingPid(); uid_t uid = ipcState->getCallingUid(); return doCheckPermission(pid, uid); }
status_t FakeSurfaceComposer::onTransact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { switch (code) { case CREATE_CONNECTION: case CREATE_DISPLAY: case SET_TRANSACTION_STATE: case CAPTURE_SCREEN: { // codes that require permission check IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); // Accept request only when uid is root. if (uid != AID_ROOT) { ALOGE("Permission Denial: " "can't access SurfaceFlinger pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } break; } } return BnSurfaceComposer::onTransact(code, data, reply, flags); }
status_t BnQService::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { // IPC should be from mediaserver only IPCThreadState* ipc = IPCThreadState::self(); const int callerPid = ipc->getCallingPid(); const int callerUid = ipc->getCallingUid(); const bool permission = (callerUid == AID_MEDIA); switch(code) { case CONNECT: { CHECK_INTERFACE(IQService, data, reply); sp<IQClient> client = interface_cast<IQClient>(data.readStrongBinder()); connect(client); return NO_ERROR; } break; case SETMEM: { CHECK_INTERFACE(IQService, data, reply); sp<IMemory> sharedBuffer = interface_cast<IMemory>(data.readStrongBinder()); setMemory(sharedBuffer); return NO_ERROR; } break; default: return BBinder::onTransact(code, data, reply, flags); } }
static bool isProtectedCallAllowed() { // M: migration these from ICS // TODO // Following implementation is just for reference. // Each OEM manufacturer should implement/replace with their own solutions. bool result = false; IPCThreadState* ipcState = IPCThreadState::self(); uid_t uid = ipcState->getCallingUid(); for (unsigned int i = 0; i < trustedUids.size(); ++i) { if (trustedUids[i] == uid) { result = true; break; } } // M: // for OMA DRM v1 implementation // if can't authorize the process by UID, then check the process name. if (!result) { pid_t pid = ipcState->getCallingPid(); result = DrmTrustedClient::IsDrmTrustedClient(DrmMtkUtil::getProcessName(pid)); } return result; }
bool checkCallingPermission(const String16& permission, int32_t* outPid, int32_t* outUid) { IPCThreadState* ipcState = IPCThreadState::self(); pid_t pid = ipcState->getCallingPid(); uid_t uid = ipcState->getCallingUid(); if (outPid) *outPid = pid; if (outUid) *outUid = uid; return checkPermission(permission, pid, uid); }
virtual int enroll(uint32_t uid, const uint8_t *current_password_handle, uint32_t current_password_handle_length, const uint8_t *current_password, uint32_t current_password_length, const uint8_t *desired_password, uint32_t desired_password_length, uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) { IPCThreadState* ipc = IPCThreadState::self(); const int calling_pid = ipc->getCallingPid(); const int calling_uid = ipc->getCallingUid(); if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) { return PERMISSION_DENIED; } // need a desired password to enroll if (desired_password_length == 0) return -EINVAL; int ret; if (device) { const gatekeeper::password_handle_t *handle = reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle); if (handle != NULL && handle->version != 0 && !handle->hardware_backed) { // handle is being re-enrolled from a software version. HAL probably won't accept // the handle as valid, so we nullify it and enroll from scratch current_password_handle = NULL; current_password_handle_length = 0; current_password = NULL; current_password_length = 0; } ret = device->enroll(device, uid, current_password_handle, current_password_handle_length, current_password, current_password_length, desired_password, desired_password_length, enrolled_password_handle, enrolled_password_handle_length); } else { ret = soft_device->enroll(uid, current_password_handle, current_password_handle_length, current_password, current_password_length, desired_password, desired_password_length, enrolled_password_handle, enrolled_password_handle_length); } if (ret == 0) { gatekeeper::password_handle_t *handle = reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle); store_sid(uid, handle->user_id); bool rr; // immediately verify this password so we don't ask the user to enter it again // if they just created it. verify(uid, *enrolled_password_handle, sizeof(password_handle_t), desired_password, desired_password_length, &rr); } return ret; }
status_t BatteryPropertiesRegistrar::dump(int fd, const Vector<String16>& /*args*/) { IPCThreadState* self = IPCThreadState::self(); const int pid = self->getCallingPid(); const int uid = self->getCallingUid(); if ((uid != AID_SHELL) && !PermissionCache::checkPermission( String16("android.permission.DUMP"), pid, uid)) return PERMISSION_DENIED; healthd_dump_battery_state(fd); return OK; }
virtual void clearSecureUserId(uint32_t uid) { IPCThreadState* ipc = IPCThreadState::self(); const int calling_pid = ipc->getCallingPid(); const int calling_uid = ipc->getCallingUid(); if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) { ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid); return; } clear_sid(uid); if (device != NULL && device->delete_user != NULL) { device->delete_user(device, uid); } }
status_t BnMediaAnalyticsService::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { // get calling pid/tid IPCThreadState *ipc = IPCThreadState::self(); int clientPid = ipc->getCallingPid(); // permission checking if(DEBUGGING_FLOW) { ALOGD("running in service, code %d, pid %d; called from pid %d", code, getpid(), clientPid); } switch (code) { case GENERATE_UNIQUE_SESSIONID: { CHECK_INTERFACE(IMediaAnalyticsService, data, reply); MediaAnalyticsItem::SessionID_t sessionid = generateUniqueSessionID(); reply->writeInt64(sessionid); return NO_ERROR; } break; case SUBMIT_ITEM: { CHECK_INTERFACE(IMediaAnalyticsService, data, reply); bool forcenew; MediaAnalyticsItem *item = new MediaAnalyticsItem; data.readBool(&forcenew); item->readFromParcel(data); item->setPid(clientPid); // submit() takes over ownership of 'item' MediaAnalyticsItem::SessionID_t sessionid = submit(item, forcenew); reply->writeInt64(sessionid); return NO_ERROR; } break; default: return BBinder::onTransact(code, data, reply, flags); } }
virtual status_t dump(int fd, const Vector<String16> &) { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); if (!PermissionCache::checkPermission(DUMP_PERMISSION, pid, uid)) { return PERMISSION_DENIED; } if (device == NULL) { const char *result = "Device not available"; write(fd, result, strlen(result) + 1); } else { const char *result = "OK"; write(fd, result, strlen(result) + 1); } return NO_ERROR; }
status_t Client::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { // these must be checked IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); const int self_pid = getpid(); if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != 0)) { // we're called from a different process, do the real check if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger)) { ALOGE("Permission Denial: " "can't openGlobalTransaction pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } } return BnSurfaceComposerClient::onTransact(code, data, reply, flags); }
