summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--keystore/key_store_service.cpp8
1 files changed, 6 insertions, 2 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index eb5fe86b..f6786b88 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -693,6 +693,8 @@ KeyStoreServiceReturnCode KeyStoreService::generateKey(const String16& name,
const hidl_vec<uint8_t>& entropy, int uid,
int flags,
KeyCharacteristics* outCharacteristics) {
+ // TODO(jbires): remove this getCallingUid call upon implementation of b/25646100
+ uid_t originalUid = IPCThreadState::self()->getCallingUid();
uid = getEffectiveUid(uid);
KeyStoreServiceReturnCode rc =
checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
@@ -703,9 +705,11 @@ KeyStoreServiceReturnCode KeyStoreService::generateKey(const String16& name,
ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
return ResponseCode::PERMISSION_DENIED;
}
-
if (containsTag(params, Tag::INCLUDE_UNIQUE_ID)) {
- if (!checkBinderPermission(P_GEN_UNIQUE_ID)) return ResponseCode::PERMISSION_DENIED;
+ if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
+ originalUid != IPCThreadState::self()->getCallingUid()) {
+ return ResponseCode::PERMISSION_DENIED;
+ }
}
bool usingFallback = false;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 17:07:00 +0000