commit 190a43b9793714288fff72f88bc310c5fb2056cd
author Tri Vo <trong@google.com> Tue Jan 31 14:11:15 2023 -0800
committer Tri Vo <trong@google.com> Fri Mar 03 15:26:16 2023 -0800
tree 986617ce3a47516b2bb18a74f3c2031781bbac69
parent 467f8980bdd416cb683c41f23ebe31ed83639781

identity: Remove IRemotelyProvisionedKeyPool usage

Test: m credstore
Change-Id: I5aa0a389083b28cb51dbd47297403b955104b8a6

identity/CredentialStore.cpp

diff --git a/identity/CredentialStore.cpp b/identity/CredentialStore.cpp
index e2b3cf4..e200cb5 100644
--- a/identity/CredentialStore.cpp
+++ b/identity/CredentialStore.cpp
@@ -20,11 +20,8 @@
 #include <optional>
 
 #include <android-base/logging.h>
-#include <android-base/properties.h>
 #include <android/hardware/security/keymint/IRemotelyProvisionedComponent.h>
 #include <android/hardware/security/keymint/RpcHardwareInfo.h>
-#include <android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.h>
-#include <android/security/remoteprovisioning/RemotelyProvisionedKey.h>
 #include <binder/IPCThreadState.h>
 #include <binder/IServiceManager.h>
 #include <vintf/VintfObject.h>
@@ -42,14 +39,8 @@
 namespace identity {
 namespace {
 
-using ::android::security::remoteprovisioning::IRemotelyProvisionedKeyPool;
 using ::android::security::rkp::IRemoteProvisioning;
 
-bool useRkpd() {
-    return android::base::GetBoolProperty("remote_provisioning.enable_rkpd",
-                                          /*default_value=*/true);
-}
-
 }  // namespace
 
 CredentialStore::CredentialStore(const std::string& dataPath, sp<IIdentityCredentialStore> hal)
@@ -189,61 +180,33 @@
     std::vector<uint8_t> encodedCertChain;
     Status status;
 
-    if (useRkpd()) {
-        LOG(INFO) << "Fetching attestation key from RKPD";
+    LOG(INFO) << "Fetching attestation key from RKPD";
 
-        uid_t callingUid = android::IPCThreadState::self()->getCallingUid();
-        auto rpcKeyFuture = getRpcKeyFuture(rpc_, callingUid);
-        if (!rpcKeyFuture) {
-            return Status::fromServiceSpecificError(ERROR_GENERIC, "Error in getRpcKeyFuture()");
-        }
-
-        if (rpcKeyFuture->wait_for(std::chrono::seconds(10)) != std::future_status::ready) {
-            return Status::fromServiceSpecificError(
-                ERROR_GENERIC, "Waiting for remotely provisioned attestation key timed out");
-        }
-
-        std::optional<::android::security::rkp::RemotelyProvisionedKey> key = rpcKeyFuture->get();
-        if (!key) {
-            return Status::fromServiceSpecificError(
-                ERROR_GENERIC, "Failed to get remotely provisioned attestation key");
-        }
-
-        if (key->keyBlob.empty()) {
-            return Status::fromServiceSpecificError(
-                ERROR_GENERIC, "Remotely provisioned attestation key blob is empty");
-        }
-
-        keyBlob = std::move(key->keyBlob);
-        encodedCertChain = std::move(key->encodedCertChain);
-    } else {
-        LOG(INFO) << "Fetching attestation key from remotely provisioned key pool.";
-
-        sp<IRemotelyProvisionedKeyPool> keyPool =
-            android::waitForService<IRemotelyProvisionedKeyPool>(
-                IRemotelyProvisionedKeyPool::descriptor);
-        if (!keyPool) {
-            return Status::fromServiceSpecificError(
-                ERROR_GENERIC, "Error getting IRemotelyProvisionedKeyPool HAL");
-        }
-
-        std::optional<std::string> rpcId = getRpcId(rpc_);
-        if (!rpcId) {
-            return Status::fromServiceSpecificError(
-                ERROR_GENERIC, "Error getting remotely provisioned component id");
-        }
-
-        uid_t callingUid = android::IPCThreadState::self()->getCallingUid();
-        ::android::security::remoteprovisioning::RemotelyProvisionedKey key;
-        Status status = keyPool->getAttestationKey(callingUid, *rpcId, &key);
-        if (!status.isOk()) {
-            return status;
-        }
-
-        keyBlob = std::move(key.keyBlob);
-        encodedCertChain = std::move(key.encodedCertChain);
+    uid_t callingUid = android::IPCThreadState::self()->getCallingUid();
+    auto rpcKeyFuture = getRpcKeyFuture(rpc_, callingUid);
+    if (!rpcKeyFuture) {
+        return Status::fromServiceSpecificError(ERROR_GENERIC, "Error in getRpcKeyFuture()");
     }
 
+    if (rpcKeyFuture->wait_for(std::chrono::seconds(10)) != std::future_status::ready) {
+        return Status::fromServiceSpecificError(
+            ERROR_GENERIC, "Waiting for remotely provisioned attestation key timed out");
+    }
+
+    std::optional<::android::security::rkp::RemotelyProvisionedKey> key = rpcKeyFuture->get();
+    if (!key) {
+        return Status::fromServiceSpecificError(
+            ERROR_GENERIC, "Failed to get remotely provisioned attestation key");
+    }
+
+    if (key->keyBlob.empty()) {
+        return Status::fromServiceSpecificError(
+            ERROR_GENERIC, "Remotely provisioned attestation key blob is empty");
+    }
+
+    keyBlob = std::move(key->keyBlob);
+    encodedCertChain = std::move(key->encodedCertChain);
+
     status = halWritableCredential->setRemotelyProvisionedAttestationKey(keyBlob, encodedCertChain);
     if (!status.isOk()) {
         LOG(ERROR) << "Error setting remotely provisioned attestation key on credential";