status_t LayerBaseClient::Surface::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { switch (code) { case REGISTER_BUFFERS: case UNREGISTER_BUFFERS: case CREATE_OVERLAY: { if (!mFlinger->mAccessSurfaceFlinger.checkCalling()) { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); LOGE("Permission Denial: " "can't access SurfaceFlinger pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } } } return BnSurface::onTransact(code, data, reply, flags); }
int GonkSchedulePolicyService::requestPriority(int32_t pid, int32_t tid, int32_t prio) { // See SchedulingPolicyService.java #define PRIORITY_MIN 1 #define PRIORITY_MAX 3 IPCThreadState* ipcState = IPCThreadState::self(); if (ipcState->getCallingUid() != AID_MEDIA || prio < PRIORITY_MIN || prio > PRIORITY_MAX || !tidBelongsToPid(tid, pid)) return -1; /* PackageManager.PERMISSION_DENIED */ set_sched_policy(tid, ipcState->getCallingPid() == pid ? SP_AUDIO_SYS : SP_AUDIO_APP); struct sched_param param; param.sched_priority = prio; int rc = sched_setscheduler(tid, SCHED_FIFO, ¶m); if (rc) return -1; return 0; /* PackageManger.PERMISSION_GRANTED */ }
status_t Client::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { // these must be checked IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); const int self_pid = getpid(); // If we are called from another non root process without the GRAPHICS, SYSTEM, or ROOT // uid we require the sAccessSurfaceFlinger permission. // We grant an exception in the case that the Client has a "parent layer", as its // effects will be scoped to that layer. if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0) && (getParentLayer() == nullptr)) { // we're called from a different process, do the real check if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger)) { ALOGE("Permission Denial: " "can't openGlobalTransaction pid=%d, uid<=%d", pid, uid); return PERMISSION_DENIED; } } return BnSurfaceComposerClient::onTransact(code, data, reply, flags); }
status_t BnMonzax::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { status_t status = BBinder::onTransact(code, data, reply, flags); if (status != UNKNOWN_TRANSACTION) { return status; } if (! reply) { ALOGE("Monzax::onTransact(): null reply parcel received."); return BAD_VALUE; } IPCThreadState *ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); // dispatch to the appropriate method based on the transaction code. switch(code){ case FILE_OPEN: { CHECK_INTERFACE(IMonzax, data, reply); ALOGI("BnMonzax: onTransact: FILE_OPEN" "client to access MonzaxService from uid=%d pid=%d code: %d", uid, pid, code); char *pName = (char *) data.readCString(); int ret = file_open(pName); reply->writeInt32(ret); return NO_ERROR; } break; case FILE_CLOSE: { ALOGI("BnMonzax: onTransact: FILE_CLOSE" "client to access MonzaxService from uid=%d pid=%d code: %d", uid, pid, code); CHECK_INTERFACE(IMonzax, data, reply); int fd = data.readInt32(); int ret = file_close(fd); reply->writeInt32(ret); return NO_ERROR; } break; case FILE_SEEK: { CHECK_INTERFACE(IMonzax, data, reply); int ret; int fd = data.readInt32(); int offset = data.readInt32(); int whence = data.readInt32(); ret = file_seek(fd, offset, whence); reply->writeInt32(ret); return NO_ERROR; } break; case FILE_READ: { CHECK_INTERFACE(IMonzax, data, reply); char *pReadBuf; int ret; int fd = data.readInt32(); int length = data.readInt32(); pReadBuf = (char*) malloc(sizeof(char) * length); if (pReadBuf == NULL) { ret = -1; reply->writeInt32(ret); ALOGE("onTransact File_Read malloc result failed.