Merge "Fix android.keystore.cts.KeyAttestationTest" into main am: 111900fbc6
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2843680 Change-Id: Id2497d12d94a7f49178ac45b2b66696535304ee8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
ab102cfc7b
1 changed files with 14 additions and 5 deletions
|
@ -24,6 +24,7 @@ use android_hardware_security_keymint::aidl::android::hardware::security::keymin
|
|||
KeyParameter::KeyParameter, KeyParameterValue::KeyParameterValue, SecurityLevel::SecurityLevel,
|
||||
Tag::Tag,
|
||||
};
|
||||
use android_security_rkp_aidl::aidl::android::security::rkp::RemotelyProvisionedKey::RemotelyProvisionedKey;
|
||||
use android_system_keystore2::aidl::android::system::keystore2::{
|
||||
Domain::Domain, KeyDescriptor::KeyDescriptor,
|
||||
};
|
||||
|
@ -37,7 +38,6 @@ use crate::ks_err;
|
|||
use crate::metrics_store::log_rkp_error_stats;
|
||||
use crate::watchdog_helper::watchdog as wd;
|
||||
use android_security_metrics::aidl::android::security::metrics::RkpError::RkpError as MetricsRkpError;
|
||||
use rkpd_client::get_rkpd_attestation_key;
|
||||
|
||||
/// Contains helper functions to check if remote provisioning is enabled on the system and, if so,
|
||||
/// to assign and retrieve attestation keys and certificate chains.
|
||||
|
@ -96,10 +96,7 @@ impl RemProvState {
|
|||
if !self.is_asymmetric_key(params) || key.domain != Domain::APP {
|
||||
Ok(None)
|
||||
} else {
|
||||
let rpc_name = get_remotely_provisioned_component_name(&self.security_level)
|
||||
.context(ks_err!("Trying to get IRPC name."))?;
|
||||
let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);
|
||||
match get_rkpd_attestation_key(&rpc_name, caller_uid) {
|
||||
match get_rkpd_attestation_key(&self.security_level, caller_uid) {
|
||||
Err(e) => {
|
||||
if self.is_rkp_only() {
|
||||
log::error!("Error occurred: {:?}", e);
|
||||
|
@ -128,3 +125,15 @@ impl RemProvState {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
fn get_rkpd_attestation_key(
|
||||
security_level: &SecurityLevel,
|
||||
caller_uid: u32,
|
||||
) -> Result<RemotelyProvisionedKey> {
|
||||
// The RPC name lookup logic should be encapsulated within this function
|
||||
// to allow for fallback in case of an error.
|
||||
let rpc_name = get_remotely_provisioned_component_name(security_level)
|
||||
.context(ks_err!("Trying to get IRPC name."))?;
|
||||
let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);
|
||||
rkpd_client::get_rkpd_attestation_key(&rpc_name, caller_uid)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue