commit 91de6db226d912249f42c406b7441bb7fb296850
author Bo Zhu <bozhu@google.com> Tue Mar 20 12:52:13 2018 -0700
committer Bo Zhu <bozhu@google.com> Tue Mar 20 14:32:32 2018 -0700
tree 49f5c236309ec99a55f6be2941612ff7a23a5819
parent eec88d343a1105d4da5c108c49258e2ccc131f4a

Allow the keystore grant mechanism to work without a screenlock

Test: atest CtsKeystoreTestCases
Bug: 74345822
Change-Id: I88c5ce50725423721d6e3f3364d00bec8472b903

keystore/key_store_service.cpp

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index aab3db1..986d466 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -593,7 +593,8 @@
 Status KeyStoreService::grant(const String16& name, int32_t granteeUid,
                               ::android::String16* aidl_return) {
     uid_t callingUid = IPCThreadState::self()->getCallingUid();
-    auto result = checkBinderPermissionAndKeystoreState(P_GRANT);
+    auto result =
+        checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
     if (!result.isOk()) {
         *aidl_return = String16();
         return Status::ok();
@@ -614,7 +615,8 @@
 
 Status KeyStoreService::ungrant(const String16& name, int32_t granteeUid, int32_t* aidl_return) {
     uid_t callingUid = IPCThreadState::self()->getCallingUid();
-    KeyStoreServiceReturnCode result = checkBinderPermissionAndKeystoreState(P_GRANT);
+    KeyStoreServiceReturnCode result =
+        checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
     if (!result.isOk()) {
         *aidl_return = static_cast<int32_t>(result);
         return Status::ok();