Snap for 5058880 from f8feed620bd607427ded702cce91bb0eb749bc6a to pi-qpr2-releaseandroid-9.0.0_r35android-9.0.0_r34android-9.0.0_r33android-9.0.0_r32android-9.0.0_r31pie-qpr2-release

Change-Id: I3cda608a4047c2f4fea6de2b2ff754a98ed65e2f

1 files changed, 14 insertions, 2 deletions

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index c8310853..81189ae7 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -1371,7 +1371,14 @@ Status KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name,
                                                             }));
 
         if (!rc.isOk()) result->resultCode = rc;
-        if (!result->resultCode.isOk()) return Status::ok();
+        if (!result->resultCode.isOk()) {
+            LOG(ERROR) << "Failed to verify authorization " << rc << " from begin()";
+            rc = KS_HANDLE_HIDL_ERROR(dev->abort(result->handle));
+            if (!rc.isOk()) {
+                LOG(ERROR) << "Failed to abort operation " << rc << " from begin()";
+            }
+            return Status::ok();
+        }
     }
 
     // Note: The operation map takes possession of the contents of "characteristics".
@@ -1462,7 +1469,12 @@ Status KeyStoreService::update(const sp<IBinder>& token, const KeymasterArgument
 
     // just a reminder: on success result->resultCode was set in the callback. So we only overwrite
     // it if there was a communication error indicated by the ErrorCode.
-    if (!rc.isOk()) result->resultCode = rc;
+    if (!rc.isOk()) {
+        result->resultCode = rc;
+        // removeOperation() will free the memory 'op' used, so the order is important
+        mAuthTokenTable.MarkCompleted(op.handle);
+        mOperationMap.removeOperation(token, /* wasOpSuccessful */ false);
+    }
 
     return Status::ok();
 }