diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-04-16 15:16:44 -0700 |
---|---|---|
committer | Chad Brubaker <cbrubaker@google.com> | 2015-04-16 15:16:44 -0700 |
commit | bbc7648d285f67b898d24d307b011fb676ba6643 (patch) | |
tree | eaf31355a1e01b8471eafd336917e0fded8bfa87 | |
parent | f1b8f6bf93eaf677268342eccc1a1caf830d9fe9 (diff) | |
download | android_system_security-bbc7648d285f67b898d24d307b011fb676ba6643.tar.gz android_system_security-bbc7648d285f67b898d24d307b011fb676ba6643.tar.bz2 android_system_security-bbc7648d285f67b898d24d307b011fb676ba6643.zip |
Flush the auth token table on resetUid
This prevents old stale auth tokens from sticking around after clearing.
Change-Id: I92e48b6d8cdba92cbc70f718cb45a4d96bd12900
-rw-r--r-- | keystore/auth_token_table.cpp | 4 | ||||
-rw-r--r-- | keystore/auth_token_table.h | 2 | ||||
-rw-r--r-- | keystore/keystore.cpp | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp index 2ae10a0..de5d41d 100644 --- a/keystore/auth_token_table.cpp +++ b/keystore/auth_token_table.cpp @@ -140,6 +140,10 @@ void AuthTokenTable::RemoveEntriesSupersededBy(const Entry& entry) { entries_.end()); } +void AuthTokenTable::Clear() { + entries_.clear(); +} + bool AuthTokenTable::IsSupersededBySomeEntry(const Entry& entry) { return std::any_of(entries_.begin(), entries_.end(), [&](Entry& e) { return e.Supersedes(entry); }); diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h index 102e6e4..7a9cc34 100644 --- a/keystore/auth_token_table.h +++ b/keystore/auth_token_table.h @@ -95,6 +95,8 @@ class AuthTokenTable { */ void MarkCompleted(const keymaster_operation_handle_t op_handle); + void Clear(); + size_t size() { return entries_.size(); } private: diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 03212ed..8db8dab 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -2245,6 +2245,9 @@ public: if (!checkBinderPermission(P_RESET_UID, targetUid)) { return ::PERMISSION_DENIED; } + // Flush the auth token table to prevent stale tokens from sticking + // around. + mAuthTokenTable.Clear(); return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR; } |