diff options
| -rw-r--r-- | identity/aidl/default/common/WritableIdentityCredential.cpp | 9 | ||||
| -rw-r--r-- | identity/aidl/vts/DeleteCredentialTests.cpp | 2 | ||||
| -rw-r--r-- | identity/aidl/vts/ProveOwnershipTests.cpp | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/identity/aidl/default/common/WritableIdentityCredential.cpp b/identity/aidl/default/common/WritableIdentityCredential.cpp index 25f129b14b..200ee61df4 100644 --- a/identity/aidl/default/common/WritableIdentityCredential.cpp +++ b/identity/aidl/default/common/WritableIdentityCredential.cpp @@ -210,6 +210,15 @@ ndk::ScopedAStatus WritableIdentityCredential::beginAddEntry( "numAccessControlProfileRemaining_ is not zero")); } + // Ensure passed-in profile ids reference valid access control profiles + for (const int32_t id : accessControlProfileIds) { + if (accessControlProfileIds_.find(id) == accessControlProfileIds_.end()) { + return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( + IIdentityCredentialStore::STATUS_INVALID_DATA, + "An id in accessControlProfileIds references non-existing ACP")); + } + } + if (remainingEntryCounts_.size() == 0) { return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( IIdentityCredentialStore::STATUS_INVALID_DATA, "No more namespaces to add to")); diff --git a/identity/aidl/vts/DeleteCredentialTests.cpp b/identity/aidl/vts/DeleteCredentialTests.cpp index d3addf4b90..7627c9cbb9 100644 --- a/identity/aidl/vts/DeleteCredentialTests.cpp +++ b/identity/aidl/vts/DeleteCredentialTests.cpp @@ -102,7 +102,7 @@ void DeleteCredentialTests::provisionData() { ASSERT_TRUE(wc->addAccessControlProfile(1, {}, false, 0, 0, &sacp).isOk()); // Single entry - don't care about the returned encrypted data - ASSERT_TRUE(wc->beginAddEntry({0}, "ns", "Some Data", 1).isOk()); + ASSERT_TRUE(wc->beginAddEntry({1}, "ns", "Some Data", 1).isOk()); vector<uint8_t> encryptedData; ASSERT_TRUE(wc->addEntryValue({9}, &encryptedData).isOk()); diff --git a/identity/aidl/vts/ProveOwnershipTests.cpp b/identity/aidl/vts/ProveOwnershipTests.cpp index fa0e293388..c622193ef5 100644 --- a/identity/aidl/vts/ProveOwnershipTests.cpp +++ b/identity/aidl/vts/ProveOwnershipTests.cpp @@ -102,7 +102,7 @@ void ProveOwnershipTests::provisionData() { ASSERT_TRUE(wc->addAccessControlProfile(1, {}, false, 0, 0, &sacp).isOk()); // Single entry - don't care about the returned encrypted data - ASSERT_TRUE(wc->beginAddEntry({0}, "ns", "Some Data", 1).isOk()); + ASSERT_TRUE(wc->beginAddEntry({1}, "ns", "Some Data", 1).isOk()); vector<uint8_t> encryptedData; ASSERT_TRUE(wc->addEntryValue({9}, &encryptedData).isOk()); |