diff options
author | Shawn Willden <swillden@google.com> | 2017-09-12 05:41:33 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2017-09-12 13:28:49 +0000 |
commit | 827243a97217ed8c64542efd3a72e430e9b84b22 (patch) | |
tree | d1fff5f6314a11cf82912bd75546e8237fe15783 | |
parent | 2f96c79a9c07b58bcfce0411e57894de55a52b6e (diff) | |
download | security-827243a97217ed8c64542efd3a72e430e9b84b22.tar.gz |
Correct missed return code path.
ag/2835967 corrected a lost authorization check result introduced during
a refactor, but in the process failed to return the auth check result in
one codepath, causing the Java layer above to fail to throw the
exception. That in turn broke work profile password removal. This CL
sets the return code for cases where the authorization check failed.
Bug: 65348783
Test: Manually tested with TestDPC, add and remove passcode
Change-Id: I846b154c8cbcd9a73cd12b9a4376616dacf62fbb
-rw-r--r-- | keystore/key_store_service.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index c33a1d06..3a57e07e 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -1078,7 +1078,10 @@ void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, K // If per-operation auth is needed we need to begin the operation and // the client will need to authorize that operation before calling // update. Any other auth issues stop here. - if (!authResult.isOk() && authResult != ResponseCode::OP_AUTH_NEEDED) return; + if (!authResult.isOk() && authResult != ResponseCode::OP_AUTH_NEEDED) { + result->resultCode = authResult; + return; + } addAuthTokenToParams(&opParams, authToken); |