Extending AttestKeyTest#EcdsaAttestationID test to use IMEI as

attestation id. Get IMEI value from Telephony Service and use it as attestation id. Bug: 261847629 Test: atest VtsAidlKeyMintTargetTest Change-Id: I0212def48d761a45f514161e5576a954bf388c56
2026-02-01 16:23:37 +00:00 · 2022-12-15 03:50:52 +00:00
parent 26ceba03bc
commit eb644cfcbe
2 changed files with 57 additions and 0 deletions
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp
@@ -34,6 +34,7 @@ cc_defaults {
        "libbinder",
        "libbinder_ndk",
        "libcrypto",
+        "libbase",
        "packagemanager_aidl-cpp",
    ],
    static_libs: [
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -15,6 +15,8 @@
 */

 #define LOG_TAG "keymint_1_attest_key_test"
+#include <android-base/logging.h>
+#include <android-base/strings.h>
 #include <cutils/log.h>
 #include <cutils/properties.h>

@@ -26,12 +28,61 @@
 namespace aidl::android::hardware::security::keymint::test {

 namespace {
+string TELEPHONY_CMD_GET_IMEI = "cmd phone get-imei ";

 bool IsSelfSigned(const vector<Certificate>& chain) {
    if (chain.size() != 1) return false;
    return ChainSignaturesAreValid(chain);
 }

+/*
+ * Run a shell command and collect the output of it. If any error, set an empty string as the
+ * output.
+ */
+string exec_command(string command) {
+    char buffer[128];
+    string result = "";
+
+    FILE* pipe = popen(command.c_str(), "r");
+    if (!pipe) {
+        LOG(ERROR) << "popen failed.";
+        return result;
+    }
+
+    // read till end of process:
+    while (!feof(pipe)) {
+        if (fgets(buffer, 128, pipe) != NULL) {
+            result += buffer;
+        }
+    }
+
+    pclose(pipe);
+    return result;
+}
+
+/*
+ * Get IMEI using Telephony service shell command. If any error while executing the command
+ * then empty string will be returned as output.
+ */
+string get_imei(int slot) {
+    string cmd = TELEPHONY_CMD_GET_IMEI + std::to_string(slot);
+    string output = exec_command(cmd);
+
+    if (output.empty()) {
+        LOG(ERROR) << "Command failed. Cmd: " << cmd;
+        return "";
+    }
+
+    vector<string> out = ::android::base::Tokenize(::android::base::Trim(output), "Device IMEI:");
+
+    if (out.size() != 1) {
+        LOG(ERROR) << "Error in parsing the command output. Cmd: " << cmd;
+        return "";
+    }
+
+    return ::android::base::Trim(out[0]);
+}
+
 }  // namespace

 class AttestKeyTest : public KeyMintAidlTestBase {
@@ -803,6 +854,11 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) {
                      "ro.product.manufacturer");
    add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");

+    string imei = get_imei(0);
+    if (!imei.empty()) {
+        attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
+    }
+
    for (const KeyParameter& tag : attestation_id_tags) {
        SCOPED_TRACE(testing::Message() << "+tag-" << tag);
        // Use attestation key to sign an ECDSA key, but include an attestation ID field.