Updated `listEntries` API response code with invalid domain field.
Updated to return `INVALID_ARGUMENT` instead of `PERMISSION_DENIED`
response code when domain is other than `APP` or `SELINUX`.
Added tests to validate `listEntries` API with valid domains `APP and
SELINUX` and invalid domains like `BLOB`.
Bug: 239719010
Test: atest CtsKeystoreTestCases; atest keystore2_client_tests;
Change-Id: I7d10c13342ca5719682e371e428fa42f992ba07d
diff --git a/keystore2/src/service.rs b/keystore2/src/service.rs
index d634e0c..8d2e5ad 100644
--- a/keystore2/src/service.rs
+++ b/keystore2/src/service.rs
@@ -266,7 +266,7 @@
..Default::default()
},
Domain::SELINUX => KeyDescriptor{domain, nspace: namespace, ..Default::default()},
- _ => return Err(Error::perm()).context(
+ _ => return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT)).context(
"In list_entries: List entries is only supported for Domain::APP and Domain::SELINUX."
),
};
@@ -278,8 +278,8 @@
// selected.
if let Err(e) = check_key_permission(KeyPerm::GetInfo, &k, &None) {
if let Some(selinux::Error::PermissionDenied) =
- e.root_cause().downcast_ref::<selinux::Error>() {
-
+ e.root_cause().downcast_ref::<selinux::Error>()
+ {
check_keystore_permission(KeystorePerm::List)
.context("In list_entries: While checking keystore permission.")?;
if namespace != -1 {