diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2017-10-26 19:59:12 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-10-26 19:59:12 +0000 |
commit | 9108e61da167e65265986eead444903ec311af74 (patch) | |
tree | 39fb0ba2319e741f7c71f66dbf06fdf0909186c2 | |
parent | f98b4eafdc0d7c835099dee215b45daaea4ff9e5 (diff) | |
parent | 7c9c67d8fe73dd06582b5098f9710a786c60564a (diff) | |
download | security-9108e61da167e65265986eead444903ec311af74.tar.gz |
Snap for 4417144 from 7c9c67d8fe73dd06582b5098f9710a786c60564a to oc-m2-releaseandroid-8.1.0_r8android-8.1.0_r2
Change-Id: I723d773b0507a28017378db926613958cd67e88f
-rw-r--r-- | keystore/auth_token_table.cpp | 2 | ||||
-rw-r--r-- | keystore/auth_token_table.h | 10 |
2 files changed, 9 insertions, 3 deletions
diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp index 8b81e472..46b644d1 100644 --- a/keystore/auth_token_table.cpp +++ b/keystore/auth_token_table.cpp @@ -244,7 +244,7 @@ bool AuthTokenTable::Entry::Supersedes(const Entry& entry) const { return (token_->userId == entry.token_->userId && token_->authenticatorType == entry.token_->authenticatorType && token_->authenticatorId == entry.token_->authenticatorId && - timestamp_host_order() > entry.timestamp_host_order()); + is_newer_than(&entry)); } } // namespace keymaster diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h index 422c7102..0056b268 100644 --- a/keystore/auth_token_table.h +++ b/keystore/auth_token_table.h @@ -114,9 +114,15 @@ class AuthTokenTable { bool Supersedes(const Entry& entry) const; bool SatisfiesAuth(const std::vector<uint64_t>& sids, HardwareAuthenticatorType auth_type); - bool is_newer_than(const Entry* entry) { + bool is_newer_than(const Entry* entry) const { if (!entry) return true; - return timestamp_host_order() > entry->timestamp_host_order(); + uint64_t ts = timestamp_host_order(); + uint64_t other_ts = entry->timestamp_host_order(); + // Normally comparing timestamp_host_order alone is sufficient, but here is an + // additional hack to compare time_received value for some devices where their auth + // tokens contain fixed timestamp (due to the a stuck secure RTC on them) + return (ts > other_ts) || + ((ts == other_ts) && (time_received_ > entry->time_received_)); } void mark_completed() { operation_completed_ = true; } |