\n"); goto err_read; } ret = file_read(fd, pReadBuf, length); reply->writeInt32(ret); if(ret >0){ reply->write((char *) pReadBuf, ret); } free(pReadBuf); pReadBuf = NULL; return NO_ERROR; err_read: ALOGE("onTransact File_Read ,ret =%d out\n", (int)ret); return ret; } break; case FILE_WRITE: { CHECK_INTERFACE(IMonzax, data, reply); int ret; int fd = data.readInt32(); int length = data.readInt32(); char *pWriteBuf = (char*) malloc(sizeof(char) * length); if (pWriteBuf == NULL) { ret = -1; reply->writeInt32(ret); ALOGE("onTransact File_Write malloc result failed.\n"); goto err_write; } if(length > 0){ const char *input = (const char *) data.readInplace(length); if (input) memcpy(pWriteBuf, input, length); else { ALOGE("onTransact File_Write length is 0, failed.\n"); memset(pWriteBuf, 0, length); length = 0; } } else memset(pWriteBuf, 0, length); ret = file_write(fd, (char *)pWriteBuf, length); reply->writeInt32(ret); free(pWriteBuf); pWriteBuf = NULL; return NO_ERROR; err_write: ALOGE("onTransact File_Write ,ret =%d out\n", (int)ret); return ret; } break; default: return BBinder::onTransact(code, data, reply, flags); } }
/******************************************************************************* ** ** gc_gralloc_alloc_buffer ** ** Allocate android native buffer. ** Will allocate surface types as follows, ** ** +------------------------------------------------------------------------+ ** | To Allocate Surface(s) | Linear(surface) | Tile(resolveSurface) | ** |------------------------------------------------------------------------| ** |Enable | CPU app | yes | | ** |LINEAR OUTPUT | 3D app | yes | | ** |------------------------------------------------------------------------| ** |Diable | CPU app | yes | | ** |LINEAR OUTPUT | 3D app | | yes | ** +------------------------------------------------------------------------+ ** ** ** INPUT: ** ** alloc_device_t * Dev ** alloc device handle. ** ** int Width ** Specified target buffer width. ** ** int Hieght ** Specified target buffer height. ** ** int Format ** Specified target buffer format. ** ** int Usage ** Specified target buffer usage. ** ** OUTPUT: ** ** buffer_handle_t * Handle ** Pointer to hold the allocated buffer handle. ** ** int * Stride ** Pointer to hold buffer stride. */ static int gc_gralloc_alloc_buffer( alloc_device_t * Dev, int Width, int Height, int Format, int Usage, buffer_handle_t * Handle, int * Stride ) { int err = 0; int fd = open("/dev/null",O_RDONLY,0); gceSTATUS status = gcvSTATUS_OK; gctUINT stride = 0; gceSURF_FORMAT format = gcvSURF_UNKNOWN; gceSURF_FORMAT resolveFormat = gcvSURF_UNKNOWN; (void) resolveFormat; /* Linear stuff. */ gcoSURF surface = gcvNULL; gcuVIDMEM_NODE_PTR vidNode = gcvNULL; gcePOOL pool = gcvPOOL_UNKNOWN; gctUINT adjustedSize = 0U; /* Tile stuff. */ gcoSURF resolveSurface = gcvNULL; gcuVIDMEM_NODE_PTR resolveVidNode = gcvNULL; gcePOOL resolvePool = gcvPOOL_UNKNOWN; gctUINT resolveAdjustedSize = 0U; gctSIGNAL signal = gcvNULL; gctINT clientPID = 0; gctBOOL forSelf = gcvTRUE; /* Binder info. */ IPCThreadState* ipc = IPCThreadState::self(); /* Buffer handle. */ gc_private_handle_t * handle = NULL; /* Cast module. */ gralloc_module_t * module = reinterpret_cast<gralloc_module_t *>(Dev->common.module); /* Convert to hal pixel format. */ gcmONERROR( _ConvertAndroid2HALFormat(Format, &format)); clientPID = ipc->getCallingPid(); forSelf = (clientPID == getpid()); if (forSelf) { LOGI("Self allocation"); } /* Allocate tiled surface if needed. */ #if !gcdGPU_LINEAR_BUFFER_ENABLED if (Usage & GRALLOC_USAGE_HW_RENDER) { /* Get the resolve format. */ gcmONERROR( gcoTEXTURE_GetClosestFormat(gcvNULL, format, &resolveFormat)); /* Construct the tile surface. */ gcmONERROR( gcoSURF_Construct(gcvNULL, Width, Height, 1, gcvSURF_TEXTURE, resolveFormat, gcvPOOL_DEFAULT, &resolveSurface)); /* 