diff options
| author | David Zeuthen <zeuthen@google.com> | 2020-04-27 15:24:55 -0400 |
|---|---|---|
| committer | David Zeuthen <zeuthen@google.com> | 2020-04-27 15:28:27 -0400 |
| commit | a0796e98c298fc1fc7df88f26c0d417454c34fea (patch) | |
| tree | f41c4b7c2981adea203082f7f6bbcd32b987a07f /identity/aidl/default/WritableIdentityCredential.cpp | |
| parent | 71156e527c376ec407670325a57989a2542d5c9a (diff) | |
Identity Credential: Restrict AccessControlProfile identifiers to 32.
In order to implement Identity Credential on resource-restricted
secure hardware, we need to limit the number of possible
AccessControlProfile in a credential. A limit of 32 means that such
hardware only need to devote four bytes of RAM for a bitmask with
information about which profiles are authorized.
Document this, add new VTS test, and update the default
implementation.
Bug: 155100967
Test: atest android.security.identity.cts
Test: atest VtsHalIdentityTargetTest
Change-Id: Ia4f2ee0013b330561df744e0595f298a0d156122
Diffstat (limited to 'identity/aidl/default/WritableIdentityCredential.cpp')
| -rw-r--r-- | identity/aidl/default/WritableIdentityCredential.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/identity/aidl/default/WritableIdentityCredential.cpp b/identity/aidl/default/WritableIdentityCredential.cpp index fd246d8fec..b3924447b2 100644 --- a/identity/aidl/default/WritableIdentityCredential.cpp +++ b/identity/aidl/default/WritableIdentityCredential.cpp @@ -143,6 +143,12 @@ ndk::ScopedAStatus WritableIdentityCredential::addAccessControlProfile( } accessControlProfileIds_.insert(id); + if (id < 0 || id >= 32) { + return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( + IIdentityCredentialStore::STATUS_INVALID_DATA, + "Access Control Profile id must be non-negative and less than 32")); + } + // Spec requires if |userAuthenticationRequired| is false, then |timeoutMillis| must also // be zero. if (!userAuthenticationRequired && timeoutMillis != 0) { |