From 7f6dcf657680aaf51dcd5d41c32c89254779b2a8 Mon Sep 17 00:00:00 2001 From: Andres Morales Date: Wed, 24 Jun 2015 18:40:24 -0700 Subject: [PATCH] [gatekeeperd] fix issue with SW->HW upgrades If the handle version is 0, there's no hardware_backed flag meaning hardware backed handles will be attempted against the soft impl. Ensure we don't try to read from hardware_backed unless the version is > 0. Bug: 21090356 Change-Id: I65f009c55538ea3c20eb486b580eb11ce93934fc --- gatekeeperd/gatekeeperd.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp index f4f2cbfc3..6622df979 100644 --- a/gatekeeperd/gatekeeperd.cpp +++ b/gatekeeperd/gatekeeperd.cpp @@ -144,7 +144,7 @@ public: const gatekeeper::password_handle_t *handle = reinterpret_cast(current_password_handle); - if (handle != NULL && !handle->hardware_backed) { + if (handle != NULL && handle->version != 0 && !handle->hardware_backed) { // handle is being re-enrolled from a software version. HAL probably won't accept // the handle as valid, so we nullify it and enroll from scratch current_password_handle = NULL; @@ -209,7 +209,9 @@ public: if (device) { const gatekeeper::password_handle_t *handle = reinterpret_cast(enrolled_password_handle); - if (handle->hardware_backed) { + // handle version 0 does not have hardware backed flag, and thus cannot be upgraded to + // a HAL if there was none before + if (handle->version == 0 || handle->hardware_backed) { ret = device->verify(device, uid, challenge, enrolled_password_handle, enrolled_password_handle_length, provided_password, provided_password_length, auth_token, auth_token_length,