diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-04-16 22:42:18 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-04-16 22:42:18 +0000 |
commit | d914f65728bbc19a8544fc0252429a03d7ac88b5 (patch) | |
tree | b60ca0c912d5affe3f1fe9322c848ac870f2af77 | |
parent | bb9c9dbc4ae285c5fb7b9c2aed4bc45333cade35 (diff) | |
parent | 7a4dd551344cd36954f57aab2f0eaa0a20ba6625 (diff) | |
download | android_system_security-d914f65728bbc19a8544fc0252429a03d7ac88b5.tar.gz android_system_security-d914f65728bbc19a8544fc0252429a03d7ac88b5.tar.bz2 android_system_security-d914f65728bbc19a8544fc0252429a03d7ac88b5.zip |
am 7a4dd551: Merge "Flush the auth token table on resetUid"
* commit '7a4dd551344cd36954f57aab2f0eaa0a20ba6625':
Flush the auth token table on resetUid
-rw-r--r-- | keystore/auth_token_table.cpp | 4 | ||||
-rw-r--r-- | keystore/auth_token_table.h | 2 | ||||
-rw-r--r-- | keystore/keystore.cpp | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp index 2ae10a0..de5d41d 100644 --- a/keystore/auth_token_table.cpp +++ b/keystore/auth_token_table.cpp @@ -140,6 +140,10 @@ void AuthTokenTable::RemoveEntriesSupersededBy(const Entry& entry) { entries_.end()); } +void AuthTokenTable::Clear() { + entries_.clear(); +} + bool AuthTokenTable::IsSupersededBySomeEntry(const Entry& entry) { return std::any_of(entries_.begin(), entries_.end(), [&](Entry& e) { return e.Supersedes(entry); }); diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h index 102e6e4..7a9cc34 100644 --- a/keystore/auth_token_table.h +++ b/keystore/auth_token_table.h @@ -95,6 +95,8 @@ class AuthTokenTable { */ void MarkCompleted(const keymaster_operation_handle_t op_handle); + void Clear(); + size_t size() { return entries_.size(); } private: diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 03212ed..8db8dab 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -2245,6 +2245,9 @@ public: if (!checkBinderPermission(P_RESET_UID, targetUid)) { return ::PERMISSION_DENIED; } + // Flush the auth token table to prevent stale tokens from sticking + // around. + mAuthTokenTable.Clear(); return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR; } |