diff options
-rw-r--r-- | keystore/key_store_service.cpp | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index c8310853..81189ae7 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -1371,7 +1371,14 @@ Status KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, })); if (!rc.isOk()) result->resultCode = rc; - if (!result->resultCode.isOk()) return Status::ok(); + if (!result->resultCode.isOk()) { + LOG(ERROR) << "Failed to verify authorization " << rc << " from begin()"; + rc = KS_HANDLE_HIDL_ERROR(dev->abort(result->handle)); + if (!rc.isOk()) { + LOG(ERROR) << "Failed to abort operation " << rc << " from begin()"; + } + return Status::ok(); + } } // Note: The operation map takes possession of the contents of "characteristics". @@ -1462,7 +1469,12 @@ Status KeyStoreService::update(const sp<IBinder>& token, const KeymasterArgument // just a reminder: on success result->resultCode was set in the callback. So we only overwrite // it if there was a communication error indicated by the ErrorCode. - if (!rc.isOk()) result->resultCode = rc; + if (!rc.isOk()) { + result->resultCode = rc; + // removeOperation() will free the memory 'op' used, so the order is important + mAuthTokenTable.MarkCompleted(op.handle); + mOperationMap.removeOperation(token, /* wasOpSuccessful */ false); + } return Status::ok(); } |