Merge "Flush the auth token table on resetUid"

7a4dd551 · Chad Brubaker · Gerrit Code Review · 9484bb01 · bbc7648d · 7a4dd551
Commit 7a4dd551 authored 10 years ago by Chad Brubaker Committed by Gerrit Code Review 10 years ago
Showing with 9 additions and 0 deletions

keystore/auth_token_table.cpp keystore/auth_token_table.cpp +4 -0

keystore/auth_token_table.h keystore/auth_token_table.h +2 -0

keystore/keystore.cpp keystore/keystore.cpp +3 -0

No files found.
--- a/keystore/auth_token_table.cpp
+++ b/keystore/auth_token_table.cpp
@@ -140,6 +140,10 @@ void AuthTokenTable::RemoveEntriesSupersededBy(const Entry& entry) {
                   entries_.end());
 }

+void AuthTokenTable::Clear() {
+    entries_.clear();
+}
+
 bool AuthTokenTable::IsSupersededBySomeEntry(const Entry& entry) {
    return std::any_of(entries_.begin(), entries_.end(),
                       [&](Entry& e) { return e.Supersedes(entry); });

--- a/keystore/auth_token_table.h
+++ b/keystore/auth_token_table.h
@@ -95,6 +95,8 @@ class AuthTokenTable {
     */
    void MarkCompleted(const keymaster_operation_handle_t op_handle);

+    void Clear();
+
    size_t size() { return entries_.size(); }

  private:

--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -2245,6 +2245,9 @@ public:
        if (!checkBinderPermission(P_RESET_UID, targetUid)) {
            return ::PERMISSION_DENIED;
        }
+        // Flush the auth token table to prevent stale tokens from sticking
+        // around.
+        mAuthTokenTable.Clear();

        return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR;
    }