[rkpd] Refactor rkpd_client into an independent lib for reuse

This allows rkpd_client to be reused by both keystore2 and
AVF pVM remote attestation.

Test: atest keystore2_test librkpd_client.test
Bug: 241428146
Change-Id: Ibdf95c4deb2ba499daaecd170c2971cda4e80bba
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index e59b6f2..c378b42 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -58,6 +58,7 @@
         "liblog_rust",
         "libmessage_macro",
         "librand",
+        "librkpd_client",
         "librustutils",
         "libserde",
         "libserde_cbor",
diff --git a/keystore2/TEST_MAPPING b/keystore2/TEST_MAPPING
index 1038bea..57ce78c 100644
--- a/keystore2/TEST_MAPPING
+++ b/keystore2/TEST_MAPPING
@@ -35,6 +35,9 @@
       "name": "keystore2_client_tests"
     },
     {
+      "name": "librkpd_client.test"
+    },
+    {
       "name": "libwatchdog_rs.test"
     }
   ]
diff --git a/keystore2/rkpd_client/Android.bp b/keystore2/rkpd_client/Android.bp
new file mode 100644
index 0000000..1de333f
--- /dev/null
+++ b/keystore2/rkpd_client/Android.bp
@@ -0,0 +1,51 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+    // See: http://go/android-license-faq
+    // A large-scale-change added 'default_applicable_licenses' to import
+    // all of the 'license_kinds' from "system_security_license"
+    // to get the below license kinds:
+    //   SPDX-license-identifier-Apache-2.0
+    default_applicable_licenses: ["system_security_license"],
+}
+
+rust_defaults {
+    name: "librkpd_client_defaults",
+    crate_name: "rkpd_client",
+    srcs: ["src/lib.rs"],
+    rustlibs: [
+        "android.security.rkp_aidl-rust",
+        "libanyhow",
+        "libbinder_rs",
+        "liblog_rust",
+        "libmessage_macro",
+        "libthiserror",
+        "libtokio",
+    ],
+}
+
+rust_library {
+    name: "librkpd_client",
+    defaults: ["librkpd_client_defaults"],
+}
+
+rust_test {
+    name: "librkpd_client.test",
+    defaults: ["librkpd_client_defaults"],
+    test_suites: ["general-tests"],
+    rustlibs: [
+        "librand",
+    ],
+}
diff --git a/keystore2/src/rkpd_client.rs b/keystore2/rkpd_client/src/lib.rs
similarity index 100%
rename from keystore2/src/rkpd_client.rs
rename to keystore2/rkpd_client/src/lib.rs
diff --git a/keystore2/src/error.rs b/keystore2/src/error.rs
index ac5ba4c..b4c57fb 100644
--- a/keystore2/src/error.rs
+++ b/keystore2/src/error.rs
@@ -27,7 +27,6 @@
 //! Keystore functions should use `anyhow::Result` to return error conditions, and context should
 //! be added every time an error is forwarded.
 
-use crate::rkpd_client::Error as RkpdError;
 pub use android_hardware_security_keymint::aidl::android::hardware::security::keymint::ErrorCode::ErrorCode;
 use android_security_rkp_aidl::aidl::android::security::rkp::IGetKeyCallback::ErrorCode::ErrorCode as GetKeyErrorCode;
 pub use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode;
@@ -35,6 +34,7 @@
     ExceptionCode, Result as BinderResult, Status as BinderStatus, StatusCode,
 };
 use keystore2_selinux as selinux;
+use rkpd_client::Error as RkpdError;
 use std::cmp::PartialEq;
 use std::ffi::CString;
 
diff --git a/keystore2/src/lib.rs b/keystore2/src/lib.rs
index e51a319..c0eecd8 100644
--- a/keystore2/src/lib.rs
+++ b/keystore2/src/lib.rs
@@ -37,7 +37,6 @@
 pub mod permission;
 pub mod raw_device;
 pub mod remote_provisioning;
-pub mod rkpd_client;
 pub mod security_level;
 pub mod service;
 pub mod shared_secret_negotiation;
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index 14c61fb..a386d96 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -35,9 +35,9 @@
 use crate::globals::get_remotely_provisioned_component_name;
 use crate::ks_err;
 use crate::metrics_store::log_rkp_error_stats;
-use crate::rkpd_client::get_rkpd_attestation_key;
 use crate::watchdog_helper::watchdog as wd;
 use android_security_metrics::aidl::android::security::metrics::RkpError::RkpError as MetricsRkpError;
+use rkpd_client::get_rkpd_attestation_key;
 
 /// Contains helper functions to check if remote provisioning is enabled on the system and, if so,
 /// to assign and retrieve attestation keys and certificate chains.
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index f2b332b..7a27452 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -30,7 +30,6 @@
 use crate::ks_err;
 use crate::metrics_store::log_key_creation_event_stats;
 use crate::remote_provisioning::RemProvState;
-use crate::rkpd_client::store_rkpd_attestation_key;
 use crate::super_key::{KeyBlob, SuperKeyManager};
 use crate::utils::{
     check_device_attestation_permissions, check_key_permission,
@@ -64,6 +63,7 @@
     KeyMetadata::KeyMetadata, KeyParameters::KeyParameters, ResponseCode::ResponseCode,
 };
 use anyhow::{anyhow, Context, Result};
+use rkpd_client::store_rkpd_attestation_key;
 use std::convert::TryInto;
 use std::time::SystemTime;
 
@@ -1073,13 +1073,13 @@
     use super::*;
     use crate::error::map_km_error;
     use crate::globals::get_keymint_device;
-    use crate::rkpd_client::{get_rkpd_attestation_key, store_rkpd_attestation_key};
     use crate::utils::upgrade_keyblob_if_required_with;
     use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
         Algorithm::Algorithm, AttestationKey::AttestationKey, KeyParameter::KeyParameter,
         KeyParameterValue::KeyParameterValue, Tag::Tag,
     };
     use keystore2_crypto::parse_subject_from_certificate;
+    use rkpd_client::get_rkpd_attestation_key;
 
     #[test]
     // This is a helper for a manual test. We want to check that after a system upgrade RKPD