commit 5010127f2d12d027f5b7047a75cdd8ce6891d0b1
author Shawn Willden <swillden@google.com> Wed Oct 10 18:04:55 2018 -0700
committer android-build-merger <android-build-merger@google.com> Wed Oct 10 18:04:55 2018 -0700
tree c4a2dd4765c4c7a00080e6f0d40fbd169e984b1f
parent 21bfc14768313a94dc094523f520ca5fa7c344a2
parent 737e985d29b1842883f4bf4757a90c430ca9e87e

[automerger skipped] Use TEE keymaster for ID attestation. am: 70c1a7883c  -s ours
am: 737e985d29  -s ours

Change-Id: Ied98bb902bec70d49509cd464209ead6f3da42c2

keystore/key_store_service.cpp

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 62b21c8..95eaa4c 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -1374,7 +1374,14 @@
                                                             }));
 
         if (!rc.isOk()) result->resultCode = rc;
-        if (!result->resultCode.isOk()) return Status::ok();
+        if (!result->resultCode.isOk()) {
+            LOG(ERROR) << "Failed to verify authorization " << rc << " from begin()";
+            rc = KS_HANDLE_HIDL_ERROR(dev->abort(result->handle));
+            if (!rc.isOk()) {
+                LOG(ERROR) << "Failed to abort operation " << rc << " from begin()";
+            }
+            return Status::ok();
+        }
     }
 
     // Note: The operation map takes possession of the contents of "characteristics".
@@ -1465,7 +1472,12 @@
 
     // just a reminder: on success result->resultCode was set in the callback. So we only overwrite
     // it if there was a communication error indicated by the ErrorCode.
-    if (!rc.isOk()) result->resultCode = rc;
+    if (!rc.isOk()) {
+        result->resultCode = rc;
+        // removeOperation() will free the memory 'op' used, so the order is important
+        mAuthTokenTable.MarkCompleted(op.handle);
+        mOperationMap.removeOperation(token, /* wasOpSuccessful */ false);
+    }
 
     return Status::ok();
 }