Merge "Drop ancient default salt value"
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index afbf475..b47b373 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -60,7 +60,6 @@
     security_level: SecurityLevel,
     km_uuid: Uuid,
     is_hal_present: AtomicBool,
-    is_rkp_only: bool,
 }
 
 static COSE_KEY_XCOORD: Value = Value::Integer(-2);
@@ -71,12 +70,7 @@
 impl RemProvState {
     /// Creates a RemProvState struct.
     pub fn new(security_level: SecurityLevel, km_uuid: Uuid) -> Self {
-        Self {
-            security_level,
-            km_uuid,
-            is_hal_present: AtomicBool::new(true),
-            is_rkp_only: Self::read_is_rkp_only_property(security_level),
-        }
+        Self { security_level, km_uuid, is_hal_present: AtomicBool::new(true) }
     }
 
     /// Returns the uuid for the KM instance attached to this RemProvState struct.
@@ -84,12 +78,12 @@
         self.km_uuid
     }
 
-    fn read_is_rkp_only_property(security_level: SecurityLevel) -> bool {
+    fn is_rkp_only(&self) -> bool {
         let default_value = false;
 
-        let property_name = match security_level {
-            SecurityLevel::STRONGBOX => "ro.remote_provisioning.strongbox.rkp_only",
-            SecurityLevel::TRUSTED_ENVIRONMENT => "ro.remote_provisioning.tee.rkp_only",
+        let property_name = match self.security_level {
+            SecurityLevel::STRONGBOX => "remote_provisioning.strongbox.rkp_only",
+            SecurityLevel::TRUSTED_ENVIRONMENT => "remote_provisioning.tee.rkp_only",
             _ => return default_value,
         };
 
@@ -102,6 +96,9 @@
     /// server, so unfortunately caching the presence or absence of the HAL is not enough to fully
     /// make decisions about the state of remote provisioning during runtime.
     fn check_rem_prov_enabled(&self, db: &mut KeystoreDB) -> Result<bool> {
+        if self.is_rkp_only() {
+            return Ok(true);
+        }
         if !self.is_hal_present.load(Ordering::Relaxed)
             || get_remotely_provisioned_component(&self.security_level).is_err()
         {
@@ -159,7 +156,7 @@
                         "In get_remote_provisioning_key_and_certs: Error occurred: {:?}",
                         e
                     );
-                    if self.is_rkp_only {
+                    if self.is_rkp_only() {
                         return Err(e);
                     }
                     log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID);
diff --git a/keystore2/src/service.rs b/keystore2/src/service.rs
index 79e7692..d634e0c 100644
--- a/keystore2/src/service.rs
+++ b/keystore2/src/service.rs
@@ -276,22 +276,19 @@
         // If the first check fails we check if the caller has the list permission allowing to list
         // any namespace. In that case we also adjust the queried namespace if a specific uid was
         // selected.
-        match check_key_permission(KeyPerm::GetInfo, &k, &None) {
-            Err(e) => {
-                if let Some(selinux::Error::PermissionDenied) =
-                    e.root_cause().downcast_ref::<selinux::Error>()
-                {
-                    check_keystore_permission(KeystorePerm::List)
-                        .context("In list_entries: While checking keystore permission.")?;
-                    if namespace != -1 {
-                        k.nspace = namespace;
-                    }
-                } else {
-                    return Err(e).context("In list_entries: While checking key permission.")?;
+        if let Err(e) = check_key_permission(KeyPerm::GetInfo, &k, &None) {
+            if let Some(selinux::Error::PermissionDenied) =
+                e.root_cause().downcast_ref::<selinux::Error>() {
+
+                check_keystore_permission(KeystorePerm::List)
+                    .context("In list_entries: While checking keystore permission.")?;
+                if namespace != -1 {
+                    k.nspace = namespace;
                 }
+            } else {
+                return Err(e).context("In list_entries: While checking key permission.")?;
             }
-            Ok(()) => {}
-        };
+        }
 
         DB.with(|db| list_key_entries(&mut db.borrow_mut(), k.domain, k.nspace))
     }