am 7a4dd551: Merge "Flush the auth token table on resetUid"

* commit '7a4dd551344cd36954f57aab2f0eaa0a20ba6625':
  Flush the auth token table on resetUid

3 files changed, 9 insertions, 0 deletions

diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp
index 2ae10a0..de5d41d 100644
--- a/keystore/auth_token_table.cpp
+++ b/keystore/auth_token_table.cpp
@@ -140,6 +140,10 @@ void AuthTokenTable::RemoveEntriesSupersededBy(const Entry& entry) {
                    entries_.end());
 }
 
+void AuthTokenTable::Clear() {
+    entries_.clear();
+}
+
 bool AuthTokenTable::IsSupersededBySomeEntry(const Entry& entry) {
     return std::any_of(entries_.begin(), entries_.end(),
                        [&](Entry& e) { return e.Supersedes(entry); });
diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h
index 102e6e4..7a9cc34 100644
--- a/keystore/auth_token_table.h
+++ b/keystore/auth_token_table.h
@@ -95,6 +95,8 @@ class AuthTokenTable {
      */
     void MarkCompleted(const keymaster_operation_handle_t op_handle);
 
+    void Clear();
+
     size_t size() { return entries_.size(); }
 
   private:
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 03212ed..8db8dab 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -2245,6 +2245,9 @@ public:
         if (!checkBinderPermission(P_RESET_UID, targetUid)) {
             return ::PERMISSION_DENIED;
         }
+        // Flush the auth token table to prevent stale tokens from sticking
+        // around.
+        mAuthTokenTable.Clear();
 
         return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR;
     }