Fix erroneous reporting of all tokens as timed out. Bug: 22205545 Change-Id: I170e798b327020ff741031ec05e875c685a49e9d

commit: 06114e6a1e1663c39b718224c4f326d844b15b98 [log] [tgz]
author: Shawn Willden <swillden@google.com> Tue Jun 30 15:47:54 2015 -0600
committer: Shawn Willden <swillden@google.com> Tue Jun 30 18:13:34 2015 -0600
tree: 79a9fe2863d86582bc233151ae335a917e729dcd
parent: 0ebf13dbf975028735a8afc42e39c6ea47cec704 [diff]
diff --git a/keystore/keystore_keymaster_enforcement.h b/keystore/keystore_keymaster_enforcement.h
index f7703eb..d20d7a6 100644
--- a/keystore/keystore_keymaster_enforcement.h
+++ b/keystore/keystore_keymaster_enforcement.h

@@ -73,9 +73,9 @@
     }
 
     bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const {
-        // Non-secure world cannot check token timeouts because it doesn't have access to the secure
-        // clock.  Assume the token is good.
-        return true;
+        // Assume the token has not timed out, because AuthTokenTable would not have returned it if
+        // the timeout were past.  Secure hardware will also check timeouts if it supports them.
+        return false;
     }
 
     bool ValidateTokenSignature(const hw_auth_token_t&) const override {
commit	06114e6a1e1663c39b718224c4f326d844b15b98	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Tue Jun 30 15:47:54 2015 -0600
committer	Shawn Willden <swillden@google.com>	Tue Jun 30 18:13:34 2015 -0600
tree	79a9fe2863d86582bc233151ae335a917e729dcd
parent	0ebf13dbf975028735a8afc42e39c6ea47cec704 [diff]