Revert "Fixing security vuln by tightening race condition window."
This reverts commit ef4f067c03543d8c8f2f8218bc69af12692ba000.
Reason for revert: The underlying system support required to properly fix this bug has been implemented. This patch-over is no longer necessary. Patches listed in b/25646100
Test: atest keystore_unit_tests
Change-Id: I8e3e78f1440a81e60ab4986c5bb07df205a60062
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 7028e72..58b5834 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -624,8 +624,6 @@
const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb,
const String16& name, const KeymasterArguments& params, const ::std::vector<uint8_t>& entropy,
int uid, int flags, int32_t* _aidl_return) {
- // TODO(jbires): remove this getCallingUid call upon implementation of b/25646100
- uid_t originalUid = IPCThreadState::self()->getCallingUid();
uid = getEffectiveUid(uid);
auto logOnScopeExit = android::base::make_scope_guard([&] {
if (__android_log_security()) {
@@ -645,9 +643,7 @@
}
if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
- // TODO(jbires): remove uid checking upon implementation of b/25646100
- if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
- originalUid != IPCThreadState::self()->getCallingUid()) {
+ if (!checkBinderPermission(P_GEN_UNIQUE_ID)) {
return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
}
}