Remove exist check from doLegacySignVerify
exist requires the keystore exist permission which callers of
sign/verify may not have. Instead log key not found if begin returns
::KEY_NOT_FOUND.
Bug: 21658885
Change-Id: I8c42f3a636a248e3fb1f0344bf32667fce57f667
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 639866c..a838dee 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -2969,10 +2969,6 @@
uint8_t** out, size_t* outLength, const uint8_t* signature,
size_t signatureLength, keymaster_purpose_t purpose) {
- if (exist(name, IPCThreadState::self()->getCallingUid()) != ::NO_ERROR) {
- ALOGW("Key not found");
- return ::KEY_NOT_FOUND;
- }
std::basic_stringstream<uint8_t> outBuffer;
OperationResult result;
KeymasterArguments inArgs;
@@ -2982,7 +2978,11 @@
begin(appToken, name, purpose, true, inArgs, NULL, 0, &result);
if (result.resultCode != ResponseCode::NO_ERROR) {
- ALOGW("Error in begin: %d", result.resultCode);
+ if (result.resultCode == ::KEY_NOT_FOUND) {
+ ALOGW("Key not found");
+ } else {
+ ALOGW("Error in begin: %d", result.resultCode);
+ }
return translateResultToLegacyResult(result.resultCode);
}
inArgs.params.clear();