Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 22:04:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Identity Credential: Restrict AccessControlProfile identifiers to 32." into rvc-dev am: 17c8d7c043 am: f959dfd73a am: 1cd4a45a14

Browse Source 
Change-Id: I66fd73d8efb7816090f6e1fc255f150056ae19d0
This commit is contained in:
TreeHugger Robot
2020-04-27 22:13:45 +00:00
committed by Automerger Merge Worker
parent fbe0e2236c 1cd4a45a14
commit 26a5a2aaef
3 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
identity/aidl/android/hardware/identity/IWritableIdentityCredential.aidl
View File

@@ -140,7 +140,8 @@ interface IWritableIdentityCredential {
* with STATUS_INVALID_DATA.
*
* @param id a numeric identifier that must be unique within the context of a Credential and may
* be used to reference the profile. If this is not satisfied the call fails with
* be used to reference the profile. This id must be non-negative and less than 32 (allowing
* for a total of 32 profiles). If this is not satisfied the call fails with
* STATUS_INVALID_DATA.
*
* @param readerCertificate if non-empty, specifies a single X.509 certificate (not a chain of

6
identity/aidl/default/WritableIdentityCredential.cpp
View File

@@ -143,6 +143,12 @@ ndk::ScopedAStatus WritableIdentityCredential::addAccessControlProfile(
}
accessControlProfileIds_.insert(id);
if (id < 0 || id >= 32) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
IIdentityCredentialStore::STATUS_INVALID_DATA,
"Access Control Profile id must be non-negative and less than 32"));
}
// Spec requires if |userAuthenticationRequired| is false, then |timeoutMillis| must also
// be zero.
if (!userAuthenticationRequired && timeoutMillis != 0) {

34
identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp
View File

@@ -641,6 +641,40 @@ TEST_P(IdentityCredentialTests, verifyInterleavingEntryNameSpaceOrderingFails) {
EXPECT_EQ(IIdentityCredentialStore::STATUS_INVALID_DATA, result.serviceSpecificErrorCode());
}
TEST_P(IdentityCredentialTests, verifyAccessControlProfileIdOutOfRange) {
sp<IWritableIdentityCredential> writableCredential;
ASSERT_TRUE(test_utils::SetupWritableCredential(writableCredential, credentialStore_));
const vector<int32_t> entryCounts = {1};
Status result = writableCredential->startPersonalization(1, entryCounts);
ASSERT_TRUE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage()
<< endl;
SecureAccessControlProfile profile;
// This should fail because the id is >= 32
result = writableCredential->addAccessControlProfile(32, // id
{}, // readerCertificate
false, // userAuthenticationRequired
0, // timeoutMillis
42, // secureUserId
&profile);
ASSERT_FALSE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage();
ASSERT_EQ(binder::Status::EX_SERVICE_SPECIFIC, result.exceptionCode());
ASSERT_EQ(IIdentityCredentialStore::STATUS_INVALID_DATA, result.serviceSpecificErrorCode());
// This should fail because the id is < 0
result = writableCredential->addAccessControlProfile(-1, // id
{}, // readerCertificate
false, // userAuthenticationRequired
0, // timeoutMillis
42, // secureUserId
&profile);
ASSERT_FALSE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage();
ASSERT_EQ(binder::Status::EX_SERVICE_SPECIFIC, result.exceptionCode());
ASSERT_EQ(IIdentityCredentialStore::STATUS_INVALID_DATA, result.serviceSpecificErrorCode());
}
INSTANTIATE_TEST_SUITE_P(
Identity, IdentityCredentialTests,
testing::ValuesIn(android::getAidlHalInstanceNames(IIdentityCredentialStore::descriptor)),