commit bec89993a95194ab774f6b7aaec0b5e3c0602bc6
author Janis Danisevskis <jdanis@google.com> Wed Aug 14 13:42:19 2019 -0700
committer Wenhao Wang <wenhaowang@google.com> Tue Sep 03 20:34:08 2019 +0000
tree 40dae388d875b4ad28bdbc490211c706d0fdbdb2
parent 81f35573c71f0448bb0a1d2989726a55805ff131

Fix memory leak in keystore

When operations are aborted by an app or an app dies, tokens are not
removed from the device token map. This patch moves the this map from
key_store_service to KeyStore so that it can be accessed by the
keymaster workers. It also adds calls to removeOperationDevice to the
binderDied hook of the keymaster workers as well as to keystore service
abort.

Add a call to removeOperationDevice() inside pruneOperation() function on
keystore/keymaster_worker.cpp

Bug: 139383076
Test: atest keystore_unit_tests (passed)

Change-Id: I90d4dc9d4510f4ac250022c89240a742b9e8d4b4

keystore/keymaster_worker.cpp

diff --git a/keystore/keymaster_worker.cpp b/keystore/keymaster_worker.cpp
index 23a0023..f6d5621 100644
--- a/keystore/keymaster_worker.cpp
+++ b/keystore/keymaster_worker.cpp
@@ -341,6 +341,7 @@
     // We mostly ignore errors from abort() because all we care about is whether at least
     // one operation has been removed.
     auto rc = abort(oldest);
+    keyStore_->removeOperationDevice(oldest);
     if (operationMap_.getOperationCount() >= op_count_before_abort) {
         ALOGE("Failed to abort pruneable operation %p, error: %d", oldest.get(), rc.getErrorCode());
         return false;
@@ -1111,6 +1112,7 @@
         auto operations = operationMap_.getOperationsForToken(who.unsafe_get());
         for (const auto& token : operations) {
             abort(token);
+            keyStore_->removeOperationDevice(token);
         }
     });
 }