diff options
author | Shawn Willden <swillden@google.com> | 2015-06-30 15:47:54 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2015-06-30 18:13:34 -0600 |
commit | 06114e6a1e1663c39b718224c4f326d844b15b98 (patch) | |
tree | 79a9fe2863d86582bc233151ae335a917e729dcd | |
parent | 0ebf13dbf975028735a8afc42e39c6ea47cec704 (diff) | |
download | android_system_security-06114e6a1e1663c39b718224c4f326d844b15b98.tar.gz android_system_security-06114e6a1e1663c39b718224c4f326d844b15b98.tar.bz2 android_system_security-06114e6a1e1663c39b718224c4f326d844b15b98.zip |
Fix erroneous reporting of all tokens as timed out.
Bug: 22205545
Change-Id: I170e798b327020ff741031ec05e875c685a49e9d
-rw-r--r-- | keystore/keystore_keymaster_enforcement.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/keystore/keystore_keymaster_enforcement.h b/keystore/keystore_keymaster_enforcement.h index f7703eb..d20d7a6 100644 --- a/keystore/keystore_keymaster_enforcement.h +++ b/keystore/keystore_keymaster_enforcement.h @@ -73,9 +73,9 @@ class KeystoreKeymasterEnforcement : public keymaster::KeymasterEnforcement { } bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const { - // Non-secure world cannot check token timeouts because it doesn't have access to the secure - // clock. Assume the token is good. - return true; + // Assume the token has not timed out, because AuthTokenTable would not have returned it if + // the timeout were past. Secure hardware will also check timeouts if it supports them. + return false; } bool ValidateTokenSignature(const hw_auth_token_t&) const override { |