Raise an error when unable to get Attestation Application ID

We add this error for AAID in cases where the call to keystore2 fails. We do not want to fail here because the error could be transient. We return this error to indicate to the caller that we should retry this call before failing completly. This stops attestation from happening without a key and exposing the clients generating information. Test: atest CtsKeystoreTestCases Bug: 291583874 Change-Id: Icd8facd3df38a70e810115a60a2950f85511f4c2

Raise an error when unable to get Attestation Application ID
49b45a95 · Shaquille Johnson · 792d5b0e · 49b45a95 · 49b45a95
Commit 49b45a95 authored 1 year ago by Shaquille Johnson
--- a/keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl
+++ b/keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl
@@ -20,8 +20,14 @@ import android.security.keystore.KeyAttestationApplicationId;

 /** @hide */
 interface IKeyAttestationApplicationIdProvider {
+    const int ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED = 1;
+
    /**
     * Provides information describing the possible applications identified by a UID.
+     *
+     * In case of not getting package ids from uid return
+     * {@link #ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED} to the caller.
+     *
     * @hide
     */
    KeyAttestationApplicationId getKeyAttestationApplicationId(int uid);

--- a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
+++ b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java
@@ -14,7 +14,6 @@
 * limitations under the License.
 */

-
 package com.android.server.security;

 import android.content.Context;
@@ -23,6 +22,7 @@ import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.NameNotFoundException;
 import android.os.Binder;
 import android.os.RemoteException;
+import android.os.ServiceSpecificException;
 import android.os.UserHandle;
 import android.security.keystore.IKeyAttestationApplicationIdProvider;
 import android.security.keystore.KeyAttestationApplicationId;
@@ -57,7 +57,10 @@ public class KeyAttestationApplicationIdProviderService
        try {
            String[] packageNames = mPackageManager.getPackagesForUid(uid);
            if (packageNames == null) {
-                throw new RemoteException("No packages for uid");
+                throw new ServiceSpecificException(
+                        IKeyAttestationApplicationIdProvider
+                                .ERROR_GET_ATTESTATION_APPLICATION_ID_FAILED,
+                        "No package for uid: " + uid);
            }
            int userId = UserHandle.getUserId(uid);
            keyAttestationPackageInfos = new KeyAttestationPackageInfo[packageNames.length];