KeystoreDB::load_access_tuple method response code updated.
For any Domain value other than APP, SELINUX, GRANT and KEY_ID it is
updated to return response code as ResponseCode::INVALID_ARGUMENT
instead of ResponseCode::SYSTEM_ERROR.
Bug: 232022823
Test: atest keystore2_client_test; atest CtsKeystoreTestCases
Change-Id: I48314558fb2e77636fa99f42f8326fa99f719a4f
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index a3979bd..baa3b12 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -2581,7 +2581,7 @@
Ok((key_id, access_key, access_vector))
}
- _ => Err(anyhow!(KsError::sys())),
+ _ => Err(anyhow!(KsError::Rc(ResponseCode::INVALID_ARGUMENT))),
}
}
diff --git a/keystore2/tests/keystore2_client_tests.rs b/keystore2/tests/keystore2_client_tests.rs
index 03dcfec..f027d88 100644
--- a/keystore2/tests/keystore2_client_tests.rs
+++ b/keystore2/tests/keystore2_client_tests.rs
@@ -434,3 +434,30 @@
_ => panic!("Operation should have created successfully."),
}
}
+
+/// This test will try to load the key with Domain::BLOB.
+/// INVALID_ARGUMENT error is expected.
+#[test]
+fn keystore2_get_key_entry_blob_fail() {
+ let keystore2 = get_keystore_service();
+ let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
+
+ // Generate a key with domain as BLOB.
+ let key_metadata = key_generations::generate_ec_p256_signing_key(
+ &sec_level,
+ Domain::BLOB,
+ key_generations::SELINUX_SHELL_NAMESPACE,
+ None,
+ None,
+ None,
+ )
+ .unwrap();
+
+ // Try to load the key using above generated KeyDescriptor.
+ let result = key_generations::map_ks_error(keystore2.getKeyEntry(&key_metadata.key));
+ assert!(result.is_err());
+ assert_eq!(Error::Rc(ResponseCode::INVALID_ARGUMENT), result.unwrap_err());
+
+ // Delete the generated key blob.
+ sec_level.deleteKey(&key_metadata.key).unwrap();
+}