identity: Don't pass invalid profileIds in VTS test.

Also add a check in the default implementation to help catch bugs like this in the future. Bug: 189865806 Test: atest VtsHalIdentityTargetTest Test: atest CtsIdentityTestCases Change-Id: Ief55528af8e14707b5c4d9431a851f9c8ccfae0c
author: David Zeuthen <zeuthen@google.com> 2021-05-27 18:24:36 -0400
committer: David Zeuthen <zeuthen@google.com> 2021-06-01 16:44:06 -0400
commit: 1b8be7166f8033425bf618f5ad7b42e25eb44ea5 (patch)
tree: a06c7d982b777bdfb898eb343ceefa2e32a1bd8e
parent: e8d43f7e59728744500bb875e1493c1193151bda (diff)
3 files changed, 11 insertions, 2 deletions
diff --git a/identity/aidl/default/common/WritableIdentityCredential.cpp b/identity/aidl/default/common/WritableIdentityCredential.cpp
index 25f129b14b..200ee61df4 100644
--- a/identity/aidl/default/common/WritableIdentityCredential.cpp
+++ b/identity/aidl/default/common/WritableIdentityCredential.cpp
@@ -210,6 +210,15 @@ ndk::ScopedAStatus WritableIdentityCredential::beginAddEntry(
                 "numAccessControlProfileRemaining_ is not zero"));
     }
 
+    // Ensure passed-in profile ids reference valid access control profiles
+    for (const int32_t id : accessControlProfileIds) {
+        if (accessControlProfileIds_.find(id) == accessControlProfileIds_.end()) {
+            return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+                    IIdentityCredentialStore::STATUS_INVALID_DATA,
+                    "An id in accessControlProfileIds references non-existing ACP"));
+        }
+    }
+
     if (remainingEntryCounts_.size() == 0) {
         return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
                 IIdentityCredentialStore::STATUS_INVALID_DATA, "No more namespaces to add to"));
diff --git a/identity/aidl/vts/DeleteCredentialTests.cpp b/identity/aidl/vts/DeleteCredentialTests.cpp
index d3addf4b90..7627c9cbb9 100644
--- a/identity/aidl/vts/DeleteCredentialTests.cpp
+++ b/identity/aidl/vts/DeleteCredentialTests.cpp
@@ -102,7 +102,7 @@ void DeleteCredentialTests::provisionData() {
     ASSERT_TRUE(wc->addAccessControlProfile(1, {}, false, 0, 0, &sacp).isOk());
 
     // Single entry - don't care about the returned encrypted data
-    ASSERT_TRUE(wc->beginAddEntry({0}, "ns", "Some Data", 1).isOk());
+    ASSERT_TRUE(wc->beginAddEntry({1}, "ns", "Some Data", 1).isOk());
     vector<uint8_t> encryptedData;
     ASSERT_TRUE(wc->addEntryValue({9}, &encryptedData).isOk());
 
diff --git a/identity/aidl/vts/ProveOwnershipTests.cpp b/identity/aidl/vts/ProveOwnershipTests.cpp
index fa0e293388..c622193ef5 100644
--- a/identity/aidl/vts/ProveOwnershipTests.cpp
+++ b/identity/aidl/vts/ProveOwnershipTests.cpp
@@ -102,7 +102,7 @@ void ProveOwnershipTests::provisionData() {
     ASSERT_TRUE(wc->addAccessControlProfile(1, {}, false, 0, 0, &sacp).isOk());
 
     // Single entry - don't care about the returned encrypted data
-    ASSERT_TRUE(wc->beginAddEntry({0}, "ns", "Some Data", 1).isOk());
+    ASSERT_TRUE(wc->beginAddEntry({1}, "ns", "Some Data", 1).isOk());
     vector<uint8_t> encryptedData;
     ASSERT_TRUE(wc->addEntryValue({9}, &encryptedData).isOk());
author	David Zeuthen <zeuthen@google.com>	2021-05-27 18:24:36 -0400
committer	David Zeuthen <zeuthen@google.com>	2021-06-01 16:44:06 -0400
commit	1b8be7166f8033425bf618f5ad7b42e25eb44ea5 (patch)
tree	a06c7d982b777bdfb898eb343ceefa2e32a1bd8e
parent	e8d43f7e59728744500bb875e1493c1193151bda (diff)