diff options
author | nagendra modadugu <ngm@google.com> | 2018-09-24 13:40:23 -0700 |
---|---|---|
committer | nagendra modadugu <ngm@google.com> | 2018-10-02 16:16:53 -0700 |
commit | f8feed620bd607427ded702cce91bb0eb749bc6a (patch) | |
tree | 44699ce64d63fea47e62641469116d3705d0603b | |
parent | 926f647663d589f7b16887ecd10162b64736e521 (diff) | |
download | security-pie-b4s4-dev.tar.gz |
keystore: abort if verification token generation failspie-b4s4-dev
Fix a corner case of operation leakage: if verification
token generation fails, then abort the corresponding
operation on citadel.
Bug: 116055338
Test: pending
Change-Id: I5163fa43fcff505deef5555318148178118ff41e
-rw-r--r-- | keystore/key_store_service.cpp | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index c8310853..81189ae7 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -1371,7 +1371,14 @@ Status KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, })); if (!rc.isOk()) result->resultCode = rc; - if (!result->resultCode.isOk()) return Status::ok(); + if (!result->resultCode.isOk()) { + LOG(ERROR) << "Failed to verify authorization " << rc << " from begin()"; + rc = KS_HANDLE_HIDL_ERROR(dev->abort(result->handle)); + if (!rc.isOk()) { + LOG(ERROR) << "Failed to abort operation " << rc << " from begin()"; + } + return Status::ok(); + } } // Note: The operation map takes possession of the contents of "characteristics". @@ -1462,7 +1469,12 @@ Status KeyStoreService::update(const sp<IBinder>& token, const KeymasterArgument // just a reminder: on success result->resultCode was set in the callback. So we only overwrite // it if there was a communication error indicated by the ErrorCode. - if (!rc.isOk()) result->resultCode = rc; + if (!rc.isOk()) { + result->resultCode = rc; + // removeOperation() will free the memory 'op' used, so the order is important + mAuthTokenTable.MarkCompleted(op.handle); + mOperationMap.removeOperation(token, /* wasOpSuccessful */ false); + } return Status::ok(); } |