Retry getKeyAttestationApplicationId when fails
We want to retry the command getKeyAttestationApplicationId
some number of times before we return a failure to the user.
Getting the attest app id can fail at times, but if we retry
it may succeed.
Test: atest keystore2_test
Test: atest CtsKeystoreTestCases
Bug: 238619180
Change-Id: I77e76c2f33f08c9214ea290284e75078e3b1eea1
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 951acb5..1661f8e 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -443,17 +443,19 @@
// If there is an attestation challenge we need to get an application id.
if params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE) {
- let aaid = {
- let _wp = self
- .watch("In KeystoreSecurityLevel::add_required_parameters calling: get_aaid");
- keystore2_aaid::get_aaid(uid)
- .map_err(|e| anyhow!(ks_err!("get_aaid returned status {}.", e)))
- }?;
-
- result.push(KeyParameter {
- tag: Tag::ATTESTATION_APPLICATION_ID,
- value: KeyParameterValue::Blob(aaid),
- });
+ let _wp =
+ self.watch("In KeystoreSecurityLevel::add_required_parameters calling: get_aaid");
+ match keystore2_aaid::get_aaid(uid) {
+ Ok(aaid_ok) => {
+ result.push(KeyParameter {
+ tag: Tag::ATTESTATION_APPLICATION_ID,
+ value: KeyParameterValue::Blob(aaid_ok),
+ });
+ }
+ Err(e) => {
+ return Err(anyhow!(e)).context(ks_err!("Attestation ID retrieval error."))
+ }
+ }
}
if params.iter().any(|kp| kp.tag == Tag::INCLUDE_UNIQUE_ID) {