Merge "Fix android.keystore.cts.KeyAttestationTest" into main am: 111900fbc6 Original change: https://android-review.googlesource.com/c/platform/system/security/+/2843680 Change-Id: Id2497d12d94a7f49178ac45b2b66696535304ee8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: ab102cfc7b2af9cf61c39b5f8f447d1039d5d7ab [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Thu Nov 23 13:47:46 2023 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Nov 23 13:47:46 2023 +0000
tree: 0bb5e49620d1e5158cfa8705c703618aefdd1d44
parent: eed416d4a89fc1b5cbd1240e01b5b6c1e220508c [diff]
parent: 111900fbc6444290cf40083a3404977ea3790eb7 [diff]
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index a386d96..c6c4dc2 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs

@@ -24,6 +24,7 @@
     KeyParameter::KeyParameter, KeyParameterValue::KeyParameterValue, SecurityLevel::SecurityLevel,
     Tag::Tag,
 };
+use android_security_rkp_aidl::aidl::android::security::rkp::RemotelyProvisionedKey::RemotelyProvisionedKey;
 use android_system_keystore2::aidl::android::system::keystore2::{
     Domain::Domain, KeyDescriptor::KeyDescriptor,
 };
@@ -37,7 +38,6 @@
 use crate::metrics_store::log_rkp_error_stats;
 use crate::watchdog_helper::watchdog as wd;
 use android_security_metrics::aidl::android::security::metrics::RkpError::RkpError as MetricsRkpError;
-use rkpd_client::get_rkpd_attestation_key;
 
 /// Contains helper functions to check if remote provisioning is enabled on the system and, if so,
 /// to assign and retrieve attestation keys and certificate chains.
@@ -96,10 +96,7 @@
         if !self.is_asymmetric_key(params) || key.domain != Domain::APP {
             Ok(None)
         } else {
-            let rpc_name = get_remotely_provisioned_component_name(&self.security_level)
-                .context(ks_err!("Trying to get IRPC name."))?;
-            let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);
-            match get_rkpd_attestation_key(&rpc_name, caller_uid) {
+            match get_rkpd_attestation_key(&self.security_level, caller_uid) {
                 Err(e) => {
                     if self.is_rkp_only() {
                         log::error!("Error occurred: {:?}", e);
@@ -128,3 +125,15 @@
         }
     }
 }
+
+fn get_rkpd_attestation_key(
+    security_level: &SecurityLevel,
+    caller_uid: u32,
+) -> Result<RemotelyProvisionedKey> {
+    // The RPC name lookup logic should be encapsulated within this function
+    // to allow for fallback in case of an error.
+    let rpc_name = get_remotely_provisioned_component_name(security_level)
+        .context(ks_err!("Trying to get IRPC name."))?;
+    let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);
+    rkpd_client::get_rkpd_attestation_key(&rpc_name, caller_uid)
+}
commit	ab102cfc7b2af9cf61c39b5f8f447d1039d5d7ab	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Thu Nov 23 13:47:46 2023 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Nov 23 13:47:46 2023 +0000
tree	0bb5e49620d1e5158cfa8705c703618aefdd1d44
parent	eed416d4a89fc1b5cbd1240e01b5b6c1e220508c [diff]
parent	111900fbc6444290cf40083a3404977ea3790eb7 [diff]