diff options
| author | 2023-12-06 19:10:20 +0000 | |
|---|---|---|
| committer | 2024-02-06 11:24:44 +0000 | |
| commit | 49b45a95c88c4383e1ffb1001d96b3a5ab630696 (patch) | |
| tree | e01a943271b295df42b1d7d35c1d01f5c595fd59 | |
| parent | 792d5b0e2d2800d6bf58784406cb3e1a8587ec2b (diff) | |
Raise an error when unable to get Attestation Application ID
We add this error for AAID in cases where the call to keystore2
fails. We do not want to fail here because the error could
be transient. We return this error to indicate to the caller that
we should retry this call before failing completly. This stops
attestation from happening without a key and exposing the clients
generating information.
Test: atest CtsKeystoreTestCases
Bug: 291583874
Change-Id: Icd8facd3df38a70e810115a60a2950f85511f4c2
2 files changed, 11 insertions, 2 deletions
diff --git a/keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl b/keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl index c360cb8f281a..cfc5980e009a 100644 --- a/keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl +++ b/keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl @@ -20,8 +20,14 @@ import android.security.keystore.KeyAttestationApplicationId; /** @hide */ interface IKeyAttestationApplicationIdProvider { + const int ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED = 1; + /** * Provides information describing the possible applications identified by a UID. + * + * In case of not getting package ids from uid return + * {@link #ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED} to the caller. + * * @hide */ KeyAttestationApplicationId getKeyAttestationApplicationId(int uid); diff --git a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java index d5bc91278aa8..b69ccb348fa7 100644 --- a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java +++ b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java @@ -14,7 +14,6 @@ * limitations under the License. */ - package com.android.server.security; import android.content.Context; @@ -23,6 +22,7 @@ import android.content.pm.PackageManager; import android.content.pm.PackageManager.NameNotFoundException; import android.os.Binder; import android.os.RemoteException; +import android.os.ServiceSpecificException; import android.os.UserHandle; import android.security.keystore.IKeyAttestationApplicationIdProvider; import android.security.keystore.KeyAttestationApplicationId; @@ -57,7 +57,10 @@ public class KeyAttestationApplicationIdProviderService try { String[] packageNames = mPackageManager.getPackagesForUid(uid); if (packageNames == null) { - throw new RemoteException("No packages for uid"); + throw new ServiceSpecificException( + IKeyAttestationApplicationIdProvider + .ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED, + "No package for uid: " + uid); } int userId = UserHandle.getUserId(uid); keyAttestationPackageInfos = new KeyAttestationPackageInfo[packageNames.length]; |