commit 57430977cf7b758a4fe955933e32c5d2d44574b2
author Chad Brubaker <cbrubaker@google.com> Thu Apr 16 23:00:23 2015 +0000
committer Android Git Automerger <android-git-automerger@android.com> Thu Apr 16 23:00:23 2015 +0000
tree 13b066e766bbf75937743fabee625d7c16d1a2c1
parent 3aa55012241118820b12c565852c304cbd260b72
parent c598fab3ae8e363f84e2d6f41dd6511e27df240f

am c598fab3: am d914f657: am 7a4dd551: Merge "Flush the auth token table on resetUid"

* commit 'c598fab3ae8e363f84e2d6f41dd6511e27df240f':
  Flush the auth token table on resetUid

keystore/auth_token_table.cpp

diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp
index 2ae10a0..de5d41d 100644
--- a/keystore/auth_token_table.cpp
+++ b/keystore/auth_token_table.cpp
@@ -140,6 +140,10 @@
                    entries_.end());
 }
 
+void AuthTokenTable::Clear() {
+    entries_.clear();
+}
+
 bool AuthTokenTable::IsSupersededBySomeEntry(const Entry& entry) {
     return std::any_of(entries_.begin(), entries_.end(),
                        [&](Entry& e) { return e.Supersedes(entry); });

keystore/auth_token_table.h

diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h
index 102e6e4..7a9cc34 100644
--- a/keystore/auth_token_table.h
+++ b/keystore/auth_token_table.h
@@ -95,6 +95,8 @@
      */
     void MarkCompleted(const keymaster_operation_handle_t op_handle);
 
+    void Clear();
+
     size_t size() { return entries_.size(); }
 
   private:

keystore/keystore.cpp

diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 2a1641b..e3d4446 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -2248,6 +2248,9 @@
         if (!checkBinderPermission(P_RESET_UID, targetUid)) {
             return ::PERMISSION_DENIED;
         }
+        // Flush the auth token table to prevent stale tokens from sticking
+        // around.
+        mAuthTokenTable.Clear();
 
         return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR;
     }