Merge "Revert "Fixing security vuln by tightening race condition window.""

am: fbe01199cb Change-Id: I3cbf27926ade31d0d902d69900c44453c678c40d
2020-01-23 11:04:38 -08:00 · 2020-01-23 11:04:38 -08:00 · 7664a53479
commit 7664a53479
parent b781cc2399 fbe01199cb
1 changed files with 1 additions and 5 deletions
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@ -613,8 +613,6 @@ Status KeyStoreService::generateKey(
    const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
    const String16& name, const KeymasterArguments& params, const ::std::vector<uint8_t>& entropy,
    int uid, int flags, int32_t* _aidl_return) {
-    // TODO(jbires): remove this getCallingUid call upon implementation of b/25646100
-    uid_t originalUid = IPCThreadState::self()->getCallingUid();
    uid = getEffectiveUid(uid);
    auto logOnScopeExit = android::base::make_scope_guard([&] {
        if (__android_log_security()) {
@ -634,9 +632,7 @@ Status KeyStoreService::generateKey(
    }

    if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
-        // TODO(jbires): remove uid checking upon implementation of b/25646100
-        if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
-            originalUid != IPCThreadState::self()->getCallingUid()) {
+        if (!checkBinderPermission(P_GEN_UNIQUE_ID)) {
            return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
        }
    }