commit 518585beec41abdbc3e20f8d0c8f0fc0bf391cbe
author Seth Moore <sethmo@google.com> Tue Apr 05 00:20:29 2022 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue Apr 05 00:20:29 2022 +0000
tree 3024950b3af03871d2e5c12c464a310100b6ef37
parent b4f1fb91cdaa3448f054d559f081c0ccb20ab6db
parent 9753c7fa336d86885308aa76fb7bf4528f843534

Merge "Return OUT_OF_KEYS if system is rkp only" am: 8e95c7ce03 am: 9753c7fa33

Original change: https://android-review.googlesource.com/c/platform/system/security/+/2048944

Change-Id: I7d552b876b09e16f4569a574cadcfe8ae1d12362
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

keystore2/src/remote_provisioning.rs

diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index be23ae5..afbf475 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -60,6 +60,7 @@
     security_level: SecurityLevel,
     km_uuid: Uuid,
     is_hal_present: AtomicBool,
+    is_rkp_only: bool,
 }
 
 static COSE_KEY_XCOORD: Value = Value::Integer(-2);
@@ -70,7 +71,12 @@
 impl RemProvState {
     /// Creates a RemProvState struct.
     pub fn new(security_level: SecurityLevel, km_uuid: Uuid) -> Self {
-        Self { security_level, km_uuid, is_hal_present: AtomicBool::new(true) }
+        Self {
+            security_level,
+            km_uuid,
+            is_hal_present: AtomicBool::new(true),
+            is_rkp_only: Self::read_is_rkp_only_property(security_level),
+        }
     }
 
     /// Returns the uuid for the KM instance attached to this RemProvState struct.
@@ -78,6 +84,19 @@
         self.km_uuid
     }
 
+    fn read_is_rkp_only_property(security_level: SecurityLevel) -> bool {
+        let default_value = false;
+
+        let property_name = match security_level {
+            SecurityLevel::STRONGBOX => "ro.remote_provisioning.strongbox.rkp_only",
+            SecurityLevel::TRUSTED_ENVIRONMENT => "ro.remote_provisioning.tee.rkp_only",
+            _ => return default_value,
+        };
+
+        rustutils::system_properties::read_bool(property_name, default_value)
+            .unwrap_or(default_value)
+    }
+
     /// Checks if remote provisioning is enabled and partially caches the result. On a hybrid system
     /// remote provisioning can flip from being disabled to enabled depending on responses from the
     /// server, so unfortunately caching the presence or absence of the HAL is not enough to fully
@@ -137,12 +156,12 @@
             match get_rem_prov_attest_key(key.domain, caller_uid, db, &self.km_uuid) {
                 Err(e) => {
                     log::error!(
-                        concat!(
-                            "In get_remote_provisioning_key_and_certs: Failed to get ",
-                            "attestation key. {:?}"
-                        ),
+                        "In get_remote_provisioning_key_and_certs: Error occurred: {:?}",
                         e
                     );
+                    if self.is_rkp_only {
+                        return Err(e);
+                    }
                     log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID);
                     Ok(None)
                 }