From eacb1c16f1576ea9de0c432d9a3dae6f0241e5ef Mon Sep 17 00:00:00 2001
From: Daniel Angell <danielangell@google.com>
Date: Thu, 12 Jan 2023 22:33:08 +0000
Subject: [PATCH 1/2] Add ro.serialno sysprop to JSON output

To help with error reporting on the RKP servers in the future it
will be helpful to be able to address CSRs by serial number when
possible.

Bug: 264302050
Test: libkeymint_remote_prov_support_test and sent JSON to server
Change-Id: I2808441c200d0679e618580abc464cd3c71c220e
---
 security/keymint/support/remote_prov_utils.cpp      | 2 ++
 security/keymint/support/remote_prov_utils_test.cpp | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 7e164fd51a..ea0fbd8e91 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -417,6 +417,7 @@ ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc) {
 
 JsonOutput jsonEncodeCsrWithBuild(const std::string instance_name, const cppbor::Array& csr) {
     const std::string kFingerprintProp = "ro.build.fingerprint";
+    const std::string kSerialNoProp = "ro.serialno";
 
     if (!::android::base::WaitForPropertyCreation(kFingerprintProp)) {
         return JsonOutput::Error("Unable to read build fingerprint");
@@ -441,6 +442,7 @@ JsonOutput jsonEncodeCsrWithBuild(const std::string instance_name, const cppbor:
     Json::Value json(Json::objectValue);
     json["name"] = instance_name;
     json["build_fingerprint"] = ::android::base::GetProperty(kFingerprintProp, /*default=*/"");
+    json["serialno"] = ::android::base::GetProperty(kSerialNoProp, /*default=*/"");
     json["csr"] = base64.data();  // Boring writes a NUL-terminated c-string
 
     Json::StreamWriterBuilder factory;
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp
index 0250cd6c7d..eaaba455cc 100644
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -191,7 +191,8 @@ TEST(RemoteProvUtilsTest, JsonEncodeCsr) {
 
     std::string expected = R"({"build_fingerprint":")" +
                            ::android::base::GetProperty("ro.build.fingerprint", /*default=*/"") +
-                           R"(","csr":"gQE=","name":"test"})";
+                           R"(","csr":"gQE=","name":"test","serialno":")" +
+                           ::android::base::GetProperty("ro.serialno", /*default=*/"") + R"("})";
 
     ASSERT_EQ(json, expected);
 }

From 1f5ab0d6f829f74ec9f13115514183e8806a3b8b Mon Sep 17 00:00:00 2001
From: Daniel Angell <danielangell@google.com>
Date: Thu, 12 Jan 2023 22:35:40 +0000
Subject: [PATCH 2/2] Make libkeymint_remote_prov_support a static dep

This made it easier to run libkeymint_remote_prov_support_test.

Bug: 264302050
Test: atest libkeymint_remote_prov_support_test
Change-Id: Ided4e9bb442274ea7711d283bc947c35f34ebc35
---
 security/keymint/support/Android.bp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keymint/support/Android.bp b/security/keymint/support/Android.bp
index efd6fc7800..8d7731cd55 100644
--- a/security/keymint/support/Android.bp
+++ b/security/keymint/support/Android.bp
@@ -84,6 +84,7 @@ cc_test {
         "android.hardware.security.rkp-V3-ndk",
         "libgmock",
         "libgtest_main",
+        "libkeymint_remote_prov_support",
     ],
     defaults: [
         "keymint_use_latest_hal_aidl_ndk_shared",
@@ -95,6 +96,5 @@ cc_test {
         "libcrypto",
         "libjsoncpp",
         "libkeymaster_portable",
-        "libkeymint_remote_prov_support",
     ],
 }