diff options
author | Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> | 2023-11-23 13:04:09 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2023-11-23 13:04:09 +0000 |
commit | 111900fbc6444290cf40083a3404977ea3790eb7 (patch) | |
tree | 0bb5e49620d1e5158cfa8705c703618aefdd1d44 | |
parent | 39b7af2fcdce144cda6377533b3374423f85008a (diff) | |
parent | b03ed832516c228e5713f82d946925db7929a51f (diff) | |
download | security-111900fbc6444290cf40083a3404977ea3790eb7.tar.gz |
Merge "Fix android.keystore.cts.KeyAttestationTest" into main
-rw-r--r-- | keystore2/src/remote_provisioning.rs | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index a386d969..c6c4dc2b 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -24,6 +24,7 @@ use android_hardware_security_keymint::aidl::android::hardware::security::keymin KeyParameter::KeyParameter, KeyParameterValue::KeyParameterValue, SecurityLevel::SecurityLevel, Tag::Tag, }; +use android_security_rkp_aidl::aidl::android::security::rkp::RemotelyProvisionedKey::RemotelyProvisionedKey; use android_system_keystore2::aidl::android::system::keystore2::{ Domain::Domain, KeyDescriptor::KeyDescriptor, }; @@ -37,7 +38,6 @@ use crate::ks_err; use crate::metrics_store::log_rkp_error_stats; use crate::watchdog_helper::watchdog as wd; use android_security_metrics::aidl::android::security::metrics::RkpError::RkpError as MetricsRkpError; -use rkpd_client::get_rkpd_attestation_key; /// Contains helper functions to check if remote provisioning is enabled on the system and, if so, /// to assign and retrieve attestation keys and certificate chains. @@ -96,10 +96,7 @@ impl RemProvState { if !self.is_asymmetric_key(params) || key.domain != Domain::APP { Ok(None) } else { - let rpc_name = get_remotely_provisioned_component_name(&self.security_level) - .context(ks_err!("Trying to get IRPC name."))?; - let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500); - match get_rkpd_attestation_key(&rpc_name, caller_uid) { + match get_rkpd_attestation_key(&self.security_level, caller_uid) { Err(e) => { if self.is_rkp_only() { log::error!("Error occurred: {:?}", e); @@ -128,3 +125,15 @@ impl RemProvState { } } } + +fn get_rkpd_attestation_key( + security_level: &SecurityLevel, + caller_uid: u32, +) -> Result<RemotelyProvisionedKey> { + // The RPC name lookup logic should be encapsulated within this function + // to allow for fallback in case of an error. + let rpc_name = get_remotely_provisioned_component_name(security_level) + .context(ks_err!("Trying to get IRPC name."))?; + let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500); + rkpd_client::get_rkpd_attestation_key(&rpc_name, caller_uid) +} |