Keystore 2.0: Fix loading access tuple from the grant table.
When loading the access tuple from the grant table, we need to eliminate
the unreferenced keys.
Author: jdanis@google.com
Test: atest keystore2_test
Change-Id: I2b768fe48ee1fad829e97e596b4647c50f1d0c54
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index e1185f3..7a8eca3 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -2438,11 +2438,12 @@
let mut stmt = tx
.prepare(
"SELECT keyentryid, access_vector FROM persistent.grant
- WHERE grantee = ? AND id = ?;",
+ WHERE grantee = ? AND id = ? AND
+ (SELECT state FROM persistent.keyentry WHERE id = keyentryid) = ?;",
)
.context("Domain::GRANT prepare statement failed")?;
let mut rows = stmt
- .query(params![caller_uid as i64, key.nspace])
+ .query(params![caller_uid as i64, key.nspace, KeyLifeCycle::Live])
.context("Domain:Grant: query failed.")?;
let (key_id, access_vector): (i64, i32) =
db_utils::with_rows_extract_one(&mut rows, |row| {