Snap for 8756880 from 027187ba9a9d2af0db67c9e93de868355e847625 to tm-qpr1-release Change-Id: Id3c3a503567d9c17c2fa6b327ca6fbb275f46b13

commit: 24c467a4263ce92e60cab77245701d5c0f99ec3d [log] [tgz]
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Thu Jun 23 01:29:48 2022 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Thu Jun 23 01:29:48 2022 +0000
tree: 427eda775c48afa86bf2219797d8a8c19fe43b0d
parent: 62ad051c082eecb9879e19a4fc844b4496de02ee [diff]
parent: 027187ba9a9d2af0db67c9e93de868355e847625 [diff]
diff --git a/keystore2/src/attestation_key_utils.rs b/keystore2/src/attestation_key_utils.rs
index 8354ba5..3408942 100644
--- a/keystore2/src/attestation_key_utils.rs
+++ b/keystore2/src/attestation_key_utils.rs

@@ -59,8 +59,11 @@
     db: &mut KeystoreDB,
 ) -> Result<Option<AttestationKeyInfo>> {
     let challenge_present = params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE);
+    let is_device_unique_attestation =
+        params.iter().any(|kp| kp.tag == Tag::DEVICE_UNIQUE_ATTESTATION);
     match attest_key_descriptor {
-        None if challenge_present => rem_prov_state
+        // Do not select an RKP key if DEVICE_UNIQUE_ATTESTATION is present.
+        None if challenge_present && !is_device_unique_attestation => rem_prov_state
             .get_remotely_provisioned_attestation_key_and_certs(key, caller_uid, params, db)
             .context(concat!(
                 "In get_attest_key_and_cert_chain: ",
commit	24c467a4263ce92e60cab77245701d5c0f99ec3d	[log] [tgz]
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Thu Jun 23 01:29:48 2022 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Thu Jun 23 01:29:48 2022 +0000
tree	427eda775c48afa86bf2219797d8a8c19fe43b0d
parent	62ad051c082eecb9879e19a4fc844b4496de02ee [diff]
parent	027187ba9a9d2af0db67c9e93de868355e847625 [diff]