identity: fix access control checks in libeic. Also add a new libeic_test binary which has a regression test for this vulnerability. Bug: 190757775 Test: atest libeic_test Test: atest VtsHalIdentityTargetTest Test: atest CtsIdentityTestCases Merged-In: I8344655c59930d6bf1baa4e0f8d0f60e4fc9e48d Change-Id: I8344655c59930d6bf1baa4e0f8d0f60e4fc9e48d

commit: af7e9cfb284b92e98299a7e9053505b145557686 [log] [tgz]
author: David Zeuthen <zeuthen@google.com> Thu Jun 10 18:34:24 2021 -0400
committer: David Zeuthen <zeuthen@google.com> Mon Jun 21 15:13:55 2021 -0400
tree: 72e168951301bc38d7749751849e3484a84d7df1
parent: 05e6b870a40e3f067686ba3acb4c75278cad9079 [diff] [blame]
diff --git a/identity/aidl/default/libeic/EicPresentation.h b/identity/aidl/default/libeic/EicPresentation.h
index 7cad068..c888049 100644
--- a/identity/aidl/default/libeic/EicPresentation.h
+++ b/identity/aidl/default/libeic/EicPresentation.h

@@ -70,6 +70,10 @@
     // Set to true initialized as a test credential.
     bool testCredential;
 
+    // Set to true if the evaluation of access control checks in
+    // eicPresentationStartRetrieveEntryValue() resulted EIC_ACCESS_CHECK_RESULT_OK
+    bool accessCheckOk;
+
     // These are bitmasks indicating which of the possible 32 access control profiles are
     // authorized. They are built up by eicPresentationValidateAccessControlProfile().
     //
commit	af7e9cfb284b92e98299a7e9053505b145557686	[log] [tgz]
author	David Zeuthen <zeuthen@google.com>	Thu Jun 10 18:34:24 2021 -0400
committer	David Zeuthen <zeuthen@google.com>	Mon Jun 21 15:13:55 2021 -0400
tree	72e168951301bc38d7749751849e3484a84d7df1
parent	05e6b870a40e3f067686ba3acb4c75278cad9079 [diff] [blame]