commit 1b9febc5ca14b6e8f06f014b60566322f9b039f2
author David Drysdale <drysdale@google.com> Wed Jun 07 13:43:24 2023 +0100
committer David Drysdale <drysdale@google.com> Wed Jun 07 15:46:42 2023 +0100
tree 29ad63d54247752a480a0a1a466bdd2daf74d4a4
parent b06d1aeb9f1489f4f403c2a302c130c964ab4c6b

Use RAII to ensure KeyMint keyblobs deleted

If some check in a VTS test case fails, the test function may exit early
and not call CheckedDeleteKey(&some_keyblob), thus "leaking" a key blob.

This isn't normally an issue, but if the key blob happens to use a
feature that uses some secure storage (e.g. ROLLBACK_RESISTANCE or
USAGE_COUNT_LIMIT=1) then this may leak some scarse resource.

To avoid the chance of this, use an RAII holder to ensure that
manually-managed keyblobs (i.e. key blobs that are not held in the
key_blob_ member of the base test class) are always deleted.

Bug: 262212842
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie8806095e249870484b9875eb660070607f339a3

security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp

diff --git a/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp b/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp
index 4f72f67..4830422 100644
--- a/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp
@@ -560,7 +560,7 @@
                                               .SetDefaultValidity(),
                                       attest_key, &attested_key_blob, &attested_key_characteristics,
                                       &attested_key_cert_chain));
-                CheckedDeleteKey(&attested_key_blob);
+                KeyBlobDeleter(keymint_, attested_key_blob);
             } else {
                 FAIL() << "Unexpected name: " << name;
             }