commit ee10b5fab039d2410b821853265fb9cd0029bd05
author Janis Danisevskis <jdanis@google.com> Tue Sep 22 16:42:35 2020 -0700
committer Janis Danisevskis <jdanis@google.com> Wed Sep 30 12:20:56 2020 -0700
tree 256b0c90de2486042e3ad9fc41eee6a070c4157a
parent 29c9edd2d51acb5fd29e1bc963697bbbaa3f8a87

Keystore 2.0: Remove list permission from keystore2_key security class.

The list permission is special keystore2 permission that allows
callers to list arbitrary namespaces. It is not a key or namespace
specific permission.

Test: N/A
Merged-In: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
Change-Id: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5

keystore2/src/database.rs

diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index e459e86..ea70195 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -1086,14 +1086,20 @@
             let mut stmt = db
                 .conn
                 .prepare("SELECT id, grantee, keyentryid, access_vector FROM perboot.grant;")?;
-            let mut rows = stmt.query_map::<(i64, u32, i64, i32), _, _>(NO_PARAMS, |row| {
-                Ok((row.get(0)?, row.get(1)?, row.get(2)?, row.get(3)?))
-            })?;
+            let mut rows =
+                stmt.query_map::<(i64, u32, i64, KeyPermSet), _, _>(NO_PARAMS, |row| {
+                    Ok((
+                        row.get(0)?,
+                        row.get(1)?,
+                        row.get(2)?,
+                        KeyPermSet::from(row.get::<_, i32>(3)?),
+                    ))
+                })?;
 
             let r = rows.next().unwrap().unwrap();
-            assert_eq!(r, (next_random, GRANTEE_UID, 1, 516));
+            assert_eq!(r, (next_random, GRANTEE_UID, 1, PVEC1));
             let r = rows.next().unwrap().unwrap();
-            assert_eq!(r, (next_random + 1, GRANTEE_UID, 2, 512));
+            assert_eq!(r, (next_random + 1, GRANTEE_UID, 2, PVEC2));
             assert!(rows.next().is_none());
         }