Flush the auth token table on resetUid
This prevents old stale auth tokens from sticking around after clearing.
Change-Id: I92e48b6d8cdba92cbc70f718cb45a4d96bd12900
diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp
index 2ae10a0..de5d41d 100644
--- a/keystore/auth_token_table.cpp
+++ b/keystore/auth_token_table.cpp
@@ -140,6 +140,10 @@
entries_.end());
}
+void AuthTokenTable::Clear() {
+ entries_.clear();
+}
+
bool AuthTokenTable::IsSupersededBySomeEntry(const Entry& entry) {
return std::any_of(entries_.begin(), entries_.end(),
[&](Entry& e) { return e.Supersedes(entry); });
diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h
index 102e6e4..7a9cc34 100644
--- a/keystore/auth_token_table.h
+++ b/keystore/auth_token_table.h
@@ -95,6 +95,8 @@
*/
void MarkCompleted(const keymaster_operation_handle_t op_handle);
+ void Clear();
+
size_t size() { return entries_.size(); }
private:
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 03212ed..8db8dab 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -2245,6 +2245,9 @@
if (!checkBinderPermission(P_RESET_UID, targetUid)) {
return ::PERMISSION_DENIED;
}
+ // Flush the auth token table to prevent stale tokens from sticking
+ // around.
+ mAuthTokenTable.Clear();
return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR;
}