Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25267180 authored Feb 17, 2024 by Shaquille Johnson

Add support for GET_ATTESTATION_APPLICATION_ID_FAILED error code

We add this error for AAID in cases where keystore2 returns an error for
failing to get AAID. We are explicitly failing here, but that is a
transient error we expect the client to re-try. We return this error to
indicate to the caller that we should retry this call before failing
completely. This stops attestation from happening without the calling
application's identity.

Test: atest CtsKeystoreTestCases
Test: atest keystore2_test
Bug: 291583874
Change-Id: Ieaee2ddda124fe2b23baf3c318f4eece0b718f05

parent 5215c608

Android.bp

+1 −1

Original line number	Diff line number	Diff line
		@@ -113,7 +113,7 @@ filegroup {
		":android.security.legacykeystore-java-source",
		":android.security.maintenance-java-source",
		":android.security.metrics-java-source",
		":android.system.keystore2-V3-java-source",
		":android.system.keystore2-V4-java-source",
		":android.hardware.cas-V1-java-source",
		":credstore_aidl",
		":dumpstate_aidl",

keystore/java/android/security/KeyStoreException.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -679,6 +679,9 @@ public class KeyStoreException extends Exception {
		sErrorCodeToFailureInfo.put(ResponseCode.OUT_OF_KEYS_REQUIRES_SYSTEM_UPGRADE,
		new PublicErrorInformation(IS_SYSTEM_ERROR \| IS_TRANSIENT_ERROR,
		ERROR_DEVICE_REQUIRES_UPGRADE_FOR_ATTESTATION));
		sErrorCodeToFailureInfo.put(ResponseCode.GET_ATTESTATION_APPLICATION_ID_FAILED,
		new PublicErrorInformation(IS_SYSTEM_ERROR \| IS_TRANSIENT_ERROR,
		ERROR_INTERNAL_SYSTEM_ERROR));
		sErrorCodeToFailureInfo.put(ResponseCode.OUT_OF_KEYS_PENDING_INTERNET_CONNECTIVITY,
		new PublicErrorInformation(IS_SYSTEM_ERROR \| IS_TRANSIENT_ERROR,
		ERROR_ATTESTATION_KEYS_UNAVAILABLE));