Remove the obsolete field android.security.KeyStore.NO_ERROR

There's no such thing as a NO_ERROR Keystore error code anymore, let
alone one whose numeric value is 1.  The field
android.security.KeyStore.NO_ERROR is a remnant from Keystore1.
NO_ERROR existed in Keystore1 because Keystore1's binder methods used a
binder exception code of 0 ("success") even on failure, so they had to
use the return value to convey a Keystore error code or NO_ERROR.
Keystore2 instead uses binder's support for service-specific errors, and
there is no NO_ERROR error code because the success case is conveyed via
the binder exception code being 0 instead of EX_SERVICE_SPECIFIC.

Therefore, this CL removes the obsolete field
android.security.KeyStore.NO_ERROR and its two users.  These users were:

- AndroidKeyStoreCipherSpiBase checked for NO_ERROR "errors" from
  createOperation().  But this case is unreachable, and the operation
  cannot continue without the CreateOperationResponse anyway.  So this
  obsolete code can just be removed.

- AuthenticationClient checked the return value of
  KeyStore#addAuthToken() against NO_ERROR.  But this method actually
  just wraps Authorization#addAuthToken() which returns 0 on success, as
  per its javadoc.  So this was a bug, though it didn't matter much
  since it just caused a misleading log message.  Check for 0 instead.

Finally, NO_ERROR did have @UnsupportedAppUsage.  But since there's no
use case for it, removing it is allowed by the non-SDK interface policy.

Bug: 326508120
Test: atest CtsKeystoreTestCases
Change-Id: I735e005d7ca39e231667dd95da533519085ba4ef

3 files changed, 9 insertions, 22 deletions

diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index f105072a32bf..2cac2e150919 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -17,7 +17,6 @@
 package android.security;
 
 import android.compat.annotation.UnsupportedAppUsage;
-import android.os.Build;
 import android.os.StrictMode;
 
 /**
@@ -30,10 +29,6 @@ import android.os.StrictMode;
  */
 public class KeyStore {
 
-    // ResponseCodes - see system/security/keystore/include/keystore/keystore.h
-    @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
-    public static final int NO_ERROR = 1;
-
     // Used for UID field to indicate the calling UID.
     public static final int UID_SELF = -1;
 
@@ -48,8 +43,8 @@ public class KeyStore {
      * Add an authentication record to the keystore authorization table.
      *
      * @param authToken The packed bytes of a hw_auth_token_t to be provided to keymaster.
-     * @return {@code KeyStore.NO_ERROR} on success, otherwise an error value corresponding to
-     * a {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode.
+     * @return 0 on success, otherwise an error value corresponding to a
+     * {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode.
      */
     public int addAuthToken(byte[] authToken) {
         StrictMode.noteDiskWrite();
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
index 101a10e3d312..3f39eeb0cc6b 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java
@@ -359,14 +359,12 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor
         } catch (KeyStoreException keyStoreException) {
             GeneralSecurityException e = KeyStoreCryptoOperationUtils.getExceptionForCipherInit(
                     mKey, keyStoreException);
-            if (e != null) {
-                if (e instanceof InvalidKeyException) {
-                    throw (InvalidKeyException) e;
-                } else if (e instanceof InvalidAlgorithmParameterException) {
-                    throw (InvalidAlgorithmParameterException) e;
-                } else {
-                    throw new ProviderException("Unexpected exception type", e);
-                }
+            if (e instanceof InvalidKeyException) {
+                throw (InvalidKeyException) e;
+            } else if (e instanceof InvalidAlgorithmParameterException) {
+                throw (InvalidAlgorithmParameterException) e;
+            } else {
+                throw new ProviderException("Unexpected exception type", e);
             }
         }
 
diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
index 372e4cb3d72e..9b82206e5709 100644
--- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
+++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
@@ -20,7 +20,6 @@ import android.app.ActivityThread;
 import android.hardware.biometrics.BiometricManager;
 import android.hardware.security.keymint.ErrorCode;
 import android.security.GateKeeper;
-import android.security.KeyStore;
 import android.security.KeyStoreException;
 import android.security.KeyStoreOperation;
 import android.security.keymaster.KeymasterDefs;
@@ -131,15 +130,10 @@ abstract class KeyStoreCryptoOperationUtils {
 
     /**
      * Returns the exception to be thrown by the {@code Cipher.init} method of the crypto operation
-     * in response to {@code KeyStore.begin} operation or {@code null} if the {@code init} method
-     * should succeed.
+     * in response to a failed {code IKeystoreSecurityLevel#createOperation()}.
      */
     public static GeneralSecurityException getExceptionForCipherInit(
             AndroidKeyStoreKey key, KeyStoreException e) {
-        if (e.getErrorCode() == KeyStore.NO_ERROR) {
-            return null;
-        }
-
         // Cipher-specific cases
         switch (e.getErrorCode()) {
             case KeymasterDefs.KM_ERROR_INVALID_NONCE: