diff options
author | Andres Morales <anmorales@google.com> | 2015-06-24 18:40:24 -0700 |
---|---|---|
committer | Andres Morales <anmorales@google.com> | 2015-06-24 18:40:24 -0700 |
commit | 7f6dcf657680aaf51dcd5d41c32c89254779b2a8 (patch) | |
tree | b3611b82aee760c3618d830858eddba46335abe5 /gatekeeperd | |
parent | 3c2086dabdb87e027412bb4405279128a321e184 (diff) | |
download | system_core-7f6dcf657680aaf51dcd5d41c32c89254779b2a8.tar.gz system_core-7f6dcf657680aaf51dcd5d41c32c89254779b2a8.tar.bz2 system_core-7f6dcf657680aaf51dcd5d41c32c89254779b2a8.zip |
[gatekeeperd] fix issue with SW->HW upgrades
If the handle version is 0, there's no hardware_backed flag
meaning hardware backed handles will be attempted against
the soft impl. Ensure we don't try to read from hardware_backed
unless the version is > 0.
Bug: 21090356
Change-Id: I65f009c55538ea3c20eb486b580eb11ce93934fc
Diffstat (limited to 'gatekeeperd')
-rw-r--r-- | gatekeeperd/gatekeeperd.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp index f4f2cbfc3..6622df979 100644 --- a/gatekeeperd/gatekeeperd.cpp +++ b/gatekeeperd/gatekeeperd.cpp @@ -144,7 +144,7 @@ public: const gatekeeper::password_handle_t *handle = reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle); - if (handle != NULL && !handle->hardware_backed) { + if (handle != NULL && handle->version != 0 && !handle->hardware_backed) { // handle is being re-enrolled from a software version. HAL probably won't accept // the handle as valid, so we nullify it and enroll from scratch current_password_handle = NULL; @@ -209,7 +209,9 @@ public: if (device) { const gatekeeper::password_handle_t *handle = reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle); - if (handle->hardware_backed) { + // handle version 0 does not have hardware backed flag, and thus cannot be upgraded to + // a HAL if there was none before + if (handle->version == 0 || handle->hardware_backed) { ret = device->verify(device, uid, challenge, enrolled_password_handle, enrolled_password_handle_length, provided_password, provided_password_length, auth_token, auth_token_length, |