tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Handle auth token with same timestamp

Browse source 
am: bfb01d904d

Change-Id: I0f7da1e8ff3f4696ae2889ae3ab58f9d5c58ec61
This commit is contained in:
Rubin Xu 2017-10-23 20:13:04 +00:00 committed by android-build-merger
commit d169e1dc0e
2 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
keystore/auth_token_table.cpp
View file

@ -244,7 +244,7 @@ bool AuthTokenTable::Entry::Supersedes(const Entry& entry) const {
return (token_->userId == entry.token_->userId &&
token_->authenticatorType == entry.token_->authenticatorType &&
token_->authenticatorId == entry.token_->authenticatorId &&
timestamp_host_order() > entry.timestamp_host_order());
is_newer_than(&entry));
}
} // namespace keymaster

10
keystore/auth_token_table.h
View file

@ -114,9 +114,15 @@ class AuthTokenTable {
bool Supersedes(const Entry& entry) const;
bool SatisfiesAuth(const std::vector<uint64_t>& sids, HardwareAuthenticatorType auth_type);
bool is_newer_than(const Entry* entry) {
bool is_newer_than(const Entry* entry) const {
if (!entry) return true;
return timestamp_host_order() > entry->timestamp_host_order();
uint64_t ts = timestamp_host_order();
uint64_t other_ts = entry->timestamp_host_order();
// Normally comparing timestamp_host_order alone is sufficient, but here is an
// additional hack to compare time_received value for some devices where their auth
// tokens contain fixed timestamp (due to the a stuck secure RTC on them)
return (ts > other_ts) ||
((ts == other_ts) && (time_received_ > entry->time_received_));
}
void mark_completed() { operation_completed_ = true; }