Fixing bug in security vulnerability patch The incorrect logical operator being used was causing unconditional permission to be granted, which is the exact opposite of intended behavior. Bug: 70280642 Test: testEcAttestation_KeyStoreExceptionWhenRequestingUniqueId passes Change-Id: I2f1ed9768f136003126fb59a7a4517a159ff978c

commit: 670467d9a4be539ac1cb2a7eb1a41ce2524a24b2 [log] [tgz]
author: Max Bires <jbires@google.com> Tue Dec 12 11:16:43 2017 -0800
committer: Max Bires <jbires@google.com> Tue Dec 12 11:16:43 2017 -0800
tree: 9176521ea943b7e5dfc7d7d04788cace9df9435c
parent: 0e69ef0c0f1d3e1568067664b1ad9b672f8e9fcc [diff] [blame]
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index ac10921..b309ad6 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp

@@ -814,7 +814,7 @@
 
     if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
         //TODO(jbires): remove uid checking upon implementation of b/25646100
-        if (!checkBinderPermission(P_GEN_UNIQUE_ID) &&
+        if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
             originalUid != IPCThreadState::self()->getCallingUid()) {
             *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
             return Status::ok();
commit	670467d9a4be539ac1cb2a7eb1a41ce2524a24b2	[log] [tgz]
author	Max Bires <jbires@google.com>	Tue Dec 12 11:16:43 2017 -0800
committer	Max Bires <jbires@google.com>	Tue Dec 12 11:16:43 2017 -0800
tree	9176521ea943b7e5dfc7d7d04788cace9df9435c
parent	0e69ef0c0f1d3e1568067664b1ad9b672f8e9fcc [diff] [blame]