Don't ignore errors from begin operation. This fixes a bug introduced by 9221bff2f13451ef330135bb32ea96de2a8b09cc which invoked authorization checks after begin operation, while ignoring any errors returned by that operation. This CL restrores the correct order: authorization checks are followed by begin operation. Bug: 22039986 Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d

commit: 4e88f9be2b3bb3dcea43f338532882681ee77352 [log] [tgz]
author: Alex Klyubin <klyubin@google.com> Tue Jun 23 15:04:05 2015 -0700
committer: Alex Klyubin <klyubin@google.com> Tue Jun 23 15:04:40 2015 -0700
tree: 1ec2e62bc0a1dd44a655f383cae7cfe225ec8771
parent: 53752414eab95d31d76db4bb088ac1d5499b5aae [diff] [blame]
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index b36f65f..85289ad 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp

@@ -2478,8 +2478,6 @@
             }
         }
         keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()};
-        keymaster_key_param_set_t outParams = {NULL, 0};
-        err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle);
 
         // Create a keyid for this key.
         keymaster::km_id_t keyid;
@@ -2501,6 +2499,9 @@
             return;
         }
 
+        keymaster_key_param_set_t outParams = {NULL, 0};
+        err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle);
+
         // If there are too many operations abort the oldest operation that was
         // started as pruneable and try again.
         while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) {
commit	4e88f9be2b3bb3dcea43f338532882681ee77352	[log] [tgz]
author	Alex Klyubin <klyubin@google.com>	Tue Jun 23 15:04:05 2015 -0700
committer	Alex Klyubin <klyubin@google.com>	Tue Jun 23 15:04:40 2015 -0700
tree	1ec2e62bc0a1dd44a655f383cae7cfe225ec8771
parent	53752414eab95d31d76db4bb088ac1d5499b5aae [diff] [blame]