3D surfaces are bottom-top. */ gcmONERROR( gcoSURF_SetOrientation(resolveSurface, gcvORIENTATION_BOTTOM_TOP)); /* gcmONERROR(gcoSURF_SetUsage(resolveSurface, (Usage & GRALLOC_USAGE_SW_WRITE_MASK) ? gcvSURF_USAGE_RESOLVE_AFTER_CPU : gcvSURF_USAGE_RESOLVE_AFTER_3D)); */ /* Now retrieve and store vid mem node attributes. */ gcmONERROR( gcoSURF_QueryVidMemNode(resolveSurface, &resolveVidNode, &resolvePool, &resolveAdjustedSize)); /* Android expects stride in pixels which is returned as alignedWidth. */ gcmONERROR( gcoSURF_GetAlignedSize(resolveSurface, &stride, gcvNULL, gcvNULL)); LOGV("resolve buffer resolveSurface=%p, " "resolveNode=%p, " "resolvevidnode=%p, " "resolveBytes=%d, " "resolvePool=%d, " "resolveFormat=%d", (void *) resolveSurface, (void *) &resolveSurface->info.node, (void *) resolveVidNode, resolveAdjustedSize, resolvePool, resolveFormat); } #endif #if !gcdGPU_LINEAR_BUFFER_ENABLED /* Allocate linear surface if needed. */ if (Usage & GRALLOC_USAGE_SW_WRITE_MASK) #endif { /* For CPU apps, if allocating for self (i.e. for server a.k.a. SF), * then we must request a cacheable allocation so when it gets mapped, * it'll be cacheable. Otherwise, the surface will be mapped uncached * in the server, but cached in the client. */ gceSURF_TYPE type = (forSelf && (Usage & GRALLOC_USAGE_SW_WRITE_MASK)) ? gcvSURF_CACHEABLE_BITMAP : gcvSURF_BITMAP; #if gcdANDROID_UNALIGNED_LINEAR_COMPOSITION_ADJUST if (Usage & GRALLOC_USAGE_HW_RENDER) { type = gcvSURF_FLIP_BITMAP; } #endif /* Allocate from contiguous pool for CPU apps while from default pool * for GPU apps. */ pool = (Usage & GRALLOC_USAGE_SW_WRITE_MASK) ? gcvPOOL_CONTIGUOUS : gcvPOOL_DEFAULT; /* Allocate the linear surface. */ gcmONERROR( gcoSURF_Construct(gcvNULL, Width, Height, 1, type, format, pool, &surface)); /* Now retrieve and store vid mem node attributes. */ gcmONERROR( gcoSURF_QueryVidMemNode(surface, &vidNode, &pool, &adjustedSize)); /* Get stride. */ gcmONERROR( gcoSURF_GetAlignedSize(surface, &stride, gcvNULL, gcvNULL)); LOGV("allocated buffer surface=%p, " "node=%p, " "vidNode=%p, " "pool=%d, " "bytes=%d, " "width=%d, height=%d, " "formatRequested=%d, " "usage=0x%08X", (void *) surface, (void *) &surface->info.node, (void *) vidNode, pool, adjustedSize, Width, Height, format, Usage); } if (!(Usage & GRALLOC_USAGE_HW_RENDER)) { /* For CPU apps, we must synchronize lock requests from CPU with the composition. * Composition could happen in the following ways. i)2D, ii)3D, iii)CE, iv)copybit 2D. * (Note that, we are not considering copybit composition of 3D apps, which also uses * linear surfaces. Can be added later if needed.) * In all cases, the following mechanism must be used for proper synchronization * between CPU and GPU : * - App on gralloc::lock * wait_signal(hwDoneSignal); * - Compositor on composition * set_unsignalled(hwDoneSignal); * issue composition; * schedule_event(hwDoneSignal, clientPID); * This is a manually reset signal, which is unsignalled by the compositor when * buffer is in use, prohibiting app from obtaining write lock. */ /* Manually reset signal, for CPU/GPU sync. */ gcmONERROR(gcoOS_CreateSignal(gcvNULL, gcvTRUE, &signal)); /* Initially signalled. */ gcmONERROR(gcoOS_Signal(gcvNULL, signal, gcvTRUE)); LOGV("Created signal=%p for hnd=%p", signal, handle); } /* Allocate buffer handle. */ handle = new gc_private_handle_t(fd, stride * Height, 0); handle->width = (int) Width; handle->height = (int) Height; handle->format = (int) format; handle->size = ((surface == gcvNULL) ? 