tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Fixing security vuln by tightening race condition window."

Browse source
This commit is contained in:
Max Bires 2017-12-01 22:11:44 +00:00 committed by Android (Google) Code Review
commit 0e69ef0c0f
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
keystore/key_store_service.cpp
View file

@ -797,6 +797,8 @@ KeyStoreService::generateKey(const String16& name, const KeymasterArguments& par
const ::std::vector<uint8_t>& entropy, int uid, int flags,
android::security::keymaster::KeyCharacteristics* outCharacteristics,
int32_t* aidl_return) {
// TODO(jbires): remove this getCallingUid call upon implementation of b/25646100
uid_t originalUid = IPCThreadState::self()->getCallingUid();
uid = getEffectiveUid(uid);
KeyStoreServiceReturnCode rc =
checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
@ -811,7 +813,9 @@ KeyStoreService::generateKey(const String16& name, const KeymasterArguments& par
}
if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
if (!checkBinderPermission(P_GEN_UNIQUE_ID)) {
//TODO(jbires): remove uid checking upon implementation of b/25646100
if (!checkBinderPermission(P_GEN_UNIQUE_ID) &&
originalUid != IPCThreadState::self()->getCallingUid()) {
*aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
return Status::ok();
}