Don't allow a non-owner to grant access to APP key Test: keystore2_client_tests Test: KeyChainTests Test: KeyStoreManagerTests Test: CtsVerifier / Security / KeyChain storage test Change-Id: I8f991e4dd9cbdf4ccf22e5a834881a379fb9333d

commit: 8e92e746453c080fbbddbce409870caf70f11d72 [log] [tgz]
author: David Drysdale <drysdale@google.com> Tue Oct 22 13:07:07 2024 +0100
committer: David Drysdale <drysdale@google.com> Wed Nov 06 10:41:08 2024 +0000
tree: 9ec4b7dc6ac4530779122afac1f957941f80936f
parent: d6ceaf11fbc908535122888b8ac5839c93bf9028 [diff] [blame]
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 2b69d1e..c6dc11e 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs

@@ -80,6 +80,7 @@
 pub fn check_grant_permission(access_vec: KeyPermSet, key: &KeyDescriptor) -> anyhow::Result<()> {
     ThreadState::with_calling_sid(|calling_sid| {
         permission::check_grant_permission(
+            ThreadState::get_calling_uid(),
             calling_sid
                 .ok_or_else(Error::sys)
                 .context(ks_err!("Cannot check permission without calling_sid."))?,
commit	8e92e746453c080fbbddbce409870caf70f11d72	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Tue Oct 22 13:07:07 2024 +0100
committer	David Drysdale <drysdale@google.com>	Wed Nov 06 10:41:08 2024 +0000
tree	9ec4b7dc6ac4530779122afac1f957941f80936f
parent	d6ceaf11fbc908535122888b8ac5839c93bf9028 [diff] [blame]