diff options
Diffstat (limited to 'identity/aidl/default/WritableIdentityCredential.cpp')
| -rw-r--r-- | identity/aidl/default/WritableIdentityCredential.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/identity/aidl/default/WritableIdentityCredential.cpp b/identity/aidl/default/WritableIdentityCredential.cpp index fd246d8fec..b3924447b2 100644 --- a/identity/aidl/default/WritableIdentityCredential.cpp +++ b/identity/aidl/default/WritableIdentityCredential.cpp @@ -143,6 +143,12 @@ ndk::ScopedAStatus WritableIdentityCredential::addAccessControlProfile( } accessControlProfileIds_.insert(id); + if (id < 0 || id >= 32) { + return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( + IIdentityCredentialStore::STATUS_INVALID_DATA, + "Access Control Profile id must be non-negative and less than 32")); + } + // Spec requires if |userAuthenticationRequired| is false, then |timeoutMillis| must also // be zero. if (!userAuthenticationRequired && timeoutMillis != 0) { |