Don't ignore errors from begin operation.
This fixes a bug introduced by
9221bff2f13451ef330135bb32ea96de2a8b09cc which invoked authorization
checks after begin operation, while ignoring any errors returned by
that operation. This CL restrores the correct order: authorization
checks are followed by begin operation.
Bug: 22039986
Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index b36f65f..85289ad 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -2478,8 +2478,6 @@
}
}
keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()};
- keymaster_key_param_set_t outParams = {NULL, 0};
- err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle);
// Create a keyid for this key.
keymaster::km_id_t keyid;
@@ -2501,6 +2499,9 @@
return;
}
+ keymaster_key_param_set_t outParams = {NULL, 0};
+ err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle);
+
// If there are too many operations abort the oldest operation that was
// started as pruneable and try again.
while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) {