Merge "[keystore2] Update comment when fetching rkpd attestation key" into main am: 0ecec06af2

Original change: https://android-review.googlesource.com/c/platform/system/security/+/2845534

Change-Id: Ic9875170ce43bd7cce719d53daeb77e978f22e6b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Alice Wang 2023-11-24 16:19:06 +00:00 committed by Automerger Merge Worker
commit 7835719ca7

View file

@ -130,8 +130,10 @@ fn get_rkpd_attestation_key(
security_level: &SecurityLevel, security_level: &SecurityLevel,
caller_uid: u32, caller_uid: u32,
) -> Result<RemotelyProvisionedKey> { ) -> Result<RemotelyProvisionedKey> {
// The RPC name lookup logic should be encapsulated within this function // Depending on the Android release, RKP may not have been mandatory for the
// to allow for fallback in case of an error. // TEE or StrongBox KM instances. In such cases, lookup failure for the IRPC
// HAL service is WAI and should not cause a failure. The error should be caught
// by the calling function and allow for natural fallback to the factory key.
let rpc_name = get_remotely_provisioned_component_name(security_level) let rpc_name = get_remotely_provisioned_component_name(security_level)
.context(ks_err!("Trying to get IRPC name."))?; .context(ks_err!("Trying to get IRPC name."))?;
let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500); let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);