Keystore: Attestation fix in AOSP builds
Alternet device properties used for attestation on AOSP and GSI builds.
Attestation ids were different in AOSP/GSI builds than provisioned ids
in keymint. Hence additional properties used to make these ids identical
to provisioned ids.
Bug: 110779648
Bug: 259376922
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/0_android_hardware_security_keymint_IKeyMintDevice_default
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/1_android_hardware_security_keymint_IKeyMintDevice_strongbox
Test: atest CtsKeystoreTestCases:android.keystore.cts.KeyAttestationTest CtsKeystoreTestCases:DeviceOwnerKeyManagementTest
Change-Id: I4bb2e2ebba617972e29ad86ea477eb9b6f35d21a
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index ea4ba18..85f2652 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -795,13 +795,39 @@
// Collection of valid attestation ID tags.
auto attestation_id_tags = AuthorizationSetBuilder();
- add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
+ // Use ro.product.brand_for_attestation property for attestation if it is present else fallback
+ // to ro.product.brand
+ std::string prop_value =
+ ::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND,
+ "ro.product.brand_for_attestation");
+ } else {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
+ }
add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
- add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
+ // Use ro.product.name_for_attestation property for attestation if it is present else fallback
+ // to ro.product.name
+ prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT,
+ "ro.product.name_for_attestation");
+ } else {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
+ }
add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
"ro.product.manufacturer");
- add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
+ // Use ro.product.model_for_attestation property for attestation if it is present else fallback
+ // to ro.product.model
+ prop_value =
+ ::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL,
+ "ro.product.model_for_attestation");
+ } else {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
+ }
for (const KeyParameter& tag : attestation_id_tags) {
SCOPED_TRACE(testing::Message() << "+tag-" << tag);
diff --git a/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp b/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
index 26dc3f5..55bb5b4 100644
--- a/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
+++ b/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
@@ -249,13 +249,39 @@
// Collection of valid attestation ID tags.
auto attestation_id_tags = AuthorizationSetBuilder();
- add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
+ // Use ro.product.brand_for_attestation property for attestation if it is present else fallback
+ // to ro.product.brand
+ std::string prop_value =
+ ::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND,
+ "ro.product.brand_for_attestation");
+ } else {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
+ }
add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
- add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
+ // Use ro.product.name_for_attestation property for attestation if it is present else fallback
+ // to ro.product.name
+ prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT,
+ "ro.product.name_for_attestation");
+ } else {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
+ }
add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
"ro.product.manufacturer");
- add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
+ // Use ro.product.model_for_attestation property for attestation if it is present else fallback
+ // to ro.product.model
+ prop_value =
+ ::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL,
+ "ro.product.model_for_attestation");
+ } else {
+ add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
+ }
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 5a86283..dd84cd9 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -2080,12 +2080,38 @@
// Various ATTESTATION_ID_* tags that map to fields in the attestation extension ASN.1 schema.
auto extra_tags = AuthorizationSetBuilder();
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
+ // Use ro.product.brand_for_attestation property for attestation if it is present else fallback
+ // to ro.product.brand
+ std::string prop_value =
+ ::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND,
+ "ro.product.brand_for_attestation");
+ } else {
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
+ }
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
+ // Use ro.product.name_for_attestation property for attestation if it is present else fallback
+ // to ro.product.name
+ prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT,
+ "ro.product.name_for_attestation");
+ } else {
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
+ }
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MANUFACTURER, "ro.product.manufacturer");
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
+ // Use ro.product.model_for_attestation property for attestation if it is present else fallback
+ // to ro.product.model
+ prop_value =
+ ::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL,
+ "ro.product.model_for_attestation");
+ } else {
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
+ }
for (const KeyParameter& tag : extra_tags) {
SCOPED_TRACE(testing::Message() << "tag-" << tag);