commit 4ff6274fa770edf86d31dfea36e518d2964b2eee
author Janis Danisevskis <jdanis@google.com> Tue Oct 05 18:07:07 2021 -0700
committer Janis Danisevskis <jdanis@google.com> Thu Oct 07 08:24:42 2021 -0700
tree b81550579b5ee8de72a69ae54057fab74418ba6a
parent 6a0afe1846e4d5f7867d4cc68cab468fdc9bfcba

Keystore 2.0 SPI: Fix NullPointerException in setKeyEntry.

Fix a NullPointerException when trying to insert SecretKey that already
exists.

Bug: 202146009
Test: atest android.keystore.cts.AndroidKeyStoreTest#testKeyStore_SetKeyEntry_ReplacedWithSameGeneratedSecretKey
Change-Id: If3a4bd6677ab3173c5c1a7c921ba567b7981662b

keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 67358c4..33411e1 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -601,8 +601,6 @@
         }
         KeyProtection params = (KeyProtection) param;
 
-        @SecurityLevel int securityLevel = params.isStrongBoxBacked() ? SecurityLevel.STRONGBOX :
-                SecurityLevel.TRUSTED_ENVIRONMENT;
         @Domain int targetDomain = (getTargetDomain());
 
         if (key instanceof AndroidKeyStoreSecretKey) {
@@ -794,6 +792,9 @@
             flags |= IKeystoreSecurityLevel.KEY_FLAG_AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING;
         }
 
+        @SecurityLevel int securityLevel = params.isStrongBoxBacked() ? SecurityLevel.STRONGBOX :
+                SecurityLevel.TRUSTED_ENVIRONMENT;
+
         try {
             KeyStoreSecurityLevel securityLevelInterface = mKeyStore.getSecurityLevel(
                     securityLevel);