Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 2bb328e84c45b55f07363000ddc7c42e6efaec46^! / . / security / keymint / aidl / default / hal / lib.rs
commit2bb328e84c45b55f07363000ddc7c42e6efaec46[log] [tgz]
authorPrashant Patil <patilprashant@google.com>Wed Jan 08 17:40:17 2025 +0000
committerPrashant Patil <patilprashant@google.com>Wed Jan 08 17:40:17 2025 +0000
tree368c4c3f49a74ca46bb958929990321c39da85dd
parent3d4cc3ba22493f85a900815a4b81886a3dbd24c5 [diff] [blame]
Fixed attestation properties reading.

Since attestation properties are replaced by generic values in GSI
builds, attestation fails on GSI builds. Hence attestation properties
read with below priorities so that attestation could pass on GSI
builds also.
1) ro.product.vendor.<device-id>
2) ro.product.<device-id>

Bug: 383989061
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Ibae35957aceb49bf8ac20bd2725df6fbe990056a

diff --git a/security/keymint/aidl/default/hal/lib.rs b/security/keymint/aidl/default/hal/lib.rs
index fad807f..196cf17 100644
--- a/security/keymint/aidl/default/hal/lib.rs
+++ b/security/keymint/aidl/default/hal/lib.rs

@@ -20,6 +20,19 @@
 use kmr_hal::env::get_property;
 use log::error;
 
+/// Retrieve the most significant attestation property for `name`.
+fn attestation_property(name: &str) -> Vec<u8> {
+    let prop_val = get_property(&format!("ro.product.vendor.{}", name)).unwrap_or_default();
+    if !prop_val.is_empty() {
+        prop_val
+    } else {
+        get_property(&format!("ro.product.{}", name))
+            .unwrap_or_else(|prop_name| format!("{} unavailable", prop_name))
+    }
+    .as_bytes()
+    .to_vec()
+}
+
 /// Populate attestation ID information based on properties (where available).
 /// Retrieving the serial number requires SELinux permission.
 pub fn attestation_id_info() -> kmr_wire::AttestationIdInfo {
@@ -30,12 +43,12 @@
             .to_vec()
     };
     kmr_wire::AttestationIdInfo {
-        brand: prop("ro.product.brand"),
-        device: prop("ro.product.device"),
-        product: prop("ro.product.name"),
+        brand: attestation_property("brand"),
+        device: attestation_property("device"),
+        product: attestation_property("name"),
         serial: prop("ro.serialno"),
-        manufacturer: prop("ro.product.manufacturer"),
-        model: prop("ro.product.model"),
+        manufacturer: attestation_property("manufacturer"),
+        model: attestation_property("model"),
         // Currently modem_simulator always returns one fixed value. See `handleGetIMEI` in
         // device/google/cuttlefish/host/commands/modem_simulator/misc_service.cpp for more details.
         // TODO(b/263188546): Use device-specific IMEI values when available.