identity: Don't pass invalid profileIds in VTS test. Also add a check in the default implementation to help catch bugs like this in the future. Bug: 189865806 Test: atest VtsHalIdentityTargetTest Test: atest CtsIdentityTestCases Change-Id: Ief55528af8e14707b5c4d9431a851f9c8ccfae0c

commit: 1b8be7166f8033425bf618f5ad7b42e25eb44ea5 [log] [tgz]
author: David Zeuthen <zeuthen@google.com> Thu May 27 18:24:36 2021 -0400
committer: David Zeuthen <zeuthen@google.com> Tue Jun 01 16:44:06 2021 -0400
tree: a06c7d982b777bdfb898eb343ceefa2e32a1bd8e
parent: e8d43f7e59728744500bb875e1493c1193151bda [diff] [blame]
diff --git a/identity/aidl/default/common/WritableIdentityCredential.cpp b/identity/aidl/default/common/WritableIdentityCredential.cpp
index 25f129b..200ee61 100644
--- a/identity/aidl/default/common/WritableIdentityCredential.cpp
+++ b/identity/aidl/default/common/WritableIdentityCredential.cpp

@@ -210,6 +210,15 @@
                 "numAccessControlProfileRemaining_ is not zero"));
     }
 
+    // Ensure passed-in profile ids reference valid access control profiles
+    for (const int32_t id : accessControlProfileIds) {
+        if (accessControlProfileIds_.find(id) == accessControlProfileIds_.end()) {
+            return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+                    IIdentityCredentialStore::STATUS_INVALID_DATA,
+                    "An id in accessControlProfileIds references non-existing ACP"));
+        }
+    }
+
     if (remainingEntryCounts_.size() == 0) {
         return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
                 IIdentityCredentialStore::STATUS_INVALID_DATA, "No more namespaces to add to"));
commit	1b8be7166f8033425bf618f5ad7b42e25eb44ea5	[log] [tgz]
author	David Zeuthen <zeuthen@google.com>	Thu May 27 18:24:36 2021 -0400
committer	David Zeuthen <zeuthen@google.com>	Tue Jun 01 16:44:06 2021 -0400
tree	a06c7d982b777bdfb898eb343ceefa2e32a1bd8e
parent	e8d43f7e59728744500bb875e1493c1193151bda [diff] [blame]