Merge "[attestation] Verify AVF RKP Hal presence in VM Attestation" into main

commit: a668cb0b5164f68d39e3572b989a73d7a0950506 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Thu Mar 21 14:52:47 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Mar 21 14:52:47 2024 +0000
tree: b4ea7b8c32cbee699779201cedf826063faafd9b
parent: 29c58ef3a6f2a09192d7d45357294d9fa80c7b39 [diff]
parent: 0dcab55bb3447c251d447fe82b6425c401bc8646 [diff]
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 4518a55..208bdce 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs

@@ -299,6 +299,13 @@
             ))
             .with_log();
         }
+        if !remotely_provisioned_component_service_exists()? {
+            return Err(Status::new_exception_str(
+                ExceptionCode::UNSUPPORTED_OPERATION,
+                Some("AVF remotely provisioned component service is not declared"),
+            ))
+            .with_log();
+        }
         info!("Received csr. Requestting attestation...");
         let (key_blob, certificate_chain) = if test_mode {
             check_use_custom_virtual_machine()?;
@@ -769,6 +776,10 @@
     Ok(())
 }
 
+fn remotely_provisioned_component_service_exists() -> binder::Result<bool> {
+    Ok(binder::is_declared(REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME)?)
+}
+
 /// Checks whether the caller has a specific permission
 fn check_permission(perm: &str) -> binder::Result<()> {
     let calling_pid = get_calling_pid();
commit	a668cb0b5164f68d39e3572b989a73d7a0950506	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Thu Mar 21 14:52:47 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Mar 21 14:52:47 2024 +0000
tree	b4ea7b8c32cbee699779201cedf826063faafd9b
parent	29c58ef3a6f2a09192d7d45357294d9fa80c7b39 [diff]
parent	0dcab55bb3447c251d447fe82b6425c401bc8646 [diff]