summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndres Morales <anmorales@google.com>2015-06-24 18:40:24 -0700
committerAndres Morales <anmorales@google.com>2015-06-24 18:40:24 -0700
commit7f6dcf657680aaf51dcd5d41c32c89254779b2a8 (patch)
treeb3611b82aee760c3618d830858eddba46335abe5
parent3c2086dabdb87e027412bb4405279128a321e184 (diff)
[gatekeeperd] fix issue with SW->HW upgrades
If the handle version is 0, there's no hardware_backed flag meaning hardware backed handles will be attempted against the soft impl. Ensure we don't try to read from hardware_backed unless the version is > 0. Bug: 21090356 Change-Id: I65f009c55538ea3c20eb486b580eb11ce93934fc
-rw-r--r--gatekeeperd/gatekeeperd.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index f4f2cbfc3..6622df979 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -144,7 +144,7 @@ public:
const gatekeeper::password_handle_t *handle =
reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle);
- if (handle != NULL && !handle->hardware_backed) {
+ if (handle != NULL && handle->version != 0 && !handle->hardware_backed) {
// handle is being re-enrolled from a software version. HAL probably won't accept
// the handle as valid, so we nullify it and enroll from scratch
current_password_handle = NULL;
@@ -209,7 +209,9 @@ public:
if (device) {
const gatekeeper::password_handle_t *handle =
reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle);
- if (handle->hardware_backed) {
+ // handle version 0 does not have hardware backed flag, and thus cannot be upgraded to
+ // a HAL if there was none before
+ if (handle->version == 0 || handle->hardware_backed) {
ret = device->verify(device, uid, challenge,
enrolled_password_handle, enrolled_password_handle_length,
provided_password, provided_password_length, auth_token, auth_token_length,