Fixed attestation properties reading.
Attestation properties read with below priorities so that attestation
could pass on GSI builds also.
1) ro.product.<device-id>_for_attestation
2) ro.product.vendor.<device-id>
3) ro.product.<device-id>
Bug: 383989061
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Ib969273ce63ea7a85ca229ef8050a8558e2c9161
diff --git a/security/keymint/aidl/default/hal/lib.rs b/security/keymint/aidl/default/hal/lib.rs
index fad807f..359890d 100644
--- a/security/keymint/aidl/default/hal/lib.rs
+++ b/security/keymint/aidl/default/hal/lib.rs
@@ -20,22 +20,39 @@
use kmr_hal::env::get_property;
use log::error;
+/// Retrieve the most significant attestation property for `name`.
+fn attestation_property(name: &str) -> Vec<u8> {
+ let prop_val =
+ get_property(&format!("ro.product.{}_for_attestation", name)).unwrap_or_default();
+ if !prop_val.is_empty() {
+ prop_val
+ } else {
+ let prop_val = get_property(&format!("ro.product.vendor.{}", name)).unwrap_or_default();
+ if !prop_val.is_empty() {
+ prop_val
+ } else {
+ get_property(&format!("ro.product.{}", name))
+ .unwrap_or_else(|prop_name| format!("{} unavailable", prop_name))
+ }
+ }
+ .as_bytes()
+ .to_vec()
+}
+
/// Populate attestation ID information based on properties (where available).
/// Retrieving the serial number requires SELinux permission.
pub fn attestation_id_info() -> kmr_wire::AttestationIdInfo {
- let prop = |name| {
- get_property(name)
- .unwrap_or_else(|_| format!("{} unavailable", name))
- .as_bytes()
- .to_vec()
- };
+
kmr_wire::AttestationIdInfo {
- brand: prop("ro.product.brand"),
- device: prop("ro.product.device"),
- product: prop("ro.product.name"),
- serial: prop("ro.serialno"),
- manufacturer: prop("ro.product.manufacturer"),
- model: prop("ro.product.model"),
+ brand: attestation_property("brand"),
+ device: attestation_property("device"),
+ product: attestation_property("name"),
+ serial: get_property("ro.serialno")
+ .unwrap_or_else(|_| format!("ro.serialno unavailable"))
+ .as_bytes()
+ .to_vec(),
+ manufacturer: attestation_property("manufacturer"),
+ model: attestation_property("model"),
// Currently modem_simulator always returns one fixed value. See `handleGetIMEI` in
// device/google/cuttlefish/host/commands/modem_simulator/misc_service.cpp for more details.
// TODO(b/263188546): Use device-specific IMEI values when available.