Correct missed return code path.

ag/2835967 corrected a lost authorization check result introduced during
a refactor, but in the process failed to return the auth check result in
one codepath, causing the Java layer above to fail to throw the
exception.  That in turn broke work profile password removal.  This CL
sets the return code for cases where the authorization check failed.

Bug: 65348783
Test: Manually tested with TestDPC, add and remove passcode
Change-Id: I846b154c8cbcd9a73cd12b9a4376616dacf62fbb
(cherry picked from commit 827243a97217ed8c64542efd3a72e430e9b84b22)

1 files changed, 4 insertions, 1 deletions

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index c33a1d06..3a57e07e 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -1078,7 +1078,10 @@ void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, K
     // If per-operation auth is needed we need to begin the operation and
     // the client will need to authorize that operation before calling
     // update. Any other auth issues stop here.
-    if (!authResult.isOk() && authResult != ResponseCode::OP_AUTH_NEEDED) return;
+    if (!authResult.isOk() && authResult != ResponseCode::OP_AUTH_NEEDED) {
+        result->resultCode = authResult;
+        return;
+    }
 
     addAuthTokenToParams(&opParams, authToken);