Filter USER_ID tag from the hardware keystore
An as-yet-undiscovered mismatch between authorization sets that do or
don't have the USER_ID tag applied are causing failures for PIN setting
on the secondary account. This changes makes sure those tags are not
sent to the underlying keystore to fix the PIN failure, while we
diagnose the underlying cause.
Bug: 76460912
Test: Switch to guest account, set PIN, lock and unlock.
Change-Id: I880899af5095a95ae41b7a64c5a76329f0f78f4a
diff --git a/keymaster/4.0/support/Keymaster3.cpp b/keymaster/4.0/support/Keymaster3.cpp
index b2cdbd9..84b3ee1 100644
--- a/keymaster/4.0/support/Keymaster3.cpp
+++ b/keymaster/4.0/support/Keymaster3.cpp
@@ -61,9 +61,12 @@
}
hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
- hidl_vec<V3_0::KeyParameter> converted(params.size());
- for (size_t i = 0; i < params.size(); ++i) {
- converted[i] = convert(params[i]);
+ std::vector<V3_0::KeyParameter> converted;
+ converted.reserve(params.size());
+ for (const auto& param : params) {
+ // Qualcomm's Keymaster3 implementation behaves oddly if Tag::USER_ID is provided. Filter it
+ // out. Revert this change when b/73286437 is fixed.
+ if (param.tag != Tag::USER_ID) converted.push_back(convert(param));
}
return converted;
}