Add support for GET_ATTESTATION_APPLICATION_ID_FAILED error code
We add this error for AAID in cases where keystore2 returns an error for
failing to get AAID. We are explicitly failing here, but that is a
transient error we expect the client to re-try. We return this error to
indicate to the caller that we should retry this call before failing
completely. This stops attestation from happening without the calling
application's identity.
Test: atest CtsKeystoreTestCases
Test: atest keystore2_test
Bug: 291583874
Change-Id: Ieaee2ddda124fe2b23baf3c318f4eece0b718f05
diff --git a/Android.bp b/Android.bp
index 900fba0..f0f11c1 100644
--- a/Android.bp
+++ b/Android.bp
@@ -113,7 +113,7 @@
":android.security.legacykeystore-java-source",
":android.security.maintenance-java-source",
":android.security.metrics-java-source",
- ":android.system.keystore2-V3-java-source",
+ ":android.system.keystore2-V4-java-source",
":android.hardware.cas-V1-java-source",
":credstore_aidl",
":dumpstate_aidl",
diff --git a/keystore/java/android/security/KeyStoreException.java b/keystore/java/android/security/KeyStoreException.java
index 5825fac..eea5690 100644
--- a/keystore/java/android/security/KeyStoreException.java
+++ b/keystore/java/android/security/KeyStoreException.java
@@ -679,6 +679,9 @@
sErrorCodeToFailureInfo.put(ResponseCode.OUT_OF_KEYS_REQUIRES_SYSTEM_UPGRADE,
new PublicErrorInformation(IS_SYSTEM_ERROR | IS_TRANSIENT_ERROR,
ERROR_DEVICE_REQUIRES_UPGRADE_FOR_ATTESTATION));
+ sErrorCodeToFailureInfo.put(ResponseCode.GET_ATTESTATION_APPLICATION_ID_FAILED,
+ new PublicErrorInformation(IS_SYSTEM_ERROR | IS_TRANSIENT_ERROR,
+ ERROR_INTERNAL_SYSTEM_ERROR));
sErrorCodeToFailureInfo.put(ResponseCode.OUT_OF_KEYS_PENDING_INTERNET_CONNECTIVITY,
new PublicErrorInformation(IS_SYSTEM_ERROR | IS_TRANSIENT_ERROR,
ERROR_ATTESTATION_KEYS_UNAVAILABLE));