Keystore 2.0: Allow by key id usage of granted keys. When keys are loaded by grant they may be used by key id subsequently. This patch adds a check of the grant database when loading the access tuple. If one is found the access vector is populated allowing the permission callback to perform access control based on the grant. Test: keystore2_test Change-Id: If70dfbc035aed5aa3842663d475b489df3e3dd4e

commit: 45760026eadf09d36df73c488b8a7d3e2034e1b3 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Tue Jan 19 16:34:10 2021 -0800
committer: Janis Danisevskis <jdanis@google.com> Tue Jan 26 13:18:38 2021 -0800
tree: 51954bc9abfcfde2e8899c10a9914ad3e8c1cb2f
parent: 1e292289b7d7f741bc23289fc88d575ade5c0593 [diff] [blame]
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 080348c..870b7fc 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs

@@ -77,6 +77,7 @@
 ) -> anyhow::Result<()> {
     ThreadState::with_calling_sid(|calling_sid| {
         permission::check_key_permission(
+            ThreadState::get_calling_uid(),
             &calling_sid
                 .ok_or_else(Error::sys)
                 .context("In check_key_permission: Cannot check permission without calling_sid.")?,
commit	45760026eadf09d36df73c488b8a7d3e2034e1b3	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Tue Jan 19 16:34:10 2021 -0800
committer	Janis Danisevskis <jdanis@google.com>	Tue Jan 26 13:18:38 2021 -0800
tree	51954bc9abfcfde2e8899c10a9914ad3e8c1cb2f
parent	1e292289b7d7f741bc23289fc88d575ade5c0593 [diff] [blame]