Fix erroneous reporting of all tokens as timed out.
Bug: 22205545
Change-Id: I170e798b327020ff741031ec05e875c685a49e9d
diff --git a/keystore/keystore_keymaster_enforcement.h b/keystore/keystore_keymaster_enforcement.h
index f7703eb..d20d7a6 100644
--- a/keystore/keystore_keymaster_enforcement.h
+++ b/keystore/keystore_keymaster_enforcement.h
@@ -73,9 +73,9 @@
}
bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const {
- // Non-secure world cannot check token timeouts because it doesn't have access to the secure
- // clock. Assume the token is good.
- return true;
+ // Assume the token has not timed out, because AuthTokenTable would not have returned it if
+ // the timeout were past. Secure hardware will also check timeouts if it supports them.
+ return false;
}
bool ValidateTokenSignature(const hw_auth_token_t&) const override {