diff options
author | Alex Klyubin <klyubin@google.com> | 2015-06-23 15:04:05 -0700 |
---|---|---|
committer | Alex Klyubin <klyubin@google.com> | 2015-06-23 15:04:40 -0700 |
commit | 4e88f9be2b3bb3dcea43f338532882681ee77352 (patch) | |
tree | 1ec2e62bc0a1dd44a655f383cae7cfe225ec8771 | |
parent | 53752414eab95d31d76db4bb088ac1d5499b5aae (diff) | |
download | android_system_security-4e88f9be2b3bb3dcea43f338532882681ee77352.tar.gz android_system_security-4e88f9be2b3bb3dcea43f338532882681ee77352.tar.bz2 android_system_security-4e88f9be2b3bb3dcea43f338532882681ee77352.zip |
Don't ignore errors from begin operation.
This fixes a bug introduced by
9221bff2f13451ef330135bb32ea96de2a8b09cc which invoked authorization
checks after begin operation, while ignoring any errors returned by
that operation. This CL restrores the correct order: authorization
checks are followed by begin operation.
Bug: 22039986
Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d
-rw-r--r-- | keystore/keystore.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index b36f65f..85289ad 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -2478,8 +2478,6 @@ public: } } keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; - keymaster_key_param_set_t outParams = {NULL, 0}; - err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle); // Create a keyid for this key. keymaster::km_id_t keyid; @@ -2501,6 +2499,9 @@ public: return; } + keymaster_key_param_set_t outParams = {NULL, 0}; + err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle); + // If there are too many operations abort the oldest operation that was // started as pruneable and try again. while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) { |