0 : (int) surface->info.node.size); /* Save linear surface to buffer handle. */ handle->surface = (int) surface; handle->vidNode = (int) vidNode; handle->pool = (int) pool; handle->adjustedSize = (int) adjustedSize; /* Save tile resolveSurface to buffer handle. */ handle->resolveSurface = (int) resolveSurface; handle->resolveVidNode = (int) resolveVidNode; handle->resolvePool = (int) resolvePool; handle->resolveAdjustedSize = (int) resolveAdjustedSize; handle->hwDoneSignal = (int) signal; /* Record usage to recall later in hwc. */ handle->lockUsage = 0; handle->allocUsage = Usage; handle->clientPID = clientPID; LOGV("allocated buffer handle=%p, " "width=%d, height=%d, " "formatRequested=%d, " "usage=0x%08X, " "stride=%d pixels", (void *) handle, Width, Height, format, Usage, stride); /* Map video memory to userspace. */ err = _MapBuffer(module, handle); if (err == 0) { *Handle = handle; *Stride = stride; } else { gcmONERROR(gcvSTATUS_NOT_SUPPORTED); } return err; OnError: /* Destroy linear surface. */ if (surface != gcvNULL) { gcoSURF_Destroy(surface); } /* Destroy tile resolveSurface. */ if (resolveSurface != gcvNULL) { gcoSURF_Destroy(resolveSurface); } /* Destroy signal. */ if (signal) { gcoOS_DestroySignal(gcvNULL, signal); } /* Error roll back. */ if (handle != NULL) { delete handle; } LOGE("failed to allocate, status=%d", status); return -EINVAL; }
virtual int verifyChallenge(uint32_t uid, uint64_t challenge, const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, const uint8_t *provided_password, uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) { IPCThreadState* ipc = IPCThreadState::self(); const int calling_pid = ipc->getCallingPid(); const int calling_uid = ipc->getCallingUid(); if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) { return PERMISSION_DENIED; } // can't verify if we're missing either param if ((enrolled_password_handle_length | provided_password_length) == 0) return -EINVAL; int ret; if (device) { const gatekeeper::password_handle_t *handle = reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle); // handle version 0 does not have hardware backed flag, and thus cannot be upgraded to // a HAL if there was none before if (handle->version == 0 || handle->hardware_backed) { ret = device->verify(device, uid, challenge, enrolled_password_handle, enrolled_password_handle_length, provided_password, provided_password_length, auth_token, auth_token_length, request_reenroll); } else { // upgrade scenario, a HAL has been added to this device where there was none before SoftGateKeeperDevice soft_dev; ret = soft_dev.verify(uid, challenge, enrolled_password_handle, enrolled_password_handle_length, provided_password, provided_password_length, auth_token, auth_token_length, request_reenroll); if (ret == 0) { // success! re-enroll with HAL *request_reenroll = true; } } } else { ret = soft_device->verify(uid, challenge, enrolled_password_handle, enrolled_password_handle_length, provided_password, provided_password_length, auth_token, auth_token_length, request_reenroll); } if (ret == 0 && *auth_token != NULL && *auth_token_length > 0) { // TODO: cache service? sp<IServiceManager> sm = defaultServiceManager(); sp<IBinder> binder = sm->getService(String16("android.security.keystore")); sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder); if (service != NULL) { status_t ret = service->addAuthToken(*auth_token, *auth_token_length); if (ret != ResponseCode::NO_ERROR) { ALOGE("Falure sending auth token to KeyStore: %d", ret); } } else { ALOGE("Unable to communicate with KeyStore"); } } if (ret == 0) { maybe_store_sid(uid, reinterpret_cast<const gatekeeper::password_handle_t *>( enrolled_password_handle)->user_id); } return ret; }