Make sure DPC knows if revoke fails

Bug: 183098396
Test: atest MixedDeviceOwnerTest#testKeyManagement
Change-Id: I89b51a1fb4be3b53eb46a7c194924b5255cd262b

2 files changed, 3 insertions, 3 deletions

diff --git a/keystore/java/android/security/IKeyChainService.aidl b/keystore/java/android/security/IKeyChainService.aidl
index 091f5795784f..6d3d84c75518 100644
--- a/keystore/java/android/security/IKeyChainService.aidl
+++ b/keystore/java/android/security/IKeyChainService.aidl
@@ -66,7 +66,8 @@ interface IKeyChainService {
     boolean isCredentialManagementApp(String packageName);
 
     // APIs used by KeyChainActivity
-    void setGrant(int uid, String alias, boolean value);
+    // setGrant may fail with value=false when ungrant operation fails in KeyStore.
+    boolean setGrant(int uid, String alias, boolean value);
     boolean hasGrant(int uid, String alias);
 
     // API used by Wifi
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 20c56fb30ec2..8678d9d50087 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -5657,8 +5657,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
             try (KeyChainConnection keyChainConnection =
                          KeyChain.bindAsUser(mContext, userHandle)) {
                 IKeyChainService keyChain = keyChainConnection.getService();
-                keyChain.setGrant(granteeUid, alias, hasGrant);
-                return true;
+                return keyChain.setGrant(granteeUid, alias, hasGrant);
             } catch (RemoteException e) {
                 Slogf.e(LOG_TAG, "Setting grant for package.", e);
                 return false;