Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 93cd95a6 authored by Prashant Patil's avatar Prashant Patil
Browse files

Fixed attestation properties reading. 

Attestation properties read with below priorities so that attestation
could pass on GSI builds also.
1) ro.product.<device-id>_for_attestation
2) ro.product.vendor.<device-id>
3) ro.product.<device-id>

Bug: 383989061
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Ib969273ce63ea7a85ca229ef8050a8558e2c9161
parent 759e587a

security/keymint/aidl/default/hal/lib.rs

+29 −12
Original line number Diff line number Diff line
@@ -20,22 +20,39 @@ 
use kmr_hal::env::get_property;

use log::error;



/// Retrieve the most significant attestation property for `name`.

fn attestation_property(name: &str) -> Vec<u8> {

    let prop_val =

        get_property(&format!("ro.product.{}_for_attestation", name)).unwrap_or_default();

    if !prop_val.is_empty() {

        prop_val

    } else {

        let prop_val = get_property(&format!("ro.product.vendor.{}", name)).unwrap_or_default();

        if !prop_val.is_empty() {

            prop_val

        } else {

            get_property(&format!("ro.product.{}", name))

                .unwrap_or_else(|prop_name| format!("{} unavailable", prop_name))

        }

    }

    .as_bytes()

    .to_vec()

}



/// Populate attestation ID information based on properties (where available).

/// Retrieving the serial number requires SELinux permission.

pub fn attestation_id_info() -> kmr_wire::AttestationIdInfo {

    let prop = |name| {

        get_property(name)

            .unwrap_or_else(|_| format!("{} unavailable", name))

            .as_bytes()

            .to_vec()

    };



    kmr_wire::AttestationIdInfo {

        brand: prop("ro.product.brand"),

        device: prop("ro.product.device"),

        product: prop("ro.product.name"),

        serial: prop("ro.serialno"),

        manufacturer: prop("ro.product.manufacturer"),

        model: prop("ro.product.model"),

        brand: attestation_property("brand"),

        device: attestation_property("device"),

        product: attestation_property("name"),

        serial: get_property("ro.serialno")

            .unwrap_or_else(|_| format!("ro.serialno unavailable"))

            .as_bytes()

            .to_vec(),

        manufacturer: attestation_property("manufacturer"),

        model: attestation_property("model"),

        // Currently modem_simulator always returns one fixed value. See `handleGetIMEI` in

        // device/google/cuttlefish/host/commands/modem_simulator/misc_service.cpp for more details.

        // TODO(b/263188546): Use device-specific IMEI values when available.