System services (uid < 5000) should always use "/System" owner id.
Eiter by explicitly adding it to the alias or by running with "System"
label. Add log to make the reason of the failure more apparent.
Change-Id: I1be9861eadcae6eadd6d682b4cc66972c93d1728
const ClientId &owner = explicitOwner.empty() ? cred.client : explicitOwner;
if (m_accessControl.isSystemService(cred) &&
- owner.compare(CLIENT_ID_SYSTEM) != 0)
+ owner.compare(CLIENT_ID_SYSTEM) != 0) {
+ LogError("System services can only use " << CLIENT_ID_SYSTEM << " as owner id") ;
return CKM_API_ERROR_INPUT_PARAM;
+ }
// check if save is possible
DB::Crypto::Transaction transaction(&handler.database);