Don't fail attestation on missing app ID
As identified by Droidguard, a non-trivial percentage of attestations
fail with a missing attestation app ID. It's better to produce an
attestation with missing app ID than to fail, because not all
consumers of attestations care about the app ID.
Test: Keystore CTS tests.
Change-Id: I1a8d8a6873edab27771bff4ce9262f4fbe533e56
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index ba8a3f3..86c0913 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -118,7 +118,8 @@
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
if (!asn1_attestation_id_result.isOk()) {
ALOGE("failed to gather attestation_id");
- return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
+ // Couldn't get attestation ID; just use an empty one rather than failing.
+ asn1_attestation_id_result = std::vector<uint8_t>();
}
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;