diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2020-07-15 01:12:45 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-07-15 01:12:45 +0000 |
commit | df5c54ece2a9b6bde97bcdfbeddbc5c399f072a9 (patch) | |
tree | 4e8d04b042c606ac7f8e6c429994818efcc97519 | |
parent | 4775213f5bf6502660bc86bcfbe3bd740e37f394 (diff) | |
parent | 969d3803c81011b2162bff01894a2d68dfd40674 (diff) | |
download | security-df5c54ece2a9b6bde97bcdfbeddbc5c399f072a9.tar.gz |
Snap for 6680390 from 969d3803c81011b2162bff01894a2d68dfd40674 to rvc-releaseandroid-vts-11.0_r9android-vts-11.0_r8android-vts-11.0_r7android-vts-11.0_r6android-vts-11.0_r5android-vts-11.0_r4android-vts-11.0_r3android-vts-11.0_r2android-vts-11.0_r16android-vts-11.0_r15android-vts-11.0_r14android-vts-11.0_r13android-vts-11.0_r12android-vts-11.0_r11android-vts-11.0_r10android-vts-11.0_r1android-security-11.0.0_r1android-platform-11.0.0_r2android-platform-11.0.0_r1android-cts-11.0_r9android-cts-11.0_r8android-cts-11.0_r7android-cts-11.0_r6android-cts-11.0_r5android-cts-11.0_r4android-cts-11.0_r3android-cts-11.0_r2android-cts-11.0_r16android-cts-11.0_r15android-cts-11.0_r14android-cts-11.0_r13android-cts-11.0_r12android-cts-11.0_r11android-cts-11.0_r10android-cts-11.0_r1android-11.0.0_r6android-11.0.0_r5android-11.0.0_r4android-11.0.0_r3android-11.0.0_r25android-11.0.0_r2android-11.0.0_r17android-11.0.0_r1android11-tests-releaseandroid11-s1-releaseandroid11-release
Change-Id: Icd3cd9871d452853a700dc7a5f4aaa0d1f027678
-rw-r--r-- | identity/Credential.cpp | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/identity/Credential.cpp b/identity/Credential.cpp index 59a4d81e..28ba752e 100644 --- a/identity/Credential.cpp +++ b/identity/Credential.cpp @@ -184,7 +184,21 @@ Status Credential::getEntries(const vector<uint8_t>& requestMessage, // in the startRetrieval() call. vector<int32_t> requestCounts; const vector<SecureAccessControlProfile>& allProfiles = data_->getSecureAccessControlProfiles(); - vector<bool> includeProfile(allProfiles.size()); + + // We don't support ACP identifiers which isn't in the range 0 to 31. This + // guarantee exists so it's feasible to implement the TA part of an Identity + // Credential HAL implementation where the TA uses a 32-bit word to indicate + // which profiles are authorized. + for (const SecureAccessControlProfile& profile : allProfiles) { + if (profile.id < 0 || profile.id >= 32) { + return Status::fromServiceSpecificError( + ICredentialStore::ERROR_GENERIC, + "Invalid accessProfileId in profile (must be between 0 and 31)"); + } + } + + vector<bool> includeProfile(32); + for (const RequestNamespaceParcel& rns : requestNamespaces) { size_t numEntriesInNsToRequest = 0; for (const RequestEntryParcel& rep : rns.entries) { @@ -195,11 +209,12 @@ Status Credential::getEntries(const vector<uint8_t>& requestMessage, optional<EntryData> data = data_->getEntryData(rns.namespaceName, rep.name); if (data) { for (int32_t id : data.value().accessControlProfileIds) { - if (id >= int32_t(includeProfile.size())) { + if (id < 0 || id >= 32) { LOG(ERROR) << "Invalid accessControlProfileId " << id << " for " << rns.namespaceName << ": " << rep.name; return Status::fromServiceSpecificError( - ICredentialStore::ERROR_GENERIC, "Invalid accessProfileId for entry"); + ICredentialStore::ERROR_GENERIC, + "Invalid accessProfileId in entry (must be between 0 and 31)"); } includeProfile[id] = true; } @@ -212,7 +227,7 @@ Status Credential::getEntries(const vector<uint8_t>& requestMessage, // HAL. vector<SecureAccessControlProfile> selectedProfiles; for (size_t n = 0; n < allProfiles.size(); n++) { - if (includeProfile[n]) { + if (includeProfile[allProfiles[n].id]) { selectedProfiles.push_back(allProfiles[n]); } } |