Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 49b45a95 authored by Shaquille Johnson's avatar Shaquille Johnson
Browse files

Raise an error when unable to get Attestation Application ID 

We add this error for AAID in cases where the call to keystore2
fails. We do not want to fail here because the error could
be transient. We return this error to indicate to the caller that
we should retry this call before failing completly. This stops
attestation from happening without a key and exposing the clients
generating information.

Test: atest CtsKeystoreTestCases
Bug: 291583874
Change-Id: Icd8facd3df38a70e810115a60a2950f85511f4c2
parent 792d5b0e

keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl

+6 −0
Original line number Diff line number Diff line
@@ -20,8 +20,14 @@ import android.security.keystore.KeyAttestationApplicationId; 


/** @hide */

interface IKeyAttestationApplicationIdProvider {

    const int ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED = 1;



    /**

     * Provides information describing the possible applications identified by a UID.

     *

     * In case of not getting package ids from uid return

     * {@link #ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED} to the caller.

     *

     * @hide

     */

    KeyAttestationApplicationId getKeyAttestationApplicationId(int uid);

services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java

+5 −2
Original line number Diff line number Diff line
@@ -14,7 +14,6 @@ 
 * limitations under the License.

 */





package com.android.server.security;



import android.content.Context;
@@ -23,6 +22,7 @@ import android.content.pm.PackageManager; 
import android.content.pm.PackageManager.NameNotFoundException;

import android.os.Binder;

import android.os.RemoteException;

import android.os.ServiceSpecificException;

import android.os.UserHandle;

import android.security.keystore.IKeyAttestationApplicationIdProvider;

import android.security.keystore.KeyAttestationApplicationId;
@@ -57,7 +57,10 @@ public class KeyAttestationApplicationIdProviderService 
        try {

            String[] packageNames = mPackageManager.getPackagesForUid(uid);

            if (packageNames == null) {

                throw new RemoteException("No packages for uid");

                throw new ServiceSpecificException(

                        IKeyAttestationApplicationIdProvider

                                .ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED,

                        "No package for uid: " + uid);

            }

            int userId = UserHandle.getUserId(uid);

            keyAttestationPackageInfos = new KeyAttestationPackageInfo[packageNames.length];