45760026eadf09d36df73c488b8a7d3e2034e1b3 - android_system_security

commit	45760026eadf09d36df73c488b8a7d3e2034e1b3	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Tue Jan 19 16:34:10 2021 -0800
committer	Janis Danisevskis <jdanis@google.com>	Tue Jan 26 13:18:38 2021 -0800
tree	51954bc9abfcfde2e8899c10a9914ad3e8c1cb2f
parent	1e292289b7d7f741bc23289fc88d575ade5c0593 [diff]

Keystore 2.0: Allow by key id usage of granted keys.

When keys are loaded by grant they may be used by key id subsequently.
This patch adds a check of the grant database when loading the access
tuple. If one is found the access vector is populated allowing
the permission callback to perform access control based on the grant.

Test: keystore2_test
Change-Id: If70dfbc035aed5aa3842663d475b489df3e3dd4e

keystore2/src/database.rs[diff]
keystore2/src/permission.rs[diff]
keystore2/src/utils.rs[diff]

3 files changed

tree: 51954bc9abfcfde2e8899c10a9914ad3e8c1cb2f

fsverity_init/
identity/
keystore/
keystore-engine/
keystore2/
ondevice-signing/
provisioner/
rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
.clang-format
Android.bp
METADATA
MODULE_LICENSE_APACHE2
NOTICE
OWNERS
PREUPLOAD.cfg