diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2018-10-10 03:04:51 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-10-10 03:04:51 +0000 |
commit | 72a9c568f11ecc3a2e26d9c548bcaf138b05c9a1 (patch) | |
tree | 44699ce64d63fea47e62641469116d3705d0603b | |
parent | 926f647663d589f7b16887ecd10162b64736e521 (diff) | |
parent | f8feed620bd607427ded702cce91bb0eb749bc6a (diff) | |
download | security-pie-qpr2-release.tar.gz |
Snap for 5058880 from f8feed620bd607427ded702cce91bb0eb749bc6a to pi-qpr2-releaseandroid-9.0.0_r35android-9.0.0_r34android-9.0.0_r33android-9.0.0_r32android-9.0.0_r31pie-qpr2-release
Change-Id: I3cda608a4047c2f4fea6de2b2ff754a98ed65e2f
-rw-r--r-- | keystore/key_store_service.cpp | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index c8310853..81189ae7 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -1371,7 +1371,14 @@ Status KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, })); if (!rc.isOk()) result->resultCode = rc; - if (!result->resultCode.isOk()) return Status::ok(); + if (!result->resultCode.isOk()) { + LOG(ERROR) << "Failed to verify authorization " << rc << " from begin()"; + rc = KS_HANDLE_HIDL_ERROR(dev->abort(result->handle)); + if (!rc.isOk()) { + LOG(ERROR) << "Failed to abort operation " << rc << " from begin()"; + } + return Status::ok(); + } } // Note: The operation map takes possession of the contents of "characteristics". @@ -1462,7 +1469,12 @@ Status KeyStoreService::update(const sp<IBinder>& token, const KeymasterArgument // just a reminder: on success result->resultCode was set in the callback. So we only overwrite // it if there was a communication error indicated by the ErrorCode. - if (!rc.isOk()) result->resultCode = rc; + if (!rc.isOk()) { + result->resultCode = rc; + // removeOperation() will free the memory 'op' used, so the order is important + mAuthTokenTable.MarkCompleted(op.handle); + mOperationMap.removeOperation(token, /* wasOpSuccessful */ false); + } return Status::ok(); } |