am 06114e6a: Fix erroneous reporting of all tokens as timed out.
* commit '06114e6a1e1663c39b718224c4f326d844b15b98':
Fix erroneous reporting of all tokens as timed out.
diff --git a/keystore/keystore_keymaster_enforcement.h b/keystore/keystore_keymaster_enforcement.h
index f7703eb..d20d7a6 100644
--- a/keystore/keystore_keymaster_enforcement.h
+++ b/keystore/keystore_keymaster_enforcement.h
@@ -73,9 +73,9 @@
}
bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const {
- // Non-secure world cannot check token timeouts because it doesn't have access to the secure
- // clock. Assume the token is good.
- return true;
+ // Assume the token has not timed out, because AuthTokenTable would not have returned it if
+ // the timeout were past. Secure hardware will also check timeouts if it supports them.
+ return false;
}
bool ValidateTokenSignature(const hw_auth_token_t&) const override {