Snap for 5180536 from 72a9c568f11ecc3a2e26d9c548bcaf138b05c9a1 to pi-platform-release
Change-Id: I7acd29755d476f8b23e438b9f7c8b72fa31fd469
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index c831085..81189ae 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -1371,7 +1371,14 @@
}));
if (!rc.isOk()) result->resultCode = rc;
- if (!result->resultCode.isOk()) return Status::ok();
+ if (!result->resultCode.isOk()) {
+ LOG(ERROR) << "Failed to verify authorization " << rc << " from begin()";
+ rc = KS_HANDLE_HIDL_ERROR(dev->abort(result->handle));
+ if (!rc.isOk()) {
+ LOG(ERROR) << "Failed to abort operation " << rc << " from begin()";
+ }
+ return Status::ok();
+ }
}
// Note: The operation map takes possession of the contents of "characteristics".
@@ -1462,7 +1469,12 @@
// just a reminder: on success result->resultCode was set in the callback. So we only overwrite
// it if there was a communication error indicated by the ErrorCode.
- if (!rc.isOk()) result->resultCode = rc;
+ if (!rc.isOk()) {
+ result->resultCode = rc;
+ // removeOperation() will free the memory 'op' used, so the order is important
+ mAuthTokenTable.MarkCompleted(op.handle);
+ mOperationMap.removeOperation(token, /* wasOpSuccessful */ false);
+ }
return Status::ok();
}