Merge "Identity Credential: Restrict AccessControlProfile identifiers to 32." into rvc-dev am: 17c8d7c043

Change-Id: I3b04b9b6e37b4bc50a44ffea18f9215ac14c199d

identity/aidl/android/hardware/identity/IWritableIdentityCredential.aidl

@@ -140,7 +140,8 @@ interface IWritableIdentityCredential {
      * with STATUS_INVALID_DATA.
      *
      * @param id a numeric identifier that must be unique within the context of a Credential and may
-     *     be used to reference the profile. If this is not satisfied the call fails with
+     *     be used to reference the profile. This id must be non-negative and less than 32 (allowing
+     *     for a total of 32 profiles). If this is not satisfied the call fails with
      *     STATUS_INVALID_DATA.
      *
      * @param readerCertificate if non-empty, specifies a single X.509 certificate (not a chain of

identity/aidl/default/WritableIdentityCredential.cpp

@@ -143,6 +143,12 @@ ndk::ScopedAStatus WritableIdentityCredential::addAccessControlProfile(
     }
     accessControlProfileIds_.insert(id);
 
+    if (id < 0 || id >= 32) {
+        return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+                IIdentityCredentialStore::STATUS_INVALID_DATA,
+                "Access Control Profile id must be non-negative and less than 32"));
+    }
+
     // Spec requires if |userAuthenticationRequired| is false, then |timeoutMillis| must also
     // be zero.
     if (!userAuthenticationRequired && timeoutMillis != 0) {

identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp

@@ -641,6 +641,40 @@ TEST_P(IdentityCredentialTests, verifyInterleavingEntryNameSpaceOrderingFails) {
     EXPECT_EQ(IIdentityCredentialStore::STATUS_INVALID_DATA, result.serviceSpecificErrorCode());
 }
 
+TEST_P(IdentityCredentialTests, verifyAccessControlProfileIdOutOfRange) {
+    sp<IWritableIdentityCredential> writableCredential;
+    ASSERT_TRUE(test_utils::SetupWritableCredential(writableCredential, credentialStore_));
+
+    const vector<int32_t> entryCounts = {1};
+    Status result = writableCredential->startPersonalization(1, entryCounts);
+    ASSERT_TRUE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage()
+                               << endl;
+
+    SecureAccessControlProfile profile;
+
+    // This should fail because the id is >= 32
+    result = writableCredential->addAccessControlProfile(32,     // id
+                                                         {},     // readerCertificate
+                                                         false,  // userAuthenticationRequired
+                                                         0,      // timeoutMillis
+                                                         42,     // secureUserId
+                                                         &profile);
+    ASSERT_FALSE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage();
+    ASSERT_EQ(binder::Status::EX_SERVICE_SPECIFIC, result.exceptionCode());
+    ASSERT_EQ(IIdentityCredentialStore::STATUS_INVALID_DATA, result.serviceSpecificErrorCode());
+
+    // This should fail because the id is < 0
+    result = writableCredential->addAccessControlProfile(-1,     // id
+                                                         {},     // readerCertificate
+                                                         false,  // userAuthenticationRequired
+                                                         0,      // timeoutMillis
+                                                         42,     // secureUserId
+                                                         &profile);
+    ASSERT_FALSE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage();
+    ASSERT_EQ(binder::Status::EX_SERVICE_SPECIFIC, result.exceptionCode());
+    ASSERT_EQ(IIdentityCredentialStore::STATUS_INVALID_DATA, result.serviceSpecificErrorCode());
+}
+
 INSTANTIATE_TEST_SUITE_P(
         Identity, IdentityCredentialTests,
         testing::ValuesIn(android::getAidlHalInstanceNames(IIdentityCredentialStore::descriptor)),