From 651ffe62867f6448581e550d3433100f943e16cc Mon Sep 17 00:00:00 2001
From: Seth Moore <sethmo@google.com>
Date: Fri, 31 Mar 2023 15:26:37 -0700
Subject: Remove the GenerateRkpKey service

With the move to rkpd, we no longer need to make calls from framework
into the remote provisioner to tell it that a key was consumed.

Bug: 274823784
Test: atest KeystoreTests
Test: atest CtsKeystoreTestCases:android.keystore.cts.KeyAttestationTest
Change-Id: I510d471a980c62e5798e459729f73c231321d2a9
---
 .../identity/CredstoreIdentityCredentialStore.java       | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

(limited to 'identity/java')

diff --git a/identity/java/android/security/identity/CredstoreIdentityCredentialStore.java b/identity/java/android/security/identity/CredstoreIdentityCredentialStore.java
index d785c3c895b8..f26b50ed4e2a 100644
--- a/identity/java/android/security/identity/CredstoreIdentityCredentialStore.java
+++ b/identity/java/android/security/identity/CredstoreIdentityCredentialStore.java
@@ -21,10 +21,7 @@ import android.annotation.Nullable;
 import android.content.Context;
 import android.content.pm.FeatureInfo;
 import android.content.pm.PackageManager;
-import android.os.RemoteException;
 import android.os.ServiceManager;
-import android.security.GenerateRkpKey;
-import android.security.keymaster.KeymasterDefs;
 
 class CredstoreIdentityCredentialStore extends IdentityCredentialStore {
 
@@ -125,18 +122,7 @@ class CredstoreIdentityCredentialStore extends IdentityCredentialStore {
             @NonNull String docType) throws AlreadyPersonalizedException,
             DocTypeNotSupportedException {
         try {
-            IWritableCredential wc;
-            wc = mStore.createCredential(credentialName, docType);
-            try {
-                GenerateRkpKey keyGen = new GenerateRkpKey(mContext);
-                // We don't know what the security level is for the backing keymint, so go ahead and
-                // poke the provisioner for both TEE and SB.
-                keyGen.notifyKeyGenerated(KeymasterDefs.KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT);
-                keyGen.notifyKeyGenerated(KeymasterDefs.KM_SECURITY_LEVEL_STRONGBOX);
-            } catch (RemoteException e) {
-                // Not really an error state. Does not apply at all if RKP is unsupported or
-                // disabled on a given device.
-            }
+            IWritableCredential wc = mStore.createCredential(credentialName, docType);
             return new CredstoreWritableIdentityCredential(mContext, credentialName, docType, wc);
         } catch (android.os.RemoteException e) {
             throw new RuntimeException("Unexpected RemoteException ", e);
-- 
cgit v1.2.3-59-g8ed1b