diff options
author | Shawn Willden <swillden@google.com> | 2017-09-01 17:00:02 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-09-01 17:00:02 +0000 |
commit | d70e416c46f3a3c1d5235c28d7f4c9e43f1e33ca (patch) | |
tree | 6e2da381a9e6f1250ca7f335719db634e94ff5fc | |
parent | 2e50b55b364df0e0621547cc421fc9463c17b0d4 (diff) | |
parent | c5e8f36d92b74db04106eb368dd113493f739149 (diff) | |
download | security-d70e416c46f3a3c1d5235c28d7f4c9e43f1e33ca.tar.gz |
Return OP_AUTH_NEEDED when necessary.
am: c5e8f36d92
Change-Id: I75a86b1184b5dd946771c7c9ddf04bfcd7656952
-rw-r--r-- | keystore/key_store_service.cpp | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 24a096c0..8a952572 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -1073,12 +1073,12 @@ void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, K persistedCharacteristics.Subtract(teeEnforced); characteristics.softwareEnforced = persistedCharacteristics.hidl_data(); - result->resultCode = getAuthToken(characteristics, 0, purpose, &authToken, - /*failOnTokenMissing*/ false); + auto authResult = getAuthToken(characteristics, 0, purpose, &authToken, + /*failOnTokenMissing*/ false); // If per-operation auth is needed we need to begin the operation and // the client will need to authorize that operation before calling // update. Any other auth issues stop here. - if (!result->resultCode.isOk() && result->resultCode != ResponseCode::OP_AUTH_NEEDED) return; + if (!authResult.isOk() && authResult != ResponseCode::OP_AUTH_NEEDED) return; addAuthTokenToParams(&opParams, authToken); @@ -1153,6 +1153,7 @@ void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, K result->handle, keyid, purpose, dev, appToken, std::move(characteristics), pruneable); assert(characteristics.teeEnforced.size() == 0); assert(characteristics.softwareEnforced.size() == 0); + result->token = operationToken; if (authToken) { mOperationMap.setOperationAuthToken(operationToken, authToken); @@ -1162,8 +1163,9 @@ void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, K // application should get an auth token using the handle before the // first call to update, which will fail if keystore hasn't received the // auth token. - // All fields but "token" were set in the begin operation's callback. - result->token = operationToken; + result->resultCode = authResult; + + // Other result fields were set in the begin operation's callback. } void KeyStoreService::update(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params, |