AttestationUtils: Request MEID explicitly

Rather than rely on getDeviceId to provide the MEID, explicitly use
getMeid to get it.

For MEID attestation to work, the right identifier needs to be passed in
for attestation by Keymaster.
AttestationUtils currently gets this identifier by calling getDeviceId.
This would only yield the MEID if the device does not have an IMEI
provisioned, which means it'll get the IMEI for devices that have both
(like Pixel 2).

According to bartfab@ that is the correct way (see b/77584730#13).

Bug: 77584730
Bug: 73284024
Test: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
Change-Id: I98f6c2e2a9835bf2fd681cfb4ff74fc3984c3a8e

diff --git a/keystore/java/android/security/keystore/AttestationUtils.java b/keystore/java/android/security/keystore/AttestationUtils.java
index efee8b4..1be8309 100644 (file)
--- a/keystore/java/android/security/keystore/AttestationUtils.java
+++ b/keystore/java/android/security/keystore/AttestationUtils.java
@@ -156,7 +156,7 @@ public abstract class AttestationUtils {
                     break;
                 }
                 case ID_TYPE_MEID: {
-                    final String meid = telephonyService.getDeviceId();
+                    final String meid = telephonyService.getMeid(0);
                     if (meid == null) {
                         throw new DeviceIdAttestationException("Unable to retrieve MEID");
                     }