commit e9ac2dbdb8b6fe8d2c4a3f3ace60de6f85051bc2
author Alice Wang <aliceywang@google.com> Fri Sep 08 15:13:13 2023 +0000
committer Alice Wang <aliceywang@google.com> Mon Sep 11 14:15:12 2023 +0000
tree 56c407c162c044ae805bfd3d103af709148f005e
parent f3482600a5764ce8c853f2d51c43767454f080ec

Add build time feature flag for pvm remote attestation

Bug: 299604057
Test: m com.android.virt
Change-Id: Iabc9ae83b4c54bdfcb9657775cf7cb0c78bc9bbf

virtualizationservice/src/aidl.rs

diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 6f5a487..645a82b 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -160,10 +160,20 @@
     fn requestCertificate(&self, csr: &[u8]) -> binder::Result<Vec<u8>> {
         check_manage_access()?;
         info!("Received csr. Getting certificate...");
-        request_certificate(csr)
-            .context("Failed to get certificate")
+        if cfg!(remote_attestation) {
+            request_certificate(csr)
+                .context("Failed to get certificate")
+                .with_log()
+                .or_service_specific_exception(-1)
+        } else {
+            Err(Status::new_exception_str(
+                ExceptionCode::UNSUPPORTED_OPERATION,
+                Some(
+                    "requestCertificate is not supported with the remote_attestation feature disabled",
+                ),
+            ))
             .with_log()
-            .or_service_specific_exception(-1)
+        }
     }
 
     fn getAssignableDevices(&self) -> binder::Result<Vec<AssignableDevice>> {