Move auth token checking to begin
Auth tokens will now be checked on begin and then used for all
subsequent calls for that operation, this means that things like
auth timeouts will only be checked on begin, and operation that starts
at timeout - .00001 will now be able to be used to completion.
One exception to this is keys that use per operation authorization.
Begin for these operations must succeed so that the application gets a
handle to authorize. For those keys if the application calls update
before authorizing the operation the call will fail. For these keys
begin will return OP_AUTH_NEEDED so let the caller know more work is
needed before using the operation.
Change-Id: I5dda40803e7b2aecac27defc64d6d3f630d3f0d0
diff --git a/keystore/operation.cpp b/keystore/operation.cpp
index e871f83..667f456 100644
--- a/keystore/operation.cpp
+++ b/keystore/operation.cpp
@@ -110,6 +110,29 @@
return mLru[0];
}
+bool OperationMap::getOperationAuthToken(sp<IBinder> token, const hw_auth_token_t** outToken) {
+ auto entry = mMap.find(token);
+ if (entry == mMap.end()) {
+ return false;
+ }
+ if (entry->second.authToken.get() != NULL) {
+ *outToken = *entry->second.authToken;
+ } else {
+ *outToken = NULL;
+ }
+ return true;
+}
+
+bool OperationMap::setOperationAuthToken(sp<IBinder> token, const hw_auth_token_t* authToken) {
+ auto entry = mMap.find(token);
+ if (entry == mMap.end()) {
+ return false;
+ }
+ entry->second.authToken.reset(new const hw_auth_token_t*);
+ *entry->second.authToken = authToken;
+ return true;
+}
+
std::vector<sp<IBinder>> OperationMap::getOperationsForToken(sp<IBinder> appToken) {
auto appEntry = mAppTokenMap.find(appToken);
if (appEntry != mAppTokenMap.end()) {