Keystore 2.0: Fix permission check for device attestation. A permission check was missing guarding device unique attestation. Test: N/A Change-Id: I4c870f50fafacc8b1731c3fed6a846c72b035646

commit: 83116e5784473bb30494899848912268f582b2f5 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Tue Apr 06 13:36:58 2021 -0700
committer: Janis Danisevskis <jdanis@google.com> Tue Apr 06 13:41:06 2021 -0700
tree: 9e3ad34d6ecc8b579cd5b8cddfa500ba494dce53
parent: e93d40cada3dc93b7fcc82d36cd7c3d7da2171fd [diff] [blame]
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 20f7226..50d697e 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs

@@ -372,7 +372,7 @@
         if params.iter().any(|kp| kp.tag == Tag::INCLUDE_UNIQUE_ID) {
             check_key_permission(KeyPerm::gen_unique_id(), key, &None).context(concat!(
                 "In add_certificate_parameters: ",
-                "Caller does not have the permission for device unique attestation."
+                "Caller does not have the permission to generate a unique ID"
             ))?;
         }
commit	83116e5784473bb30494899848912268f582b2f5	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Tue Apr 06 13:36:58 2021 -0700
committer	Janis Danisevskis <jdanis@google.com>	Tue Apr 06 13:41:06 2021 -0700
tree	9e3ad34d6ecc8b579cd5b8cddfa500ba494dce53
parent	e93d40cada3dc93b7fcc82d36cd7c3d7da2171fd [diff] [blame]