Rename OUT_OF_KEYS -> OUT_OF_KEYS_TRANSIENT More OUT_OF_KEYS errors are coming, and the old "OUT_OF_KEYS" is a bucket for all transient errors. Rename the enum to better indicate this. Also rename OUT_OF_KEYS_REQUIRES_UPGRADE to OUT_OF_KEYS_REQUIRES_SECURITY_PATCH. This better indicates that system is potentially vulnerable (rather than simply running old code). Test: keystore2_test Change-Id: I1f2d803529c3e43592536016a9261e2294b42bb5

commit: d7ad856c1848c373497b54185f64be74af5afb45 [log] [tgz]
author: Seth Moore <sethmo@google.com> Mon Jan 23 09:28:56 2023 -0800
committer: Seth Moore <sethmo@google.com> Tue Jan 24 08:45:47 2023 -0800
tree: a6c4e95e7d6a6818fce1c4b141e91dc5c8a1eb7e
parent: 4c6a5960778b0fd9ffaee0039c7376ea9983eb58 [diff] [blame]
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 62fd579..f4333cd 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs

@@ -1859,7 +1859,8 @@
                 let (_, hw_info) = get_keymint_dev_by_uuid(km_uuid)
                     .context("Error in retrieving keymint device by UUID.")?;
                 log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS, &hw_info.securityLevel);
-                return Err(KsError::Rc(ResponseCode::OUT_OF_KEYS)).context("Out of keys.");
+                return Err(KsError::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR))
+                    .context("Out of keys.");
             } else if result > 1 {
                 return Err(KsError::sys())
                     .context(format!("Expected to update 1 entry, instead updated {}", result));
commit	d7ad856c1848c373497b54185f64be74af5afb45	[log] [tgz]
author	Seth Moore <sethmo@google.com>	Mon Jan 23 09:28:56 2023 -0800
committer	Seth Moore <sethmo@google.com>	Tue Jan 24 08:45:47 2023 -0800
tree	a6c4e95e7d6a6818fce1c4b141e91dc5c8a1eb7e
parent	4c6a5960778b0fd9ffaee0039c7376ea9983eb58 [diff] [blame]