diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-03-10 00:29:40 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-03-10 00:29:40 +0000 |
commit | 38272c76a44c20d04a8adfefc8e246975d52eb10 (patch) | |
tree | e9a458cb055a7f5c027e4eb44e2eabb5ed01ea4f | |
parent | dd319c05c88414ddd34b6ab22b2cd647a30f6909 (diff) | |
parent | 1be9d2754cf955011c0e0cdb32fecde8883bb6e6 (diff) | |
download | security-android13-qpr3-release.tar.gz |
Snap for 9720638 from 1be9d2754cf955011c0e0cdb32fecde8883bb6e6 to tm-qpr3-releaseandroid-13.0.0_r83android-13.0.0_r79android-13.0.0_r78android-13.0.0_r77android-13.0.0_r76android-13.0.0_r75android-13.0.0_r71android-13.0.0_r70android-13.0.0_r69android-13.0.0_r68android-13.0.0_r67android-13.0.0_r63android-13.0.0_r62android-13.0.0_r61android-13.0.0_r56android-13.0.0_r54android-13.0.0_r53android-13.0.0_r52android-13.0.0_r51android-13.0.0_r50android13-qpr3-s9-releaseandroid13-qpr3-s8-releaseandroid13-qpr3-s7-releaseandroid13-qpr3-s6-releaseandroid13-qpr3-s5-releaseandroid13-qpr3-s4-releaseandroid13-qpr3-s3-releaseandroid13-qpr3-s2-releaseandroid13-qpr3-s14-releaseandroid13-qpr3-s13-releaseandroid13-qpr3-s12-releaseandroid13-qpr3-s11-releaseandroid13-qpr3-s10-releaseandroid13-qpr3-s1-releaseandroid13-qpr3-release
Change-Id: Idae03219fc74c4dbbc077411f0d98854e02380eb
-rw-r--r-- | keystore2/src/utils.rs | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs index 9db2eb9d..08d3a8ef 100644 --- a/keystore2/src/utils.rs +++ b/keystore2/src/utils.rs @@ -279,7 +279,40 @@ pub fn list_key_entries( ); result.sort_unstable(); result.dedup(); - Ok(result) + + let mut items_to_return = 0; + let mut returned_bytes: usize = 0; + const RESPONSE_SIZE_LIMIT: usize = 358400; + // Estimate the transaction size to avoid returning more items than what + // could fit in a binder transaction. + for kd in result.iter() { + // 4 bytes for the Domain enum + // 8 bytes for the Namespace long. + returned_bytes += 4 + 8; + // Size of the alias string. Includes 4 bytes for length encoding. + if let Some(alias) = &kd.alias { + returned_bytes += 4 + alias.len(); + } + // Size of the blob. Includes 4 bytes for length encoding. + if let Some(blob) = &kd.blob { + returned_bytes += 4 + blob.len(); + } + // The binder transaction size limit is 1M. Empirical measurements show + // that the binder overhead is 60% (to be confirmed). So break after + // 350KB and return a partial list. + if returned_bytes > RESPONSE_SIZE_LIMIT { + log::warn!( + "Key descriptors list ({} items) may exceed binder \ + size, returning {} items est {} bytes.", + result.len(), + items_to_return, + returned_bytes + ); + break; + } + items_to_return += 1; + } + Ok(result[..items_to_return].to_vec()) } /// This module provides helpers for simplified use of the watchdog module. |