Don't allow a non-owner to grant access to APP key
Test: keystore2_client_tests
Test: KeyChainTests
Test: KeyStoreManagerTests
Test: CtsVerifier / Security / KeyChain storage test
Change-Id: I8f991e4dd9cbdf4ccf22e5a834881a379fb9333d
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 2b69d1e..c6dc11e 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs
@@ -80,6 +80,7 @@
pub fn check_grant_permission(access_vec: KeyPermSet, key: &KeyDescriptor) -> anyhow::Result<()> {
ThreadState::with_calling_sid(|calling_sid| {
permission::check_grant_permission(
+ ThreadState::get_calling_uid(),
calling_sid
.ok_or_else(Error::sys)
.context(ks_err!("Cannot check permission without calling_sid."))?,