diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2018-01-05 18:58:01 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-01-05 18:58:01 +0000 |
commit | 8b84e6d77fbd69a71fb051f21eb64b597927cbb1 (patch) | |
tree | 3900cb904f3230c37f4c41e2a7de8e4fcfcc003f | |
parent | 9108e61da167e65265986eead444903ec311af74 (diff) | |
parent | e5bfaa9cebdbbf4c43be6ac430cd38d0e92d9b6d (diff) | |
download | security-oreo-m6-s4-release.tar.gz |
Snap for 4527419 from e5bfaa9cebdbbf4c43be6ac430cd38d0e92d9b6d to oc-m2-releaseandroid-8.1.0_r52android-8.1.0_r50android-8.1.0_r47android-8.1.0_r46android-8.1.0_r43android-8.1.0_r41android-8.1.0_r36android-8.1.0_r35android-8.1.0_r33android-8.1.0_r30android-8.1.0_r26android-8.1.0_r25android-8.1.0_r20oreo-m7-releaseoreo-m6-s4-releaseoreo-m6-s3-releaseoreo-m6-s2-releaseoreo-m2-s5-releaseoreo-m2-s4-releaseoreo-m2-s3-releaseoreo-m2-s2-releaseoreo-m2-s1-releaseoreo-m2-release
Change-Id: I886605a8a7ea170a37e1cb6770f6b8a2fee90b68
-rw-r--r-- | keystore/key_store_service.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index eb5fe86b..f6786b88 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -693,6 +693,8 @@ KeyStoreServiceReturnCode KeyStoreService::generateKey(const String16& name, const hidl_vec<uint8_t>& entropy, int uid, int flags, KeyCharacteristics* outCharacteristics) { + // TODO(jbires): remove this getCallingUid call upon implementation of b/25646100 + uid_t originalUid = IPCThreadState::self()->getCallingUid(); uid = getEffectiveUid(uid); KeyStoreServiceReturnCode rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED); @@ -703,9 +705,11 @@ KeyStoreServiceReturnCode KeyStoreService::generateKey(const String16& name, ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid); return ResponseCode::PERMISSION_DENIED; } - if (containsTag(params, Tag::INCLUDE_UNIQUE_ID)) { - if (!checkBinderPermission(P_GEN_UNIQUE_ID)) return ResponseCode::PERMISSION_DENIED; + if (!checkBinderPermission(P_GEN_UNIQUE_ID) || + originalUid != IPCThreadState::self()->getCallingUid()) { + return ResponseCode::PERMISSION_DENIED; + } } bool usingFallback = false; |